github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6
4583 commits 10 branches 71 tags 33 MiB
Commit graph

4583 commits

This branch
This branch
All branches
Author SHA1 Message Date
Fred-Barclay
bfdd866723
test: remove entire dest/ after fcopy test, not just contents 2018-12-28 21:44:15 -06:00
Fred-Barclay
9b1efed6d4
typo 2018-12-28 21:43:12 -06:00
tinmanx
28a7d0bcf2 Remove network access from cherrytree.profile 2018-12-25 13:39:53 -05:00
Fred-Barclay
4f81884fea
Bah humbug! Backporting fixes for the new Brave browser to 0.9.56. 
Merry Christmas to all!
 2018-12-25 11:08:36 -06:00
Tad
39ef880dd2 Merges 2018-12-22 21:58:46 -05:00
SkewedZeppelin
a108754835
Merge pull request #2308 from rusty-snake/patch-2 
Update disable-common.inc, disable-programs.inc.
 2018-12-23 02:53:18 +00:00
rusty-snake
333be4d3a3
updates for ~/.cargo 2018-12-21 16:58:37 +01:00
rusty-snake
3369f141b8
adaptations in bibletime.profile and rhythmbox.profile 2018-12-20 21:18:23 +01:00
rusty-snake
7eadae4cc5
Update disable-common.inc, disable-programs.inc 2018-12-20 20:30:40 +01:00
netblue30
5e153e6793 README/RELNOTES update 2018-12-18 13:15:42 -05:00
netblue30
e6e03cc4fb README/RELNOTES update 2018-12-18 13:14:49 -05:00
smitsohu
9eca281abb join: also check proc file to detect nonewprivs bit 
redundant check that adds defense in depth and maybe one
day can replace the other, file based check
 2018-12-17 23:16:13 +01:00
startx2017
3a469e8884
Merge pull request #2297 from smitsohu/patch 
enforce nonewprivs instead of seccomp for chroot sandboxes
 2018-12-17 13:37:50 -05:00
rusty-snake
88304b63b5 New profile for supertuxkart. (#2298) 
* New profile supertuxkart

* review fixes
 2018-12-16 14:43:07 -06:00
glitsj16
78a6267116
Merge pull request #2299 from glitsj16/man 
fix netstats typo in man firejail
 2018-12-16 18:06:50 +00:00
glitsj16
f97f334432
fix netstats typo in man firejail 2018-12-16 17:54:50 +00:00
smitsohu
89fa2a7562 enforce nonewprivs instead of seccomp for chroot sandboxes 
currently users are able to specify a seccomp filter of their
choosing, leaving the real defense to nonewprivs anyway.
 2018-12-15 17:37:22 +01:00
rusty-snake
6e9dd5e5be Fix bibletime.profile (#2295) 
* Fix bibletime.profile

Fix: bibletime don't starts on Fedora and Arch

Use `seccomp.drop` from firefox.
 2018-12-15 10:18:07 -06:00
smitsohu
724bd67d0f
join: check prctl return value 2018-12-14 15:35:23 +01:00
smitsohu
e56c09e19f add explicit nonewprivs support to join option; accompanying small improvements 2018-12-14 03:04:07 +01:00
smitsohu
4cef5c832c firecfg: improve error string 
emphasize that only firecfg needs all permissions, not firejail
 2018-12-13 16:01:20 +01:00
smitsohu
edfc39dcb3 pulseaudio: use create_dir_as_user(); small adjustments 2018-12-13 15:35:13 +01:00
smitsohu
24e6d64445
Merge pull request #2293 from smitsohu/smitsohu-patch-libreoffice 
enable apparmor in libreoffice profile
 2018-12-13 03:25:20 +01:00
smitsohu
0d8655e4da Revert "pulseaudio: use env variable fallback in more cases" 
This reverts commit 93779cb9cd.

