Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | join: also check proc file to detect nonewprivs bit | 2018-12-17 | |
| | | | | | redundant check that adds defense in depth and maybe one day can replace the other, file based check | ||
* | Merge pull request #2297 from smitsohu/patch | 2018-12-17 | |
|\ | | | | | enforce nonewprivs instead of seccomp for chroot sandboxes | ||
| * | enforce nonewprivs instead of seccomp for chroot sandboxes | 2018-12-15 | |
| | | | | | | | | | | currently users are able to specify a seccomp filter of their choosing, leaving the real defense to nonewprivs anyway. | ||
* | | New profile for supertuxkart. (#2298) | 2018-12-16 | |
| | | | | | | | | | | | | * New profile supertuxkart * review fixes | ||
* | | fix netstats typo in man firejail | 2018-12-16 | |
|/ | |||
* | join: check prctl return value | 2018-12-14 | |
| | |||
* | add explicit nonewprivs support to join option; accompanying small improvements | 2018-12-14 | |
| | |||
* | firecfg: improve error string | 2018-12-13 | |
| | | | | emphasize that only firecfg needs all permissions, not firejail | ||
* | pulseaudio: use create_dir_as_user(); small adjustments | 2018-12-13 | |
| | |||
* | Revert "pulseaudio: use env variable fallback in more cases" | 2018-12-13 | |
| | | | | | | | | | This reverts commit 93779cb9cd0d098cd3587e2f795200d98e3af1ee. That commit removed restrictions, but also added new inconsistencies. Starting again from the previous state is easier than evolving the current state, hence reverting the commit. | ||
* | pulseaudio: use env variable fallback in more cases | 2018-12-11 | |
| | | | | | | setting the PULSE_CLIENTCONFIG environment variable to the unmounted file is a safe fallback, use it in more cases when mounting is considered not an option | ||
* | add create_empty_dir_as_user function, refactor | 2018-12-11 | |
| | |||
* | xorg: check if Xauthority mount point was created | 2018-12-11 | |
| | | | | and print more meaningful error message | ||
* | Add a profile for thunderbird-wayland | 2018-12-10 | |
| | |||
* | improve sandboxing of KDE apps: set KDE_FORK_SLAVES, blacklist slave-sockets | 2018-12-07 | |
| | | | | | | | | | | setting the KDE_FORK_SLAVES environment variable removes all inconsistencies that arise from slaves running outside the sandbox or in a different sandbox; it also makes it slightly more difficult to abuse KIO in general and helps to mitigate security problems due to thumbnailing, which now always happens inside the same sandbox. The trade-off is more concurrently running slave processes. closes #2285 | ||
* | add HAS_NODBUS conditional, ${RUNUSER} makro | 2018-12-07 | |
| | |||
* | merges | 2018-11-29 | |
| | |||
* | Merge pull request #2276 from smitsohu/tmpfs | 2018-11-28 | |
|\ | | | | | refactor private-cache and tmpfs | ||
| * | refactor private-cache and tmpfs | 2018-11-26 | |
| | | | | | | | | | | | | has the immediate benefit that the result of combining --noexec and --tmpfs does not depend on the sequence of the options | ||
* | | Merge branch 'master' of https://github.com/netblue30/firejail | 2018-11-27 | |
|\ \ | |||
| * | | Add ocenaudio to firecfg.config | 2018-11-27 | |
| |/ | |||
* | | firecfg: small tweaks, fixes, man page update | 2018-11-27 | |
| | | |||
* | | man page typo | 2018-11-27 | |
|/ | |||
* | removed ranger from firecfg.config | 2018-11-24 | |
| | |||
* | removed vim from firecfg.config | 2018-11-24 | |
| | |||
* | Misc. typos | 2018-11-19 | |
| | | | Found using `codespell -q 3 -L shotcut,objext,als,ans,creat,varius,chage,tthe` | ||
* | Remove -c from usage completely. | 2018-11-18 | |
| | |||
* | Add better documentation for "-c" option. | 2018-11-18 | |
| | |||
* | Merge pull request #2255 from crass/fix-profile-name-handling | 2018-11-14 | |
|\ | | | | | Allow prefixing colon to profile argument of --profile to for a profile search | ||
| * | Allow prefixing colon to profile argument of --profile to for a profile ↵ | 2018-11-09 | |
| | | | | | | | | search, and disallow a directory to match as a profile file. | ||
* | | still fixing indentation | 2018-11-13 | |
| | | | | | | | | my editor is weird sometimes | ||
* | | identation fix | 2018-11-13 | |
| | | |||
* | | misc small adjustments | 2018-11-13 | |
| | | |||
* | | user database: improve error strings and checks | 2018-11-11 | |
| | | |||
* | | fix the fix: ff6612fac86e1a79ba264167f0263ff12f62f346 | 2018-11-10 | |
| | | |||
* | | Merge branch 'master' of https://github.com/netblue30/firejail | 2018-11-10 | |
|\| | |||
| * | Have appimage handling be the same with or with out special -- argument. | 2018-11-08 | |
| | | |||
| * | fix compile | 2018-11-08 | |
| | | |||
| * | profile parser testing | 2018-11-08 | |
| | | |||
| * | Merge pull request #2247 from SkewedZeppelin/u2f_cond | 2018-11-07 | |
| |\ | | | | | | | Add new config option to disable U2F in browsers, enabled by default | ||
| | * | Add new config option to disable U2F in browsers, enabled by default | 2018-11-05 | |
| | | | |||
* | | | unreadable firejail.users database fixes | 2018-11-10 | |
|/ / | | | | | | | | | | | | | run firecfg with umask 022 and print a diagnostic message if the database is not readable. closes #2225 | ||
* / | Fixes for brave browser | 2018-11-05 | |
|/ | |||
* | fix --bandwidth command | 2018-11-05 | |
| | |||
* | recursive remounts: add fallback for old kernels, some improvements | 2018-11-04 | |
| | | | | | | | | | | | * vanilla kernels before 3.15 don't expose a mount id in /proc/pid/fdinfo files. This is still relevant on Ubuntu 14.04 with 3.13 kernel, CentOS 7 doesn't have this problem. In this case fall back to simple a remount and print a warning. * drop euid switching as it doesn't really serve a purpose here (paths are not opened in reading or writing mode, and we are not doing anything with it) and potentially causes problems when suid programs are sandboxed * more rigorous error handling | ||
* | mount appimages nodev,nosuid | 2018-11-04 | |
| | |||
* | fs_whitelist: minor mountinfo check improvement, cleanup | 2018-11-04 | |
| | |||
* | Add Mendeley profile | 2018-11-02 | |
| | |||
* | adding --net.print command line option | 2018-10-29 | |
| | |||
* | aisleriot | 2018-10-28 | |
| |