aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAge
* Merge branch 'master' of ssh://github.com/netblue30/firejailLibravatar netblue302022-10-11
|\
| * Merge pull request #5402 from slowpeek/masterLibravatar netblue302022-10-11
| |\ | | | | | | docs: Make appimage examples consistent with --appimage option short description
| | * Make appimage examples consistent with --appimage option short descriptionLibravatar slowpeek2022-10-05
| | |
* | | compile fixLibravatar netblue302022-10-11
|/ /
* / nettrace-dns and nettrace-sniLibravatar netblue302022-10-11
|/
* nettrace - static ip map updateLibravatar netblue302022-10-04
|
* ICMP support in --nettraceLibravatar netblue302022-09-27
|
* fix --netlock (#5312)Libravatar netblue302022-09-26
|
* update ip addr list for --nettraceLibravatar netblue302022-09-26
|
* join network/filesystem fixesLibravatar netblue302022-09-26
|
* docs: man: Note that some commands can be disabled in firejail.config (#5366)Libravatar glitsj162022-09-14
| | | | | | | | | | | | | | | | | * [man firejail] Make it explicit that some options are disabled by default in firejail.config * Reword firejail.config notes * Only add relevant firejail.config option in notes * move firejail.config notes to the end of each section * fix tracelog note * fix erroneous line break * really fix erroneous line break Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
* docs: change /foo to /bar in symlink handling exampleLibravatar Kelvin M. Klann2022-09-06
| | | | | | | | | As suggested by @birdie-github[1]. This amends commit c78c2b4ec ("docs: note that blacklist/whitelist follow symlinks", 2022-08-28) / PR #5344. [1] https://github.com/netblue30/firejail/pull/5344#issuecomment-1229903967
* tracelog disabled by default in /etc/firejail/firejail.config fileLibravatar netblue302022-09-05
| | | | | | Committer note: This is the same as commit 6e687c301 ("tracelog disabled by default in /etc/firejail/firejail.config file", 2022-08-29) but without the Landlock-related changes.
* Revert "Merge pull request #5315 from ChrysoliteAzalea/landlock"Libravatar Kelvin M. Klann2022-09-05
| | | | | | | | | | | This reverts commit 54cb3e741e972c754e595d56de0bca0792299f83, reversing changes made to 97b1e02d5f4dca4261dc9928f8a5ebf8966682d7. There were many issues and requests for changes raised in the pull request (both code-wise and design-wise) and most of them are still unresolved[1]. [1] https://github.com/netblue30/firejail/pull/5315
* Revert "compile fix"Libravatar Kelvin M. Klann2022-09-05
| | | | | | This reverts commit 836ffe37ff891886f15243eacc70963368d57a3f. Part of reverting commits with Landlock-related changes.
* Revert "tracelog disabled by default in /etc/firejail/firejail.config file"Libravatar Kelvin M. Klann2022-09-05
| | | | | | This reverts commit 6e687c30110a52f267c1779c4eeab82bded9cb77. Part of reverting commits with Landlock-related changes.
* Revert "landlock: support in firejail --version"Libravatar Kelvin M. Klann2022-09-05
| | | | | | This reverts commit 2f3c19a87dd49b220f69f27f8c14c627277355d6. Part of reverting commits with Landlock-related changes.
* Add profile for chafa (#5355)Libravatar alkim02022-09-04
| | | Co-authored-by: Albert Kim <alkim@alkim.org>
* landlock: support in firejail --versionLibravatar netblue302022-09-04
|
* tracelog disabled by default in /etc/firejail/firejail.config fileLibravatar netblue302022-08-29
|
* compile fixLibravatar netblue302022-08-29
|
* Merge pull request #5315 from ChrysoliteAzalea/landlockLibravatar netblue302022-08-29
|\ | | | | Add Landlock support to Firejail
| * tinyLL has been removed as it's no longer neededLibravatar Азалия Смарагдова2022-08-16
| |
| * Proposed fixes.Libravatar Азалия Смарагдова2022-08-16
| |
| * Update quotation marks in src/zsh_completion/_firejail.inLibravatar Азалия Смарагдова2022-08-15
| | | | | | Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
| * Landlock functions are added to the code of Firejail, removing the ↵Libravatar Азалия Смарагдова2022-08-15
| | | | | | | | dependency on tinyLL
| * Landlock support has been added.Libravatar Азалия Смарагдова2022-08-15
| |
* | Merge pull request #5331 from pirate486743186/lbry-viewer.profile-createLibravatar netblue302022-08-29
|\ \ | | | | | | lbry-viewer.profile create
| * | lbry-viewer.profile createLibravatar pirate4867431862022-08-21
| | |
* | | docs: note that blacklist/whitelist follow symlinksLibravatar Kelvin M. Klann2022-08-28
| | | | | | | | | | | | | | | | | | Make it more explicit that they do and add an example for each command. Relates to #5338.
