github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1
2109 commits 10 branches 71 tags 33 MiB
Commit graph

2109 commits

This branch
This branch
All branches
Author SHA1 Message Date
netblue30
6730f4c0cc --git-install: default disabled in ./configure script 2017-02-07 13:03:28 -05:00
netblue30
d17ce1322e disable --git-install at compile time 2017-02-05 11:50:04 -05:00
netblue30
a387deeef7 enable strict seccomp filter on overlay options 2017-02-05 11:16:45 -05:00
netblue30
6185c6f076 --git-install/--git-uninstall 2017-02-05 09:17:06 -05:00
netblue30
3f1baae2d7 profile merges 2017-02-05 08:56:12 -05:00
netblue30
6bde710841 Merge pull request #1089 from Fred-Barclay/palemoon_private-opt 
Security filters
 2017-02-05 08:47:31 -05:00
Fred Barclay
1ccbd9b0b6
added nogroups to qbittorrent profile 2017-02-05 00:20:03 -06:00
Fred Barclay
a5b2d7ff64
Added private-opt to palemoon profile 2017-02-05 00:18:31 -06:00
netblue30
d580c3454f --git-install 2017-02-04 16:01:49 -05:00
netblue30
e138ebaa33 --git-install 2017-02-04 15:55:05 -05:00
netblue30
e46dd3e952 git-install 2017-02-04 11:57:47 -05:00
netblue30
e7c0ee7402 Merge pull request #1053 from Fred-Barclay/update_scripts 
added update scripts
 2017-02-04 08:57:12 -05:00
netblue30
a6894d03f4 quiet fix 2017-02-04 08:32:18 -05:00
netblue30
abea7c9a73 xmms profile fix 2017-02-04 08:26:58 -05:00
netblue30
38036088fc fixed README.md 2017-02-01 08:32:54 -05:00
netblue30
da097ac2e8 --writable-var-log 2017-01-30 11:19:02 -05:00
netblue30
4579993d9b --writable-var-log 2017-01-30 11:01:32 -05:00
netblue30
7dd00cebb3 --quiet fix 2017-01-30 09:00:18 -05:00
netblue30
4900803fd5 documentation 2017-01-29 16:03:19 -05:00
netblue30
a9f45ae114 merges 2017-01-29 15:21:24 -05:00
netblue30
ca01990277 Merge pull request #1079 from ibukanov/copy_to_root_fix 
fixing --hosts-file privelege check
 2017-01-29 15:00:21 -05:00
Igor Bukanov
5292798bb4 fixing --hosts-file privelege check 
Currently the code uses the access() call to check if the user has an access to a file that is copied into the root as /etc/hosts. This inevitably adds a race when the user changes the file to a symbolic link pointing to an arbitrary location on the filsystem after the access check is done but before opening the file to copy it. This potentially allows to read any file on the system.

To close this the code adds a utility copy_file_from_user_to_root . It opens the copy destination file as root and then forks/drop privileges. Then as a user the utility opens the source file and do the copy into the destination descriptor that is preserved accross the fork.
 2017-01-29 18:13:30 +01:00
netblue30
c83cf990e0 support allow-private-blacklist in profile files 2017-01-28 09:40:07 -05:00
netblue30
ae9651b4de profile fixes 2017-01-28 09:07:36 -05:00
netblue30
7c2ec9772b Merge branch 'master' of https://github.com/netblue30/firejail 2017-01-25 09:14:13 -05:00
netblue30
66390f4ba1 profile merges 2017-01-25 09:13:48 -05:00
netblue30
f0f40bae71 Merge pull request #1068 from Fred-Barclay/uudeview_fix 
Fix for uudeview
 2017-01-25 08:58:52 -05:00
Fred Barclay
1ed74bdc5e
fixes #1032 2017-01-23 22:56:56 -06:00
Fred Barclay
4d7dcc4b81
changes for review upstream 2017-01-23 19:36:58 -06:00
netblue30
d4e006cc12 fixed access for --hosts-file 2017-01-23 09:53:37 -05:00
netblue30
9dc2987168 bash completion for --hosts-file 2017-01-22 10:36:43 -05:00
netblue30
2802355641 profile merges 2017-01-22 10:31:49 -05:00
netblue30
8c6599d396 Merge pull request #1064 from ecat3/master 
Prevent tmux connecting to an existing session
 2017-01-22 10:22:22 -05:00
netblue30
7d11cf62ca --hosts-file option 2017-01-22 10:26:05 -05:00
ecat3
a7a2d51441 Prevent tmux connecting to an existing session 2017-01-22 17:41:45 +03:00
netblue30
53c8cc0ae0 merges 2017-01-22 08:35:58 -05:00
netblue30
c948b5d6d8 Merge pull request #1062 from zackw/join-iproute2-netns 
Add support for joining a persistent, named network namespace.
 2017-01-22 08:20:21 -05:00
netblue30
38e253a64f Merge pull request #1061 from GSI/uzbl-browser 
uzbl-browser.profile: enabled support for pass password-manager
 2017-01-22 08:18:51 -05:00
netblue30
1b841ad02c tor fix 2017-01-22 08:20:24 -05:00
Zack Weinberg
ef37be1067 Add support for joining a persistent, named network namespace. 2017-01-20 17:38:51 -05:00
GSI2017
e7ad91f0f5 ensured use of clean cache directory to tackle uzbl/uzbl#335 2017-01-20 16:38:22 -03:00
Zack Weinberg
807f1741fa firejail/fs.c: include sys/wait.h for declaration of waitpid 2017-01-20 14:18:31 -05:00
GSI2017
cbfe796bb4 uzbl-browser.profile: enabled support for pass password-manager 2017-01-20 13:40:54 -03:00
netblue30
fefa0f8fd1 man page fix 2017-01-20 09:25:32 -05:00
netblue30
4a1d906e89 profile merges 2017-01-20 09:20:11 -05:00
netblue30
73c14d7141 profile merges 2017-01-20 09:12:50 -05:00
netblue30
e417d75a14 profile merges 2017-01-20 09:08:48 -05:00
netblue30
c857b88af3 Merge branch 'master' of https://github.com/netblue30/firejail 2017-01-20 09:08:31 -05:00
netblue30
9145814d71 profile fixes 2017-01-20 09:03:56 -05:00
netblue30
269936b749 Merge branch 'master' of https://github.com/netblue30/firejail 2017-01-20 09:03:21 -05:00