firejail

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

History

Kelvin M. Klann f70ffbe76c landlock: split .special into .makeipc and .makedev As discussed with @topimiettinen[1], it is unlikely that an unprivileged process would need to directly create block or character devices. Also, `landlock.special` is not very descriptive of what it allows. So split `landlock.special` into: * `landlock.makeipc`: allow creating named pipes and sockets (which are usually used for inter-process communication) * `landlock.makedev`: allow creating block and character devices Misc: The `makedev` name is based on `nodev` from mount(8), which makes mount not interpret block and character devices. `ipc` was suggested by @rusty-snake[2]. Relates to #6078. [1] https://github.com/netblue30/firejail/pull/6078#pullrequestreview-1740569786 [2] https://github.com/netblue30/firejail/pull/6187#issuecomment-1924107294		2024-02-02 19:37:06 -03:00
..
syntax	landlock: split .special into .makeipc and .makedev	2024-02-02 19:37:06 -03:00
vim/ftdetect	contrib/vim: match profile files more broadly	2023-06-10 14:16:41 -03:00
fix_private-bin.py	fix spelling (#4573 )	2021-09-22 23:05:33 +02:00
fj-mkdeb.py	update copyright 2024	2024-01-12 11:23:22 -05:00
fjclip.py	update copyright 2024	2024-01-12 11:23:22 -05:00
fjdisplay.py	update copyright 2024	2024-01-12 11:23:22 -05:00
fjresize.py	update copyright 2024	2024-01-12 11:23:22 -05:00
gdb-firejail.sh	update copyright 2024	2024-01-12 11:23:22 -05:00
jail_prober.py	update copyright 2024	2024-01-12 11:23:22 -05:00
sort.py	update copyright 2024	2024-01-12 11:23:22 -05:00
syscalls.sh	update copyright 2024	2024-01-12 11:23:22 -05:00
update_deb.sh	update copyright 2024	2024-01-12 11:23:22 -05:00