github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-24 06:02:28 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions
2819 commits 10 branches 71 tags 33 MiB
Commit graph

1205 commits

Author SHA1 Message Date
netblue30
f8600a2fc5 Merge branch 'master' of https://github.com/netblue30/firejail 2017-08-12 09:33:43 -04:00
Topi Miettinen
69d3c29775 Enable system call groups with minus sign 2017-08-12 16:02:40 +03:00
netblue30
5cb1fafd20 added --nodvd 2017-08-12 08:35:42 -04:00
netblue30
b1479a3730 private-dev enhancements 2017-08-11 15:05:24 -04:00
smitsohu
e1fc59bb14 Add TuxGuitar profile (#1453) 
* add tuxguitar profile

tested for versions < 1.3

* blacklist tuxguitar

* add tuxguitar

* add tuxguitar

* add support for tuxguitar > 1.2

higher versions fail to launch without protocol=inet,inet6 and with noexec=~. Yet, net=none seems to be still tolerated, which comes handy to block talk with internet and dbus.

* unbreak tuxguitar Internet access

versions >= 1.3 actually run fine with net=none enabled, if the built-in internet dependent feature is not used
 2017-08-10 22:03:35 -05:00
Topi Miettinen
c8e07a6e2d Enable syscall groups for non-internal use 2017-08-10 23:30:14 +03:00
Reiner Herrmann
193ae7c5ab typo 2017-08-10 19:44:03 +02:00
Tad
832402b6c0 Add a profile alias for Firefox Nightly 2017-08-10 09:34:31 -04:00
startx2017
be00aa351c --notv for #1446 2017-08-10 09:31:03 -04:00
startx2017
eabdc943c7 add /dev/dbv to private-dev list 2017-08-09 15:30:21 -04:00
Fred-Barclay
da23c55e04
merges 2017-08-07 11:06:04 -05:00
Topi Miettinen
d382f230ed Seccomp: split @default into more meaningful smaller groups 2017-08-06 23:24:20 +03:00
Topi Miettinen
34ee8e03f5 Seccomp: system call grouping and call numbers 2017-08-06 23:24:20 +03:00
netblue30
608386fa78 private-lib fixes 2017-08-06 15:27:19 -04:00
netblue30
2de0b02c35 private-lib: fix crash 2017-08-06 11:18:52 -04:00
netblue30
92fe7e5a8e prive-lib: integration with firetools 2017-08-06 10:59:49 -04:00
startx2017
2ecfdd9ba8 bring in private-lib libraries for all private-bin programs. Example:firejail --private-lib --private-bin=bash,ls,find,pwd,grep 2017-08-06 08:20:53 -04:00
netblue30
55b7631b7d fix copyright statement 2017-08-05 20:36:31 -04:00
Topi Miettinen
9ab8689b46 Improve library handling: use DT_RPATH/DT_RUNPATH to find more libs 
Helps in more complex cases like this: libpulse.so wants libpulsecommon-10.0.so,
which is located in
/usr/lib/x86_64-linux-gnu/pulseaudio. This path is specified with DT_RUNPATH.
 2017-08-05 21:19:26 +03:00
Fred Barclay
8a98addedf Merge pull request #1436 from SpotComms/gt 
Add a profile for Gnome Twitch
 2017-08-05 07:38:42 -05:00
netblue30
c55aafda50 private-lib: preliminary support for directories in private-lib list 2017-08-05 07:35:08 -04:00
Tad
1d54911609 Add a profile for Gnome Twitch 2017-08-05 02:18:29 -04:00
Tad
a27e10637e Update firecfg.config and add a wireshark-* alias 2017-08-04 15:12:29 -04:00
netblue30
a9babdfbce private-lib: add src/fldd 2017-08-04 11:14:04 -04:00
netblue30
cafb5cfaa6 private-lib: support for /etc/firejail/firejail.config 2017-08-04 09:33:36 -04:00
netblue30
b35aed22f8 private-lib: bringing in private-lib list from command line 2017-08-04 08:07:45 -04:00
netblue30
0823eebfb6 private-lib: split fldd as a separate application 2017-08-03 13:52:42 -04:00
Fred Barclay
88d919ce9b
Add rambox profile from #1425 2017-08-02 12:02:28 -05:00
netblue30
75a75e87f7 get_mempolicy syscall was temporarily removed from the default seccomp list. It seems to break 
playing youtube videos on Firefox Nightly - #1414
 2017-08-02 08:42:25 -04:00
netblue30
8ef01b3863 x11/xpra support 2017-08-01 20:35:38 -04:00
netblue30
6eb60ff603 compile cleanup 2017-08-01 18:48:09 -04:00
Topi Miettinen
b682a3edee Fix tracing with private-lib 2017-08-01 00:22:34 +03:00
netblue30
afe4b1dada Merge pull request #1415 from chiraag-nataraj/master 
Tentative implementation for #1405
 2017-07-31 07:09:41 -04:00
Topi Miettinen
8d5b397664
Fixes for the private-lib and memory-deny-write-execute features 2017-07-30 22:36:16 +03:00
Chiraag Nataraj
54c1f4d602
Ensure malloc was successful 2017-07-30 14:30:47 -04:00
Chiraag Nataraj
74ca61fbd5
Remove debugging stuff, free start_child, exit properly 2017-07-30 14:22:36 -04:00
Topi Miettinen
5360649518 Memory-deny-write-execute feature 
Feature to block attempts to create writable and executable memory.
 2017-07-30 16:48:16 +00:00
Topi Miettinen
fee33da168 Improve loading of seccomp filter 
Also fixes a memory leak and double load.
 2017-07-30 16:48:16 +00:00
Topi Miettinen
1da9f74b4d Private /lib feature 2017-07-30 16:35:17 +00:00
netblue30
2d97b52237 merges 2017-07-30 10:03:50 -04:00
Chiraag Nataraj
cf91175fec
Tentative implementation for #1405 2017-07-30 01:53:18 -04:00
netblue30
06c064c9b8 Merge branch 'master' of https://github.com/netblue30/firejail 2017-07-29 16:31:00 -04:00
netblue30
680b84b449 --shell=none fix 2017-07-29 16:30:17 -04:00
Tad
b553272fac Add a profile for arm 2017-07-29 10:08:56 -04:00
netblue30
fa52401190 Merge pull request #1410 from topimiettinen/seccomp-print 
Improve seccomp printing
 2017-07-29 07:55:28 -04:00
netblue30
348b875f30 new profiles 2017-07-29 07:52:17 -04:00
netblue30
b159595508 arp rework 2017-07-29 07:38:20 -04:00
Topi Miettinen
9a3344f9a5 Improve seccomp printing 2017-07-28 14:06:30 +03:00
netblue30
48bf6bad1d tentative fix for arp cahce pollution - #1406 2017-07-27 13:19:05 -04:00
Christopher A. Oliver
cb95fbc15e Fix typo for fnet moveif invocation on 2nd interface. 2017-07-27 10:34:55 -04:00