aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAge
* --tab: enable shell tab completionLibravatar netblue302022-02-20
|
* add onionshare redirects (#4957)Libravatar glitsj162022-02-18
| | | | | | | * Create onionshare.profile * Create onionshare-cli.profile * add onionshare redirects to firecfg.config
* Disable/comment message about nogroups being ignoredLibravatar Kelvin M. Klann2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added on commit 7abce0b4c ("Fix keeping certain groups with nogroups", 2021-11-30) / PR #4732. As reported by @rusty-snake on #4930, conflicting messages are printed when using whitelist-run-common.inc with nogroups: $ cat test.profile include whitelist-run-common.inc nogroups $ firejail --profile=./test.profile groups Reading profile ./test.profile Reading profile /etc/firejail/whitelist-run-common.inc Parent pid 1234, child pid 1235 Warning: logind not detected, nogroups command ignored <--- is a lie Warning: cleaning all supplementary groups Child process initialized in 30.00 ms rusty-snake <---- running `groups` outside of the sandbox shows more so groups are actually cleaned Parent is shutting down, bye... This probably happens because wrc causes /run/systemd to be hidden in the sandbox and because check_can_drop_all_groups is called multiple times, seemingly both before and after the whitelisting goes into effect. So disable the message about nogroups being ignored, but keep the message about cleaning all supplementary groups (which is unlikely to be printed unless it really happens). Fixes #4930.
* fix --private-cwd, issue #4910Libravatar netblue302022-02-08
|
* fix joining of sandboxes without shellLibravatar smitsohu2022-02-06
| | | | regressed in c764520b5aa343c00c3a73633511df039645973c
* new version for NixOS 4887Libravatar netblue302022-02-03
|
* new tentative fox for NixOS/private-etc (4887)Libravatar netblue302022-02-02
|
* tentative fix for private-etc in NixOS - issue 4887Libravatar netblue302022-02-02
|
* netlocker fixesLibravatar netblue302022-02-02
|
* Merge pull request #4829 from CaseOf/seafileLibravatar netblue302022-01-24
|\ | | | | Seafile
| * add seafile-appletLibravatar CaseOf2022-01-06
| |
* | Merge pull request #4873 from reedriley/cointopLibravatar netblue302022-01-24
|\ \ | | | | | | add a profile for cointop
| * | add a profile for cointopLibravatar Reed Riley2022-01-21
| | |
* | | build option: add appimage supportLibravatar smitsohu2022-01-24
| | |
* | | more man page fixesLibravatar smitsohu2022-01-23
| | | | | | | | | | | | | | | | | | there are two build options, should clean up both follow-up to commit a6283fd7873a4f1dffb0730a968406d52545c73a
* | | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2022-01-23
|\ \ \
| * | | netlink: revert man pagesLibravatar netblue302022-01-22
| | | |
* | | | testingLibravatar smitsohu2022-01-23
| | | |
* | | | build option: remove deprecated strace feature from manualLibravatar smitsohu2022-01-23
|/ / /
* | | netlink - fixing the fixLibravatar netblue302022-01-22
| | |
* | | man: mention that private-bin and private-etc are cumulativeLibravatar Kelvin M. Klann2022-01-22
| | | | | | | | | | | | | | | | | | This amends commit ac6c8c038 ("fix #4078", 2022-01-21). Fixes #4078.
* | | add a profile for 1password (#4874)Libravatar Reed Riley2022-01-21
| | |
* | | fix: some firejail output goes to stdout instead of stderr #4328Libravatar netblue302022-01-21
| | |
* | | adding netlink to --protocol list (#4605)Libravatar netblue2022-01-21
| | |
* | | allow apostrophe in whitelist/blacklist ( #4614)Libravatar netblue302022-01-21
| | |
* | | fix #4078Libravatar netblue302022-01-21
| | |
* | | cleanup for previous commitLibravatar netblue302022-01-21
| | |
* | | fix attribute for /tmp/user in --private-tmp, and fix #4151Libravatar netblue302022-01-21
| | |
* | | hostnames -> static-ip-mapLibravatar netblue302022-01-20
|/ /
* | compile fixLibravatar netblue302022-01-18
| |
* | nettrace fixesLibravatar netblue302022-01-18
| |
* | following up 493a0ef306a8b610f3ed6a1b88a4dbea25e8498bLibravatar smitsohu2022-01-18
| |
* | keep-fd cleanupLibravatar smitsohu2022-01-17
| |
* | some hardeningLibravatar smitsohu2022-01-17
| |
* | gcovLibravatar smitsohu2022-01-17
| |
* | more compile warningsLibravatar netblue302022-01-16
| |
* | compile warningsLibravatar netblue302022-01-16
| |
* | disable pipewire with --nosoundLibravatar netblue2022-01-16
| |
* | compile warningsLibravatar netblue302022-01-16
| |
* | more on nettraceLibravatar netblue302022-01-16
| |
* | Merge pull request #4856 from smitsohu/fildesLibravatar netblue302022-01-16
|\ \ | | | | | | keep-fd option (#4845)
| * | keep-fd option (#4845)Libravatar smitsohu2022-01-14
| | |
* | | Merge pull request #4851 from kmk3/groups-keep-vglusersLibravatar netblue302022-01-16
|\ \ \ | | | | | | | | Keep vglusers group unless no3d is used (virtualgl)
| * | | Keep vglusers group unless no3d is used (virtualgl)Libravatar Kelvin M. Klann2022-01-12
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | virtualgl[1] runs `chown root:vglusers` on `/dev/nvidia*` and on devices usually owned by the "render" group[2]. This makes them unavailable in the sandbox if `noroot` (which causes groups to be dropped) is used. Since firejail classifies all of the aforementioned devices as being `DEV_3D` on fs_dev.c (which means that they are controlled by `no3d`), treat the "vglusers" group the same as the "render" group (by always keeping "vglusers" unless `no3d` is used). See the discussion on #2042 (from this comment[3] onwards). [1] https://virtualgl.org [2] https://github.com/VirtualGL/virtualgl/blob/6f0b90be02d13171dfdfffb112485f4091a5904f/server/vglserver_config#L393 [3] https://github.com/netblue30/firejail/issues/2042#issuecomment-1007468715 Reported-by: @JCallicoat
* | | raincatLibravatar netblue302022-01-14
| | |
* | | fix warzone2100 (Debian 11)Libravatar netblue302022-01-13
| | |
* | | add wget2 to firecfg.configLibravatar glitsj162022-01-13
|/ /
* | refactor closing of file descriptorsLibravatar smitsohu2022-01-12
| |
* | fix scan-buildLibravatar netblue302022-01-11
| |
* | fix scan-build/cppcheck warningsLibravatar netblue302022-01-11
| |
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-07 09:01:38 +0000