aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
...
* | | fsec-print: print address of BPF_JA jump in hexLibravatar Topi Miettinen2020-03-26
|/ / | | | | | | | | Since target addresses for other (conditional) jumps are in hex, it's very confusing to have one jump address in decimal.
* | Add a profile for X2GoClientLibravatar Tad2020-03-23
| |
* | penguin-commandLibravatar netblue302020-03-23
| |
* | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar netblue302020-03-23
|\ \
| * | fixup 255697bLibravatar rusty-snake2020-03-23
| | |
* | | penguin-commadLibravatar netblue302020-03-23
|/ /
* | apparmorLibravatar netblue302020-03-23
| |
* | Merge pull request #3293 from 0x7969/masterLibravatar rusty-snake2020-03-23
|\ \ | | | | | | Update wire-desktop.profile
| * | Update etc/wire-desktop.profileLibravatar 0x79692020-03-23
| | | | | | | | | Co-Authored-By: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
| * | Update wire-desktop.profileLibravatar 0x79692020-03-23
| | |
* | | replace tabs with spacesLibravatar rusty-snake2020-03-23
|/ /
* | kmplayer etcLibravatar netblue302020-03-22
| |
* | fix profstats to print warning for nonexistent include filesLibravatar netblue302020-03-22
| |
* | fixesLibravatar rusty-snake2020-03-22
| |
* | new profiles: agenda, gnome-pomodoro, gnome-todoLibravatar rusty-snake2020-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rules for xdg-dbus-proxy: dbus-user filter dbus-user.own org.gnome.Pomodoro dbus-user.talk ca.desrt.dconf dbus-user.talk org.gnome.Shell dbus-system none dbus-user filter dbus-user.own org.gnome.Todo dbus-user.talk ca.desrt.dconf dbus-user.talk org.gnome.evolution.dataserver.AddressBook9 dbus-user.talk org.gnome.evolution.dataserver.Calendar8 dbus-user.talk org.gnome.evolution.dataserver.Sources5 dbus-user.talk org.gnome.evolution.dataserver.Subprocess.Backend.* dbus-user.talk org.gnome.OnlineAccounts dbus-user.talk org.gnome.SettingsDaemon.Color dbus-system filter dbus-system.talk org.freedesktop.login1 dbus-user filter dbus.own com.github.dahenson.agenda dbus.talk ca.desrt.dconf dbus-system block
* | iagno profileLibravatar netblue302020-03-21
| |
* | Merge pull request #3275 from ↵Libravatar smitsohu2020-03-19
|\ \ | | | | | | | | | | | | dmfreemon/add-name-or-private-dir-to-xpra-window-title add name or private directory being used to the window title when xpra is being used
| * | handle malloc() failures; use gnu_basename() instead of basenaem()Libravatar dmfreemon@users.noreply.github.com2020-03-15
| | |
| * | add name or basename of private directory being used to the window title ↵Libravatar dmfreemon@users.noreply.github.com2020-03-10
| | | | | | | | | | | | when xpra is being used
* | | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar netblue302020-03-19
|\ \ \
| * | | extend default.profileLibravatar rusty-snake2020-03-19
| | | |
| * | | harden baobab and gitgLibravatar rusty-snake2020-03-19
| | | |
* | | | new profiles: ripperx, sound-juicerLibravatar netblue302020-03-19
|/ / /
* | | various profile fixesLibravatar netblue302020-03-19
| | |
* | | apparmor support for bind, nslookup, hostLibravatar netblue302020-03-19
| | |
* | | fix readme.mdLibravatar netblue302020-03-19
| | |
* | | fix readme.mdLibravatar netblue302020-03-19
| | |
* | | profile statsLibravatar netblue302020-03-19
| | |
* | | misc fixesLibravatar rusty-snake2020-03-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | remove netfilter from profiles with net none allow Viber to use dig, dig is in its private-bin, so I assume that it need it. blacklist resolvectl which can also be used for dns lookups
