| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | join: also check proc file to detect nonewprivs bit |  smitsohu | 2018-12-17 |
| | | | | | | redundant check that adds defense in depth and maybe one day can replace the other, file based check | ||
| * | Merge pull request #2297 from smitsohu/patch |  startx2017 | 2018-12-17 |
| |\ | | | | | enforce nonewprivs instead of seccomp for chroot sandboxes | ||
| | * | enforce nonewprivs instead of seccomp for chroot sandboxes | smitsohu | 2018-12-15 |
| | | | | | | | | | | | currently users are able to specify a seccomp filter of their choosing, leaving the real defense to nonewprivs anyway. | ||
| * | | New profile for supertuxkart. (#2298) |  rusty-snake | 2018-12-16 |
| | | | | | | | | | | | | | * New profile supertuxkart * review fixes | ||
| * | | fix netstats typo in man firejail |  glitsj16 | 2018-12-16 |
| |/ | |||
| * | join: check prctl return value | smitsohu | 2018-12-14 |
| | | |||
| * | add explicit nonewprivs support to join option; accompanying small improvements | smitsohu | 2018-12-14 |
| | | |||
| * | firecfg: improve error string | smitsohu | 2018-12-13 |
| | | | | | emphasize that only firecfg needs all permissions, not firejail | ||
| * | pulseaudio: use create_dir_as_user(); small adjustments | smitsohu | 2018-12-13 |
| | | |||
| * | Revert "pulseaudio: use env variable fallback in more cases" | smitsohu | 2018-12-13 |
| | | | | | | | | | | This reverts commit 93779cb9cd0d098cd3587e2f795200d98e3af1ee. That commit removed restrictions, but also added new inconsistencies. Starting again from the previous state is easier than evolving the current state, hence reverting the commit. | ||
| * | pulseaudio: use env variable fallback in more cases | smitsohu | 2018-12-11 |
| | | | | | | | setting the PULSE_CLIENTCONFIG environment variable to the unmounted file is a safe fallback, use it in more cases when mounting is considered not an option | ||
| * | add create_empty_dir_as_user function, refactor | smitsohu | 2018-12-11 |
| | | |||
| * | xorg: check if Xauthority mount point was created | smitsohu | 2018-12-11 |
| | | | | | and print more meaningful error message | ||
| * | Add a profile for thunderbird-wayland |  rusty-snake | 2018-12-10 |
| | | |||
| * | improve sandboxing of KDE apps: set KDE_FORK_SLAVES, blacklist slave-sockets | smitsohu | 2018-12-07 |
| | | | | | | | | | | | setting the KDE_FORK_SLAVES environment variable removes all inconsistencies that arise from slaves running outside the sandbox or in a different sandbox; it also makes it slightly more difficult to abuse KIO in general and helps to mitigate security problems due to thumbnailing, which now always happens inside the same sandbox. The trade-off is more concurrently running slave processes. closes #2285 | ||
| * | add HAS_NODBUS conditional, ${RUNUSER} makro | smitsohu | 2018-12-07 |
| | | |||
| * | merges |  Tad | 2018-11-29 |
| | | |||
| * | Merge pull request #2276 from smitsohu/tmpfs |  netblue30 | 2018-11-28 |
| |\ | | | | | refactor private-cache and tmpfs | ||
| | * | refactor private-cache and tmpfs | smitsohu | 2018-11-26 |
| | | | | | | | | | | | | | has the immediate benefit that the result of combining --noexec and --tmpfs does not depend on the sequence of the options | ||
| * | | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2018-11-27 |
| |\ \ | |||
| | * | | Add ocenaudio to firecfg.config | glitsj16 | 2018-11-27 |
| | |/ | |||
| * | | firecfg: small tweaks, fixes, man page update | smitsohu | 2018-11-27 |
