Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | | Allow exceptions to seccomp lists | Topi Miettinen | 2019-08-25 | |
|/ | | | | | | | Prefix ! can be used to make exceptions to system call blacklists and whitelists used by seccomp, seccomp.drop and seccomp.keep. Closes #1366 | |||
* | various fixes and improvements | rusty-snake | 2019-08-22 | |
| | | | | | | | | | | | | - install contrib/syscalls.sh - add GitLab-CI status to README.md - read-only ${HOME}/.cargo/env - move blacklist ${HOME}/.cargo/registry, ${HOME}/.cargo/config to disable-programs - typo in man firejail firejail-profiles firecfg - better descriptions in man firejail-profiles - fixes in man firejail - template descriptions in firejail-profiles | |||
* | added i2prouter to firecfg | core_contingency | 2019-08-21 | |
| | ||||
* | Fix revert of previous trace fix. The issue was that programs were crashing ↵ | Glenn Washburn | 2019-08-21 | |
| | | | | because libtrace hooked libc calls were being executed before the libtrace library was initialized. This was due to other loaded libraries being initialized first. | |||
* | fix private-bin for tb-starter-wrapper #2863 | rusty-snake | 2019-08-19 | |
| | ||||
* | Merge pull request #2909 from gm10/fix-get_user | netblue30 | 2019-08-18 | |
|\ | | | | | get_user() do not use the unreliable getlogin() | |||
| * | get_user() do not use the unreliable getlogin() | gm10 | 2019-08-13 | |
| | | ||||
* | | profiles: add kiwix-desktop | Tad | 2019-08-18 | |
| | | ||||
* | | fix --trace | netblue30 | 2019-08-17 | |
|/ | ||||
* | Add unzstd profile (#2903) | glitsj16 | 2019-08-12 | |
| | | | | | | * Create unzstd.profile * Add unzstd to firecfg.config | |||
* | Add zstd (redirect) profile(s) (#2902) | glitsj16 | 2019-08-12 | |
| | | | | | | | | | | | | | | | | * Create zstd.profile * Create pzstd.profile * Create zstdcat.profile * Create zstdgrep.profile * Create zstdless.profile * Create zstdmt.profile * Add zstd and its redirect profiles to firecfg.config | |||
* | add bzcat profile | smitsohu | 2019-08-12 | |
| | ||||
* | rewrite/partial revert of 8bff773d6a7bf70c97b3d5b751df9ec0dd6c8b5d | smitsohu | 2019-08-09 | |
| | | | | | | | the commit in question introduced an early check of Firejail configuration file, which broke "firejail in firejail" for some sandboxes. see issue #2877 | |||
* | integrate private home options with nosound and x11 none | smitsohu | 2019-08-07 | |
| | | | | fixes #2867 | |||
* | private home: don't create unused temporary files | smitsohu | 2019-08-07 | |
| | ||||
* | tune pam-tmpdir file permissions | smitsohu | 2019-08-01 | |
| | ||||
* | Merge pull request #2883 from flacks/profiles/whalebird | SkewedZeppelin | 2019-08-01 | |
|\ | | | | | Add Whalebird profile | |||
| * | Add Whalebird profile | Jean Lucas | 2019-07-31 | |
| | | ||||
* | | Add new Tor Browser alias | Jean Lucas | 2019-07-31 | |
|/ | | | | | | | | | - tor-browser in the AUR is an international package; all other individual language variants have been removed, so, add new alias - Add 'tor-browser' and 'mv' to private-bin in launcher profile ('mv' is required when upgrading tor-browser versions) - Add 'tor-browser' to firecfg.config - Add config dir to disable-programs.inc | |||
* | Corrections | Jean Lucas | 2019-07-31 | |
| | | | | | | - Add Zulip config dir to disable-programs.inc - Add disable-xdg.inc to Zulip profile - Add Zulip to firecfg.config | |||
* | Add tb-starter-wrapper.profile (#2863) | rusty-snake | 2019-07-28 | |
| | ||||
* | fix private-tmp/pam-tmpdir interaction - #2685 | smitsohu | 2019-07-27 | |
| | ||||
* | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2019-07-25 | |
|\ | ||||
| * | fix make scan-build for debian 10 and arch | netblue30 | 2019-07-22 | |
| | | ||||
* | | fix whitelisting for homedirs outside /home | smitsohu | 2019-07-25 | |
