Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | fix build | netblue30 | 2023-02-14 |
| | |||
* | merges; more on cleaning up esc chars | netblue30 | 2023-02-14 |
| | |||
* | Merge pull request #5613 from layderv/escape-cntrl-sequences | netblue30 | 2023-02-14 |
|\ | | | | | modif: Escape control characters of the command line | ||
| * | Style changes | layderv | 2023-02-06 |
| | | |||
| * | Escape control characters | layderv | 2023-01-15 |
| | | | | | | | | | | | | | | | | | | | | | | Names and commands can contain control characters: ``` firejail --name="$(echo -e '\e[31mRed\n\b\b\bText\e[0m')" sleep 10s ``` results in "Text" printed in red. Prevent commands like `--tree` to control the terminal. | ||
* | | merges, disable sort.py in profile checks temporarely, two more private-etc ↵ | netblue30 | 2023-02-14 |
| | | | | | | | | profiles | ||
* | | private-etc: more on gcrypt | netblue30 | 2023-02-09 |
| | | |||
* | | private-etc: moving gcrypt from tls-ca to x11 group | netblue30 | 2023-02-08 |
| | | |||
* | | private-etc: libreoffice, audacity, forzen-bubble, transmission, ↵ | netblue30 | 2023-02-08 |
| | | | | | | | | md5sum/sha512sum, more sysutils testing, fix electron-hardened.inc.profile | ||
* | | adding machine-id to x11 group | netblue30 | 2023-02-08 |
| | | |||
* | | build fix | netblue30 | 2023-02-06 |
| | | |||
* | | installing etc-cleanup tool in /usr/lib/firejail directory | netblue30 | 2023-02-06 |
| | | |||
* | | Merge pull request #5634 from acatton/master | netblue30 | 2023-02-06 |
|\ \ | | | | | | | feature: Add 'keep-shell-rc' command and option | ||
| * | | feature: add 'keep-shell-rc' flag and option | Antoine Catton | 2023-02-03 |
| | | | | | | | | | | | | | | | | | | | | | | | | This fixes #1127. This allow a user to provide their own zshrc/bashrc inside the jail. This is very useful when using firejail to develop and prevent bad pip packages to access your system. | ||
* | | | private-etc: pushing vulkan into games group | netblue30 | 2023-02-06 |
| | | | |||
* | | | private-etc: groups modified | netblue30 | 2023-02-05 |
| | | | |||
* | | | private-etc: big profile changes | netblue30 | 2023-02-05 |
| | | | |||
* | | | private-etc: cleanup tool | netblue30 | 2023-02-05 |
| | | | |||
* | | | etc_groups.h: sort groups alphabetically | glitsj16 | 2023-02-04 |
| | | | |||
* | | | etc_groups.h: internally sort groups alphabetically | glitsj16 | 2023-02-04 |
|/ / | |||
* | | Merge pull request #5578 from layderv/master | netblue30 | 2023-01-30 |
|\ \ | | | | | | | modif: Prevent sandbox name from containing only digits | ||
| * | | Prevent sandbox name from containing only digits | layderv | 2023-01-24 |
| | | | | | | | | | | | | | | | Names should not contain only numbers, as they are used in other commands as PIDs. | ||
* | | | private-etc: moved group names to @group syntax; GUI group renamed as @x11 ↵ | netblue30 | 2023-01-30 |
| | | | | | | | | | | | | group; added nvidia and X11 directories to @x11 group. | ||
* | | | private-etc: corss-distro test for curl, gimp, inkscape, firefox, warzone2100 | netblue30 | 2023-01-28 |
| | | | |||
* | | | private-etc: fixes | netblue30 | 2023-01-25 |
| | | | |||
* | | | private-etc: fix man page | netblue30 | 2023-01-25 |
| | | | |||
* | | | private-etc rework: new man page | netblue30 | 2023-01-25 |
| | | | |||
* | | | private-etc rework: file groups moved to src/include/etc_groups.h, new ↵ | netblue30 | 2023-01-25 |
| | | | | | | | | | | | | groups added | ||
* | | | private-etc rework: /etc file groups | netblue30 | 2023-01-22 |
| | | | |||
* | | | compile fix | netblue30 | 2023-01-20 |
