Stephen Watt
a8f61a2d4e
Re-sync to master.
7 years ago
dma
5a755a04e8
Change path of oz socket
7 years ago
dma
d2ff760197
Patch up IPC
7 years ago
dma
f3f5414fd4
Support for TLSGuard in prompter
7 years ago
shw
27d0a4809d
Updated SOCKS5 connection lookup code now correctly identifies originating process.
...
Includes code to read internal proxy state information from (updated) oz-daemon.
8 years ago
shw
8546f6c416
Working (but not intensively tested) IPv6 support!
8 years ago
shw
b567e5ce54
oz-init pid mappings are now properly destroyed as these processes exit.
8 years ago
shw
a930fbbce0
Sandboxed process entries in GUI now include sandbox name/ID in display.
...
Removed fatal error when a connection to oz-control socket cannot be established.
8 years ago
shw
b4ed11261f
Added extra display info for "Sandboxed application" in fw-prompt gnome shell GUI.
...
fw-prompt GUI gracefully displays unknown PIDs and UIDs.
Fixed stupid syntax error bug in oz-init PID management code.
8 years ago
shw
7a1851419c
Added support for using fw-daemon on all processes system-wide.
...
Added changes for fw-daemon to check sandboxed processes' oz-init /proc/[pid]/net/tcp with procsnitch.
fw-daemon IPC accepts "register-init" command to register new oz-init process instance alerts.
fw-daemon also checks for existing oz-init processes on startup.
Updated vendor-bundled go-procsnitch to latest dev version that includes findTCPSocketAll().
8 years ago
shw
30482bf15b
Support for wildcard ports in dynamic OZ/fw rules.
...
Modified behavior for source interface-based rules to allow for fallthrough policies.
8 years ago
shw
e1a994169f
Added removeall IPC command for stripping all rules matching a source interface.
8 years ago
shw
670abc5232
Removed code for custom matching of firewall rules.
8 years ago
shw
9069c91606
Garbage dump commit of current progress.
8 years ago
shw
cadb859dce
Added ephemeral oz sandbox/fw-daemon rules that can be updated via IPC connection.
...
fw-daemon prompter is now updated with source address of originating packet.
Fixed bug in decoding DNS data.
Packets are dropped properly (by marking and then calling Accept()).
8 years ago