Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Merge pull request #2138 from crass/fix-fj-proc-detect | netblue30 | 2018-10-06 |
|\ | | | | | Fix incorrect --list and --tree output under certain circumstances | ||
| * | Firejail should look for processes with names exactly named "firejail" to ↵ | Glenn Washburn | 2018-10-05 |
| | | | | | | | | avoid accounting for processes with a "firejail" prefix. | ||
* | | Merge pull request #2130 from crass/fix-2045 | netblue30 | 2018-10-04 |
|\ \ | | | | | | | FIX-2045: Fix command name parsing for program paths with spaces. | ||
| * | | Fix command name parsing so that program paths with spaces do not cause the ↵ | Glenn Washburn | 2018-10-01 |
| |/ | | | | | | | wrong or no profile to be detected. | ||
* / | incomplete fix: whitelisting of symlinks to other home dirs | smitsohu | 2018-10-02 |
|/ | | | | | | | | | belongs to previous commit 51eeef2059f00de117472046601e10a9fd958d51 short summary of the new behavior, which should catch a few corner cases better: - a non-existant file in another homedir (say homedirs are "/foo/user" and "/foo/user2") is silently ignored (previously a tmpfs was mounted on the users homedir, which was wrong) - a symlink pointing to an existing file in another homedir now works (but the link will be always dangling; you need --allusers to see this) - a symlink pointing back to the entire homedir now works as expected | ||
* | mount empty home if macro can't be whitelisted | smitsohu | 2018-10-01 |
| | |||
* | fs_whitelist: reduce number of loop iterations | smitsohu | 2018-10-01 |
| | |||
* | tiny memleaks | smitsohu | 2018-10-01 |
| | |||
* | regression: fix whitelisting of symlinks to other home dirs, small improvements | smitsohu | 2018-10-01 |
| | | | | | | | | handling of home dir paths is more explicit and rigorous now, which should make it easier to audit. Also this should come handy if one day fs_private() supports home directories outside /home rf. #2123 | ||
* | cleanup | smitsohu | 2018-09-30 |
| | |||
* | fixed vim missing from firecfg.config | veloute | 2018-09-30 |
| | |||
* | manpage cleanup | netblue30 | 2018-09-26 |
| | |||
* | manpages: fix apparmor profile path | Vincent43 | 2018-09-22 |
| | |||
* | manpages: fix alignment | Vincent43 | 2018-09-22 |
| | |||
* | manpages: update AppArmor info | Vincent43 | 2018-09-22 |
| | |||
* | Fix check for nobody user | Reiner Herrmann | 2018-09-21 |
| | | | | Fixes #2117 | ||
* | 0.9.56 released0.9.56 | netblue30 | 2018-09-18 |
| | |||
* | error strings | smitsohu | 2018-09-17 |
| | |||
* | fix --bandwidth, --cpu.print | netblue30 | 2018-09-15 |
| | |||
* | exit if execl fails (arg_audit) | smitsohu | 2018-09-11 |
| | |||
* | add switch to disable/enable private-cache | smitsohu | 2018-09-10 |
| | |||
* | small rlimits adjustment | smitsohu | 2018-09-10 |
| | |||
* | remove seccomp warning | netblue30 | 2018-09-09 |
| | |||
* | Merge branch 'master' of http://github.com/netblue30/firejail | netblue30 | 2018-09-09 |
|\ | |||
| * | set rlimits at later timepoint during sandbox setup | smitsohu | 2018-09-09 |
| | | |||
* | | support for firetunnel utility | netblue30 | 2018-09-09 |
|/ | |||
* | disallow overriding of global rlimits, tiny improvements | smitsohu | 2018-09-06 |
| | |||
* | cleanup | netblue30 | 2018-09-05 |
| | |||
* | improve safe_fd() function for better readability and auditability | smitsohu | 2018-09-05 |
| | |||
* | fix --shell | netblue30 | 2018-09-03 |
| | |||
* | minor cleanup | netblue30 | 2018-09-03 |
| | |||
* | chroot problem (Debian) | netblue30 | 2018-09-03 |
| | |||
* | Merges | Tad | 2018-09-03 |
| | |||
* | additional restrictions for write-permissions on chroot | smitsohu | 2018-09-02 |
| | |||
* | chroot problem: default profile not configured by default | netblue30 | 2018-09-01 |
| | |||
* | --chroot fixes (Debian problem) | netblue30 | 2018-09-01 |
| | |||
* | error strings | smitsohu | 2018-09-01 |
| | |||
* | consolidate and enhance checks run on chroot directory hierarchy (patch n/n) | smitsohu | 2018-09-01 |
| | |||
* | reduce number of chown/chmod calls in fs_chroot | smitsohu | 2018-08-31 |
| | |||
* | added whois and dig profiles | startx2017 | 2018-08-30 |
| | |||
* | little tweak | smitsohu | 2018-08-30 |
| | |||
* | reject chroot if it is world-writable, related enhancements | smitsohu | 2018-08-30 |
| | |||
* | more silencing of /sys umount warnings | smitsohu | 2018-08-29 |
| | |||
* | cleanup | netblue30 | 2018-08-29 |
| | |||
* | cleanup | netblue30 | 2018-08-29 |
| | |||
* | silence warning about failed unmounting of /sys (overlay options) | smitsohu | 2018-08-29 |
| | |||
* | cleanup | netblue30 | 2018-08-28 |
| | |||
* | Revert "improve --chroot directory check" | smitsohu | 2018-08-28 |
| | | | | | | this was unnecessary This reverts commit 0c2cbf05aa9553fbf5c90fb69928f2b276fead8b. | ||
* | improve --chroot directory check | smitsohu | 2018-08-28 |
| | |||
* | fix private-tmp and private-dev in fbuilder | netblue30 | 2018-08-28 |
| |