* | | fix nslookup.profile headerLibravatar glitsj162020-03-19
| | |
* | | fix host.profile headerLibravatar glitsj162020-03-19
| | |
* | | nslookup, host profilesLibravatar netblue302020-03-18
| | |
* | | profile fixesLibravatar netblue302020-03-18
| | |
* | | fix mplayer profileLibravatar netblue302020-03-17
| | |
* | | remount fix - #3280Libravatar smitsohu2020-03-16
| | |
* | | profile fixesLibravatar netblue302020-03-16
| | |
* | | some profile hardeningLibravatar netblue302020-03-15
| | |
* | | fix freeofficeLibravatar netblue302020-03-15
| | |
* | | Merge pull request #3278 from rusty-snake/has-nosound-conditionLibravatar smitsohu2020-03-15
|\ \ \ | | | | | | | | new condition: HAS_NOSOUND
| * | | new condition: HAS_NOSOUNDLibravatar rusty-snake2020-03-15
| | | |
* | | | steam fixes; #841, #3267Libravatar rusty-snake2020-03-15
| | | |
* | | | add gnome-screenshot.profileLibravatar rusty-snake2020-03-15
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patch for xdg-dbus-proxy ``` --- a/etc/gnome-screenshot.profile +++ b/etc/gnome-screenshot.profile @@ -45,3 +45,8 @@ private-bin gnome-screenshot private-dev private-etc dconf,fonts,gtk-3.0,localtime,machine-id private-tmp + +dbus-user filter +dbus-user.own org.gnome.Screenshot +dbus-user.talk org.gnome.Shell.Screenshot +dbus-system block ``` patch for whitelist-runuser-common.inc ``` --- a/etc/gnome-screenshot.profile +++ b/etc/gnome-screenshot.profile @@ -17,11 +17,8 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc -whitelist ${RUNUSER}/bus -whitelist ${RUNUSER}/pulse -whitelist ${RUNUSER}/gdm/Xauthority -whitelist ${RUNUSER}/wayland-0 include whitelist-usr-share-common.inc +include whitelist-runuser-common.inc include whitelist-var-common.inc apparmor ```
* | | Update file.profileLibravatar rusty-snake2020-03-15
| | | | | | | | | | | | | | | | | | | | | | | | * fix private-lib, closes #3233 * make private-etc and private-lib opt-in see https://github.com/netblue30/firejail/issues/3233#issuecomment-589871765 disable-devel.inc: remove duplicated line
* | | allow ro access to .local/share/flatpak/exportsLibravatar rusty-snake2020-03-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | $PATH and $XDG_DATA_DIRS can contain subdirs of flatpak/exports, some applications crash if they cann't access these files. Layout on my system: ~/.local/share/flatpak/exports |-bin |-share |-applications |-icons
* | | improve the previous fix: don't remount FUSE without permissionLibravatar smitsohu2020-03-14
| | | | | | | | | | | | previous commit 3d35c039074cc11fbacf8de5bc8cb1a0952ceae4 issue #3277
* | | tentative: don't remount FUSE without permissionLibravatar smitsohu2020-03-14
| | | | | | | | | issue #3277
* | | Merge pull request #3268 from smitsohu/remountLibravatar startx20172020-03-13
|\ \ \ | | | | | | | | remount hardening: move to file descriptor based mounts
| * | | fail if opening the resolved path failsLibravatar smitsohu2020-03-06
| | | |
| * | | remount hardening: move to file descriptor based mountsLibravatar smitsohu2020-03-06
| | | |
* | | | Fix "Extraction not performed" on Debian 10Libravatar Fred Barclay2020-03-13
| | | | | | | | | | | | | | | | | | | | | | | | file-roller fails to extract archives without access to bash Noticed on LMDE 4 (Debian 10 base) with Cinnamon desktop
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-08-22 08:36:46 +0000