summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* Add autokey profiles (#2635)Libravatar glitsj162019-04-02
| | | | | | | | | | | | | | | | | | * Add autokey to firecfg.config * Update README.md * Update RELNOTES * Create autokey-common.profile * Create autokey-gtk.profile * Create autokey-qt.profile * Create autokey-run.profile * Create autokey-shell.profile
* Temp fix firecfg (#2634)Libravatar glitsj162019-04-02
| | | | | | | | | | | | | | * Temp fixes for firecfg.config * Create Builder.profile * Create clocks.profile * Create Logs.profile * Create Maps.profile * Add TODO to firecfg.config
* Fixup #2631Libravatar SkewedZeppelin2019-03-31
|
* Fix gnome-logs.profile (#2630)Libravatar rusty-snake2019-03-31
| | | | | | * Fix gnome-logs.profile * supplemented comment for using gnome-logs.local
* Merge pull request #2625 from veloute/gnome-chess-fixLibravatar SkewedZeppelin2019-03-30
|\ | | | | add gnuchess to play against computer
| * add gnuchess to play against computerLibravatar veloute2019-03-29
| |
* | Merge pull request #2631 from pianoslum/2621-AddWarningAboutEvinceTwoPageLibravatar SkewedZeppelin2019-03-30
|\ \ | | | | | | Add warning about nodbus breaking evince two-page-view on some systems
| * | Add warning about nodbus breaking evince two-page-view on some systemsLibravatar pianoslum2019-03-30
| | | | | | | | | | | | See https://github.com/netblue30/firejail/issues/2621
* | | Add anki.profile (#2626)Libravatar rusty-snake2019-03-30
| | |
* | | Fixes for man firejail (#2628)Libravatar glitsj162019-03-29
| | |
* | | Fix typo's in firecfg util.c (#2627)Libravatar glitsj162019-03-29
| |/ |/|
* | Five more game profilesLibravatar Tad2019-03-28
| |
* | Add VCS support to meld (#2615)Libravatar rusty-snake2019-03-28
| | | | | | | | | | | | | | | | | | | | * Add hg,bzr,git,svn,cvs to meld's private-bin * Update meld.profile * Update meld.profile * Update meld.profile
* | Fix dconf-editor access to glib schemas (#2622)Libravatar glitsj162019-03-28
| | | | | | | | | | | | * Fix dconf-editor access to glib schemas * Fix dconf access to glib schemas
* | Refactor pidgin as whitelist profile (#2620)Libravatar glitsj162019-03-27
| |
* | mount runtime seccomp files read-only (#2602)Libravatar smitsohu2019-03-23
| | | | | | | | | | | | | | avoid creating locations in the file system that are both writable and executable (in this case for processes with euid of the user). for the same reason also remove user owned libfiles when it is not needed any more
* | Add kid3, kid3-cli, kid3-qt (#2614)Libravatar rusty-snake2019-03-22
| |
* | Merge pull request #2611 from rusty-snake/add-freemindLibravatar SkewedZeppelin2019-03-21
|\ \ | | | | | | Add freemind
| * | remove noexecLibravatar rusty-snake2019-03-21
| | | | | | | | | | | | disable-exec.inc is there
| * | Reorder rusty-snake in READMELibravatar rusty-snake2019-03-21
| | |
| * | Add freemind.profileLibravatar rusty-snake2019-03-21
|/ /
* | Another five more game profilesLibravatar Tad2019-03-20
| |
* | Four more game profilesLibravatar Tad2019-03-20
| |
* | Add a profile for DCSSLibravatar Tad2019-03-20
| |
* | Five more game profilesLibravatar Tad2019-03-20
| |
* | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2019-03-20
|\ \
| * | New profiles: Maelstrom and ostrichriderLibravatar Tad2019-03-20
| | |
| * | Harden easystroke (#2606)Libravatar glitsj162019-03-18
| | |
| * | pavucontrol does not work with ipc-namespace (#2604)Libravatar veloute2019-03-17
| | |
* | | hardening: run more code unprivilegedLibravatar smitsohu2019-03-20
| | |
* | | security: too early to register signal handlerLibravatar smitsohu2019-03-20
|/ /
* | minor enhancement: added robustness for setres[gu]id function callsLibravatar smitsohu2019-03-16
| |
* | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2019-03-16
|\ \
| * | Follow-up on flatpak/snap support (#2601)Libravatar glitsj162019-03-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove obsolete snap support from disable-programs.inc * Remove obsolete snap support from pycharm-community.profile * Update RELNOTES to reflect non-existing/dropped flatpak/snap support * Update firejail.txt to reflect flatpak/snap packages are not supported
| * | Seahorse revisited (#2600)Libravatar glitsj162019-03-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactor seahorse into a whitelist profile * Refactor seahorse-tool as a whitelist profile * Create seahorse-daemon.profile * Add seahorse-daemon to firecfg * Drop blacklist /tmp/.X11-unix from seahorse.profile Thanks to @rusty-snake for pointing out blacklisting /tmp/.X11-unix is ridiculous for GUI's. * Add non-GUI option to seahorse-daemon
* | | hardening: replace setuid/setgid calls with setresuid/setresgidLibravatar smitsohu2019-03-16
|/ / | | | | | | | | | | | | | | | | | | when nesting containers and sandboxes, it is possible setuid() fails silently to reset the saved uid, which is then cleared only by the next execve. This is solved by replacing setuid() with more robust setresuid() function calls. Also add code to drop privileges when entering the run_no_sandbox() function (along with some minor tidy up).
