Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | manpages: network configuration | startx2017 | 2020-09-30 |
| | |||
* | manpages: configuration for dbus | startx2017 | 2020-09-30 |
| | |||
* | clean gcc ananlyzer warnings - #3377 | netblue30 | 2020-09-28 |
| | |||
* | free some memory; get rid of false positive from gcc static analyzer | netblue30 | 2020-09-28 |
| | |||
* | new profile: xournalpp | rusty-snake | 2020-09-25 |
| | |||
* | print errors to stderr and prefix them consistently | Reiner Herrmann | 2020-09-12 |
| | |||
* | add --include (#3571) | rusty-snake | 2020-09-11 |
| | | | | | | | * add --include closes #2923 * Priorize searching in cwd | ||
* | disable dbus proxy at compile time (default enabled) - part 1 | netblue30 | 2020-09-09 |
| | |||
* | profstats: track dbus-system none | netblue30 | 2020-09-08 |
| | |||
* | manpages: configuration for user namespace, x11 | startx2017 | 2020-09-03 |
| | |||
* | manpages: configuration for tunnel, chroot, private-home | startx2017 | 2020-09-03 |
| | |||
* | various | rusty-snake | 2020-09-03 |
| | | | | | | | | | | | | * README.md & RELNOTES * Allow gnome-build do read and write .bash_history, it has a build-in terminal * D-Bus filter for gnome-passwordsafe * wruc for supertuxkart * wruc+wusc for totem * dbus-system none for totem * remove src/man/preproc.c it is replaced by preproc.awk * remove dead-code form preproc.awk | ||
* | Add profile for twitch,youtube,youtube-music; fix git-cola ,add cola (#3577) | kortewegdevries | 2020-09-03 |
| | | | | | | | | | | | | | * Add profile for twitch,youtube wrappers * Fix git-cola, add Youtube music wrapper profiles * Fixes for git-cola again * Add profile for alternative name for git-cola * Fixes * Fix | ||
* | New profiles for balsa,trojita,kube (#3603) | kortewegdevries | 2020-09-03 |
| | | | | | | | | | | | | | | | | | | | | | * Added minecraft-launcher-profile Initial * Changed minecraft-launcher profile Added space,tracelog,nodvd * New profiles for balsa,trojita,kube * Switch to whitelisting * Enable gpg,firefox uniformity between other clients * Hyperlinks * Fix Co-authored-by: kortewegdevries <k0rtic_dv@aol.com> | ||
* | bringing in awk preprocessor from rusty-snake | netblue30 | 2020-09-02 |
| | |||
* | manpage: remove overlayfs from non-overlayfs builds | startx2017 | 2020-09-02 |
| | |||
* | manpage: remove apparmor from non-apparor builds | startx2017 | 2020-09-02 |
| | |||
* | New profile for man,psi,smuxi; fix pidgin (#3590) | kortewegdevries | 2020-09-02 |
| | | | | | | | | | | | | | | | | | | | * Profile for Psi * Fix pidgin buddy icon * Profile for man * Add profile for smuxi * Comment man in firecfg * Add pinentry programs * Update etc/profile-m-z/psi.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> | ||
* | Various profiles # 2 (#3566) | kortewegdevries | 2020-09-02 |
| | | | | | | | | | * Matrix clients Initial * Add profile for fractal, # 1139 * Fixes | ||
* | Various profiles (#3561) | kortewegdevries | 2020-09-02 |
| | | | | | | | | | * Various profiles Initial * Various fixes # 1 Removed blacklist,no3d; added icon flatpak paths;sorting;added space | ||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2020-09-01 |
|\ | |||
| * | Merge branch 'master' of https://github.com/netblue30/firejail | startx2017 | 2020-09-01 |
| |\ | |||
| | * | #3106-1, include @mount in @default insted of all the syscalls | rusty-snake | 2020-09-01 |
| | | | |||
| * | | preprocessor for man pages | startx2017 | 2020-09-01 |
| | | | |||
| * | | removed --disable-seccomp from ./configure | startx2017 | 2020-09-01 |
| |/ | |||
* / | fshaper.sh fix (#3620) | netblue30 | 2020-09-01 |
|/ | |||
* | shell none: avoid syscalls after seccomp_install_filters | smitsohu | 2020-09-01 |
| | | | fixes e.g. --shell=none --seccomp.drop=write --seccomp-error-action=kill | ||
* | join: move to mmapped sandbox status indicator | smitsohu | 2020-08-31 |
| | | | | | | | | | | 1) close #3612 2) remove an implicit limitation on rlimit-fsize option (could not set limit to smaller than 6 bytes without affecting the ability to join a sandbox) 3) rename 'join-or-start' file to just 'join' 4) when waiting for a sandbox that is not fully configured yet, increase polling frequency from 10 per second to 100 per second | ||
* | chroot: unify path name handling | smitsohu | 2020-08-30 |
| | |||
* | don't attempt to set window title if stdout is not a terminal | smitsohu | 2020-08-28 |
| | | | closes #3356 | ||
* | private-dev: blacklist stashed syslog socket when it is not needed anymore | smitsohu | 2020-08-28 |
| | | | closes #3584 | ||
* | expose pulseaudio in chroot if FIREJAIL_CHROOT_PULSE is set | smitsohu | 2020-08-27 |
| | | | | issue #3568 | ||
* | chroot: little tweaks | smitsohu | 2020-08-27 |
| | |||
* | mask writable pulseaudio runtime dir | smitsohu | 2020-08-27 |
| | | | | ... and don't fail hard without need if there is a FUSE mount | ||
* | improve copy_file | smitsohu | 2020-08-27 |
| | | | | don't report success if read failed | ||
* | cat fixes | smitsohu | 2020-08-25 |
| | |||
* | fix --join for sandboxes with xdg-dbuss-proxy | netblue30 | 2020-08-22 |
| | |||
* | firemon fix for xdg-bus-proxy | netblue30 | 2020-08-22 |
| | |||
* | minor cleanup: move pid functions from main.c to util.c | netblue30 | 2020-08-22 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2020-08-22 |
|\ | |||
| * | Merge pull request #3572 from smitsohu/dumpable | netblue30 | 2020-08-22 |
| |\ | | | | | | | hardening: run plugins with dumpable flag cleared | ||
| | * | cleanup | smitsohu | 2020-08-17 |
| | | | |||
| | * | add dumpable warnings | smitsohu | 2020-08-17 |
| | | | |||
| | * | various x11 xorg enhancements | smitsohu | 2020-08-17 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) copy xauth binary into the sandbox and set mode to 0711, so it runs with cleared dumpable flag for unprivileged users 2) run xauth in an sbox sandbox 3) generate Xauthority file in runtime directory instead of /tmp; this way xauth is able to connect to the X11 socket even if the abstract socket doesn't exist, for example because a new network namespace was instantiated | ||
| * | | harden cat option | smitsohu | 2020-08-20 |
| | | | |||
| * | | Merge branch 'master' into ls | smitsohu | 2020-08-19 |
| |\ \ | |||
| * | | | cat option | smitsohu | 2020-08-19 |
| | | | | |||
| * | | | drop system(3) calls from sandbox.c | smitsohu | 2020-08-19 |
| | | | | |||
| * | | | refactor ls.c and prepare for new --cat option | smitsohu | 2020-08-19 |
| | |/ | |/| | |||
* | | | cleaning up POSTMORTEM code | netblue30 | 2020-08-22 |
| |/ |/| |