summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* Improve profile PRs (Related to #2739) (#2784)Libravatar rusty-snake2019-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add contrib/sort.py and .github/pull_request_temp… * Add usage to sort.py * Install sort.py if contrib-install is set * sort.py: 0644 -> 0755 * Update sort.py * Update pull_request_template.md * Remove checkboxes from PR-Template * Update sort.py * Add examples to sort.py * Update pull_request_template.md Fix path to sort.py, it depend on the distro. * Update pull_request_template.md * Update pull_request_template.md add hint about template
* disable firetunnel at config time (#2793)Libravatar netblue302019-06-24
|
* run cppcheck in gitlab-ciLibravatar Reiner Herrmann2019-06-21
|
* enable additional cppchecks and fix a warningLibravatar Reiner Herrmann2019-06-21
|
* fix indentationLibravatar Reiner Herrmann2019-06-21
|
* extend gitlab-ci configuration to run Debian CI testsLibravatar Reiner Herrmann2019-06-21
|
* fail build if any step in the script failsLibravatar Reiner Herrmann2019-06-21
|
* add pkg-config build dependency to gitlab-ci configLibravatar Reiner Herrmann2019-06-21
|
* use pkg-config macro to locate apparmor and flagsLibravatar Reiner Herrmann2019-06-21
|
* use AX_CHECK_COMPILE_FLAG to check for spectre flagsLibravatar Reiner Herrmann2019-06-21
| | | | Fixes #2661
* import ax_check_compile_flag macro from autoconf-archiveLibravatar Reiner Herrmann2019-06-21
|
* reduce redundancy in pathsLibravatar Reiner Herrmann2019-06-21
|
* Arch Linux specific changes (#2788)Libravatar glitsj162019-06-20
| | | | | | | | | | | | * Arch Linux specific addition to gzip.profile * Arch Linux specifics for tar.profile * Arch Linux specifics for gzip.profile * Minor re-ordering and wording edits for makepkg.profile * Spacing fix for cower.profile
* Merge pull request #2771 from smitsohu/homedir2Libravatar netblue302019-06-20
|\ | | | | mount new proc filesystem earlier
| * avoid running without procfs describing the pid namespaceLibravatar smitsohu2019-06-14
| |
* | make syscalls.sh executableLibravatar rusty-snake2019-06-20
| |
* | Improve profile.templateLibravatar rusty-snake2019-06-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * uncomment .local includes * add options * ##ignore noexec /tmp * ##caps.keep CAPS * ##hostname NAME * ##writable-etc * ##writable-run-user * ##writable-var * ##writable-var-log * add disable x11 * x11 none * blacklist /tmp/.X11-unix * comment when which of the both option should be used * sort private-etc template Common * add comments * machine-id: breaks sound and sometime dbus related functions * private-bin: python should be added by 'python*' * protocol: auxiliary comment for protocol line * add 'packet' to protocol list * Sections structure: OPTIONS: now has seccomp* instead of seccomp
* | add 'x11 none' to more profiles with 'net none'Libravatar rusty-snake2019-06-20
| |
* | Fix typo in man firejail [--x11] (#2785)Libravatar glitsj162019-06-19
| |
* | Merge pull request #2781 from smitsohu/thunderbirdLibravatar smitsohu2019-06-18
|\ \ | | | | | | allow nodbus in thunderbird profile
| * | thunderbird profile: comment fixLibravatar smitsohu2019-06-16
| | |
| * | allow nodbus in thunderbird profileLibravatar smitsohu2019-06-16
| |/ | | | | in order to maintain enigmail support - #1951
* | use 'x11 none' optionLibravatar smitsohu2019-06-18
| | | | | | | | | | | | | | ... instead of just blacklisting the X11 socket. Systematically added to all profiles with 'net none' and 'blacklist /tmp/.X11-unix', and a few more
* | fix logical OR in disable_fileLibravatar smitsohu2019-06-18
| |
* | Update README.mdLibravatar rusty-snake2019-06-18
| | | | | | | | * add link to wiki * now link to contrib/syscalls (#2754)
* | Update CONTRIBUTING.mdLibravatar rusty-snake2019-06-18
| | | | | | Move "I found a security bug" back to the Opening issues section.
* | three new blacklist in disable-common.incLibravatar rusty-snake2019-06-18
| | | | | | | | | | | | * ~/.viminfo * ~/.lesshst * ~/.python_history
* | Fix filename in commentLibravatar Jean-Philippe Eisenbarth2019-06-17
| | | | | | Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
* | Fix spotify.profileLibravatar Jean-Philippe Eisenbarth2019-06-17
| |
* | Minor fixes for udiskieLibravatar glitsj162019-06-17
| | | | | | | | | | Nitpicks: - it's common practice to refer to the python executable(s) in private-bin with `python*`, which covers both v2 and v3; - now that @rusty-snake handed us all the needed tools to check/fix sorting multi-value options, put it to use.
* | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2019-06-17
|\ \
| * \ Merge pull request #2775 from jose1711/udiskie-profileLibravatar rusty-snake2019-06-17
| |\ \ | | | | | | | | Add profile for udiskie
| | * | Apply suggestions from code reviewLibravatar Jose Riha2019-06-17
| | | | | | | | | | | | | | | | Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
| | * | Add profile for udiskieLibravatar Jose Riha2019-06-15
| | | |
* | | | no postmount checks when building basic filesystemLibravatar smitsohu2019-06-17
|/ / / | | | | | | | | | fixes #2782
* | | cleanupLibravatar smitsohu2019-06-17
| | |
* | | streamline remounting (ro,rw,noexec)Libravatar smitsohu2019-06-17
| | |
* | | tighten gnome-mapsLibravatar rusty-snake2019-06-16
| | |
* | | some fixes in profile.templateLibravatar rusty-snake2019-06-16
| | |
* | | Fix writing places file for gnome-mapsLibravatar glitsj162019-06-16
| | |
* | | consequent order of writable-*Libravatar rusty-snake2019-06-16
| | |
* | | move noblacklist ~/.java to allow-java.incLibravatar rusty-snake2019-06-16
| | |
* | | coalesce comments in firefox-common profileLibravatar smitsohu2019-06-16
| | |
* | | Merge branch 'master' of github.com:netblue30/firejailLibravatar rusty-snake2019-06-16
|\ \ \
| * | | chromium-common profile: add nodbus conditionalLibravatar smitsohu2019-06-16
| | | |
* | | | many profile cleanup (4)Libravatar rusty-snake2019-06-16
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | containing: - files forgotten in 4beaf8f9 - workarounds for #903 - commented useless private-etc lines removed - remove commented seccomp.keep lines - much more
* | | Sort comented private-{bin,etc} linesLibravatar rusty-snake2019-06-16
| | | | | | | | | | | | in addition to 019fa047, c7d34b5e, 0a9beba3, cbdbb0f0.
* | | add rhythmbox-client.profileLibravatar rusty-snake2019-06-16
| | |
* | | Fix protocol lineLibravatar rusty-snake2019-06-16
| | | | | | | | | | | | only unknown-horizons was affected
* | | Sort caps.keep and seccomp.drop options (#2780)Libravatar glitsj162019-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Sort seccomp.drop in unbound.profile * Sort caps.keep in tor.profile * Sort seccomp.drop in qgjs.profile * Sort seccomp.drop in dnscrypt-proxy.profile * Sort caps.keep in chromium-common.profile
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-09 13:05:09 +0000