summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
...
* | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2019-03-20
|\ \
| * | New profiles: Maelstrom and ostrichriderLibravatar Tad2019-03-20
| | |
| * | Harden easystroke (#2606)Libravatar glitsj162019-03-18
| | |
| * | pavucontrol does not work with ipc-namespace (#2604)Libravatar veloute2019-03-17
| | |
* | | hardening: run more code unprivilegedLibravatar smitsohu2019-03-20
| | |
* | | security: too early to register signal handlerLibravatar smitsohu2019-03-20
|/ /
* | minor enhancement: added robustness for setres[gu]id function callsLibravatar smitsohu2019-03-16
| |
* | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2019-03-16
|\ \
| * | Follow-up on flatpak/snap support (#2601)Libravatar glitsj162019-03-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove obsolete snap support from disable-programs.inc * Remove obsolete snap support from pycharm-community.profile * Update RELNOTES to reflect non-existing/dropped flatpak/snap support * Update firejail.txt to reflect flatpak/snap packages are not supported
| * | Seahorse revisited (#2600)Libravatar glitsj162019-03-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactor seahorse into a whitelist profile * Refactor seahorse-tool as a whitelist profile * Create seahorse-daemon.profile * Add seahorse-daemon to firecfg * Drop blacklist /tmp/.X11-unix from seahorse.profile Thanks to @rusty-snake for pointing out blacklisting /tmp/.X11-unix is ridiculous for GUI's. * Add non-GUI option to seahorse-daemon
* | | hardening: replace setuid/setgid calls with setresuid/setresgidLibravatar smitsohu2019-03-16
|/ / | | | | | | | | | | | | | | | | | | when nesting containers and sandboxes, it is possible setuid() fails silently to reset the saved uid, which is then cleared only by the next execve. This is solved by replacing setuid() with more robust setresuid() function calls. Also add code to drop privileges when entering the run_no_sandbox() function (along with some minor tidy up).
* | Fix assogiate's private-bin (#2603)Libravatar glitsj162019-03-16
| |
* | Fix seahorse.profile seahorse-tool.profile (#2599)Libravatar rusty-snake2019-03-15
| |
* | Re-order options in ssh-agent.profile (#2598)Libravatar glitsj162019-03-15
| |
* | harden clamtk profile, strings profile cleanupLibravatar smitsohu2019-03-15
| |
* | profile hardening: add disable-exec.inc in more placesLibravatar smitsohu2019-03-15
| |
* | ffmpegthumbnailer breaks in ranger with private-cache enabled from (#2596)Libravatar veloute2019-03-15
| | | | | | ffmpeg.profile
* | Merge pull request #2595 from veloute/aria2c-fixesLibravatar Fred Barclay2019-03-14
|\ \ | | | | | | fixes for aria2c not resolving domain names
| * | fixes for aria2c not resolving domain namesLibravatar veloute2019-03-14
|/ /
* | Hardening compressors (#2594)Libravatar glitsj162019-03-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Harden atool * Harden cpio * Fix ordering in private-* options * Harden gzip * Harden tar * Harden bsdtar * Harden+ tar * Harden+ gzip * Harden+ cpio * Create bzip2.profile * Description for bunzip2 * Add bzip2/bunzip2 to firecfg
* | Fixes for seahorse/seahorse-tool (#2592)Libravatar glitsj162019-03-14
| | | | | | | | | | | | * Fix seahorse GUI * Fix seahorse-tool GUI
* | exiftool needs access to the /usr/bin/vendor_perl directory in archlinux (#2581)Libravatar veloute2019-03-14
| | | | | | | | | | | | * exiftool needs access to the /usr/bin/vendor_perl directory in archlinux * add comments provided by glitsj16
* | Merge pull request #2587 from lskrejci/cmdline-arg-fixLibravatar smitsohu2019-03-13
|\ \ | | | | | | Fix incorrect parsing of --keep-var-tmp command
| * | Fix incorrect parsing of --keep-var-tmp commandLibravatar Lukáš Krejčí2019-03-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The command was only recognized if it was passed as the first argument. Passing it on any other position on the command line caused the following error: Error: invalid --keep-var-tmp command line option Supplying it as the first argument also resulted in other commands that are parsed after it to be silently ignored.
