firejail

SHA256

Author	SHA256	Message	Date
Ismail Dönmez	c5bd94cd19	Accepting request 437560 from home:tiwai:branches:Virtualization - Update to version 0.9.44: * CVE-2016-7545 submitted by Aleksey Manevich Modifications: * removed man firejail-config * –private-tmp whitelists /tmp/.X11-unix directory * Nvidia drivers added to –private-dev * /srv supported by –whitelist New features: * allow user access to /sys/fs (–noblacklist=/sys/fs) * support starting/joining sandbox is a single command (–join-or-start) * X11 detection support for –audit * assign a name to the interface connected to the bridge (–veth-name) * all user home directories are visible (–allusers) * add files to sandbox container (–put) * blocking x11 (–x11=block) * X11 security extension (–x11=xorg) * disable 3D hardware acceleration (–no3d) * x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands * move files in sandbox (–put) * accept wildcard patterns in user name field of restricted shell login feature New profiles: * qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape * feh, ranger, zathura, 7z, keepass, keepassx, * claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot * Flowblade, Eye of GNOME (eog), Evolution OBS-URL: https://build.opensuse.org/request/show/437560 OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=4	2016-11-03 08:20:46 +00:00
Olaf Hering	555d6e90b4	Accepting request 431498 from home:tiwai:branches:Virtualization - Update to version 0.9.42: Security fixes: * –whitelist deleted files * disable x32 ABI in seccomp * tighten –chroot * terminal sandbox escape * several TOCTOU fixes Behavior changes: * bringing back –private-home option * deprecated –user option, please use “sudo -u username firejail” * allow symlinks in home directory for –whitelist option * Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes” * recursive mkdir * include /dev/snd in –private-dev * seccomp filter update * release archives moved to .xz format New features: * AppImage support (–appimage) * AppArmor support (–apparmor) * Ubuntu snap support (/etc/firejail/snap.profile) * Sandbox auditing support (–audit) * remove environment variable (–rmenv) * noexec support (–noexec) * clean local overlay storage directory (–overlay-clean) * store and reuse overlay (–overlay-named) * allow debugging inside the sandbox with gdb and strace (–allow-debuggers) * mkfile profile command * quiet profile command * x11 profile command * option to fix desktop files (firecfg –fix) OBS-URL: https://build.opensuse.org/request/show/431498 OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=3	2016-10-13 08:58:49 +00:00
Ismail Dönmez	c0b4cdac0f	Accepting request 400690 from home:tiwai:branches:Virtualization - Update to version 0.9.40: * Added firecfg utility * New options: -nice, -cpu.print, -writable-etc, -writable-var, -read-only * X11 support: -x11 option (-x11=xpra, -x11=xephr) * Filetransfer options: –ls and –get * Added mkdir, ipc-namespace, and nosound profile commands * added net, ip, defaultgw, ip6, mac, mtu and iprange profile commands * Run time config support, man firejail-config * AppArmor fixes * Default seccomp filter update * Disable STUN/WebRTC in default netfilter configuration * Lots of new profiles OBS-URL: https://build.opensuse.org/request/show/400690 OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=2	2016-06-08 17:13:02 +00:00
Dirk Mueller	755e067884	Accepting request 397032 from home:tiwai:firejail This is a request for a new package "firejail". It's a lightweight sandbox using namespace and seccomp. Let me know if Virtualization doesn't fit as the devel project for such a program. OBS-URL: https://build.opensuse.org/request/show/397032 OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=1	2016-05-24 05:12:25 +00:00

4 Commits