| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | |
|
| |\ \
| | |
| | | |
add support for faccessat2 syscall
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ / |
|
| | | |
|
| |\ \
| | |
| | | |
Email part (2)
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Save all environment variables for later use in the application, clear
environment and re-apply only whitelisted variables for the main
firejail process. The whitelisted environment is only used by C
library. Sandboxed tools will get further variables used
internally (FIREJAIL_*).
All variables will be reapplied for the firejailed application.
This also lifts the length restriction for environment variables,
except for the variables used by Firejail itself or the sandboxed
tools.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Update disable-programs.inc
* Create calligragemini.profile
* Update calligra.profile
* Update calligra.profile
* Update firecfg.config
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
fsec-optimize: Optimize BPF with current seccomp error action, not
just KILL
fseccomp: use correct BPF code for errno action
firejail: honor seccomp error action for X32 and secondary filters,
rebuild filters if the error action is changed
Closes: #3933
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Update disable-programs.inc
* Update disable-programs.inc
* Update firecfg.config
* Create avidemux.profile
* Update avidemux.profile
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
New profile for CoyIM
|
| | |/ / |
|
| |\ \ \
| | | |
| | | | |
Add profile for kdiff3
|
| | | | | |
|
| | | | | |
|
| |/ / / |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Add $PATH expansion to private-lib
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
private-lib: add new timetrace
|
| | |/ / / |
|
| | | | | |
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
as modern-day Debian only keeps a single symbolic link in
/lib64, going through both directories systematically adds
virtually no overhead (as indicated by the timetrace). At
the same time it is simpler and more robust in producing a correct
representation of the filesystem.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
return to non-dumpable plugins
|
| | | | | |
|
| | | |/
| |/|
| | |
| | |
| | | |
(hopefully) fixes the issues that led to reverting
commits 6abb65d328af61d67361890743190bd4c57f8e3c and 98e42dc6da4e4b1e47ed2aa020012d4dedc1e80e
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* add new profile: qnapi
* add new profile: qnapi
* Create qnapi.profile
* add qnapi configs
* Update README.md
* Update README.md
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* new profile: shotwell
* Create shotwell.profile
* new profile: shotwell
* add shotwell blacklists
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
closes #3237
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
avoids creating holes in the basic read-only filesystem
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* don't mess with umask of root, it could be more strict
than user umask and relaxing it may catch root by surprise
* join needs execveat syscall, need to drop it post-exec
* make things more explicit
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
* new profile: tutanota-desktop
* add tutanota-desktop to firecfg
* blacklist tutanota-desktop files
* Create tutanota-desktop.profile
|
| |\ \
| | |
| | | |
join: add fexecve fallback for shells
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allows users to join a sandbox and get a shell even
if there is none in the sandbox mount namespace.
There are few limitations:
1. This will fail with scripted shells (see man 3 fexecve for an explanation)
2. Shell process names are not user friendly
|
netblue30
glitsj16
bbhtt
Topi Miettinen
Neo00001
irandms
Nex
smitsohu
rusty-snake