aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAge
* fbuilder: fix Electron appsLibravatar smitsohu2022-03-12
| | | | | tracelog is known to be incompatible with Chromium/Electron apps keep it commented for the time being
* fbuilder tweaksLibravatar smitsohu2022-03-12
|
* Merge pull request #5028 from kmk3/fix-gcov-macroLibravatar netblue302022-03-11
|\ | | | | gcov: fix gcov functions always declared as dummy
| * gcov: fix gcov functions always declared as dummyLibravatar Kelvin M. Klann2022-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the check to enable gcov relies on a non-existent macro due to a typo, which looks like it would cause the dummy/empty versions of the gcov functions to always be declared (even with --enable-gcov), instead of the real ones from gcov.h. This commit fixes the typo (HAS_GCOV -> HAVE_GCOV). See configure.ac for the macro declaration. This amends commit 5106b2ec4 ("gcov: use no-op functions if not enabled", 2021-06-20) / PR #4376. Occurrences of each macro with this commit applied: $ git grep -F HAVE_GCOV | wc -l 16 $ git grep -F HAS_GCOV | wc -l 0
* | ls: add control character filtering (similar to cat option)Libravatar smitsohu2022-03-10
| |
* | refactor meta character filteringLibravatar smitsohu2022-03-10
|/
* fbuilder: fix suggested profileLibravatar smitsohu2022-03-09
| | | | follow-up to fdee4dc1326bb2d5ce90ef2a0410dccba56beb70
* build option: support chromium/electron apps most of the timeLibravatar smitsohu2022-03-09
|
* xdg dir translation cleanupLibravatar smitsohu2022-03-09
| | | | remove all duplicate entries
* Merge pull request #4985 from smitsohu/whitelistLibravatar netblue302022-03-05
|\ | | | | whitelist restructuring
| * whitelist: avoid nested whitelist mountsLibravatar smitsohu2022-03-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Check mountids while creating path of a new mount target. If the mountid differs from the top level directory (tmpfs) mountid, this proves an earlier whitelist command. It is important to note though that this check is not exhaustive, as besides nested whitelist commands there are also nested top level directories. So a user could run: firejail --whitelist=/a/b --whitelist=/a/b/c where both a and b are (whitelist) top level directories. Such a command may result in b and c sharing the filesystem and hence mountid. In this case the nested nature of the whitelist commands will go unnoticed. A more rigorous version will probably need to apply some sorting to the whitelist command, possibly by means of glob(3).
| * whitelist: minor restructuringLibravatar smitsohu2022-03-01
| | | | | | | | some cleanup, simplify extending the code (for example adding additional members to the TopDir struct)
| * mount id: drop effective user id assertionsLibravatar smitsohu2022-02-25
| | | | | | | | | | | | | | as functions operate on a file descriptor it should be safe to remove them; this sets the stage for improvements to the whitelist code
* | Merge pull request #4990 from chestnykh/user_profilesLibravatar netblue302022-03-05
|\ \ | | | | | | Add ability to disable user profiles at compile time.
