Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | warning message not terminated by \n | netblue30 | 2017-03-09 |
| | |||
* | allow /tmp in mkdir and mkfile profile commands | netblue30 | 2017-03-07 |
| | |||
* | Following links in private-bin command ported from #1100 created problems ↵ | netblue30 | 2017-03-07 |
| | | | | for some users. I added a follow-symlink-private-bin entry in /etc/firejail/firejail.config file to enable/disable this functionality - default disabled. | ||
* | spelling | netblue30 | 2017-03-06 |
| | |||
* | added Geeqie profile | netblue30 | 2017-03-05 |
| | |||
* | fix and document firemon --nowrap | netblue30 | 2017-03-04 |
| | |||
* | --output enhancement | netblue30 | 2017-03-04 |
| | |||
* | xvfb X11 server support (--x11=xvfb) | netblue30 | 2017-03-03 |
| | |||
* | merge #1100 from zackw: xvfb support | netblue30 | 2017-03-01 |
| | |||
* | merge #1100 from zackw: removed mask_x11_abstract_socket | netblue30 | 2017-03-01 |
| | |||
* | merge #1100 from zackw: wait_for_other function rewrite | netblue30 | 2017-02-21 |
| | |||
* | extra thunar files | Fred Barclay | 2017-02-19 |
| | |||
* | spelling | netblue30 | 2017-02-19 |
| | |||
* | merge #1100 from zackw: x11=xorg testing | netblue30 | 2017-02-17 |
| | |||
* | merge #1100 from zackw: follow link support in --private-bin | netblue30 | 2017-02-15 |
| | |||
* | merge #1100 from zackw: fcopy rework, --follow-link support in fcopy | netblue30 | 2017-02-15 |
| | |||
* | cleanup | netblue30 | 2017-02-15 |
| | |||
* | merge #1100 from zackw: rework X11 xorg processing - this is a partial merge | netblue30 | 2017-02-15 |
| | |||
* | merge #1100 from zackw: rework X11 display number assignment | netblue30 | 2017-02-15 |
| | |||
* | merge #1100 from zackw: rework abstract X11 socket detection | netblue30 | 2017-02-15 |
| | |||
* | merge #1100 from zackw: rework xpra and xephyr detection | netblue30 | 2017-02-15 |
| | |||
* | merge #1100 from zackw: rework DISPLAY environment parsing, rework masking ↵ | netblue30 | 2017-02-14 |
| | | | | X11 sockets in /tmp/.X11-unix directory | ||
* | compile cleanup | netblue30 | 2017-02-14 |
| | |||
* | merge #1100 from zackw: fix ugly memeory corruption in noblacklist processing | netblue30 | 2017-02-14 |
| | |||
* | merge #1100 from zackw: removed libconnect | netblue30 | 2017-02-14 |
| | |||
* | force-nonewprivs fix for /etc/firejail/firejail.config | netblue30 | 2017-02-12 |
| | |||
* | follow-symlink-as-user runtime config option in /etc/firejail/firejail.config | netblue30 | 2017-02-12 |
| | |||
* | firecfg.config fix | netblue30 | 2017-02-12 |
| | |||
* | copyright 2017 | netblue30 | 2017-02-11 |
| | |||
* | copyright 2017 | netblue30 | 2017-02-11 |
| | |||
* | adding macro for include command in profile files | netblue30 | 2017-02-09 |
| | |||
* | firemon fix | netblue30 | 2017-02-07 |
| | |||
* | --git-install: default disabled in ./configure script | netblue30 | 2017-02-07 |
| | |||
* | disable --git-install at compile time | netblue30 | 2017-02-05 |
| | |||
* | enable strict seccomp filter on overlay options | netblue30 | 2017-02-05 |
| | |||
* | --git-install/--git-uninstall | netblue30 | 2017-02-05 |
| | |||
* | --git-install | netblue30 | 2017-02-04 |
| | |||
* | --git-install | netblue30 | 2017-02-04 |
| | |||
* | git-install | netblue30 | 2017-02-04 |
| | |||
* | quiet fix | netblue30 | 2017-02-04 |
| | |||
* | --writable-var-log | netblue30 | 2017-01-30 |
| | |||
* | --quiet fix | netblue30 | 2017-01-30 |
| | |||
* | merges | netblue30 | 2017-01-29 |
| | |||
* | fixing --hosts-file privelege check | Igor Bukanov | 2017-01-29 |
| | | | | | | Currently the code uses the access() call to check if the user has an access to a file that is copied into the root as /etc/hosts. This inevitably adds a race when the user changes the file to a symbolic link pointing to an arbitrary location on the filsystem after the access check is done but before opening the file to copy it. This potentially allows to read any file on the system. To close this the code adds a utility copy_file_from_user_to_root . It opens the copy destination file as root and then forks/drop privileges. Then as a user the utility opens the source file and do the copy into the destination descriptor that is preserved accross the fork. | ||
* | support allow-private-blacklist in profile files | netblue30 | 2017-01-28 |
| | |||
* | fixed access for --hosts-file | netblue30 | 2017-01-23 |
| | |||
* | bash completion for --hosts-file | netblue30 | 2017-01-22 |
| | |||
* | --hosts-file option | netblue30 | 2017-01-22 |
| | |||
* | Add support for joining a persistent, named network namespace. | Zack Weinberg | 2017-01-20 |
| | |||
* | firejail/fs.c: include sys/wait.h for declaration of waitpid | Zack Weinberg | 2017-01-20 |
| |