* | Fix assogiate's private-bin (#2603)Libravatar glitsj162019-03-16
| |
* | Fix seahorse.profile seahorse-tool.profile (#2599)Libravatar rusty-snake2019-03-15
| |
* | Re-order options in ssh-agent.profile (#2598)Libravatar glitsj162019-03-15
| |
* | harden clamtk profile, strings profile cleanupLibravatar smitsohu2019-03-15
| |
* | profile hardening: add disable-exec.inc in more placesLibravatar smitsohu2019-03-15
| |
* | ffmpegthumbnailer breaks in ranger with private-cache enabled from (#2596)Libravatar veloute2019-03-15
| | | | | | ffmpeg.profile
* | Merge pull request #2595 from veloute/aria2c-fixesLibravatar Fred Barclay2019-03-14
|\ \ | | | | | | fixes for aria2c not resolving domain names
| * | fixes for aria2c not resolving domain namesLibravatar veloute2019-03-14
|/ /
* | Hardening compressors (#2594)Libravatar glitsj162019-03-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Harden atool * Harden cpio * Fix ordering in private-* options * Harden gzip * Harden tar * Harden bsdtar * Harden+ tar * Harden+ gzip * Harden+ cpio * Create bzip2.profile * Description for bunzip2 * Add bzip2/bunzip2 to firecfg
* | Fixes for seahorse/seahorse-tool (#2592)Libravatar glitsj162019-03-14
| | | | | | | | | | | | * Fix seahorse GUI * Fix seahorse-tool GUI
* | exiftool needs access to the /usr/bin/vendor_perl directory in archlinux (#2581)Libravatar veloute2019-03-14
| | | | | | | | | | | | * exiftool needs access to the /usr/bin/vendor_perl directory in archlinux * add comments provided by glitsj16
* | Merge pull request #2587 from lskrejci/cmdline-arg-fixLibravatar smitsohu2019-03-13
|\ \ | | | | | | Fix incorrect parsing of --keep-var-tmp command
| * | Fix incorrect parsing of --keep-var-tmp commandLibravatar Lukáš Krejčí2019-03-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The command was only recognized if it was passed as the first argument. Passing it on any other position on the command line caused the following error: Error: invalid --keep-var-tmp command line option Supplying it as the first argument also resulted in other commands that are parsed after it to be silently ignored.
* | | Streamline 'Allow python' options (#2588)Libravatar glitsj162019-03-13
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix 'allow python' in xpra * Fix 'allow python' in xplayer * Fix 'allow python' in xed * Fix 'allow python' in uzbl-browser * Fix 'allow python' in transmission-remote-cli * Fix 'allow python' in torbrowser-launcher * fix 'allow python' in subdownloader * Fix 'allow python' in steam * Fix 'allow python' in soundconverter * Fix 'allow python' in sdat2img * Fix 'allow python' in scribus * Fix 'allow python' in ranger * Fix 'allow python' in qutebrowser * Fix 'allow python' in qbittorrent * Fix 'allow python' in pybitmessage * Fix 'allow python' in playonlinux * Fix 'allow python' in pitivi * Fix 'allow python' in pithos * Fix 'allow python' in picard * Fix 'allow python' in openshot * Fix 'allow python' in onionshare-gui * Fix 'allow python' in obs * Fix 'allow python' in nitroshare * Fix 'allow python' in nemo * Fix 'allow python' in nautilus * Fix 'allow python' in natron * Fix 'allow python' in ms-office * Fix 'allow python' in mpDris2 * Fix 'allow python' in mendeleydesktop * Fix 'allow python' in macrofusion * Fix 'allow python' in lollypop * Fix 'allow python' in liferea * Fix 'allow python' in krita * Fix 'allow python' in kodi * Fix 'allow python' in inkscape * Fix 'allow python' in hexchat * Fix 'allow python' in gnome-schedule * Fix 'allow python' in gnome-music * Fix 'allow python' in gconf * Fix 'allow python' in gajim * Fix 'allow python' in font-manager * Fix 'allow python' in fontforge * Fix 'allow python' in flowblade * Fix 'allow python' in filezilla * Fix 'allow python' in exfalso * Fix 'allow python' in electrum * Fix 'allow python' in display * Fix 'allow python' in d-feet * Fix 'allow python' in deluge * Fix 'allow python' in cherrytree * Fix 'allow python' in catfish * Fix 'allow python' in caja * Fix 'allow python' in blender * Fix 'allow python' in bleachbit * Fix 'allow python' in authenticator * Fix 'allow python' in arm
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-04 13:35:14 +0000