| | | | |||
| * | | man page typo | smitsohu | 2018-11-27 |
| |/ | |||
| * | removed ranger from firecfg.config |  veloute | 2018-11-24 |
| | | |||
| * | removed vim from firecfg.config | veloute | 2018-11-24 |
| | | |||
| * | Misc. typos |  luz.paz | 2018-11-19 |
| | | | | Found using `codespell -q 3 -L shotcut,objext,als,ans,creat,varius,chage,tthe` | ||
| * | Remove -c from usage completely. |  Glenn Washburn | 2018-11-18 |
| | | |||
| * | Add better documentation for "-c" option. | Glenn Washburn | 2018-11-18 |
| | | |||
| * | Merge pull request #2255 from crass/fix-profile-name-handling | netblue30 | 2018-11-14 |
| |\ | | | | | Allow prefixing colon to profile argument of --profile to for a profile search | ||
| | * | Allow prefixing colon to profile argument of --profile to for a profile ↵ | Glenn Washburn | 2018-11-09 |
| | | | | | | | | | search, and disallow a directory to match as a profile file. | ||
| * | | still fixing indentation | smitsohu | 2018-11-13 |
| | | | | | | | | | my editor is weird sometimes | ||
| * | | identation fix | smitsohu | 2018-11-13 |
| | | | |||
| * | | misc small adjustments | smitsohu | 2018-11-13 |
| | | | |||
| * | | user database: improve error strings and checks | smitsohu | 2018-11-11 |
| | | | |||
| * | | fix the fix: ff6612fac86e1a79ba264167f0263ff12f62f346 | smitsohu | 2018-11-10 |
| | | | |||
| * | | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2018-11-10 |
| |\| | |||
| | * | Have appimage handling be the same with or with out special -- argument. | Glenn Washburn | 2018-11-08 |
| | | | |||
| | * | fix compile | netblue30 | 2018-11-08 |
| | | | |||
| | * | profile parser testing | netblue30 | 2018-11-08 |
| | | | |||
| | * | Merge pull request #2247 from SkewedZeppelin/u2f_cond | netblue30 | 2018-11-07 |
| | |\ | | | | | | | Add new config option to disable U2F in browsers, enabled by default | ||
| | | * | Add new config option to disable U2F in browsers, enabled by default | Tad | 2018-11-05 |
| | | | | |||
| * | | | unreadable firejail.users database fixes | smitsohu | 2018-11-10 |
| |/ / | | | | | | | | | | | | | run firecfg with umask 022 and print a diagnostic message if the database is not readable. closes #2225 | ||
| * / | Fixes for brave browser |  Fred-Barclay | 2018-11-05 |
| |/ | |||
| * | fix --bandwidth command | netblue30 | 2018-11-05 |
| | | |||
| * | recursive remounts: add fallback for old kernels, some improvements | smitsohu | 2018-11-04 |
| | | | | | | | | | | | | * vanilla kernels before 3.15 don't expose a mount id in /proc/pid/fdinfo files. This is still relevant on Ubuntu 14.04 with 3.13 kernel, CentOS 7 doesn't have this problem. In this case fall back to simple a remount and print a warning. * drop euid switching as it doesn't really serve a purpose here (paths are not opened in reading or writing mode, and we are not doing anything with it) and potentially causes problems when suid programs are sandboxed * more rigorous error handling | ||
| * | mount appimages nodev,nosuid | smitsohu | 2018-11-04 |
| | | |||
| * | fs_whitelist: minor mountinfo check improvement, cleanup | smitsohu | 2018-11-04 |
| | | |||
| * | Add Mendeley profile | Fred-Barclay | 2018-11-02 |
| | | |||
| * | adding --net.print command line option | netblue30 | 2018-10-29 |
| | | |||
| * | aisleriot | netblue30 | 2018-10-28 |
| | | |||
 |
index : firejail | |
| Mirror of https://github.com/netblue30/firejail | Firejail Authors |
| aboutsummaryrefslogtreecommitdiffstats |