* | | Streamline 'Allow python' options (#2588)Libravatar glitsj162019-03-13
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix 'allow python' in xpra * Fix 'allow python' in xplayer * Fix 'allow python' in xed * Fix 'allow python' in uzbl-browser * Fix 'allow python' in transmission-remote-cli * Fix 'allow python' in torbrowser-launcher * fix 'allow python' in subdownloader * Fix 'allow python' in steam * Fix 'allow python' in soundconverter * Fix 'allow python' in sdat2img * Fix 'allow python' in scribus * Fix 'allow python' in ranger * Fix 'allow python' in qutebrowser * Fix 'allow python' in qbittorrent * Fix 'allow python' in pybitmessage * Fix 'allow python' in playonlinux * Fix 'allow python' in pitivi * Fix 'allow python' in pithos * Fix 'allow python' in picard * Fix 'allow python' in openshot * Fix 'allow python' in onionshare-gui * Fix 'allow python' in obs * Fix 'allow python' in nitroshare * Fix 'allow python' in nemo * Fix 'allow python' in nautilus * Fix 'allow python' in natron * Fix 'allow python' in ms-office * Fix 'allow python' in mpDris2 * Fix 'allow python' in mendeleydesktop * Fix 'allow python' in macrofusion * Fix 'allow python' in lollypop * Fix 'allow python' in liferea * Fix 'allow python' in krita * Fix 'allow python' in kodi * Fix 'allow python' in inkscape * Fix 'allow python' in hexchat * Fix 'allow python' in gnome-schedule * Fix 'allow python' in gnome-music * Fix 'allow python' in gconf * Fix 'allow python' in gajim * Fix 'allow python' in font-manager * Fix 'allow python' in fontforge * Fix 'allow python' in flowblade * Fix 'allow python' in filezilla * Fix 'allow python' in exfalso * Fix 'allow python' in electrum * Fix 'allow python' in display * Fix 'allow python' in d-feet * Fix 'allow python' in deluge * Fix 'allow python' in cherrytree * Fix 'allow python' in catfish * Fix 'allow python' in caja * Fix 'allow python' in blender * Fix 'allow python' in bleachbit * Fix 'allow python' in authenticator * Fix 'allow python' in arm
* | Avoid including globals.local twice (#2586)Libravatar glitsj162019-03-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update aunpack.profile * Update acat.profile * Update adiff.profile * Update als.profile * Update apack.profile * Update arepack.profile * Update gzip.profile * Update bunzip2.profile * Update gunzip.profile
* | Update firejail.txt (#2585)Libravatar glitsj162019-03-13
| |
* | Harden youtube-dl.profile (#2584)Libravatar rusty-snake2019-03-13
| | | | | | | | | | | | | | | | * Harden youtube-dl.profile * Add dis-exec to ytdl * Comment mdwe in ytdl
* | Merge pull request #2582 from rusty-snake/harden_qtoxLibravatar SkewedZeppelin2019-03-13
|\ \ | | | | | | Harden qtox
| * | Add disable-exec.inc to qtoxLibravatar rusty-snake2019-03-13
| | |
| * | Harden qtoxLibravatar rusty-snake2019-03-13
| | |
* | | Merge pull request #2583 from rusty-snake/harden_minetestLibravatar SkewedZeppelin2019-03-13
|\ \ \ | |/ / |/| | Harden Minetest
| * | Harden MinetestLibravatar rusty-snake2019-03-13
|/ /
* | add disable-exec.inc to few more profilesLibravatar smitsohu2019-03-12
| |
* | add disable-exec.inc to all profiles with apparmor (#2576)Libravatar smitsohu2019-03-12
| | | | | | | | | | | | * add disable-exec.inc to all profiles with apparmor - #2385 #2505 * drop disable-exec.inc from generic electron.profile
* | Harden meld.profile (#2577)Libravatar rusty-snake2019-03-12
| | | | | | | | | | | | | | | | * Harden meld.profile * Fix meld.profile * Update meld.profile
* | Drop private-home from gucharmap profile (#2580)Libravatar glitsj162019-03-12
| |
* | Fix viewnior again (#2575)Libravatar glitsj162019-03-12
| |
* | Create nomacs.profile (#2535)Libravatar rusty-snake2019-03-12
| | | | | | | | | | | | * Create nomacs.profile * Fix nomacs.profile
* | Add new profiles for lrzip and friends (#2574)Libravatar glitsj162019-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create lrunzip.profile * Create lrz.profile * Create lrzcat.profile * Create lrzip.profile * Create lrztar.profile * Create lrzuntar.profile * Create zpaq.profile * Add lrzip and friends to firecfg
* | viewnior is completely broken with 'hostname viewnior' (#2573)Libravatar veloute2019-03-12
| |
* | Update feh-network.inc (#2553)Libravatar rusty-snake2019-03-12
| |
* | Fix typo (#2554)Libravatar 7twin2019-03-12
| |
* | Fix and harden meld (#2572)Libravatar glitsj162019-03-12
| |
* | Fixes and comment for eog/eom (#2571)Libravatar glitsj162019-03-12
| | | | | | | | | | | | * Fixes and comment for eog * Fixes and comment for eom
* | Fix and harden viewnior (#2570)Libravatar glitsj162019-03-12
| |
* | Fix and harden soundconverter (#2569)Libravatar glitsj162019-03-12
| |
* | Fix masterpdfeditor (#2567)Libravatar glitsj162019-03-12
| |
* | Harden gucharmap (#2566)Libravatar glitsj162019-03-12
| |
* | Fixes for gnome-system-log (#2565)Libravatar glitsj162019-03-12
| |
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-20 01:22:17 +0000