Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | flameshot.profile: remove memory-deny-write-execute | Vincent43 | 2019-01-18 |
| | | | memory-deny-write-execute may break app, see https://github.com/netblue30/firejail/issues/1139#issuecomment-455420202 | ||
* | konversation.profile: add netlink protocol | Vincent43 | 2019-01-17 |
| | | | This suppresses errors seen in https://github.com/netblue30/firejail/issues/1139#issuecomment-454780721 | ||
* | Merge pull request #2344 from rusty-snake/patch-1 | SkewedZeppelin | 2019-01-16 |
|\ | | | | | Update gajim.profile | ||
| * | Update gajim.profile | rusty-snake | 2019-01-16 |
|/ | | | Fix plugin-update and install. | ||
* | adding mincore syscall to the default seccomp filter and some independent ↵ | netblue30 | 2019-01-14 |
| | | | | profiles | ||
* | fix error message | smitsohu | 2019-01-13 |
| | | | | | as --appimage can be combined with chroot and overlay options, querying it first makes the error message more correct | ||
* | fix parent death signal | smitsohu | 2019-01-13 |
| | | | | | | turns out the parent death signal is reset every time the effective uid changes, hence moving the prctl call to the earliest place where the setting is persistent. | ||
* | fix netfilter-default functionality in /etc/firejail/firejail.config | netblue30 | 2019-01-09 |
| | |||
* | test caps join | netblue30 | 2019-01-08 |
| | |||
* | testing seccomp/join | netblue30 | 2019-01-08 |
| | |||
* | fix join/seccomp #2296 | netblue30 | 2019-01-08 |
| | |||
* | merges | netblue30 | 2019-01-07 |
| | |||
* | Merge pull request #2327 from NickMolloy/fix-addr-length | netblue30 | 2019-01-07 |
|\ | | | | | Correctly set address length in arp frames | ||
| * | Correctly set address length in arp frames | Nicholas Molloy | 2019-01-02 |
| | | | | | | | | | | | | | | | | | | | | Kernel commit 99137b7 introduced an additional check of the address length. This exposed a bug in the arp code where the address length was being set incorrectly. Now the length is set from the ETH_ALEN constant declared in linux/if_ether.h This fixes #2314 | ||
* | | Merge pull request #2328 from glitsj16/ocenaudio | glitsj16 | 2019-01-04 |
|\ \ | |/ |/| | Fix ocenaudio profile | ||
| * | Fix ocenaudio profile | glitsj16 | 2019-01-04 |
|/ | |||
* | Add a profile for ghostwriter (#2319) | rusty-snake | 2018-12-30 |
| | | | | | * Add a profile for ghostwriter | ||
* | Merge pull request #2313 from rusty-snake/patch-1 | SkewedZeppelin | 2018-12-27 |
|\ | | | | | Fix gajim.profile | ||
| * | Update gajim.profile | rusty-snake | 2018-12-27 |
| | | |||
| * | Merge branch 'patch-1' of github.com:rusty-snake/firejail into patch-1 | rusty-snake | 2018-12-27 |
| |\ | |||
| | * | Some additional hardening | rusty-snake | 2018-12-27 |
| | | | |||
| * | | Some additional hardening for gajim | rusty-snake | 2018-12-27 |
| |/ | |||
| * | Add profile alias for gajim-history-manager | rusty-snake | 2018-12-27 |
| | | |||
| * | Fix Gajim.profile | rusty-snake | 2018-12-26 |
| | | |||
| * | Fix gajim.profile | rusty-snake | 2018-12-23 |
| | | |||
* | | Remove network access from cherrytree.profile | tinmanx | 2018-12-25 |
| | | |||
* | | Bah humbug! Backporting fixes for the new Brave browser to 0.9.56. | Fred-Barclay | 2018-12-25 |
|/ | | | | Merry Christmas to all! | ||
* | Merges | Tad | 2018-12-22 |
| | |||
* | Merge pull request #2308 from rusty-snake/patch-2 | SkewedZeppelin | 2018-12-23 |
|\ | | | | | Update disable-common.inc, disable-programs.inc. | ||
| * | updates for ~/.cargo | rusty-snake | 2018-12-21 |
| | | |||
| * | adaptations in bibletime.profile and rhythmbox.profile | rusty-snake | 2018-12-20 |
| | | |||
| * | Update disable-common.inc, disable-programs.inc | rusty-snake | 2018-12-20 |
|/ | |||
* | README/RELNOTES update | netblue30 | 2018-12-18 |
| | |||
* | README/RELNOTES update | netblue30 | 2018-12-18 |
| | |||
* | join: also check proc file to detect nonewprivs bit | smitsohu | 2018-12-17 |
| | | | | | redundant check that adds defense in depth and maybe one day can replace the other, file based check | ||
* | Merge pull request #2297 from smitsohu/patch | startx2017 | 2018-12-17 |
|\ | | | | | enforce nonewprivs instead of seccomp for chroot sandboxes | ||
| * | enforce nonewprivs instead of seccomp for chroot sandboxes | smitsohu | 2018-12-15 |
| | | | | | | | | | | currently users are able to specify a seccomp filter of their choosing, leaving the real defense to nonewprivs anyway. | ||
* | | New profile for supertuxkart. (#2298) | rusty-snake | 2018-12-16 |
| | | | | | | | | | | | | * New profile supertuxkart * review fixes | ||
* | | Merge pull request #2299 from glitsj16/man | glitsj16 | 2018-12-16 |
|\ \ | | | | | | | fix netstats typo in man firejail | ||
| * | | fix netstats typo in man firejail | glitsj16 | 2018-12-16 |
|/ / | |||
* / | Fix bibletime.profile (#2295) | rusty-snake | 2018-12-15 |
|/ | | | | | | | | * Fix bibletime.profile Fix: bibletime don't starts on Fedora and Arch Use `seccomp.drop` from firefox. | ||
* | join: check prctl return value | smitsohu | 2018-12-14 |
| | |||
* | add explicit nonewprivs support to join option; accompanying small improvements | smitsohu | 2018-12-14 |
| | |||
* | firecfg: improve error string | smitsohu | 2018-12-13 |
| | | | | emphasize that only firecfg needs all permissions, not firejail | ||
* | pulseaudio: use create_dir_as_user(); small adjustments | smitsohu | 2018-12-13 |
| | |||
* | Merge pull request #2293 from smitsohu/smitsohu-patch-libreoffice | smitsohu | 2018-12-13 |
|\ | | | | | enable apparmor in libreoffice profile | ||
| * | enable apparmor in libreoffice profile | smitsohu | 2018-12-09 |
| | | | | | | | | depends on aa37fe19fed6be8e44db461691149237ee71da94 | ||
* | | Revert "pulseaudio: use env variable fallback in more cases" | smitsohu | 2018-12-13 |
| | | | | | | | | | | | | | | | | | | This reverts commit 93779cb9cd0d098cd3587e2f795200d98e3af1ee. That commit removed restrictions, but also added new inconsistencies. Starting again from the previous state is easier than evolving the current state, hence reverting the commit. | ||
* | | pulseaudio: use env variable fallback in more cases | smitsohu | 2018-12-11 |
| | | | | | | | | | | | | setting the PULSE_CLIENTCONFIG environment variable to the unmounted file is a safe fallback, use it in more cases when mounting is considered not an option | ||
* | | add create_empty_dir_as_user function, refactor | smitsohu | 2018-12-11 |
| | |