* | | docs: clarify symlink handling description in --whitelistLibravatar Kelvin M. Klann2022-08-28
| | | | | | | | | | | | Format it and improve the grammar and explanation.
* | | tuir.profile creation (#5330)Libravatar pirate4867431862022-08-28
| | | | | | | | | Co-authored-by: pirate486743186 <>
* | | src/firejail/profile.c: fix trailing whitespaceLibravatar Kelvin M. Klann2022-08-23
| | | | | | | | | | | | | | | This amends commit 7f3b6c19a ("Add support for custom AppArmor profiles (--apparmor=)", 2022-07-25) / PR #5274.
* | | docs: set vim filetype on the other man pagesLibravatar Kelvin M. Klann2022-08-20
| |/ |/| | | | | | | | | | | Some man pages are missing it. This amends commit aacd2e7d8 ("docs: set vim filetype on man pages for syntax highlighting", 2022-08-04) / PR #5296.
* | Merge pull request #5296 from kmk3/docs-man-vim-ftLibravatar netblue302022-08-14
|\ \ | | | | | | docs: set vim filetype on man pages for syntax highlighting
| * | docs: set vim filetype on man pages for syntax highlightingLibravatar Kelvin M. Klann2022-08-05
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since the man pages in src/man use a ".txt" file extension (rather than ".1" or ".5"), their filetype is detected by (neo)vim as "text". So at the bottom of every man page, add a vim modeline in a comment and set the filetype to "groff", to enable syntax highlighting. Note: All of the generated ".man", ".1" and ".5" files are currently being detected as "nroff". Note2: Set the filetype to "groff" rather than "nroff" because at least .UR and .UE are groff extensions. These macros look the same with either filetype, but there may be more extensions being used and the nroff.vim syntax file (which is included by groff.vim) does things differently based on which filetype is used. Based on the following example from (neo)vim's filetype.txt: or add this modeline to the file: /* vim: set filetype=idl : */ See `:help groff.vim` and `:help filetype.txt` in (neo)vim. See also groff_man(7) for the man page macros (including extensions). Environment: neovim 0.7.2-3 on Artix Linux. Misc: I noticed this on #5290.
* | Merge pull request #5290 from kmk3/docs-suid-firejail-usersLibravatar netblue302022-08-14
|\ \ | | | | | | docs: mention risk of SUID binaries and also firejail-users(5)
| * | docs: mention risk of SUID binaries and also firejail-users(5)Libravatar Kelvin M. Klann2022-08-05
| |/ | | | | | | | | | | | | | | | | | | | | | | | | On the introduction of firejail(1), mention the main risk of SUID binaries and that by default, only trusted users should be allowed to run firejail (and how to accomplish that). Note: The added comment line is completely discarded (so there is no extraneous blank line); see groff_man(7) for details. Suggested by @emerajid on #5288. Relates to #4601.
* | Merge pull request #5274 from ChrysoliteAzalea/masterLibravatar netblue302022-08-14
|\ \ | | | | | | Add support for custom AppArmor profiles (--apparmor=)
| * | Add support for custom AppArmor profiles (--apparmor=)Libravatar Азалия Смарагдова2022-08-05
| |/
* / new profile: gdu (#5289)Libravatar glitsj162022-08-09
|/ | | | | | | | | | | | | | | * add gdu to 'new profiles' section * Create gdu.profile * add gdu to firecfg * harden gdu sandbox * fix protocol * simulate empty protocol in gdu * more user-friendly gdu sandboxing
* Merge pull request #5259 from smitsohu/nsLibravatar smitsohu2022-07-31
|\ | | | | introduce new option restrict-namespaces
| * introduce new option restrict-namespacesLibravatar smitsohu2022-07-23
| |
| * protocol filter: add x32 ABI handlingLibravatar smitsohu2022-07-19
| |
* | Merge pull request #5271 from smitsohu/nnpLibravatar smitsohu2022-07-31
|\ \ | | | | | | improve force-nonewprivs security guarantees
| * | improve force-nonewprivs security guaranteesLibravatar smitsohu2022-07-24
| | |
* | | Make list of paths const to fix a false positive of gcc analyzerLibravatar Reiner Herrmann2022-07-30
| | |
* | | zero-initialize two variablesLibravatar Reiner Herrmann2022-07-30
|/ /
* / apparmor cleanupLibravatar smitsohu2022-07-20
|/
* refresh syscall groups (#5188)Libravatar smitsohu2022-07-17
| | | | | | | | | | | | now covers syscalls up to including process_madvise (440) group assignment was blindly copied from systemd: https://github.com/systemd/systemd/blob/729d2df8065ac90ac606e1fff91dc2d588b2795d/src/shared/seccomp-util.c#L305 the only exception is close_range, which was added to both @basic-io and @file-system this commit adds the following syscalls to the default blacklist: pidfd_getfd,fsconfig,fsmount,fsopen,fspick,move_mount,open_tree
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-26 08:33:06 +0000