| * | Add ability to disable user profiles at compile time.Libravatar Dmitry Chestnykh2022-02-28
| | |
* | | xdg macros: add Italian, Spanish, Portuguese, GermanLibravatar smitsohu2022-03-04
| | |
* | | xdg macros: don't fall through if directory not found (#4994)Libravatar smitsohu2022-03-04
| | |
* | | add opera-developer.profile (#5001)Libravatar glitsj162022-03-03
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | * add opera-developer to firecfg * add opera-developer * fix typo * add configs for opera-developer * Create opera-developer.profile * fixes for opera-developer * fix for opera-developer
* | fix --whitelist=/run/*Libravatar smitsohu2022-02-24
| |
* | more on --tabLibravatar netblue302022-02-20
| |
* | --tab: enable shell tab completionLibravatar netblue302022-02-20
| |
* | add onionshare redirects (#4957)Libravatar glitsj162022-02-18
|/ | | | | | | * Create onionshare.profile * Create onionshare-cli.profile * add onionshare redirects to firecfg.config
* Disable/comment message about nogroups being ignoredLibravatar Kelvin M. Klann2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added on commit 7abce0b4c ("Fix keeping certain groups with nogroups", 2021-11-30) / PR #4732. As reported by @rusty-snake on #4930, conflicting messages are printed when using whitelist-run-common.inc with nogroups: $ cat test.profile include whitelist-run-common.inc nogroups $ firejail --profile=./test.profile groups Reading profile ./test.profile Reading profile /etc/firejail/whitelist-run-common.inc Parent pid 1234, child pid 1235 Warning: logind not detected, nogroups command ignored <--- is a lie Warning: cleaning all supplementary groups Child process initialized in 30.00 ms rusty-snake <---- running `groups` outside of the sandbox shows more so groups are actually cleaned Parent is shutting down, bye... This probably happens because wrc causes /run/systemd to be hidden in the sandbox and because check_can_drop_all_groups is called multiple times, seemingly both before and after the whitelisting goes into effect. So disable the message about nogroups being ignored, but keep the message about cleaning all supplementary groups (which is unlikely to be printed unless it really happens). Fixes #4930.
* fix --private-cwd, issue #4910Libravatar netblue302022-02-08
|
* fix joining of sandboxes without shellLibravatar smitsohu2022-02-06
| | | | regressed in c764520b5aa343c00c3a73633511df039645973c
* new version for NixOS 4887Libravatar netblue302022-02-03
|
* new tentative fox for NixOS/private-etc (4887)Libravatar netblue302022-02-02
|
* tentative fix for private-etc in NixOS - issue 4887Libravatar netblue302022-02-02
|
* netlocker fixesLibravatar netblue302022-02-02
|
* Merge pull request #4829 from CaseOf/seafileLibravatar netblue302022-01-24
|\ | | | | Seafile
| * add seafile-appletLibravatar CaseOf2022-01-06
| |
* | Merge pull request #4873 from reedriley/cointopLibravatar netblue302022-01-24
|\ \ | | | | | | add a profile for cointop
| * | add a profile for cointopLibravatar Reed Riley2022-01-21
| | |
* | | build option: add appimage supportLibravatar smitsohu2022-01-24
| | |
* | | more man page fixesLibravatar smitsohu2022-01-23
| | | | | | | | | | | | | | | | | | there are two build options, should clean up both follow-up to commit a6283fd7873a4f1dffb0730a968406d52545c73a
* | | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2022-01-23
|\ \ \
| * | | netlink: revert man pagesLibravatar netblue302022-01-22
| | | |
* | | | testingLibravatar smitsohu2022-01-23
| | | |
* | | | build option: remove deprecated strace feature from manualLibravatar smitsohu2022-01-23
|/ / /
* | | netlink - fixing the fixLibravatar netblue302022-01-22
| | |
* | | man: mention that private-bin and private-etc are cumulativeLibravatar Kelvin M. Klann2022-01-22
| | | | | | | | | | | | | | | | | | This amends commit ac6c8c038 ("fix #4078", 2022-01-21). Fixes #4078.
* | | add a profile for 1password (#4874)Libravatar Reed Riley2022-01-21
| | |
* | | fix: some firejail output goes to stdout instead of stderr #4328Libravatar netblue302022-01-21
| | |
* | | adding netlink to --protocol list (#4605)Libravatar netblue2022-01-21
| | |
* | | allow apostrophe in whitelist/blacklist ( #4614)Libravatar netblue302022-01-21
| | |
* | | fix #4078Libravatar netblue302022-01-21
| | |
* | | cleanup for previous commitLibravatar netblue302022-01-21
| | |
* | | fix attribute for /tmp/user in --private-tmp, and fix #4151Libravatar netblue302022-01-21
| | |
* | | hostnames -> static-ip-mapLibravatar netblue302022-01-20
|/ /
* | compile fixLibravatar netblue302022-01-18
| |
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-04 23:32:26 +0000