github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6
4267 commits 10 branches 71 tags 33 MiB
Commit graph

4267 commits

This branch
This branch
All branches
Author SHA1 Message Date
Fred-Barclay
09124f0f33
Begin work on docs 2018-10-05 21:10:16 -05:00
netblue30
9db1effb59 merges 2018-10-04 09:13:35 -04:00
netblue30
5b40b28eab
Merge pull request #2130 from crass/fix-2045 
FIX-2045: Fix command name parsing for program paths with spaces.
 2018-10-04 07:51:38 -05:00
ಚಿರಾಗ್ ನಟರಾಜ್
957f5a65b2
Fixes #2048 2018-10-03 12:21:48 +00:00
Reiner Herrmann
0bac0c67e8 configure.ac: set sysconfdir only if none was specified manually 
Fixes #2125
 2018-10-03 13:25:47 +02:00
ಚಿರಾಗ್ ನಟರಾಜ್
30775f9888
Fixes #2048 2018-10-03 04:09:13 +00:00
Vincent43
2216780803
AppArmor: Allow writing to removable media 2018-10-02 22:18:37 +01:00
Tad
3612fbbbb7 Merges 2018-10-02 13:42:35 -04:00
SkewedZeppelin
f44980e0cb
Merge pull request #2131 from veloute/discordfix 
fixed discord not able to check for updates
 2018-10-02 17:41:43 +00:00
smitsohu
a375511686
incomplete fix: whitelisting of symlinks to other home dirs 
belongs to previous commit 51eeef2059

short summary of the new behavior, which should catch a few corner cases better:
- a non-existant file in another homedir (say homedirs are "/foo/user" and "/foo/user2") is silently ignored (previously a tmpfs was
  mounted on the users homedir, which was wrong)
- a symlink pointing to an existing file in another homedir now works (but the link will be always dangling; you need --allusers to see this)
- a symlink pointing back to the entire homedir now works as expected
 2018-10-02 17:31:12 +02:00
veloute
f52039da7e fixed discord not able to check for updates 2018-10-02 15:28:39 +10:00
Glenn Washburn
b4b972aeb5 Fix command name parsing so that program paths with spaces do not cause the wrong or no profile to be detected. 2018-10-01 16:15:00 -05:00
smitsohu
bdf8118dd6 mount empty home if macro can't be whitelisted 2018-10-01 17:13:12 +02:00
Reiner Herrmann
df1831299f tests: skip audit.exp if tests are already running in a pid namespace 2018-10-01 14:23:24 +02:00
smitsohu
244aac8031 fs_whitelist: reduce number of loop iterations 2018-10-01 13:09:03 +02:00
smitsohu
ce0d66641d tiny memleaks 2018-10-01 01:15:06 +02:00
smitsohu
51eeef2059 regression: fix whitelisting of symlinks to other home dirs, small improvements 
handling of home dir paths is more explicit and rigorous now, which should
make it easier to audit. Also this should come handy if one day fs_private()
supports home directories outside /home

rf. #2123
 2018-10-01 01:04:30 +02:00
smitsohu
f58fc1cdd4 cleanup 2018-09-30 23:59:16 +02:00
Fred Barclay
603ce50fe6
Merge pull request #2127 from veloute/vimfix 
fixed vim missing from firecfg.config
 2018-09-29 21:51:36 -05:00
veloute
e9617e18e4 fixed vim missing from firecfg.config 2018-09-30 12:29:45 +10:00
Fred-Barclay
3da4898753
Use list for checking multiple possible values 2018-09-28 16:08:26 -05:00
startx2017
69b0adead1 fixed fs-print test 2018-09-28 06:53:13 -04:00
netblue30
4ec0e15dd5 manpage cleanup 2018-09-26 10:16:55 -04:00
ಚಿರಾಗ್ ನಟರಾಜ್
0ca3814102
Fixes #2122 2018-09-25 13:57:21 +00:00
Vincent43
fbea9841fa
manpages: fix apparmor profile path 2018-09-22 16:51:37 +01:00
Vincent43
3b3a3f9e8a
manpages: fix alignment 2018-09-22 16:44:06 +01:00
Vincent43
e575a2cd66
manpages: update AppArmor info 2018-09-22 16:34:45 +01:00
Tad
4642e8a301 Add profile for spectre-meltdown-checker 
Will need to support allow-debuggers in profiles before it can be enabled in firecfg
 2018-09-22 01:44:35 -04:00
Reiner Herrmann
8b9844e4f1 tests: skip more tests if capabilities/seccomp of host differs 2018-09-21 18:45:10 +02:00
Reiner Herrmann
502b05ee28 tests: skip tests checking for /dev/kmsg which might not be available 2018-09-21 18:06:55 +02:00
Reiner Herrmann
a3ca4dc1a1 Fix check for nobody user 
Fixes #2117
 2018-09-21 17:52:45 +02:00
netblue30
2a0f17d94e --version 0.9.57 2018-09-19 18:37:28 -04:00
Tad
c0ba48bec1 Misc profile hardening 2018-09-19 15:32:48 -04:00
netblue30
d8b179d088 0.9.56 released 2018-09-18 10:39:26 -04:00
smitsohu
46ba61983f error strings 2018-09-17 14:57:19 +02:00
netblue30
b1d2966d18 fix --bandwidth, --cpu.print 2018-09-15 11:27:48 -04:00
netblue30
ced63a5d0d add start-tor-browser.desktop profile 2018-09-15 11:24:32 -04:00
netblue30
0576821acd add start-tor-browser.desktop profile 2018-09-15 10:43:25 -04:00
Tad
ca1b9193cc Merges 2018-09-14 22:24:16 -04:00
SkewedZeppelin
15d7f2a2ab
Merge pull request #2115 from flacks/profiles/gnome-music 
Amend gnome-music profile
 2018-09-15 02:23:16 +00:00
Jean Lucas
dd3c0ee765 Amend gnome-music profile 
- At least gnome-music 3.28.2 requires 'env'
- Add 'gio-launch-desktop' and 'yelp' so launching the "Help" menu
doesn't crash the application
- Enabling the disabled private-etc tested to be working
 2018-09-14 22:21:04 -04:00
smitsohu
8044acef4c
exit if execl fails (arg_audit) 2018-09-11 15:19:09 +02:00
smitsohu
58d9899f31 add switch to disable/enable private-cache 2018-09-10 22:54:23 +02:00
smitsohu
3fa3cbb6ca small rlimits adjustment 2018-09-10 22:53:02 +02:00
netblue30
e09da6a0a8 remove seccomp warning 2018-09-09 18:28:54 -04:00
netblue30
efa8fb6a8e Merge branch 'master' of http://github.com/netblue30/firejail 2018-09-09 13:05:15 -04:00
netblue30
419d876d9f support for firetunnel utility 2018-09-09 13:04:32 -04:00
smitsohu
fe226a207b set rlimits at later timepoint during sandbox setup 2018-09-09 15:23:34 +02:00
netblue30
cef2514caa remove blacklist /usr/lib/llvm* in dusable-devel.inc - problems with hardware acceleration on Radeon cards, see issue #2106 2018-09-07 08:15:59 -04:00
Tad
736216cacf Disable tracelog in Tor Browser profiles, see #1930, fixes #2108 2018-09-06 16:49:16 -04:00