Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Fix Tor Browser Launcher dirs not getting created on first launch | Tad | 2018-02-04 |
| | |||
* | Merge branch 'master' of http://github.com/netblue30/firejail | netblue30 | 2018-02-03 |
|\ | |||
| * | Merge pull request #1758 from Vincent43/patch-1 | netblue30 | 2018-02-03 |
| |\ | | | | | | | Apparmor: minor fixes | ||
| | * | Apparmor: minor fixes | Vincent43 | 2018-02-03 |
| |/ | | | | | | | | | 1. Allow for seven digit PID same as upstream do https://gitlab.com/apparmor/apparmor/commit/630cb2a981cdc731847e8fdaafc45bcd337fe747 2. Fixed dbus functionality. Disabled by default. | ||
* / | merges | netblue30 | 2018-02-03 |
|/ | |||
* | enable email encryption for thunderbird, kmail | smitsohu | 2018-02-03 |
| | | | | see #1653 #1572 | ||
* | blacklist klipper | smitsohu | 2018-02-02 |
| | | | | further to 8aec7694cb4c7c0d07b333b689ab19faacb519f9 | ||
* | KDE related enhancements | smitsohu | 2018-02-01 |
| | |||
* | unbound fix (part 2) - whitelist /var/run | smitsohu | 2018-02-01 |
| | |||
* | unbound fix (writable-var) - #1731 | smitsohu | 2018-01-31 |
| | |||
* | overlay fixes and additional hardening | netblue30 | 2018-01-31 |
| | |||
* | fix cd/dvd for dragon | smitsohu | 2018-01-31 |
| | |||
* | consistent directory nomenclature for kaffeine | smitsohu | 2018-01-30 |
| | |||
* | kaffeine profile | smitsohu | 2018-01-30 |
| | |||
* | harden KDE | smitsohu | 2018-01-30 |
| | |||
* | Add basic contributing info. Still need to add for pull requests, etc. | Fred-Barclay | 2018-01-29 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | Fred-Barclay | 2018-01-28 |
|\ | |||
| * | debug messages for appimage | netblue30 | 2018-01-27 |
| | | |||
| * | Add a profile for Red Eclipse | Tad | 2018-01-26 |
| | | |||
| * | fix compile problem ##1750 | netblue30 | 2018-01-25 |
| | | |||
| * | whitelist, private-dev, private-tmp support for chroot and overlay sandboxes | netblue30 | 2018-01-25 |
| | | |||
| * | Replace xmr-stak-cpu profile with unified xmr-stak profile | Tad | 2018-01-25 |
| | | |||
* | | noblacklist /usr/share/perl in hexchat - potential fix for #1754 | Fred-Barclay | 2018-01-28 |
|/ | |||
* | apparmor support for --chroot sandboxes | netblue30 | 2018-01-24 |
| | |||
* | --overlay clanup | netblue30 | 2018-01-24 |
| | |||
* | added firejail --apparmor.print and firemon --apparmor | netblue30 | 2018-01-24 |
| | |||
* | apparmor support for --overlay sandboxes | netblue30 | 2018-01-24 |
| | |||
* | rpm: install all files in lib directory | Reiner Herrmann | 2018-01-23 |
| | |||
* | Merge pull request #1745 from Vincent43/patch-1 | smitsohu | 2018-01-23 |
|\ | | | | | Apparmor: restrict access to writable files | ||
| * | Apparmor: Revert /proc changes | Vincent43 | 2018-01-23 |
| | | |||
| * | Apparmor: fix kodi plugins | Vincent43 | 2018-01-22 |
| | | | | | | | | Kodi plugins need /proc/@PID/net/dev access outside user processes: AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/28/net/dev" pid=2354 comm="kodi.bin" requested_mask="r" denied_mask="r" | ||
| * | Apparmor: restrict access | Vincent43 | 2018-01-21 |
| | | | | | | Access to writable files can be restricted to their owner only. | ||
* | | Partial revert of f2fdcf7361f99d4b62d6427d078445c2ea1dc6cb for gedit | Tad | 2018-01-22 |
| | | | | | | | | - This appears to be a general issue with private-lib, that might've already been fixed in master | ||
* | | Add another profile alias for idea.sh | Tad | 2018-01-22 |
| | | |||
* | | Allow audio in Tor browser, and fix gedit not launching | Tad | 2018-01-22 |
|/ | | | | - Tor browser doesn't have nosound, so include pulse in private-etc | ||
* | Add whitelist-var-common to 4 profiles | Tad | 2018-01-21 |
| | |||
* | Merge pull request #1713 from Vincent43/patch-1 | smitsohu | 2018-01-20 |
|\ | | | | | Apparmor: fix broken file dialogs in kde plasma | ||
| * | Revert: Escape '#' character in path | Vincent43 | 2018-01-17 |
| | | | | | | | | | | Escaping this create warning and is dropped anyway: Warning from /etc/apparmor.d/firejail-default (/etc/apparmor.d/firejail-default line 163): Character # was quoted unnecessarily, dropped preceding quote ('\') character | ||
| * | Escape '#' character in path | Vincent43 | 2018-01-05 |
| | | |||
| * | Apparmor: fix broken file dialogs in kde plasma | Vincent43 | 2018-01-04 |
| | | | | | | | | | | | | | | | | | | For some time apparmor started breaking file dialogs in kde plasma (gwenview, calibre, qbittorrent, etc). typical audit report below: AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/run/user/1000/#28520" pid=1997 comm="qbittorrent" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="link" profile="firejail-default" name="/run/user/1000/qBittorrentZcaeTi.1.slave-socket" pid=3679 comm="qbittorrent" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/run/user/1000/#79965" This commit fixes this issue. Tested on Archlinux (linux 4.14.11, kde 5.11.5) | ||
* | | Add a profile for Fritzing, and update README | Tad | 2018-01-20 |
| | | |||
* | | moved QTWEBENGINE_DISABLE_SANDBOX=1 to viber profile | netblue30 | 2018-01-19 |
| | | |||
* | | remove QTWEBENGINE_DISABLE_SANDBOX=1 from defaults | netblue30 | 2018-01-19 |
| | | |||
* | | removed mem-deny-execute from transmission-qt profile, #1736 | netblue30 | 2018-01-19 |
| | | |||
* | | merges | netblue30 | 2018-01-19 |
| | | |||
* | | Merge pull request #1738 from vn971/add_syscalls_glibc_2.26 | netblue30 | 2018-01-19 |
|\ \ | | | | | | | add new syscalls from glibc 2.26-10 | ||
| * | | add new syscalls from glibc 2.26-10 | Vasya Novikov | 2018-01-18 |
| | | | | | | | | | | | | File generated by ../tools/extract_syscall, as per instructions | ||
* | | | remove QML_DISABLE_DISK_CACHE from disable-common.inc | smitsohu | 2018-01-18 |
|/ / | | | | | hardcoded since 1e7045b55cc1e189dba6d9ed21c05c90663f3736 | ||
* | | temporarely removed private-lib, GnomeShell problems: #1711 | netblue30 | 2018-01-18 |
| | | |||
* | | Qt fixes: QML_DISABLE_DISK_CACHE=1, QTWEBENGINE_DISABLE_SANDBOX=1 | netblue30 | 2018-01-18 |
| | |