Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | private-etc: more on gcrypt | netblue30 | 2023-02-09 |
| | |||
* | private-etc: moving gcrypt from tls-ca to x11 group | netblue30 | 2023-02-08 |
| | |||
* | private-etc: libreoffice, audacity, forzen-bubble, transmission, ↵ | netblue30 | 2023-02-08 |
| | | | | md5sum/sha512sum, more sysutils testing, fix electron-hardened.inc.profile | ||
* | adding machine-id to x11 group | netblue30 | 2023-02-08 |
| | |||
* | build fix | netblue30 | 2023-02-06 |
| | |||
* | installing etc-cleanup tool in /usr/lib/firejail directory | netblue30 | 2023-02-06 |
| | |||
* | Merge pull request #5634 from acatton/master | netblue30 | 2023-02-06 |
|\ | | | | | feature: Add 'keep-shell-rc' command and option | ||
| * | feature: add 'keep-shell-rc' flag and option | Antoine Catton | 2023-02-03 |
| | | | | | | | | | | | | | | | | This fixes #1127. This allow a user to provide their own zshrc/bashrc inside the jail. This is very useful when using firejail to develop and prevent bad pip packages to access your system. | ||
* | | private-etc: pushing vulkan into games group | netblue30 | 2023-02-06 |
| | | |||
* | | private-etc: groups modified | netblue30 | 2023-02-05 |
| | | |||
* | | private-etc: big profile changes | netblue30 | 2023-02-05 |
| | | |||
* | | private-etc: cleanup tool | netblue30 | 2023-02-05 |
| | | |||
* | | etc_groups.h: sort groups alphabetically | glitsj16 | 2023-02-04 |
| | | |||
* | | etc_groups.h: internally sort groups alphabetically | glitsj16 | 2023-02-04 |
|/ | |||
* | Merge pull request #5578 from layderv/master | netblue30 | 2023-01-30 |
|\ | | | | | modif: Prevent sandbox name from containing only digits | ||
| * | Prevent sandbox name from containing only digits | layderv | 2023-01-24 |
| | | | | | | | | | | Names should not contain only numbers, as they are used in other commands as PIDs. | ||
* | | private-etc: moved group names to @group syntax; GUI group renamed as @x11 ↵ | netblue30 | 2023-01-30 |
| | | | | | | | | group; added nvidia and X11 directories to @x11 group. | ||
* | | private-etc: corss-distro test for curl, gimp, inkscape, firefox, warzone2100 | netblue30 | 2023-01-28 |
| | | |||
* | | private-etc: fixes | netblue30 | 2023-01-25 |
| | | |||
* | | private-etc: fix man page | netblue30 | 2023-01-25 |
| | | |||
* | | private-etc rework: new man page | netblue30 | 2023-01-25 |
| | | |||
* | | private-etc rework: file groups moved to src/include/etc_groups.h, new ↵ | netblue30 | 2023-01-25 |
| | | | | | | | | groups added | ||
* | | private-etc rework: /etc file groups | netblue30 | 2023-01-22 |
| | | |||
* | | compile fix | netblue30 | 2023-01-20 |
| | | |||
* | | private-etc rework: remove hiding blacklisted files in private-etc directory ↵ | netblue30 | 2023-01-20 |
| | | | | | | | | feature | ||
* | | Merge pull request #5600 from kmk3/fix-stop-ddash-sh | netblue30 | 2023-01-19 |
|\ \ | | | | | | | modif: Stop forwarding own double-dash to the shell | ||
| * | | Stop forwarding own double-dash to the shell | Kelvin M. Klann | 2023-01-17 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, if double-dash ("--") is passed to firejail, it is forwarded to the user shell: $ firejail --debug --noprofile -- echo test 2>&1 | grep -e execvp -e test Building quoted command line: 'echo' 'test' Building quoted command line: 'echo' 'test' Running 'echo' 'test' command through /bin/bash execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: -- execvp argument 3: 'echo' 'test' test This causes issues when the user shell does not accept "--" / is not POSIX-compatible: $ /bin/bash -c -- 'echo test' test $ /bin/fish -c -- 'echo test' fish: Unknown command: -- fish: -- ^ Fixes #5599. Relates to #3434. Reported-by: @iltep64 Reported-by: @ferreum | ||
