github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1
5287 commits 10 branches 71 tags 33 MiB
Commit graph

5287 commits

This branch
This branch
All branches
Author SHA1 Message Date
Reiner Herrmann
fa1d4f78b9 fix indentation 2019-06-21 17:48:28 +02:00
Reiner Herrmann
4cf51b5919 extend gitlab-ci configuration to run Debian CI tests 2019-06-21 17:43:14 +02:00
Reiner Herrmann
7d9db83559 fail build if any step in the script fails 2019-06-21 15:08:49 +02:00
Reiner Herrmann
f942f87c8d add pkg-config build dependency to gitlab-ci config 2019-06-21 15:07:39 +02:00
Reiner Herrmann
275978c507 use pkg-config macro to locate apparmor and flags 2019-06-21 14:54:59 +02:00
Reiner Herrmann
2c64d1fdd3 use AX_CHECK_COMPILE_FLAG to check for spectre flags 
Fixes #2661
 2019-06-21 14:54:58 +02:00
Reiner Herrmann
75b4b95d02 import ax_check_compile_flag macro from autoconf-archive 2019-06-21 14:22:12 +02:00
Reiner Herrmann
88132d9dfb reduce redundancy in paths 2019-06-21 13:25:29 +02:00
glitsj16
7dfd850505
Arch Linux specific changes (#2788) 
* Arch Linux specific addition to gzip.profile

* Arch Linux specifics for tar.profile

* Arch Linux specifics for gzip.profile

* Minor re-ordering and wording edits for makepkg.profile

* Spacing fix for cower.profile
 2019-06-20 20:59:39 +00:00
netblue30
6773959147
Merge pull request #2771 from smitsohu/homedir2 
mount new proc filesystem earlier
 2019-06-20 12:46:50 -05:00
rusty-snake
b44b46294d
make syscalls.sh executable 2019-06-20 18:06:07 +02:00
rusty-snake
4429e6fcaf
Improve profile.template 
* uncomment .local includes
 * add options
   * ##ignore noexec /tmp
   * ##caps.keep CAPS
   * ##hostname NAME
   * ##writable-etc
   * ##writable-run-user
   * ##writable-var
   * ##writable-var-log
 * add disable x11
   * x11 none
   * blacklist /tmp/.X11-unix
   * comment when which of the both option should be used
 * sort private-etc template Common
 * add comments
   * machine-id: breaks sound and sometime dbus related functions
   * private-bin: python should be added by 'python*'
   * protocol: auxiliary comment for protocol line
 * add 'packet' to protocol list
 * Sections structure: OPTIONS: now has seccomp* instead of seccomp
 2019-06-20 12:46:24 +02:00
rusty-snake
dd0697a815
add 'x11 none' to more profiles with 'net none' 2019-06-20 11:37:56 +02:00
glitsj16
e48bb1fab4
Fix typo in man firejail [--x11] (#2785) 2019-06-19 04:14:37 +00:00
smitsohu
65e0b6442a
Merge pull request #2781 from smitsohu/thunderbird 
allow nodbus in thunderbird profile
 2019-06-18 19:38:06 +02:00
smitsohu
b59225f5d9 use 'x11 none' option 
... instead of just blacklisting the X11 socket.

