firejail

mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00

History

Kelvin M. Klann f70ffbe76c landlock: split .special into .makeipc and .makedev As discussed with @topimiettinen[1], it is unlikely that an unprivileged process would need to directly create block or character devices. Also, `landlock.special` is not very descriptive of what it allows. So split `landlock.special` into: * `landlock.makeipc`: allow creating named pipes and sockets (which are usually used for inter-process communication) * `landlock.makedev`: allow creating block and character devices Misc: The `makedev` name is based on `nodev` from mount(8), which makes mount not interpret block and character devices. `ipc` was suggested by @rusty-snake[2]. Relates to #6078. [1] https://github.com/netblue30/firejail/pull/6078#pullrequestreview-1740569786 [2] https://github.com/netblue30/firejail/pull/6187#issuecomment-1924107294		2024-02-02 19:37:06 -03:00
..
apparmor	Create mullvad-browser.profile (#5887 )	2023-07-22 12:38:28 +00:00
inc	landlock: split .special into .makeipc and .makedev	2024-02-02 19:37:06 -03:00
net	fix nolocal netfilter	2022-10-25 14:33:56 -04:00
profile-a-l	crawl.profile: allow lua (#6182 )	2024-02-02 03:28:20 +00:00
profile-m-z	tesseract.profile: add quiet (#6173 )	2024-01-31 19:33:49 +00:00
templates	landlock: split .special into .makeipc and .makedev	2024-02-02 19:37:06 -03:00
firejail.config	profiles: Miscellaneous cleanups (#5918 )	2023-07-25 19:32:12 +00:00
ids.config	disable-common.inc: blacklist sudo/doas paths in /etc	2023-07-14 08:08:47 -03:00
login.users