Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Fix manual typo | andrew160 | 2016-02-26 |
| | |||
* | x11 fixes | netblue30 | 2016-02-25 |
| | |||
* | x11 work | netblue30 | 2016-02-24 |
| | |||
* | x11 work | netblue30 | 2016-02-24 |
| | |||
* | allow --interface only to root user for --enable-network=restricted | netblue30 | 2016-02-24 |
| | |||
* | x11 work | netblue30 | 2016-02-24 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2016-02-24 |
|\ | |||
| * | Merge pull request #319 from yumkam/network-restricted | netblue30 | 2016-02-24 |
| |\ | | | | | | | Add compile-time option to restrict --net= to root only | ||
| | * | Add compile-time option to restrict --net= to root only | Yuriy M. Kaminskiy | 2016-02-23 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ./configure --enable-network=restricted allows only --net=none to non-root users. Other variants delegate too much power to non-root users and dangerous (it completely bypasses system-wide firewall and routing, it allows introducing arbitrary-chosen MAC and IP interfaces on LAN [disregarding DHCP policy], etc). Root already had power to twiddle with anything, so no sense to restrain her, and --net=none looks safe enough (and still useful) for ordinary users. | ||
| * | | man/firejail.txt: note you don't need --ip6= with SLAAC | Yuriy M. Kaminskiy | 2016-02-23 |
| |/ | |||
* / | x11 work | netblue30 | 2016-02-23 |
|/ | |||
* | x11 work | netblue30 | 2016-02-23 |
| | |||
* | small fixes | netblue30 | 2016-02-21 |
| | |||
* | fixes | netblue30 | 2016-02-20 |
| | |||
* | testing | netblue30 | 2016-02-20 |
| | |||
* | euid switching | netblue30 | 2016-02-19 |
| | |||
* | euid switching | netblue30 | 2016-02-19 |
| | |||
* | moved sandbox name to /run/firejail/name/<PID> | netblue30 | 2016-02-19 |
| | |||
* | euid switching | netblue30 | 2016-02-18 |
| | |||
* | added mkdir in all whitelisted profiles | netblue30 | 2016-02-18 |
| | |||
* | mkdir support in profile files | netblue30 | 2016-02-17 |
| | |||
* | centos7 fixes; support for building rpm packages | netblue30 | 2016-02-16 |
| | |||
* | fix path | netblue30 | 2016-02-15 |
| | |||
* | centos6 fix | netblue30 | 2016-02-15 |
| | |||
* | manpage fix | netblue30 | 2016-02-14 |
| | |||
* | Merge pull request #293 from reinerh/master | netblue30 | 2016-02-14 |
|\ | | | | | Fix memory leak | ||
| * | Fix memory leak | Reiner Herrmann | 2016-02-13 |
| | | |||
* | | small fixes | netblue30 | 2016-02-14 |
| | | |||
* | | --trace fix | netblue30 | 2016-02-13 |
| | | |||
* | | --trace fix | netblue30 | 2016-02-13 |
|/ | |||
* | seccomp fixes | netblue30 | 2016-02-12 |
| | |||
* | set sandbox nice value | netblue30 | 2016-02-11 |
| | |||
* | Merge pull request #289 from manevich/patch-2 | netblue30 | 2016-02-10 |
|\ | | | | | Fix problem with relative path in storage_find function | ||
| * | Fix problem with relative path in storage_find function | Aleksey Manevich | 2016-02-10 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | storage_find function fails on relative path, so nothing reported to log when blacklisted file accessed by relative path. This is because CWD is NULL when realpath function called. How to reproduce: touch /home/user/somefile firejail --blacklist=somefile --tracelog cat somefile Solution: keep CWD value and set it before calling realpath. In order to do this: * new wrapper for chdir call, and variable to keep CWD added. * storage_find modified to chdir before calling realpath function. * order of storage_find and orig_* calls in syscall wrappers changed, to prevent error set by calls in storage_find leak outside. * condition for calling realpath changed to include double-slash and path without initial slash. | ||
* | | STUN/WebRTC disabled in default netfilter configuration | netblue30 | 2016-02-10 |
|/ | |||
* | fixed man firejail-profile | netblue30 | 2016-02-09 |
| | |||
* | isolate command name problem | netblue30 | 2016-02-08 |
| | |||
* | whitelist fix | netblue30 | 2016-02-08 |
| | |||
* | fixed whitelist problem | netblue30 | 2016-02-08 |
| | |||
* | set window title | netblue30 | 2016-02-08 |
| | |||
* | default seccomp filter update | netblue30 | 2016-02-08 |
| | |||
* | 0.9.38 testing | netblue30 | 2016-02-02 |
| | |||
* | 0.9.38 testing | netblue30 | 2016-02-01 |
| | |||
* | deprecated --private-home feature | netblue30 | 2016-02-01 |
| | |||
* | various fixes | netblue30 | 2016-01-31 |
| | |||
* | various fixes | netblue30 | 2016-01-31 |
| | |||
* | fixed ssh login in firejail shell | netblue30 | 2016-01-31 |
| | |||
* | Typos | Martin Carpenter | 2016-01-30 |
| | |||
* | 0.9.38-rc1 testing | netblue30 | 2016-01-29 |
| | |||
* | Merge pull request #269 from mcarpenter/sa_family_t | netblue30 | 2016-01-29 |
|\ | | | | | Include <sys/socket.h> for sa_family_t (RHEL 6.6) |