summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* Fix #2995Libravatar rusty-snake2019-10-16
|
* Update ghostwriter.profileLibravatar rusty-snake2019-10-16
| | | | | | | | - enable `seccomp`, but allow `chroot` - fix wusc. ==> comment it because of #216 it is broken - fix pdf export [skip ci]
* Profiles: add signal-cli profile (#3002)Libravatar Timo Hardebusch2019-10-15
| | | | | | | | * Profiles: add signal-cli profile Clarification regarding Java * Added suggestions from code review
* fix epiphany profile descriptionLibravatar SkewedZeppelin2019-10-14
|
* blacklist runtime profile directoryLibravatar smitsohu2019-10-14
|
* Fix typo in pandoc.profileLibravatar glitsj162019-10-13
|
* harden pandoc & shellcheckLibravatar rusty-snake2019-10-13
|
* add tracelog to some profilesLibravatar rusty-snake2019-10-13
|
* blacklist gnome-boxes user files (VM-Images)Libravatar rusty-snake2019-10-13
|
* Add note about seccomp to steam #2860Libravatar rusty-snake2019-10-13
|
* chroot error message typoLibravatar smitsohu2019-10-13
|
* postpone procfs mount until after chroot callLibravatar smitsohu2019-10-13
| | | | issue #2301
* fix chroot with mounted resolv.confLibravatar smitsohu2019-10-13
|
* x11 hardeningLibravatar smitsohu2019-10-13
|
* shorten fedora firefox private-binLibravatar rusty-snake2019-10-12
| | | | | Possible `false,pidof,rmdir,true` can also be removed. unsure. [skip ci]
* kalgebra.profile, kalgebramobile.profileLibravatar rusty-snake2019-10-12
|
* x11 xorg: blacklist non-default Xauthority fileLibravatar smitsohu2019-10-08
| | | fixes #1652
* add x11 xorg option to HAS_X11 conditional - #2205Libravatar smitsohu2019-10-08
|
* add HAS_X11 conditional, disconnect session manager - #2205Libravatar smitsohu2019-10-08
|
* little tweaksLibravatar smitsohu2019-10-08
|
* Fix wusc for gearyLibravatar glitsj162019-10-07
| | | The included firefox.profile has wusc now. We need to whitelist /usr/share/geary to avoid breakage.
* Move wusc into eo-common.profileLibravatar glitsj162019-10-07
|
* Move wusc into eo-common.profileLibravatar glitsj162019-10-07
|
* Move wusc into eo-common.profileLibravatar glitsj162019-10-07
|
* various profile fixesLibravatar rusty-snake2019-10-06
|
* Fix wusc in thunderbirdLibravatar glitsj162019-10-06
|
* Wusc fixes (#2992)Libravatar glitsj162019-10-06
| | | | | | | | | | | | * Add wusc to eom * Fix wusc in firefox Without access to /usr/share/ca-certificates all HTTPS traffic gets the FF dialog 'Warning: Potential Security Risk Ahead'. Probably needed in thunderbird profile too (untested). * Fix wusc ordering in meld Just an alphabetical ordering nitpick.
* whitelist-usr-share-common.inc (#2972)Libravatar rusty-snake2019-10-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Work on whitelist-usr-share-common * sorting; add Modules + QT/KDE stuff * add wusc.inc to more profiles [needs testing] * update * gitg, firefox, evince * /usr/share/{p11-kit,pixmaps,pki,qt5,tcl8.6,terminfo} * more profiles * remove wusc.inc from feedreader Even with 'whitelist /usr/share/*', feedreader trys to dereference a NULL pointer. * more profiles * whitelist /usr/share breaks wget even with whitelist /usr/share/* * extend wusc.inc * update * Add alsa,crypto-policies and zoneinfo * readd wusc.inc to wget and feedreader * update * testing results: Debian Buster with KDE * more KDE stuff * fix tb
* remove trailing slashesLibravatar rusty-snake2019-10-05
|
* Update firefox-common-addons.incLibravatar rusty-snake2019-10-05
|
* Merge pull request #2982 from smitsohu/chrootLibravatar netblue302019-10-04
|\ | | | | Move chroot entirely from path based to file descriptor based mounts
| * improve enforce_filters warningLibravatar smitsohu2019-10-01
| | | | | | added an additional newline in order to keep it visually separate from other unrelated error messages
| * simplify chroot option parsingLibravatar smitsohu2019-10-01
| | | | | | | | this is a partial revert, back to the original code
| * base checks and mounts on same file descriptorLibravatar smitsohu2019-10-01
| |
| * improve variable namesLibravatar smitsohu2019-09-29
| |
| * chroot moduleLibravatar smitsohu2019-09-29
| |
| * move chroot from path based to file descriptor based mountsLibravatar smitsohu2019-09-29
| |
* | fix the fixLibravatar smitsohu2019-10-04
| | | | | | | | | | | | cf. previous commit 34e5ad65b238b698c55e4921c9ac9294e6548cc7 line buffered output is what we really want
* | alphabetize man page entriesLibravatar smitsohu2019-10-04
| |
* | fix concurrent writing to trace fileLibravatar smitsohu2019-10-04
| |
* | break out of libtrace file open loopLibravatar smitsohu2019-10-04
| |
* | add private-tmp to unbound profileLibravatar smitsohu2019-10-01
| |
* | commented out some debug code in libtraceLibravatar netblue302019-09-29
| |
* | increase socket buffer size for firemon, bug #2700Libravatar netblue302019-09-29
|/
* Update evinceLibravatar rusty-snake2019-09-28
| | | | | | | private-lib: - Add note about possible two-page-view breaktage - add libgraphite2.so.* remove mdwe
* fixup! add missing blacklist pathsLibravatar rusty-snake2019-09-28
|
* Fix sorting (caught by GitLab CI tests)Libravatar Fred Barclay2019-09-28
|
* fix ffprobeLibravatar rusty-snake2019-09-28
| | | | | | | | | | | $ firejail ffprobe VIDEO execvp: No such file or directory $ firejail --noprofile --private-bin=ffprobe ffprobe VIDEO execvp: No such file or directory $ firejail --ignore=private-bin ffprobe VIDEO Works ffprobe is the only file in PATH that is touched (see --build).
* add missing blacklist pathsLibravatar rusty-snake2019-09-28
|
* KeePassXC: Added a warning regarding tray iconLibravatar Timo Hardebusch2019-09-28
|
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-19 18:34:54 +0000