aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAge
* fix typoLibravatar Vasya Novikov2016-03-01
|
* firemon fixesLibravatar netblue302016-02-29
|
* various fixesLibravatar netblue302016-02-28
|
* firemon fixesLibravatar netblue302016-02-27
|
* man page fixesLibravatar netblue302016-02-27
|
* Merge branch 'master' of https://github.com/netblue30/firejailLibravatar netblue302016-02-26
|\
| * Fix manual typoLibravatar andrew1602016-02-26
| |
* | x11 supportLibravatar netblue302016-02-26
|/
* x11 fixesLibravatar netblue302016-02-25
|
* x11 workLibravatar netblue302016-02-24
|
* x11 workLibravatar netblue302016-02-24
|
* allow --interface only to root user for --enable-network=restrictedLibravatar netblue302016-02-24
|
* x11 workLibravatar netblue302016-02-24
|
* Merge branch 'master' of https://github.com/netblue30/firejailLibravatar netblue302016-02-24
|\
| * Merge pull request #319 from yumkam/network-restrictedLibravatar netblue302016-02-24
| |\ | | | | | | Add compile-time option to restrict --net= to root only
| | * Add compile-time option to restrict --net= to root onlyLibravatar Yuriy M. Kaminskiy2016-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ./configure --enable-network=restricted allows only --net=none to non-root users. Other variants delegate too much power to non-root users and dangerous (it completely bypasses system-wide firewall and routing, it allows introducing arbitrary-chosen MAC and IP interfaces on LAN [disregarding DHCP policy], etc). Root already had power to twiddle with anything, so no sense to restrain her, and --net=none looks safe enough (and still useful) for ordinary users.
| * | man/firejail.txt: note you don't need --ip6= with SLAACLibravatar Yuriy M. Kaminskiy2016-02-23
| |/
* / x11 workLibravatar netblue302016-02-23
|/
* x11 workLibravatar netblue302016-02-23
|
* small fixesLibravatar netblue302016-02-21
|
* fixesLibravatar netblue302016-02-20
|
* testingLibravatar netblue302016-02-20
|
* euid switchingLibravatar netblue302016-02-19
|
* euid switchingLibravatar netblue302016-02-19
|
* moved sandbox name to /run/firejail/name/<PID>Libravatar netblue302016-02-19
|
* euid switchingLibravatar netblue302016-02-18
|
* added mkdir in all whitelisted profilesLibravatar netblue302016-02-18
|
* mkdir support in profile filesLibravatar netblue302016-02-17
|
* centos7 fixes; support for building rpm packagesLibravatar netblue302016-02-16
|
* fix pathLibravatar netblue302016-02-15
|
* centos6 fixLibravatar netblue302016-02-15
|
* manpage fixLibravatar netblue302016-02-14
|
* Merge pull request #293 from reinerh/masterLibravatar netblue302016-02-14
|\ | | | | Fix memory leak
| * Fix memory leakLibravatar Reiner Herrmann2016-02-13
| |
* | small fixesLibravatar netblue302016-02-14
| |
* | --trace fixLibravatar netblue302016-02-13
| |
* | --trace fixLibravatar netblue302016-02-13
|/
* seccomp fixesLibravatar netblue302016-02-12
|
* set sandbox nice valueLibravatar netblue302016-02-11
|
* Merge pull request #289 from manevich/patch-2Libravatar netblue302016-02-10
|\ | | | | Fix problem with relative path in storage_find function
| * Fix problem with relative path in storage_find functionLibravatar Aleksey Manevich2016-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | storage_find function fails on relative path, so nothing reported to log when blacklisted file accessed by relative path. This is because CWD is NULL when realpath function called. How to reproduce: touch /home/user/somefile firejail --blacklist=somefile --tracelog cat somefile Solution: keep CWD value and set it before calling realpath. In order to do this: * new wrapper for chdir call, and variable to keep CWD added. * storage_find modified to chdir before calling realpath function. * order of storage_find and orig_* calls in syscall wrappers changed, to prevent error set by calls in storage_find leak outside. * condition for calling realpath changed to include double-slash and path without initial slash.
* | STUN/WebRTC disabled in default netfilter configurationLibravatar netblue302016-02-10
|/
* fixed man firejail-profileLibravatar netblue302016-02-09
|
* isolate command name problemLibravatar netblue302016-02-08
|
* whitelist fixLibravatar netblue302016-02-08
|
* fixed whitelist problemLibravatar netblue302016-02-08
|
* set window titleLibravatar netblue302016-02-08
|
* default seccomp filter updateLibravatar netblue302016-02-08
|
* 0.9.38 testingLibravatar netblue302016-02-02
|
* 0.9.38 testingLibravatar netblue302016-02-01
|
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-08-01 10:34:35 +0000