Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Fix placing of jerry | glitsj16 | 2019-06-27 |
| | |||
* | Add profile for jerry chess | Fred Barclay | 2019-06-26 |
| | |||
* | Hardening a few profiles (#2800) | glitsj16 | 2019-06-26 |
| | | | | | | | | | | * Harden curl.profile * Harden dnscrypt-proxy.profile * Harden unbound.profile * Harden unbound.profile | ||
* | whitespace fix | rusty-snake | 2019-06-26 |
| | |||
* | testing for -fstack-clash-protection and -fstack-protector-strong compile flags | netblue30 | 2019-06-26 |
| | |||
* | Silence xauth output in src/firejail/x11.c (#2796) | glitsj16 | 2019-06-26 |
| | | | | | | | | | | * Fix typo's and install instructions for Arch * Try to silence xauth output Fixes https://github.com/netblue30/firejail/issues/2787. * Conditionally silence xauth output in x11 options | ||
* | docs update: pkg-config package required on Debian/Ubuntu when running ↵ | netblue30 | 2019-06-25 |
| | | | | ./configure --apparmor | ||
* | Tighten SSH with nodbus (#2789) | glitsj16 | 2019-06-24 |
| | | | | | | * nodbus for ssh-agent * nodbus for ssh.profile | ||
* | Improve profile PRs (Related to #2739) (#2784) | rusty-snake | 2019-06-24 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add contrib/sort.py and .github/pull_request_temp… * Add usage to sort.py * Install sort.py if contrib-install is set * sort.py: 0644 -> 0755 * Update sort.py * Update pull_request_template.md * Remove checkboxes from PR-Template * Update sort.py * Add examples to sort.py * Update pull_request_template.md Fix path to sort.py, it depend on the distro. * Update pull_request_template.md * Update pull_request_template.md add hint about template | ||
* | disable firetunnel at config time (#2793) | netblue30 | 2019-06-24 |
| | |||
* | run cppcheck in gitlab-ci | Reiner Herrmann | 2019-06-21 |
| | |||
* | enable additional cppchecks and fix a warning | Reiner Herrmann | 2019-06-21 |
| | |||
* | fix indentation | Reiner Herrmann | 2019-06-21 |
| | |||
* | extend gitlab-ci configuration to run Debian CI tests | Reiner Herrmann | 2019-06-21 |
| | |||
* | fail build if any step in the script fails | Reiner Herrmann | 2019-06-21 |
| | |||
* | add pkg-config build dependency to gitlab-ci config | Reiner Herrmann | 2019-06-21 |
| | |||
* | use pkg-config macro to locate apparmor and flags | Reiner Herrmann | 2019-06-21 |
| | |||
* | use AX_CHECK_COMPILE_FLAG to check for spectre flags | Reiner Herrmann | 2019-06-21 |
| | | | | Fixes #2661 | ||
* | import ax_check_compile_flag macro from autoconf-archive | Reiner Herrmann | 2019-06-21 |
| | |||
* | reduce redundancy in paths | Reiner Herrmann | 2019-06-21 |
| | |||
* | Arch Linux specific changes (#2788) | glitsj16 | 2019-06-20 |
| | | | | | | | | | | | | * Arch Linux specific addition to gzip.profile * Arch Linux specifics for tar.profile * Arch Linux specifics for gzip.profile * Minor re-ordering and wording edits for makepkg.profile * Spacing fix for cower.profile | ||
* | Merge pull request #2771 from smitsohu/homedir2 | netblue30 | 2019-06-20 |
|\ | | | | | mount new proc filesystem earlier | ||
| * | avoid running without procfs describing the pid namespace | smitsohu | 2019-06-14 |
| | | |||
* | | make syscalls.sh executable | rusty-snake | 2019-06-20 |
| | | |||
