Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Profiles: add signal-cli profile (#3002) | Timo Hardebusch | 2019-10-15 |
| | | | | | | | | * Profiles: add signal-cli profile Clarification regarding Java * Added suggestions from code review | ||
* | fix epiphany profile description | SkewedZeppelin | 2019-10-14 |
| | |||
* | blacklist runtime profile directory | smitsohu | 2019-10-14 |
| | |||
* | Fix typo in pandoc.profile | glitsj16 | 2019-10-13 |
| | |||
* | harden pandoc & shellcheck | rusty-snake | 2019-10-13 |
| | |||
* | add tracelog to some profiles | rusty-snake | 2019-10-13 |
| | |||
* | blacklist gnome-boxes user files (VM-Images) | rusty-snake | 2019-10-13 |
| | |||
* | Add note about seccomp to steam #2860 | rusty-snake | 2019-10-13 |
| | |||
* | chroot error message typo | smitsohu | 2019-10-13 |
| | |||
* | postpone procfs mount until after chroot call | smitsohu | 2019-10-13 |
| | | | | issue #2301 | ||
* | fix chroot with mounted resolv.conf | smitsohu | 2019-10-13 |
| | |||
* | x11 hardening | smitsohu | 2019-10-13 |
| | |||
* | shorten fedora firefox private-bin | rusty-snake | 2019-10-12 |
| | | | | | Possible `false,pidof,rmdir,true` can also be removed. unsure. [skip ci] | ||
* | kalgebra.profile, kalgebramobile.profile | rusty-snake | 2019-10-12 |
| | |||
* | x11 xorg: blacklist non-default Xauthority file | smitsohu | 2019-10-08 |
| | | | fixes #1652 | ||
* | add x11 xorg option to HAS_X11 conditional - #2205 | smitsohu | 2019-10-08 |
| | |||
* | add HAS_X11 conditional, disconnect session manager - #2205 | smitsohu | 2019-10-08 |
| | |||
* | little tweaks | smitsohu | 2019-10-08 |
| | |||
* | Fix wusc for geary | glitsj16 | 2019-10-07 |
| | | | The included firefox.profile has wusc now. We need to whitelist /usr/share/geary to avoid breakage. | ||
* | Move wusc into eo-common.profile | glitsj16 | 2019-10-07 |
| | |||
* | Move wusc into eo-common.profile | glitsj16 | 2019-10-07 |
| | |||
* | Move wusc into eo-common.profile | glitsj16 | 2019-10-07 |
| | |||
* | various profile fixes | rusty-snake | 2019-10-06 |
| | |||
* | Fix wusc in thunderbird | glitsj16 | 2019-10-06 |
| | |||
* | Wusc fixes (#2992) | glitsj16 | 2019-10-06 |
| | | | | | | | | | | | | * Add wusc to eom * Fix wusc in firefox Without access to /usr/share/ca-certificates all HTTPS traffic gets the FF dialog 'Warning: Potential Security Risk Ahead'. Probably needed in thunderbird profile too (untested). * Fix wusc ordering in meld Just an alphabetical ordering nitpick. | ||
* | whitelist-usr-share-common.inc (#2972) | rusty-snake | 2019-10-05 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Work on whitelist-usr-share-common * sorting; add Modules + QT/KDE stuff * add wusc.inc to more profiles [needs testing] * update * gitg, firefox, evince * /usr/share/{p11-kit,pixmaps,pki,qt5,tcl8.6,terminfo} * more profiles * remove wusc.inc from feedreader Even with 'whitelist /usr/share/*', feedreader trys to dereference a NULL pointer. * more profiles * whitelist /usr/share breaks wget even with whitelist /usr/share/* * extend wusc.inc * update * Add alsa,crypto-policies and zoneinfo * readd wusc.inc to wget and feedreader * update * testing results: Debian Buster with KDE * more KDE stuff * fix tb | ||
* | remove trailing slashes | rusty-snake | 2019-10-05 |
| | |||
* | Update firefox-common-addons.inc | rusty-snake | 2019-10-05 |
| | |||
* | Merge pull request #2982 from smitsohu/chroot | netblue30 | 2019-10-04 |
|\ | | | | | Move chroot entirely from path based to file descriptor based mounts | ||
| * | improve enforce_filters warning | smitsohu | 2019-10-01 |
| | | | | | | added an additional newline in order to keep it visually separate from other unrelated error messages | ||
| * | simplify chroot option parsing | smitsohu | 2019-10-01 |
| | | | | | | | | this is a partial revert, back to the original code | ||
| * | base checks and mounts on same file descriptor | smitsohu | 2019-10-01 |
| | | |||
| * | improve variable names | smitsohu | 2019-09-29 |
| | | |||
| * | chroot module | smitsohu | 2019-09-29 |
| | | |||
| * | move chroot from path based to file descriptor based mounts | smitsohu | 2019-09-29 |
| | | |||
* | | fix the fix | smitsohu | 2019-10-04 |
| | | | | | | | | | | | | cf. previous commit 34e5ad65b238b698c55e4921c9ac9294e6548cc7 line buffered output is what we really want | ||
* | | alphabetize man page entries | smitsohu | 2019-10-04 |
| | | |||
* | | fix concurrent writing to trace file | smitsohu | 2019-10-04 |
| | | |||
* | | break out of libtrace file open loop | smitsohu | 2019-10-04 |
| | | |||
* | | add private-tmp to unbound profile | smitsohu | 2019-10-01 |
| | | |||
* | | commented out some debug code in libtrace | netblue30 | 2019-09-29 |
| | | |||
* | | increase socket buffer size for firemon, bug #2700 | netblue30 | 2019-09-29 |
|/ | |||
* | Update evince | rusty-snake | 2019-09-28 |
| | | | | | | | private-lib: - Add note about possible two-page-view breaktage - add libgraphite2.so.* remove mdwe | ||
* | fixup! add missing blacklist paths | rusty-snake | 2019-09-28 |
| | |||
* | Fix sorting (caught by GitLab CI tests) | Fred Barclay | 2019-09-28 |
| | |||
* | fix ffprobe | rusty-snake | 2019-09-28 |
| | | | | | | | | | | | $ firejail ffprobe VIDEO execvp: No such file or directory $ firejail --noprofile --private-bin=ffprobe ffprobe VIDEO execvp: No such file or directory $ firejail --ignore=private-bin ffprobe VIDEO Works ffprobe is the only file in PATH that is touched (see --build). | ||
* | add missing blacklist paths | rusty-snake | 2019-09-28 |
| | |||
* | KeePassXC: Added a warning regarding tray icon | Timo Hardebusch | 2019-09-28 |
| | |||
* | profiles: fix audio playback with ffplay | Reiner Herrmann | 2019-09-28 |
| | | | | https://bugs.debian.org/941241 | ||
* | testing | smitsohu | 2019-09-26 |
| |