Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Merge pull request #2391 from rusty-snake/add_klavaro-profile | 2019-02-06 | |
|\ | | | | | Add a profile for klavaro | ||
| * | Add a profile for klavaro | 2019-02-06 | |
| | | |||
* | | Merge branch 'master' of https://github.com/netblue30/firejail | 2019-02-06 | |
|\| | |||
| * | fix small memleak | 2019-02-05 | |
| | | |||
| * | variable only used when whitelisting enabled | 2019-02-05 | |
| | | |||
| * | cnt only used for debugging | 2019-02-05 | |
| | | |||
| * | move usage check to single place | 2019-02-05 | |
| | | |||
| * | use correct struct member for offset | 2019-02-05 | |
| | | | | | | | | Fixes: #2381 | ||
| * | simplify yes/no option parsing | 2019-02-05 | |
| | | |||
| * | Stress apparmor local overrides | 2019-02-05 | |
| | | | | | | As per discussion on https://github.com/netblue30/firejail/pull/2390, we better use slightly stronger/less optional wording when it comes to where local apparmor overrides need to be done. | ||
* | | strncmp byte count fixes | 2019-02-06 | |
|/ | |||
* | firejail.config fixes | 2019-02-04 | |
| | | | | always print a warning, treat join-or-start like join | ||
* | --name rework | 2019-02-01 | |
| | |||
* | Fix parsing of cgroup option in config | 2019-01-27 | |
| | |||
* | enable/disable cgroup in firejail.config | 2019-01-27 | |
| | |||
* | removed mincore syscall from default seccomp filter | 2019-01-23 | |
| | |||
* | Edit github-desktop entree in firecfg | 2019-01-22 | |
| | |||
* | conditional testing0.9.58-rc1 | 2019-01-21 | |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | 2019-01-20 | |
|\ | |||
| * | Add clawsker to firecfg.config | 2019-01-20 | |
| | | |||
* | | cleanup, minor improvements | 2019-01-20 | |
| | | |||
* | | disallow zero seconds timeout | 2019-01-20 | |
| | | |||
* | | rearrange shutdown option | 2019-01-20 | |
| | | | | | | | | in order to run it with reduced privileges | ||
* | | signal handler fixes/improvements | 2019-01-19 | |
| | | |||
* | | improve chroot error handling | 2019-01-19 | |
|/ | |||
* | adding mincore syscall to the default seccomp filter and some independent ↵ | 2019-01-14 | |
| | | | | profiles | ||
* | fix error message | 2019-01-13 | |
| | | | | | as --appimage can be combined with chroot and overlay options, querying it first makes the error message more correct | ||
* | fix parent death signal | 2019-01-13 | |
| | | | | | | turns out the parent death signal is reset every time the effective uid changes, hence moving the prctl call to the earliest place where the setting is persistent. | ||
* | fix netfilter-default functionality in /etc/firejail/firejail.config | 2019-01-09 | |
| | |||
* | fix join/seccomp #2296 | 2019-01-08 | |
| | |||
* | Correctly set address length in arp frames | 2019-01-02 | |
| | | | | | | | | | | Kernel commit 99137b7 introduced an additional check of the address length. This exposed a bug in the arp code where the address length was being set incorrectly. Now the length is set from the ETH_ALEN constant declared in linux/if_ether.h This fixes #2314 | ||
* | Add a profile for ghostwriter (#2319) | 2018-12-30 | |
| | | | | | * Add a profile for ghostwriter | ||
* | join: also check proc file to detect nonewprivs bit | 2018-12-17 | |
| | | | | | redundant check that adds defense in depth and maybe one day can replace the other, file based check | ||
* | Merge pull request #2297 from smitsohu/patch | 2018-12-17 | |
|\ | | | | | enforce nonewprivs instead of seccomp for chroot sandboxes | ||
| * | enforce nonewprivs instead of seccomp for chroot sandboxes | 2018-12-15 | |
| | | | | | | | | | | currently users are able to specify a seccomp filter of their choosing, leaving the real defense to nonewprivs anyway. | ||
* | | New profile for supertuxkart. (#2298) | 2018-12-16 | |
| | | | | | | | | | | | | * New profile supertuxkart * review fixes | ||
* | | fix netstats typo in man firejail | 2018-12-16 | |
|/ | |||
* | join: check prctl return value | 2018-12-14 | |
| | |||
* | add explicit nonewprivs support to join option; accompanying small improvements | 2018-12-14 | |
| | |||
* | firecfg: improve error string | 2018-12-13 | |
| | | | | emphasize that only firecfg needs all permissions, not firejail | ||
* | pulseaudio: use create_dir_as_user(); small adjustments | 2018-12-13 | |
| | |||
* | Revert "pulseaudio: use env variable fallback in more cases" | 2018-12-13 | |
| | | | | | | | | | This reverts commit 93779cb9cd0d098cd3587e2f795200d98e3af1ee. That commit removed restrictions, but also added new inconsistencies. Starting again from the previous state is easier than evolving the current state, hence reverting the commit. | ||
* | pulseaudio: use env variable fallback in more cases | 2018-12-11 | |
| | | | | | | setting the PULSE_CLIENTCONFIG environment variable to the unmounted file is a safe fallback, use it in more cases when mounting is considered not an option | ||
* | add create_empty_dir_as_user function, refactor | 2018-12-11 | |
| | |||
* | xorg: check if Xauthority mount point was created | 2018-12-11 | |
| | | | | and print more meaningful error message | ||
* | Add a profile for thunderbird-wayland | 2018-12-10 | |
| | |||
* | improve sandboxing of KDE apps: set KDE_FORK_SLAVES, blacklist slave-sockets | 2018-12-07 | |
| | | | | | | | | | | setting the KDE_FORK_SLAVES environment variable removes all inconsistencies that arise from slaves running outside the sandbox or in a different sandbox; it also makes it slightly more difficult to abuse KIO in general and helps to mitigate security problems due to thumbnailing, which now always happens inside the same sandbox. The trade-off is more concurrently running slave processes. closes #2285 | ||
* | add HAS_NODBUS conditional, ${RUNUSER} makro | 2018-12-07 | |
| | |||
* | merges | 2018-11-29 | |
| | |||
* | Merge pull request #2276 from smitsohu/tmpfs | 2018-11-28 | |
|\ | | | | | refactor private-cache and tmpfs |