github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6
3932 commits 10 branches 71 tags 33 MiB
Commit graph

3932 commits

This branch
This branch
All branches
Author SHA1 Message Date
netblue30
1ed6afad0c 0.9.54 testing 2018-05-16 08:16:28 -04:00
netblue30
f988876b9b fix --dns 2018-05-15 10:53:39 -04:00
netblue30
0b2fd80fdb Merge branch 'master' of http://github.com/netblue30/firejail 2018-05-14 13:52:13 -04:00
netblue30
241f3b9f3c expand seccomp macros in seccomp.drop line - macros not supported in 0.9.38 2018-05-14 13:51:47 -04:00
startx2017
44f6a69584 Merge branch 'master' of https://github.com/netblue30/firejail 2018-05-14 09:34:52 -04:00
startx2017
2626263c69 remove unused files 2018-05-14 09:34:21 -04:00
Vincent43
bb4240bf3a
skanlite.profile: Allow access to scanner through network 2018-05-14 14:33:54 +01:00
Vincent43
634b2de7b7
krita.profile: allow python 2018-05-13 21:25:19 +01:00
Fred-Barclay
1f45aa83bd
Firefox profile fix for 0.9.38 (Ubuntu 16.04) in etc-fixes/ 
Seccomp filter lifted from 0.9.54 version. Cosmetic errors occur
for unrecognised options (such as @clock) but do not affect sandbox.
 2018-05-13 12:10:25 -05:00
netblue30
24a33d76d9 profile fixes for 0.9.52 (Ubuntu 18.04) in etc-fixes directory 2018-05-13 12:38:37 -04:00
netblue30
92be701355 profile fixes for 0.9.52 (Ubuntu 18.04) in etc-fixes directory 2018-05-13 12:23:16 -04:00
netblue30
47bc443ae1 moving to 0.9.54~rc3 2018-05-13 10:52:55 -04:00
Fred-Barclay
fc69e69704
nodbus breaks vivaldi sync 2018-05-12 12:58:45 -05:00
netblue30
514667d25d merges 2018-05-12 10:13:47 -04:00
netblue30
e596d5f9f2
Merge pull request #1932 from RDProjekt/modules 
Fixes to make Blender with AMD GPU work under firejail (#1931)
 2018-05-12 08:37:44 -05:00
smitsohu
a97974ca0b update README.md 2018-05-12 15:27:23 +02:00
Tad
df3d122d2c Misc fixes 2018-05-12 06:44:39 -04:00
Fred Barclay
6830065197
Merge pull request #1935 from pizzadude/patch-8 
disable tracelog in firefox-common.profile
 2018-05-10 20:54:19 -05:00
smitsohu
392bedba29 harden read-write mounts, cleanup 2018-05-11 00:58:11 +02:00
startx2017
694e2027c5 Merge branch 'master' of https://github.com/netblue30/firejail 2018-05-09 19:40:29 -04:00
startx2017
7deb720ba8 firemon/prctl enhancements 2018-05-09 19:40:14 -04:00
PizzaDude
727aeb5c04
Update firefox-common.profile 2018-05-09 19:36:59 -04:00
Tad
81fa843daf merges 2018-05-09 16:05:38 -04:00
SkewedZeppelin
c6b6894ae1
Merge pull request #1934 from pizzadude/patch-7 
profile for qmmp
 2018-05-09 16:01:42 -04:00
SkewedZeppelin
9b42d30a76
Merge pull request #1933 from pizzadude/patch-6 
profile for sayonara player
 2018-05-09 16:00:52 -04:00
PizzaDude
64914b7ae7
disable tracelog in firefox-common.profile 
tracelog breaks firefox 60+ catastrophically in my testing
 2018-05-09 13:11:25 -04:00
PizzaDude
e285719f29
profile for qmmp 2018-05-09 13:05:20 -04:00
PizzaDude
9dc0f8c4cd
profile for sayonara player 2018-05-09 13:00:41 -04:00
netblue30
a8f1634901 testing hidepid 2018-05-09 11:17:56 -04:00
netblue30
1576791f29 fix /proc hidepid 2018-05-09 10:57:50 -04:00
RD Projekt
9dd581d254 Allow AMD GPU usage by Blender 2018-05-09 12:37:35 +02:00
RD Projekt
95c8e284d0 Allow accessing /sys/module directory 
It is required for example by Blender, which Firejail supports. Blender needs read-only access to /sys/module/amdgpu in order to use AMD card with OpenCL.

Now user can allow such access by specifying:

noblacklist /sys/module
whitelist /sys/module/amdgpu
read-only /sys/module/amdgpu
 2018-05-09 12:37:35 +02:00
smitsohu
6dd512ca16 lower some more privs 2018-05-09 11:16:45 +02:00
startx2017
2a0fb5c1ed don't display firejail --list/--tree/--top processes in firemon stats 2018-05-08 17:57:43 -04:00
netblue30
5031d16f69 more errLogExit 2018-05-08 08:48:24 -04:00
netblue30
ab7a36982b errLogExit and --overlay-clean 2018-05-08 07:45:14 -04:00
Fred Barclay
01dc8baf25
Merge pull request #1924 from glitsj16/gnome-logs 
add note for 'volatile' storage support
 2018-05-07 21:50:15 -05:00
Reiner Herrmann
fd67cbb424 fix naming of xplayer-video-thumbnailer profile 2018-05-07 21:30:22 +02:00
netblue30
a40080f000 moving to next version 2018-05-06 15:49:59 -04:00
netblue30
f05861efff 0.9.54~rc1 released 2018-05-06 15:42:33 -04:00
netblue30
f905f046cc remove 64bit seccomp filter from 32bit architectures 2018-05-06 11:22:35 -04:00
Vincent43
8be61f77c2
ark.profile: Add private-bin and private-etc 
private-bin was generated manually while looking at ark source code, it should be complete. Obviously build-in previewer should be used with those.

private-etc was generated by firejail --build, it's commented out for now.

Both tested on Archlinux and KDE Plasma 5.12
 2018-05-05 20:17:58 +01:00
smitsohu
3a2ca11095 tiny memleaks, np dereference 2018-05-05 17:38:55 +02:00
smitsohu
99e8536770 get error handling right 2018-05-04 19:51:39 +02:00
smitsohu
811673eeff enhance post-mount checks 2018-05-04 12:08:25 +02:00
glitsj16
45a817f877
add note for 'volatile' staorage support 2018-05-04 03:11:09 +00:00
glitsj16
cd0ba20ed6 add disable-interpreters.inc to gnome-logs (#1923) 
* add disable-interpreters.inc to gnome-logs

Besides adding `include /etc/firejail/disable-interpreters.inc`, enabling both `private-etc` and `private-lib` (tested with systemd default storage and volatile journal).

* Add localtime to private-etc
 2018-05-03 21:27:06 -05:00
SkewedZeppelin
c29203740f
Merge pull request #1922 from glitsj16/unzip 
Allow GNOME Shell integration in unzip
 2018-05-03 20:58:55 -04:00
glitsj16
0caa39e0ed
Allow GNOME Shell integration in unzip 2018-05-04 00:27:06 +00:00
netblue30
c875f10075 moving get_mount_info from /proc/self/mounts to /proc/slef/mountinfo 2018-05-03 11:25:59 -04:00