Systematically added to all profiles with 'net none' and
'blacklist /tmp/.X11-unix', and a few more
 2019-06-18 18:52:18 +02:00
smitsohu
7697655087
fix logical OR in disable_file 2019-06-18 15:51:22 +02:00
rusty-snake
dae738722d
Update README.md 
* add link to wiki
* now link to contrib/syscalls (#2754)
 2019-06-18 12:58:59 +00:00
rusty-snake
72cb9f2070
Update CONTRIBUTING.md 
Move "I found a security bug" back to the Opening issues section.
 2019-06-18 12:44:41 +00:00
rusty-snake
1d56e466c2
three new blacklist in disable-common.inc 
* ~/.viminfo
 * ~/.lesshst
 * ~/.python_history
 2019-06-18 10:20:14 +02:00
Jean-Philippe Eisenbarth
57462723f3 Fix filename in comment 
Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
 2019-06-17 18:11:02 +00:00
Jean-Philippe Eisenbarth
8970a149f2 Fix spotify.profile 2019-06-17 18:11:02 +00:00
glitsj16
8cd7b6ae1f
Minor fixes for udiskie 
Nitpicks:
- it's common practice to refer to the python executable(s) in private-bin with `python*`, which covers both v2 and v3;
- now that @rusty-snake handed us all the needed tools to check/fix sorting multi-value options, put it to use.
 2019-06-17 13:42:52 +00:00
smitsohu
2db22a2f6b Merge branch 'master' of https://github.com/netblue30/firejail 2019-06-17 14:45:23 +02:00
smitsohu
e3cafb7fac no postmount checks when building basic filesystem 
fixes #2782
 2019-06-17 14:40:02 +02:00
rusty-snake
0330e04ec3
Merge pull request #2775 from jose1711/udiskie-profile 
Add profile for udiskie
 2019-06-17 09:52:29 +00:00
Jose Riha
f97e4fd970 Apply suggestions from code review 
Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
 2019-06-17 11:31:18 +02:00
smitsohu
96333fe309 cleanup 2019-06-17 04:10:24 +02:00
smitsohu
dba9dff9c5 streamline remounting (ro,rw,noexec) 2019-06-17 03:46:11 +02:00
rusty-snake
03a92a154c
tighten gnome-maps 2019-06-16 20:14:29 +02:00
rusty-snake
a6954438f3
some fixes in profile.template 2019-06-16 19:59:21 +02:00
glitsj16
dffc5c96c0
Fix writing places file for gnome-maps 2019-06-16 14:33:27 +00:00
smitsohu
fe8ddd6457
thunderbird profile: comment fix 2019-06-16 14:05:37 +02:00
smitsohu
4964d999d4
allow nodbus in thunderbird profile 
in order to maintain enigmail support - #1951
 2019-06-16 13:47:01 +02:00
rusty-snake
913ab0b418
consequent order of writable-* 2019-06-16 13:42:48 +02:00
rusty-snake
a72def9ab1
move noblacklist ~/.java to allow-java.inc 2019-06-16 13:34:50 +02:00
smitsohu
8b45fcb013
coalesce comments in firefox-common profile 2019-06-16 13:34:30 +02:00
rusty-snake
808639e320
Merge branch 'master' of github.com:netblue30/firejail 2019-06-16 13:05:27 +02:00
smitsohu
f718d60f69
chromium-common profile: add nodbus conditional 2019-06-16 13:05:07 +02:00
rusty-snake
4c93526960
many profile cleanup (4) 
containing:
 - files forgotten in 4beaf8f9
 - workarounds for #903
 - commented useless private-etc lines removed
 - remove commented seccomp.keep lines
 - much more
 2019-06-16 13:04:28 +02:00
rusty-snake
4beaf8f9da
Sort comented private-{bin,etc} lines 
in addition to 019fa047, c7d34b5e, 0a9beba3, cbdbb0f0.
 2019-06-16 12:50:04 +02:00
rusty-snake
026de86a10
add rhythmbox-client.profile 2019-06-16 12:35:00 +02:00
rusty-snake
c7d34b5e5d
Fix protocol line 
only unknown-horizons was affected
 2019-06-16 11:06:47 +02:00
glitsj16
0a9beba3c6
Sort caps.keep and seccomp.drop options (#2780) 
* Sort seccomp.drop in unbound.profile

* Sort caps.keep in tor.profile

* Sort seccomp.drop in qgjs.profile

* Sort seccomp.drop in dnscrypt-proxy.profile

* Sort caps.keep in chromium-common.profile
 2019-06-16 01:26:18 +00:00
rusty-snake
d97fe42b86
Merge branch 'master' of github.com:netblue30/firejail 2019-06-15 23:11:21 +02:00
rusty-snake
a75c99245e
some profile fixes 2019-06-15 23:11:00 +02:00
Vincent43
2711c6c1c9
Merge pull request #2774 from Vincent43/Vincent43-chromium-nodbus 
chromium: disable nodbus
 2019-06-15 20:44:36 +00:00
glitsj16
6cb66278cb
More sorting private-etc (#2779) 
* Sort private-etc

This .inc file got missed by https://github.com/netblue30/firejail/pull/2766.

* Sort private-etc
 2019-06-15 18:43:25 +00:00
glitsj16
cbdbb0f0a4
Sort private-lib (#2778) 
* Sort private-lib

* Sort private-lib

* Sort private-lib

Don't know why there was a reference to /usr/bin/gedit in private-lib...

* Sort private-lib
 2019-06-15 18:33:00 +00:00
Jose Riha
4e57e3975d Add profile for udiskie 2019-06-15 15:06:05 +02:00