| Commit message (Collapse) | Author | Age |
| |
|
| |
|
|\
| |
| | |
Add further seccomp groups
|
| |
| |
| |
| | |
Get further seccomp group definitions from systemd.
|
| | |
|
|\ \ |
|
| |/
| |
| |
| | |
as per man page, numeric syscall is indicated by the dollar sign '$'
|
|/
|
|
|
|
|
| |
Prefix ! can be used to make exceptions to system call blacklists and
whitelists used by seccomp, seccomp.drop and seccomp.keep.
Closes #1366
|
|
|
|
|
|
|
|
|
|
|
|
| |
- install contrib/syscalls.sh
- add GitLab-CI status to README.md
- read-only ${HOME}/.cargo/env
- move blacklist ${HOME}/.cargo/registry, ${HOME}/.cargo/config to
disable-programs
- typo in man firejail firejail-profiles firecfg
- better descriptions in man firejail-profiles
- fixes in man firejail
- template descriptions in firejail-profiles
|
| |
|
|
|
|
| |
because libtrace hooked libc calls were being executed before the libtrace library was initialized. This was due to other loaded libraries being initialized first.
|
| |
|
|\
| |
| | |
get_user() do not use the unreliable getlogin()
|
| | |
|
| | |
|
|/ |
|
|
|
|
|
|
| |
* Create unzstd.profile
* Add unzstd to firecfg.config
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create zstd.profile
* Create pzstd.profile
* Create zstdcat.profile
* Create zstdgrep.profile
* Create zstdless.profile
* Create zstdmt.profile
* Add zstd and its redirect profiles to firecfg.config
|
| |
|
|
|
|
|
|
|
| |
the commit in question introduced an early check of Firejail configuration
file, which broke "firejail in firejail" for some sandboxes.
see issue #2877
|
|
|
|
| |
fixes #2867
|
| |
|
| |
|
|\
| |
| | |
Add Whalebird profile
|
| | |
|
|/
|
|
|
|
|
|
|
| |
- tor-browser in the AUR is an international package; all other
individual language variants have been removed, so, add new alias
- Add 'tor-browser' and 'mv' to private-bin in launcher profile ('mv' is
required when upgrading tor-browser versions)
- Add 'tor-browser' to firecfg.config
- Add config dir to disable-programs.inc
|
|
|
|
|
|
| |
- Add Zulip config dir to disable-programs.inc
- Add disable-xdg.inc to Zulip profile
- Add Zulip to firecfg.config
|
| |
|
| |
|
|\ |
|
| | |
|
| | |
|
|/
|
|
|
|
| |
users not in firejail.users should only see the error,
not the symlink warning. Also exposes less code to non-
authorized users.
|
| |
|
|
|
|
| |
(#2861)
|
| |
|
|
|
| |
fixes #2859
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
via lgtm.com
|
|\
| |
| | |
Update pid.c
|
| |
| |
| | |
Remove redundant `child` variable in src/lib/pid.c
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Update libpostexecseccomp.c
Remove `if (size != 0)` condition, which is always true as there is a `if (size <= 0)` condition before.
Also note that if the `if (size <= 0)` condition wouldn't be there and `size` would be 0, there would have been an undefined behavior in due to division by zero in `(unsigned short) size / (unsigned short) sizeof(struct sock_filter);`.
Found with LGTM: https://lgtm.com/projects/g/netblue30/firejail/snapshot/961c4ca00425b60a7bc8543460031a8ebf3d8aa6/files/src/libpostexecseccomp/libpostexecseccomp.c#x838c24f710410160:1
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create conplay.profile
* Create mpg123.bin.profile
* Create mpg123-alsa.profile
* Create mpg123-id3dump.profile
* Create mpg123-jack.profile
* Create mpg123-nas.profile
* Create mpg123-openal.profile
* Create mpg123-oss.profile
* Create mpg123-portaudio.profile
* Create mpg123-pulse.profile
* Create mpg123-strip.profile
* Create out123.profile
* Add mpg123 redirects to fireconfig
|
|\
| |
| | |
Fix issue #561. Refactor/Optimize code to get and use pid and process name.
|
| | |
|