* | | | cleanup | netblue30 | 2023-01-19 |
| | | | |||
* | | | merges | netblue30 | 2023-01-18 |
|/ / | |||
* | | Reword CFG_ETC_HIDE_BLACKLISTED explanation | Kelvin M. Klann | 2023-01-16 |
| | | | | | | | | | | | | | | To make it clearer. Added on commit ded50200e ("opt-in: skip blacklisted files in private-etc - #5010, #5230", 2023-01-15) / PR #5591. | ||
* | | Rename etc-no-blacklisted to etc-hide-blacklisted | Kelvin M. Klann | 2023-01-16 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To avoid boolean confusion (`no-foo no` / `no-foo yes`) in firejail.config: etc-no-blacklisted no etc-no-blacklisted yes Commands used to search and replace: git grep -Ilz -i 'etc.no.blacklisted' -- etc src | xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \ -e 's/etc-no-blacklisted/etc-hide-blacklisted/' \ -e 's/ETC_NO_BLACKLISTED/ETC_HIDE_BLACKLISTED/' \ '{}')\" >'{}'" Added on commit ded50200e ("opt-in: skip blacklisted files in private-etc - #5010, #5230", 2023-01-15) / PR #5591. | ||
* | | Merge pull request #5591 from smitsohu/private-etc-no-blacklisted | netblue30 | 2023-01-15 |
|\ \ | | | | | | | opt-in: hide blacklisted files in /etc | ||
| * | | opt-in: skip blacklisted files in private-etc - #5010, #5230 | smitsohu | 2023-01-15 |
| |/ | |||
* | | Merge pull request #5563 from glitsj16/linuxqq | netblue30 | 2023-01-15 |
|\ \ | | | | | | | New profiles: linuxqq/qq | ||
| * | | Merge branch 'netblue30:master' into linuxqq | glitsj16 | 2023-01-04 |
| |\| | |||
| * | | firecfg: add linuxqq/qq | glitsj16 | 2023-01-03 |
| | | | |||
* | | | fix restrict-namespaces for Debian 10 and older | netblue30 | 2023-01-14 |
| | | | |||
* | | | bringing back whitelisting /dev | netblue30 | 2023-01-14 |
| | | | |||
* | | | Remove --profile-path from --helprusty-snake-patch-1 | rusty-snake | 2023-01-13 |
| | | | | | | | | | Fixes #5585 | ||
* | | | rel 0.9.72 testing: disable whitelisting /dev directory | netblue30 | 2023-01-12 |
| | | | |||
* | | | rel 0.9.72 testing | netblue30 | 2023-01-12 |
| |/ |/| | |||
* | | Merge pull request #5475 from KOLANICH-tools/aa_fix | netblue30 | 2023-01-04 |
|\ \ | | | | | | | A temporary fix to the bug caused by apparmor profiles stacking. | ||
| * | | A temporary fix to the bug caused by apparmor profiles stacking. | KOLANICH | 2022-11-15 |
| | | | |||
* | | | Merge pull request #5556 from Dpeta/chatterino-profile | netblue30 | 2023-01-04 |
|\ \ \ | |_|/ |/| | | Add profile for Chatterino | ||
| * | | Add Chatterino profile | Dpeta | 2022-12-25 |
| | | | |||
* | | | restrict-namespaces stats | netblue30 | 2022-12-26 |
|/ / | |||
* | | chroot: make search permission check explicit | smitsohu | 2022-12-24 |
| | | |||
* | | add netlock support in profile files | netblue30 | 2022-12-21 |
| | | |||
* | | Add profile for avidemux3_jobs_qt5 | Hartmut Knaack | 2022-12-13 |
| | | | | | | | | | | | | | | | | Add a profile for the Qt5 GUI to process Avidemux jobs. Use a redirection to the avidemux3_qt5 profile to reuse translation files. The application needs to create a network socket on localhost and fails to run with protocol unix, so that entry in the default avidemux profile needs to be extended. | ||
* | | Add profile for avidemux3_cli | Hartmut Knaack | 2022-12-12 |
| | | | | | | | | | | Add a profile for the command-line interface of Avidemux, which redirects to the existing avidemux profile. |