| | | ||||
* | | fix verbosity for non-authorized user | smitsohu | 2019-07-22 | |
|/ | | | | | | users not in firejail.users should only see the error, not the symlink warning. Also exposes less code to non- authorized users. | |||
* | fix gucharmap & add gnome-characters, gnome-character-map | rusty-snake | 2019-07-18 | |
| | ||||
* | document profile support for allow-debuggers in firejail-profile man page ↵ | Sebastian Hafner | 2019-07-17 | |
| | | | | (#2861) | |||
* | faudit: fix gcc stringop-truncation warning | smitsohu | 2019-07-17 | |
| | ||||
* | check for dir existence before private-* mount | smitsohu | 2019-07-16 | |
| | | | fixes #2859 | |||
* | profile support for allow-debuggers (#2856) | Sebastian Hafner | 2019-07-15 | |
| | ||||
* | homedirs: turn "informational error" into warning | smitsohu | 2019-07-14 | |
| | ||||
* | don't allow root directory as home | smitsohu | 2019-07-14 | |
| | ||||
* | uniformly mask /home in all private home options | smitsohu | 2019-07-12 | |
| | ||||
* | private-home: remove redundancy | smitsohu | 2019-07-12 | |
| | ||||
* | rename some variables so they don't shadow others with same name | Reiner Herrmann | 2019-07-11 | |
| | | | | via lgtm.com | |||
* | Merge pull request #2850 from disconnect3d/patch-1 | Reiner Herrmann | 2019-07-11 | |
|\ | | | | | Update pid.c | |||
| * | Update pid.c | Disconnect3d | 2019-07-10 | |
| | | | | | | Remove redundant `child` variable in src/lib/pid.c | |||
* | | Update libpostexecseccomp.c (#2851) | Disconnect3d | 2019-07-11 | |
| | | | | | | | | | | | | | | | | | | * Update libpostexecseccomp.c Remove `if (size != 0)` condition, which is always true as there is a `if (size <= 0)` condition before. Also note that if the `if (size <= 0)` condition wouldn't be there and `size` would be 0, there would have been an undefined behavior in due to division by zero in `(unsigned short) size / (unsigned short) sizeof(struct sock_filter);`. Found with LGTM: https://lgtm.com/projects/g/netblue30/firejail/snapshot/961c4ca00425b60a7bc8543460031a8ebf3d8aa6/files/src/libpostexecseccomp/libpostexecseccomp.c#x838c24f710410160:1 | |||
* | | remove duplicate fclose/free | Reiner Herrmann | 2019-07-10 | |
|/ | ||||
* | Add redirects for mpg123 (#2847) | glitsj16 | 2019-07-09 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create conplay.profile * Create mpg123.bin.profile * Create mpg123-alsa.profile * Create mpg123-id3dump.profile * Create mpg123-jack.profile * Create mpg123-nas.profile * Create mpg123-openal.profile * Create mpg123-oss.profile * Create mpg123-portaudio.profile * Create mpg123-pulse.profile * Create mpg123-strip.profile * Create out123.profile * Add mpg123 redirects to fireconfig | |||
* | Merge pull request #2844 from crass/fix-561-trace-appimage | netblue30 | 2019-07-09 | |
|\ | | | | | Fix issue #561. Refactor/Optimize code to get and use pid and process name. | |||
| * | Fix issue #561. Refactor/Optimize code to get and use pid and process name. | Glenn Washburn | 2019-07-09 | |
| | | ||||
* | | Merge pull request #2843 from crass/fix-2842-extra-appimage-envvars | netblue30 | 2019-07-09 | |
|\ \ | | | | | | | Add OWD and ARGV0 environment variables. Correctly create APPIMAGE envvar. | |||
| * | | Add OWD and ARGV0 environment variables. Correctly create APPIMAGE envvar. | Glenn Washburn | 2019-07-09 | |
| |/ | ||||
* | | main.c: define O_PATH (CentOS 6 fix) | smitsohu | 2019-07-09 | |
| | | ||||
* | | move to fd based homedir mounts | smitsohu | 2019-07-09 | |
| | | ||||
* | | add symlink resolution for home directories | smitsohu | 2019-07-09 | |
|/ | ||||
* | more simplification of fs_check_chroot_dir | smitsohu | 2019-07-08 | |
| | ||||
* | reduce redundancy in fs_check_chroot_dir | smitsohu | 2019-07-08 | |
| |