| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
| |
| |
| |
| | |
* firecfg: Only use fix_desktop_files when --fix is specified
* firecfg: Only use fix_desktop_files automatically when run through sudo
|
| |\ \
| | |
| | | |
DBus filtering enhancements
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
D-Bus audit is now more in line with D-Bus filtering settings:
* Checks both the DBUS_SESSION_BUS_ADDRESS and DBUS_SYSTEM_BUS_ADDRESS
environment variables.
* Also checks common paths for fallback sockets in /run.
* Will report GOOD when D-Bus filtering is enabled.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
--dbus-user.log and --dbus-system.log instruct xdg-dbus-proxy to log
interactions with the session and system buses, respectively.
--dbus-log= can specify the location of the log file. If no location is
specified, log output is written to stdout.
|
| | | |
| | |
| | |
| | |
| | | |
This allows setting per-member and per-object path policies for
xdg-dbus-proxy.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
The SEE policy of xdg-dbus-proxy allows clients to see objects and bus
names, but not interact with them. The --call and --broadcast can allow
interactions with objects that have the SEE policy set. Profile support
for these proxy options will be added in a future commit.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Create mocp.profile
* add mocp support to disable-programs.inc
* add mocp support in firecfg.config
* update RELNOTES for mocp
* fix configuration access for mocp
Thanks to @rusty-snake for spotting this.
|
| | | |
| | |
| | | |
Ubuntu packages dino as dino-im
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also fixed a typo for new profiles: nicontine --> nicotine
* add plv to firecfg
* add plv to disable-programs.inc
* Create plv.profile
* Update plv.profile
|
| | |
| |
| |
| | |
Done to match whats stated in etc/firejail/firejail.config
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Some applications like Byobu, tmux and screen like to use environment
and then 100 environment variables may be too few.
Closes: #3350
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
32bit ARM syscall table
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The profile generated by --build are quite outdated. There are still a
lot of things left to do.
- fix #2150 (whitelist-common.inc is still opened from /etc/firejail)
- include wusc and wvc (todo: remove whitelists in wusc/wvc from the
generated profile.)
- fix parsing wc / use ${HOME} macro instead of ~
- update profile headers
- include all disable includes (mustly commented) in the output
- reorder the filesystem section
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
More liberal use of an already existing fall back path in pulseaudio.c
removes issues caused by symlinks in ~/.config/pulse (issue #3351 and
some others)
Don't die, but print warnings during /home directory masking,
so that users with a symbolic link in their home directory path can
at least make it to a shell prompt (only in combination with pulseaudio fix).
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Profile for Jitsi Meet desktop app (electron)
* Update description.
* Correctly include global definitions.
* Add jitsi-meet-desktop to firecfg.
* blacklist Jitsi-meet config directory in disable-programs.inc
* Disable more things.
disable-exec.inc not included, as the application shows some error if I
include it.
* Disable more stuff.
* No need to whitelist Downloads directory.
I don't think this application has any file sharing / downloading
feature.
* Use private-bin
I needed to allow the bash executable as well for this to work.
* Add some whitelist rules.
* Use private-cache option
* include disable-exec.inc
Apparently one needs to allow execution in /tmp for the program to work.
* Redirect to electron.profile.
* Use private-etc.
* Do not whitelist Downloads directory.
electron.profile does this, but I do not think this program needs it.
* Rearrange whitelisted files to alphabetical order.
* Move nonwhitelist to appropriate section.
* Newlines as section separators.
|
| |\ \ \
| |/ /
|/| | |
Add new profile: nicotine
|
| | | | |
|
| | | |
| | |
| | |
| | | |
…g.config (#3333).
|
| |/ / |
|
| | |
| |
| |
| |
| |
| | |
firejail can blacklist (and now also whitelist) files based on glob
pattern. This pattern is evaluated at firejail start, and not updated
at run time. This patch documents this behavior.
|
| | | |
|
| | |
| |
| |
| | |
Delete two unused variables.
|
| | | |
|
| | |
| |
| | |
See discussion in https://github.com/netblue30/firejail/pull/3326.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
This patch also allows setting the DBus policies to filter even if
xdg-dbus-proxy is not installed. In that case, unrestricted access to the bus is
allowed, but a warning is emitted.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To avoid race conditions, the proxy sockets from /run/firejail/dbus/ are
bind-mounted to /run/firejail/mnt/dbus/, which is controlled by root.
Instead of relying on the default locations of the DBus sockets, the environment
variables DBUS_SESSION_BUS_ADDRESS and DBUS_SYSTEM_BUS_ADDRESS are set
accordingly.
User sockets are tried in the following order when starting the proxy:
* DBUS_SESSION_BUS_ADDRES
* /run/user/<pid>/bus
* /run/user/<pid>/dbus/user_bus_socket
These are all blocked (including DBUS_SESSION_BUS_ADDRESS if it points at a
socket in the filesystem) when the filtering or blocking policy is active.
System sockets are tried in the following order:
* DBUS_SYSTEM_BUS_ADDRESS
* /run/dbus/system_bus_socket
These are all blocked (including DBUS_SYSTEM_BUS_ADDRESS if it points at a
socket in the filesystem) when the filtering or blocking policy is active.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
The options --dbus-user.talk, --dbus-user.own, --dbus-system.talk, and
--dbus-system.own control which names can be accessed and owned on the user and
system buses.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* The proxy is forked off outside the sandbox namespace to protect the
fds of the original buses from the sandboxed process.
* The /run/firejail/dbus directory (with the sticky bit set) holds the proxy
sockets. The sockets are <parent pid>-user and <parent pid>-system for the
user and system buses, respectively. Each socket is owned by the sandbox user.
* The sockets are bind-mounted over their expected locations and the
/run/firejail/dbus directory is subsequently hidden from the sandbox.
* Upon sandbox exit, the xdg-dbus-proxy instance is terminated and the sockets
are cleaned up.
* Filter rules will be added in a future commit.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
To contain processes forked for long time, such as the xdg-dbus-proxy,
sbox_exec_v can be used, which is the non-forking version of sbox_run_v.
Additionally, the SBOX_KEEPS_FDS flag avoid closing any open fds,
so fds needed by the subordinate process can be left open before calling
sbox_exec_v.
This flag does not makes sense for sbox_run_v, and causes an assertion failure.
|
| | |
| |
| |
| |
| |
| | |
Allow setting a separate policy for the user and system buses.
For now, the filter policy is equivalent to the none (block) policy.
Future commits will add more configuration options and filters.
|
backspac
Kristóf Marussy
Kristóf Marussy
glitsj16
Karoshi42
netblue30
Lior Stern
Topi Miettinen
Topi Miettinen
backspac
Reiner Herrmann
smitsohu
Andrew Branson
rusty-snake
Kishore96in
Christian Pinedo
Antonio Russo