That commit removed restrictions, but also added new
inconsistencies.
Starting again from the previous state is easier than evolving
the current state, hence reverting the commit.
 2018-12-13 03:12:34 +01:00
smitsohu
93779cb9cd pulseaudio: use env variable fallback in more cases 
setting the PULSE_CLIENTCONFIG environment variable to the unmounted
file is a safe fallback, use it in more cases when mounting is considered
not an option
 2018-12-11 20:49:54 +01:00
smitsohu
d921d58ec1 add create_empty_dir_as_user function, refactor 2018-12-11 20:42:33 +01:00
smitsohu
2401ecb078 xorg: check if Xauthority mount point was created 
and print more meaningful error message
 2018-12-11 19:37:38 +01:00
smitsohu
6e8ece1f52 profile enhancements: blacklist kdesu daemon socket, rework c083a7b737 2018-12-11 00:25:23 +01:00
SkewedZeppelin
a2f6344b2c
Merge pull request #2294 from rusty-snake/add-thunderbird-wayland 
Add a profile for thunderbird-wayland
 2018-12-10 19:17:56 +00:00
rusty-snake
9a317dddf5
Add a profile for thunderbird-wayland 2018-12-10 18:40:25 +01:00
smitsohu
0817f1556d enable apparmor in libreoffice profile 
depends on aa37fe19fe
 2018-12-09 20:13:20 +01:00
ಚಿರಾಗ್ ನಟರಾಜ್
279edb5a21
Fixes #1951 2018-12-09 04:28:39 +00:00
smitsohu
b1cb91ca86
update dolphin profile 
services previously started by kdeinit now run inside the sandbox due to KDE_FORK_SLAVES being set
 2018-12-07 22:36:18 +01:00
smitsohu
c083a7b737 improve sandboxing of KDE apps: set KDE_FORK_SLAVES, blacklist slave-sockets 
setting the KDE_FORK_SLAVES environment variable removes all inconsistencies
that arise from slaves running outside the sandbox or in a different sandbox;
it also makes it slightly more difficult to abuse KIO in general and helps to
mitigate security problems due to thumbnailing, which now always happens inside
the same sandbox. The trade-off is more concurrently running slave processes.

closes #2285
 2018-12-07 16:29:06 +01:00
smitsohu
4292f8ab6f add HAS_NODBUS conditional, ${RUNUSER} makro 2018-12-07 16:08:10 +01:00
Tad
cc9db57343 merges 2018-11-29 02:09:04 -05:00
SkewedZeppelin
0282d89b97
Merge pull request #2281 from pirate486743186/mpsyt-profile 
restricting more, HOME and tmp in mpsyt.profile
 2018-11-29 07:06:12 +00:00
pirate486743186
0293e40012 restricting more, HOME and tmp in mpsyt.profile 2018-11-28 21:49:37 +01:00
netblue30
25d213cd9f
Merge pull request #2276 from smitsohu/tmpfs 
refactor private-cache and tmpfs
 2018-11-28 08:36:01 -05:00
Tad
042ea4d2f8 merges 2018-11-27 18:37:02 -05:00
SkewedZeppelin
10d9157cfe
Merge pull request #2280 from pirate486743186/patch-2 
new profile mpsyt.profile
 2018-11-27 23:33:20 +00:00
SkewedZeppelin
92bffc3341
Merge pull request #2279 from pirate486743186/patch-1 
allowing youtube-dl and python in gnome-mpv
 2018-11-27 23:33:11 +00:00
pirate486743186
e17b48fcae
new profile mpsyt.profile 2018-11-28 00:16:03 +01:00
pirate486743186
f9b8d23804
allowing youtube-dl and python in gnome-mpv 2018-11-27 23:35:51 +01:00
SkewedZeppelin
49bd0c328e
Merge pull request #2275 from pirate486743186/python-local 
allowing local python* in mpv and youtube-dl #2262
 2018-11-27 20:23:03 +00:00
Tad
d8d42bc1cb merges 2018-11-27 15:22:32 -05:00
SkewedZeppelin
d6331361d7
Merge pull request #2278 from rusty-snake/patch-1 
Update kdenlive.profile
 2018-11-27 20:20:03 +00:00
rusty-snake
328dffc3fa
Update kdenlive.profile 
Add mlt-melt to private-bin, this is needed on Fedora-systems.
 2018-11-27 20:12:08 +00:00
smitsohu
bbaacaa150 Merge branch 'master' of https://github.com/netblue30/firejail 2018-11-27 17:47:22 +01:00
smitsohu
1738719c3e firecfg: small tweaks, fixes, man page update 2018-11-27 17:41:35 +01:00