summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* Merge pull request #2928 from topimiettinen/seccomp-more-groupsLibravatar netblue302019-08-29
|\ | | | | Add further seccomp groups
| * Add further seccomp groupsLibravatar Topi Miettinen2019-08-28
| | | | | | | | Get further seccomp group definitions from systemd.
* | fix previous mergeLibravatar netblue302019-08-29
| |
* | Merge pull request #2926 from topimiettinen/seccomp-allow-exceptionsLibravatar netblue302019-08-29
|\ \ | | | | | | Allow exceptions to seccomp lists
| * \ Merge branch 'master' into seccomp-allow-exceptionsLibravatar netblue302019-08-29
| |\ \ | |/ / |/| |
* | | seccomp numeric testingLibravatar netblue302019-08-28
| | |
* | | Merge pull request #2929 from aoand/masterLibravatar netblue302019-08-28
|\ \ \ | | | | | | | | seccomp fix: allow numeric syscalls
| * | | seccomp fix: allow numeric syscallsLibravatar aoand2019-08-26
|/ / / | | | | | | | | | as per man page, numeric syscall is indicated by the dollar sign '$'
* | | Fix private-bin order in ghostwriter.profileLibravatar glitsj162019-08-26
| | |
* | | Fix order of private-cache in mpsyt.profileLibravatar glitsj162019-08-26
| | |
* | | Fic private-etc ordering for gnome-scheduleLibravatar glitsj162019-08-26
| | |
* | | misc fixesLibravatar rusty-snake2019-08-26
| | | | | | | | | | | | | | | | | | - fix for #2038 - update RELNOTES - fix #2925
* | | many profile fixes (1)Libravatar rusty-snake2019-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - add novideo to a lot of profiles (there are still more profiles where novideo can be added) - remove commente mdwe from some gnome applications - add descriptions to some profiles - blacklist ${HOME}/.cargo/credentials - move ${HOME}/.git-credentials and ${HOME}/.git-credential-cache to 'top secret' in disable-common.inc - some ordering in disable-programs.inc - merge tor browser blacklists to ${HOME}/.tor-browser* - qupzilla.profile redirect to falkon.profile - blacklist gnome-builder paths - fix transmission profiles inlude - much more
* | | add support for seccomp to sort.py [skip ci]Libravatar rusty-snake2019-08-25
| | |
* | | fix shebang in some contrib scripts [skip ci]Libravatar rusty-snake2019-08-25
| | |
* | | harden strings profileLibravatar smitsohu2019-08-25
| |/ |/|
| * Allow exceptions to seccomp listsLibravatar Topi Miettinen2019-08-25
|/ | | | | | | Prefix ! can be used to make exceptions to system call blacklists and whitelists used by seccomp, seccomp.drop and seccomp.keep. Closes #1366
* Merge pull request #2921 from rusty-snake/allow-common-devel.incLibravatar rusty-snake2019-08-22
|\ | | | | Introduce allow-common-devel.inc
| * add allow-common-devel to more profilesLibravatar rusty-snake2019-08-22
| |
| * Introduce allow-common-devel.incLibravatar rusty-snake2019-08-22
| |
* | update syscalls.txtLibravatar rusty-snake2019-08-22
| |
* | various fixes and improvementsLibravatar rusty-snake2019-08-22
|/ | | | | | | | | | | | - install contrib/syscalls.sh - add GitLab-CI status to README.md - read-only ${HOME}/.cargo/env - move blacklist ${HOME}/.cargo/registry, ${HOME}/.cargo/config to disable-programs - typo in man firejail firejail-profiles firecfg - better descriptions in man firejail-profiles - fixes in man firejail - template descriptions in firejail-profiles
* Enable private-bin in transmission-daemonLibravatar glitsj162019-08-21
|
* Enable private-bin in transmission-cliLibravatar glitsj162019-08-21
|
* Fix private-etc order in i2prouterLibravatar glitsj162019-08-21
|
* Fix teamspeak3Libravatar glitsj162019-08-21
| | | Fixes #2901.