* | | Improve profile.template | rusty-snake | 2019-06-20 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * uncomment .local includes * add options * ##ignore noexec /tmp * ##caps.keep CAPS * ##hostname NAME * ##writable-etc * ##writable-run-user * ##writable-var * ##writable-var-log * add disable x11 * x11 none * blacklist /tmp/.X11-unix * comment when which of the both option should be used * sort private-etc template Common * add comments * machine-id: breaks sound and sometime dbus related functions * private-bin: python should be added by 'python*' * protocol: auxiliary comment for protocol line * add 'packet' to protocol list * Sections structure: OPTIONS: now has seccomp* instead of seccomp | ||
* | | add 'x11 none' to more profiles with 'net none' | rusty-snake | 2019-06-20 |
| | | |||
* | | Fix typo in man firejail [--x11] (#2785) | glitsj16 | 2019-06-19 |
| | | |||
* | | Merge pull request #2781 from smitsohu/thunderbird | smitsohu | 2019-06-18 |
|\ \ | | | | | | | allow nodbus in thunderbird profile | ||
| * | | thunderbird profile: comment fix | smitsohu | 2019-06-16 |
| | | | |||
| * | | allow nodbus in thunderbird profile | smitsohu | 2019-06-16 |
| |/ | | | | | in order to maintain enigmail support - #1951 | ||
* | | use 'x11 none' option | smitsohu | 2019-06-18 |
| | | | | | | | | | | | | | | ... instead of just blacklisting the X11 socket. Systematically added to all profiles with 'net none' and 'blacklist /tmp/.X11-unix', and a few more | ||
* | | fix logical OR in disable_file | smitsohu | 2019-06-18 |
| | | |||
* | | Update README.md | rusty-snake | 2019-06-18 |
| | | | | | | | | * add link to wiki * now link to contrib/syscalls (#2754) | ||
* | | Update CONTRIBUTING.md | rusty-snake | 2019-06-18 |
| | | | | | | Move "I found a security bug" back to the Opening issues section. | ||
* | | three new blacklist in disable-common.inc | rusty-snake | 2019-06-18 |
| | | | | | | | | | | | | * ~/.viminfo * ~/.lesshst * ~/.python_history | ||
* | | Fix filename in comment | Jean-Philippe Eisenbarth | 2019-06-17 |
| | | | | | | Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com> | ||
* | | Fix spotify.profile | Jean-Philippe Eisenbarth | 2019-06-17 |
| | | |||
* | | Minor fixes for udiskie | glitsj16 | 2019-06-17 |
| | | | | | | | | | | Nitpicks: - it's common practice to refer to the python executable(s) in private-bin with `python*`, which covers both v2 and v3; - now that @rusty-snake handed us all the needed tools to check/fix sorting multi-value options, put it to use. | ||
* | | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2019-06-17 |
|\ \ | |||
| * \ | Merge pull request #2775 from jose1711/udiskie-profile | rusty-snake | 2019-06-17 |
| |\ \ | | | | | | | | | Add profile for udiskie | ||
| | * | | Apply suggestions from code review | Jose Riha | 2019-06-17 |
| | | | | | | | | | | | | | | | | Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com> | ||
| | * | | Add profile for udiskie | Jose Riha | 2019-06-15 |
| | | | | |||
* | | | | no postmount checks when building basic filesystem | smitsohu | 2019-06-17 |
|/ / / | | | | | | | | | | fixes #2782 | ||
* | | | cleanup | smitsohu | 2019-06-17 |
| | | | |||
* | | | streamline remounting (ro,rw,noexec) | smitsohu | 2019-06-17 |
| | | | |||
* | | | tighten gnome-maps | rusty-snake | 2019-06-16 |
| | | | |||
* | | | some fixes in profile.template | rusty-snake | 2019-06-16 |
| | | | |||
* | | | Fix writing places file for gnome-maps | glitsj16 | 2019-06-16 |
| | | | |||
* | | | consequent order of writable-* | rusty-snake | 2019-06-16 |
| | | | |||
* | | | move noblacklist ~/.java to allow-java.inc | rusty-snake | 2019-06-16 |
| | | |