aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAge
* fix OOBLibravatar smitsohu2021-06-07
|
* blacklist cleaned passwd, group, utmp filesLibravatar smitsohu2021-06-06
| | | | | | just in case users decide to remove them completely from the sandbox, by means of private-etc or whitelist
* selinux enhancementsLibravatar smitsohu2021-06-06
|
* fixup 9678da00301562464464099b9d7cfd76424fbb23Libravatar smitsohu2021-06-06
|
* cleanupLibravatar smitsohu2021-06-06
|
* jailcheck: fix spelling errorsLibravatar Reiner Herrmann2021-06-04
|
* creating googler and ddgr profiles (#4333)Libravatar pirate4867431862021-06-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Create googler-common.profile * Create googler.profile * Create ddgr.profile * Update firecfg.config * sort fix * space * space * tightening * comment * fix comment * fix private-etc and ${DOWNLOADS} * fix sort * redundant ${DOWNLOADS}
* Merge pull request #4326 from jsquyres/pr/master/dont-quote-all-cmdlinesLibravatar netblue302021-06-04
|\ | | | | cmdline.c: optionally quote the resulting command line
| * cmdline.c: optionally quote the resulting command lineLibravatar Jeff Squyres2021-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we were launched by sshd, do not add extra quotes to the command line. This is because if firejail is a login shell, sshd will launch firejail thusly: * argv[0]: /path/to/firejail * argv[1]: -c * argv[2]: user's command to execute For example, if the user executed "ssh othernode echo hello world", argv[2] will be "echo hello world". Firejail will then add *extra* quotes to it, resulting in argv[2] becoming "'echo hello world' " (without the "", of course). The user's shell (e.g., bash) will see the extra single quotes and will not split the token into multiple tokens. The shell will be unable to find an executable or intrinsic named "echo hello world ", so it will fail. This commit changes the above behavior if firejail is launched by sshd. In that case, firejail will *not* add the extra single quotes around argv[2]. Specifically: all the tokens still end up in argv[2], but there's no *extra* quotes around argv[2], so the shell will split argv[2] into multiple tokens (if necessary). In the above example, argv[2] will be "echo hello world" (without the ""), which will be split. The shell will then look for an intrinsic or executable named "echo", which will succeed, and "hello world" will ultimately be emitted. Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
* | Merge pull request #4330 from smitsohu/fjconfigLibravatar netblue302021-06-04
|\ \ | | | | | | add firejail.config switch for private-{bin,etc,opt,srv}
| * | add firejail.config switch for private-{bin,etc,opt,srv}Libravatar smitsohu2021-05-22
| | |
* | | simplify X11 socket whitelistingLibravatar smitsohu2021-06-03
| | |
* | | Update manpage for whitelist2Libravatar rusty-snake2021-06-03
| | |
* | | version 0.9.66rc1 released0.9.66rc1Libravatar netblue302021-06-02
| | |
* | | reorganizing links browsers (#4320)Libravatar pirate4867431862021-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create links-common.profile * Update links.profile * Create links2.profile * Update links.profile * Update links2.profile * Update elinks.profile * Update elinks.profile * links2 * Update firecfg.config * Update xlinks.profile * .xlinks * add dbus and whitelist-usr-share-common * .xlinks doesn't exist * revert * Create xlinks2 * xlinks2 * Update xlinks2 * Update xlinks.profile * no wayland * no wayland * doesn't use /tmp/.X11-unix * doesn't use /tmp/.X11-unix * noblacklist /tmp/.X11-unix * noblacklist /tmp/.X11-unix
* | | --debug takes precedence over --quiet (#2743)Libravatar netblue302021-05-30
| | |
* | | fix fcoy error message (#2743)Libravatar netblue302021-05-30
| | |
* | | allow --debug if quite-by-default is set (#3125, #4168)Libravatar netblue302021-05-30
| | |
* | | fix crash during --shutdonwLibravatar netblue302021-05-29
| | |
* | | disable home dir whitelists when --private is presentLibravatar netblue302021-05-29
| |/ |/|
* | reorganizing youtube-viewers (#4128)Libravatar pirate4867431862021-05-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create youtube-viewers-common.profile * reorganising youtube viewers * rm globals * reorganise youtube viewers * adding pipe-viewer * adding gtk-pipe-viewer * xterm and youtube-dl cache * sort * Update youtube-viewers-common.profile * quiet * quiet * quiet * Update firecfg.config * rm vlc * rm invalid binary * noinput * rm whitelist-runuser-common.inc * rm whitelist-runuser-common.inc * rm whitelist-runuser-common.inc * whitelist-runuser-common.inc