* Merge pull request #2919 from corecontingency/masterLibravatar rusty-snake2019-08-21
|\ | | | | Profiles: add I2P
| * added i2prouter to firecfgLibravatar core_contingency2019-08-21
| |
| * Applied further suggestions from code reviewLibravatar core_contingency2019-08-21
| |
| * Apply suggestions from code review Libravatar corecontingency2019-08-21
| | | | | | | | | | Changed to default seccomp Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
| * profiles: add i2pLibravatar core_contingency2019-08-21
| |
* | Drop fonts from private-etc in transmission-remote-cliLibravatar glitsj162019-08-21
|/ | | Thanks @rusty-snake for catching this!
* Refactor transmission profiles (#2920)Libravatar glitsj162019-08-21
| | | | | | | | | | | | | | | | | | | | | | | | * Refactor transmission-cli * Create transmission-common.profile * Refactor transmission-create * Refactor transmission-daemon * Refactor transmission-edit * Refactor transmission-gtk * Refactor transmission-qt * Refactor transmission-remote-cli * Refactor transmission-remote-gtk * Refactor transmission-remote * Refactor transmission-show
* Fix revert of previous trace fix. The issue was that programs were crashing ↵Libravatar Glenn Washburn2019-08-21
| | | | because libtrace hooked libc calls were being executed before the libtrace library was initialized. This was due to other loaded libraries being initialized first.
* fix #2912 and update CONTRIBUTING.mdLibravatar rusty-snake2019-08-19
|
* fix private-bin for tb-starter-wrapper #2863Libravatar rusty-snake2019-08-19
|
* noblacklist but no blacklist (#2886)Libravatar rusty-snake2019-08-19
| | | | | | | | | | | | | | | | * beginn fixup * continue * continue * continue * continue * continue * continue
* readmeLibravatar netblue302019-08-18
|
* Merge pull request #2909 from gm10/fix-get_userLibravatar netblue302019-08-18
|\ | | | | get_user() do not use the unreliable getlogin()
| * get_user() do not use the unreliable getlogin()Libravatar gm102019-08-13
| |
* | Merge pull request #2915 from corecontingency/masterLibravatar netblue302019-08-18
|\ \ | | | | | | tighten private-bin and etc for torbrowser-launcher.profile
| * | tighten private-bin and etc for torbrowser-launcher.profileLibravatar core_contingency2019-08-17
| | |
* | | profiles: add kiwix-desktopLibravatar Tad2019-08-18
| | |
* | | fix --traceLibravatar netblue302019-08-17
|/ /
* | private-dev testingLibravatar netblue302019-08-17
| |
* | Prevent quiet option output leakage (#2913)Libravatar glitsj162019-08-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * nano: add quiet option * ffmpegthumbnailer: fix quiet leakage * ffplay: fix quiet leakage * ffprobe: fix quiet leakage * rnano: fix quiet leakage * qt-faststart: fix quiet leakage * scp: fix quiet leakage * sftp: fix quiet leakage * transmission-create: fix quiet leakage * transmission-edit: fix quiet leakage * transmission-remote-cli: fix quiet leakage * transmission-remote-gtk: fix quiet leakage * dnscrypt-proxy: add quiet option * dnsmasq: add quiet option * seahorse-daemon: add quiet option * xpra: add quiet option * Xephyr: add quiet option * Xvfb: add quiet option
* | Fix regular profile header for conplayLibravatar glitsj162019-08-14
| |
* | Merge pull request #2911 from adrelanos/patch-1Libravatar Vincent432019-08-14
|\ \ | | | | | | remove x11 xorg
| * | remove x11 xorgLibravatar Patrick Schleizer2019-08-14
|/ / | | | | https://forums.whonix.org/t/automatically-firejailing-tor-browser/4767/29
* | Fix quiet option in archiver redirect profiles (#2907)Libravatar glitsj162019-08-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix potential leakage of quiet option in 7za * Fix potential leakage in quiet option for 7zr * Fix potential leakage in quiet option for p7zip * Fix potential leakage in quiet option for acat * Fix potential leakage in quiet option for adiff * Fix potential leakage in quiet option for als * Fix potential leakage in quiet option for apack * Fix potential leakage in quiet option for arepack * Fix potential leakage in quiet option for aunpack * Fix potential leakage in quiet option for lrunzip * Fix potential leakage in quiet option for lrz * Fix potential leakage in quiet option for lrzcat * Fix potential leakage in quiet option for lrzip * Fix potential leakage in quiet option for lrztar * Fix potential leakage in quiet option for lrzuntar * Fix potential leakage in quiet option for zpaq
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-20 18:31:53 +0000