Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | manpages: configuration for user namespace, x11 | startx2017 | 2020-09-03 |
| | |||
* | manpages: configuration for tunnel, chroot, private-home | startx2017 | 2020-09-03 |
| | |||
* | ci: don't fail if strip fails, as it might not be a binary | Reiner Herrmann | 2020-09-03 |
| | |||
* | ci: install gawk build dependency | Reiner Herrmann | 2020-09-03 |
| | |||
* | various | rusty-snake | 2020-09-03 |
| | | | | | | | | | | | | * README.md & RELNOTES * Allow gnome-build do read and write .bash_history, it has a build-in terminal * D-Bus filter for gnome-passwordsafe * wruc for supertuxkart * wruc+wusc for totem * dbus-system none for totem * remove src/man/preproc.c it is replaced by preproc.awk * remove dead-code form preproc.awk | ||
* | Add profile for twitch,youtube,youtube-music; fix git-cola ,add cola (#3577) | kortewegdevries | 2020-09-03 |
| | | | | | | | | | | | | | * Add profile for twitch,youtube wrappers * Fix git-cola, add Youtube music wrapper profiles * Fixes for git-cola again * Add profile for alternative name for git-cola * Fixes * Fix | ||
* | New profiles for balsa,trojita,kube (#3603) | kortewegdevries | 2020-09-03 |
| | | | | | | | | | | | | | | | | | | | | | * Added minecraft-launcher-profile Initial * Changed minecraft-launcher profile Added space,tracelog,nodvd * New profiles for balsa,trojita,kube * Switch to whitelisting * Enable gpg,firefox uniformity between other clients * Hyperlinks * Fix Co-authored-by: kortewegdevries <k0rtic_dv@aol.com> | ||
* | bringing in awk preprocessor from rusty-snake | netblue30 | 2020-09-02 |
| | |||
* | fix private-bin in smplayer.profile | glitsj16 | 2020-09-02 |
| | |||
* | fix private-bin in mpv.profile | glitsj16 | 2020-09-02 |
| | |||
* | fix private-bin in man.profile | glitsj16 | 2020-09-02 |
| | |||
* | fix private-etc ordering | glitsj16 | 2020-09-02 |
| | |||
* | manpage: remove overlayfs from non-overlayfs builds | startx2017 | 2020-09-02 |
| | |||
* | manpage: remove apparmor from non-apparor builds | startx2017 | 2020-09-02 |
| | |||
* | harden redeclipse | rusty-snake | 2020-09-02 |
| | |||
* | allow flatpak/exports also for systemd-wide location | rusty-snake | 2020-09-02 |
| | |||
* | readme and relnotes | rusty-snake | 2020-09-02 |
| | |||
* | New profile for man,psi,smuxi; fix pidgin (#3590) | kortewegdevries | 2020-09-02 |
| | | | | | | | | | | | | | | | | | | | * Profile for Psi * Fix pidgin buddy icon * Profile for man * Add profile for smuxi * Comment man in firecfg * Add pinentry programs * Update etc/profile-m-z/psi.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> | ||
* | Fix private-etc of electron-mail, fix geary,minitube (#3588) | kortewegdevries | 2020-09-02 |
| | | | | | | | | | * Fix private-etc of electron-mail * Fix dbus of geary * Fix geary again, remove GPG * Fix seccomp on Arch | ||
* | Fixes #3596 (#3619) | kortewegdevries | 2020-09-02 |
| | |||
* | Various profiles # 2 (#3566) | kortewegdevries | 2020-09-02 |
| | | | | | | | | | * Matrix clients Initial * Add profile for fractal, # 1139 * Fixes | ||
* | Various profiles (#3561) | kortewegdevries | 2020-09-02 |
| | | | | | | | | | * Various profiles Initial * Various fixes # 1 Removed blacklist,no3d; added icon flatpak paths;sorting;added space | ||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2020-09-01 |
|\ | |||