* | Merge pull request #4307 from slowpeek/masterLibravatar Reiner Herrmann2021-05-28
|\ \ | | | | | | Refine appimage example in docs
| * | Refine appimage example in docsLibravatar slowpeek2021-05-26
| | |
* | | default gw fix - #4306Libravatar netblue302021-05-27
| | |
* | | remove dophin from firecfg.configLibravatar netblue302021-05-26
|/ /
* | deprecated follow-symlink-as-user from firejail.configLibravatar netblue302021-05-26
| |
* | fix firejail startup raceLibravatar smitsohu2021-05-24
| | | | | | | | | | | | | | | | sandboxes can race to create RUN_RO_FILE in shared memory similiar to #1013 regression from 825ac9cdc38c4285584e69d6f29102b149914dfe
* | Merge pull request #4302 from smitsohu/whitelist2Libravatar smitsohu2021-05-23
|\ \ | | | | | | Whitelist2 follow-up
| * | whitelist: following up #4229Libravatar smitsohu2021-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | besides some cosmetic tweaks, fixes --whitelist=/a/b where /a/b is a symbolic link to /a/c/d and c is the user home directory: create path as user and not as root. (going forward, a better and more comprehensive fix would be to prevent all mount point traversals in whitelist_mkpath, but it will take a bit of time to implement)
* | | support trailing comments on profile linesLibravatar netblue302021-05-21
| | |
* | | --buid fixesLibravatar netblue302021-05-20
| | |
* | | new profilesLibravatar netblue302021-05-20
| | |
* | | jailtest -> jailcheck (#4268)Libravatar netblue302021-05-18
| | |
* | | Merge pull request #4273 from rusty-snake/fix-2310Libravatar netblue302021-05-18
|\ \ \ | | | | | | | | Try to fix #2310 -- Can't create run directory without suid-root
| * | | Try to fix #2310 -- Can't create run directory without suid-rootLibravatar rusty-snake2021-05-14
| | | |
* | | | Merge pull request #4229 from smitsohu/whitelist2Libravatar netblue302021-05-18
|\ \ \ \ | | |/ / | |/| / | |_|/ |/| | Whitelist2
| * | add /run whitelist supportLibravatar smitsohu2021-05-08
| | |
| * | tweakLibravatar smitsohu2021-05-08
| | |
| * | add support for arbitrary whitelist directoriesLibravatar smitsohu2021-05-03
| | |
| * | introduce safer_openat functionLibravatar smitsohu2021-05-03
| | |
| * | enhance clean_pathname functionLibravatar smitsohu2021-05-03
| | |
* | | Merge pull request #4278 from kmk3/rename-noautopulseLibravatar Kelvin M. Klann2021-05-16
|\ \ \ | | | | | | | | rename noautopulse to keep-config-pulse
| * | | rename arg_noautopulse var to arg_keep_config_pulseLibravatar Kelvin M. Klann2021-05-14
| | | |
| * | | rename noautopulse to keep-config-pulseLibravatar Kelvin M. Klann2021-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: * add the keep-config-pulse option * make noautopulse an alias for keep-config-pulse * deprecate the noautopulse option * misc: fix indentation of --keep-dev-shm on src/firejail/usage.c Even though noautopulse is not intended for hardening, it looks like it is, because it starts with "no", just like no3d, noroot, etc). In fact, it is the only "no" option that differs in such a way. And it has been accidentally misused as such before; see PR #4269 and commit e4beaeaa8 ("drop noautopulse from agetpkg"). So effectively rename it to keep-config-pulse in order to avoid confusion. This is similar to the keep-var-tmp and keep-dev-shm options, which are used to "leave a path alone", just like noautopulse. Note: The changes on this patch are based on the ones from commit 617ff40c9 ("add --noautopulse arg for complex pulse setups") / PR #1854. See #4269 for the discussion.
* | | | O_CLOEXEC follow-upLibravatar smitsohu2021-05-16
| | | |
* | | | utmp follow-upLibravatar smitsohu2021-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Cosmetics, align RUN_UTMP_FILE open flags with others in 825ac9cdc38c4285584e69d6f29102b149914dfe Fix fslogger
* | | | fix firemon signal handler - #4274Libravatar smitsohu2021-05-16
| | | |
* | | | fix utmp error messageLibravatar smitsohu2021-05-16
| | | |
* | | | open files O_CLOEXEC|O_EXCLLibravatar smitsohu2021-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Dumb patch that adds O_CLOEXEC to all open/fopen calls, even where it is obviously pointless. While at it, also add O_EXCL where it might be considered useful, for example to clear Coverity warnings, or on files that subsequently are used to configure a join sandbox. Pure defense in depth, this patch should have no observable effects.
* | | | Add noinput to usage.c and _firejail.inLibravatar rusty-snake2021-05-16
|/ / /
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-06-02 03:02:56 +0000