| | | | |||
* | | | private-etc rework: remove hiding blacklisted files in private-etc directory ↵ | netblue30 | 2023-01-20 |
| | | | | | | | | | | | | feature | ||
* | | | Merge pull request #5600 from kmk3/fix-stop-ddash-sh | netblue30 | 2023-01-19 |
|\ \ \ | | | | | | | | | modif: Stop forwarding own double-dash to the shell | ||
| * | | | Stop forwarding own double-dash to the shell | Kelvin M. Klann | 2023-01-17 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, if double-dash ("--") is passed to firejail, it is forwarded to the user shell: $ firejail --debug --noprofile -- echo test 2>&1 | grep -e execvp -e test Building quoted command line: 'echo' 'test' Building quoted command line: 'echo' 'test' Running 'echo' 'test' command through /bin/bash execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: -- execvp argument 3: 'echo' 'test' test This causes issues when the user shell does not accept "--" / is not POSIX-compatible: $ /bin/bash -c -- 'echo test' test $ /bin/fish -c -- 'echo test' fish: Unknown command: -- fish: -- ^ Fixes #5599. Relates to #3434. Reported-by: @iltep64 Reported-by: @ferreum | ||
* | | | | cleanup | netblue30 | 2023-01-19 |
| | | | | |||
* | | | | merges | netblue30 | 2023-01-18 |
|/ / / | |||
* | | | Reword CFG_ETC_HIDE_BLACKLISTED explanation | Kelvin M. Klann | 2023-01-16 |
| | | | | | | | | | | | | | | | | | | | | | To make it clearer. Added on commit ded50200e ("opt-in: skip blacklisted files in private-etc - #5010, #5230", 2023-01-15) / PR #5591. | ||
* | | | Rename etc-no-blacklisted to etc-hide-blacklisted | Kelvin M. Klann | 2023-01-16 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To avoid boolean confusion (`no-foo no` / `no-foo yes`) in firejail.config: etc-no-blacklisted no etc-no-blacklisted yes Commands used to search and replace: git grep -Ilz -i 'etc.no.blacklisted' -- etc src | xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \ -e 's/etc-no-blacklisted/etc-hide-blacklisted/' \ -e 's/ETC_NO_BLACKLISTED/ETC_HIDE_BLACKLISTED/' \ '{}')\" >'{}'" Added on commit ded50200e ("opt-in: skip blacklisted files in private-etc - #5010, #5230", 2023-01-15) / PR #5591. | ||
* | | | Merge pull request #5591 from smitsohu/private-etc-no-blacklisted | netblue30 | 2023-01-15 |
|\ \ \ | | | | | | | | | opt-in: hide blacklisted files in /etc | ||
| * | | | opt-in: skip blacklisted files in private-etc - #5010, #5230 | smitsohu | 2023-01-15 |
| |/ / | |||
* | | | Merge pull request #5563 from glitsj16/linuxqq | netblue30 | 2023-01-15 |
|\ \ \ | |_|/ |/| | | New profiles: linuxqq/qq | ||
| * | | Merge branch 'netblue30:master' into linuxqq | glitsj16 | 2023-01-04 |
| |\| | |||
| * | | firecfg: add linuxqq/qq | glitsj16 | 2023-01-03 |
| | | | |||
* | | | fix restrict-namespaces for Debian 10 and older | netblue30 | 2023-01-14 |
| | | | |||
* | | | bringing back whitelisting /dev | netblue30 | 2023-01-14 |
| | | | |||
* | | | Remove --profile-path from --helprusty-snake-patch-1 | rusty-snake | 2023-01-13 |
| | | | | | | | | | Fixes #5585 | ||
* | | | rel 0.9.72 testing: disable whitelisting /dev directory | netblue30 | 2023-01-12 |
| | | | |||
* | | | rel 0.9.72 testing | netblue30 | 2023-01-12 |
| |/ |/| | |||
* | | Merge pull request #5475 from KOLANICH-tools/aa_fix | netblue30 | 2023-01-04 |
|\ \ | | | | | | | A temporary fix to the bug caused by apparmor profiles stacking. | ||
| * | | A temporary fix to the bug caused by apparmor profiles stacking. | KOLANICH | 2022-11-15 |
| | | | |||
* | | | Merge pull request #5556 from Dpeta/chatterino-profile | netblue30 | 2023-01-04 |
|\ \ \ | |_|/ |/| | | Add profile for Chatterino |