| * | Merge branch 'master' of https://github.com/netblue30/firejail | startx2017 | 2020-09-01 |
| |\ | |||
| | * | #3106-1, include @mount in @default insted of all the syscalls | rusty-snake | 2020-09-01 |
| | | | |||
| * | | preprocessor for man pages | startx2017 | 2020-09-01 |
| | | | |||
| * | | fix make test-compile - cleanup | startx2017 | 2020-09-01 |
| | | | |||
| * | | removed --disable-seccomp from ./configure | startx2017 | 2020-09-01 |
| |/ | |||
* / | fshaper.sh fix (#3620) | netblue30 | 2020-09-01 |
|/ | |||
* | shell none: avoid syscalls after seccomp_install_filters | smitsohu | 2020-09-01 |
| | | | fixes e.g. --shell=none --seccomp.drop=write --seccomp-error-action=kill | ||
* | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2020-08-31 |
|\ | |||
| * | fix #3614 -- telegram.profile needs netlink protocol | rusty-snake | 2020-08-30 |
| | | |||
* | | join: move to mmapped sandbox status indicator | smitsohu | 2020-08-31 |
| | | | | | | | | | | | | | | | | | | | | 1) close #3612 2) remove an implicit limitation on rlimit-fsize option (could not set limit to smaller than 6 bytes without affecting the ability to join a sandbox) 3) rename 'join-or-start' file to just 'join' 4) when waiting for a sandbox that is not fully configured yet, increase polling frequency from 10 per second to 100 per second | ||
* | | chroot: unify path name handling | smitsohu | 2020-08-30 |
|/ | |||
* | don't attempt to set window title if stdout is not a terminal | smitsohu | 2020-08-28 |
| | | | closes #3356 | ||
* | private-dev: blacklist stashed syslog socket when it is not needed anymore | smitsohu | 2020-08-28 |
| | | | closes #3584 | ||
* | expose pulseaudio in chroot if FIREJAIL_CHROOT_PULSE is set | smitsohu | 2020-08-27 |
| | | | | issue #3568 | ||
* | chroot: little tweaks | smitsohu | 2020-08-27 |
| | |||
* | mask writable pulseaudio runtime dir | smitsohu | 2020-08-27 |
| | | | | ... and don't fail hard without need if there is a FUSE mount | ||
* | improve copy_file | smitsohu | 2020-08-27 |
| | | | | don't report success if read failed | ||
* | whitelist-var-common.inc: fix certificate verification | smitsohu | 2020-08-26 |
| | |||
* | cat fixes | smitsohu | 2020-08-25 |
| | |||
* | wusc whitelists /usr/share/perl{,5} now | rusty-snake | 2020-08-25 |
| | | | | | | | This commit removes it from profile which have it. /usr/share/perl* is still inaccessible for profiles with wusc and disable-interpreters.inc w/o allow-perl.inc. | ||
* | add whitelist items for uim (#3587) | Anton Shestakov | 2020-08-24 |
| | | | | | | | | | * add ~/.uim.d directory to whitelist-common.inc uim is a multilingual input method framework (similar to ibus, which has its own entry in this file). * add /var/lib/uim to whitelist-var-common.inc When user installs an uim module (for example, an input method like anthy or mozc), it gets registered in a file in this directory. | ||
* | fix --join for sandboxes with xdg-dbuss-proxy | netblue30 | 2020-08-22 |
| | |||
* | firemon fix for xdg-bus-proxy | netblue30 | 2020-08-22 |
| | |||
* | minor cleanup: move pid functions from main.c to util.c | netblue30 | 2020-08-22 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2020-08-22 |
|\ | |||
| * | Merge pull request #3572 from smitsohu/dumpable | netblue30 | 2020-08-22 |
| |\ | | | | | | | hardening: run plugins with dumpable flag cleared | ||
| | * | cleanup | smitsohu | 2020-08-17 |
| | | |