| Commit message (Collapse) | Author | Age |
| |
|
| |
|
|\ |
|
| |\
| | |
| | | |
Add further seccomp groups
|
| | |
| | |
| | |
| | | |
Get further seccomp group definitions from systemd.
|
|/ / |
|
| | |
|
|\ \
| | |
| | | |
Allow exceptions to seccomp lists
|
| |\ \
| |/ /
|/| | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
seccomp fix: allow numeric syscalls
|
|/ / /
| | |
| | |
| | | |
as per man page, numeric syscall is indicated by the dollar sign '$'
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
- fix for #2038
- update RELNOTES
- fix #2925
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- add novideo to a lot of profiles
(there are still more profiles where novideo can be added)
- remove commente mdwe from some gnome applications
- add descriptions to some profiles
- blacklist ${HOME}/.cargo/credentials
- move ${HOME}/.git-credentials and ${HOME}/.git-credential-cache to
'top secret' in disable-common.inc
- some ordering in disable-programs.inc
- merge tor browser blacklists to ${HOME}/.tor-browser*
- qupzilla.profile redirect to falkon.profile
- blacklist gnome-builder paths
- fix transmission profiles inlude
- much more
|
| | | |
|
| | | |
|
| |/
|/| |
|
|/
|
|
|
|
|
| |
Prefix ! can be used to make exceptions to system call blacklists and
whitelists used by seccomp, seccomp.drop and seccomp.keep.
Closes #1366
|
|\
| |
| | |
Introduce allow-common-devel.inc
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
| |
- install contrib/syscalls.sh
- add GitLab-CI status to README.md
- read-only ${HOME}/.cargo/env
- move blacklist ${HOME}/.cargo/registry, ${HOME}/.cargo/config to
disable-programs
- typo in man firejail firejail-profiles firecfg
- better descriptions in man firejail-profiles
- fixes in man firejail
- template descriptions in firejail-profiles
|
| |
|
| |
|
| |
|
|
|
| |
Fixes #2901.
|
|\
| |
| | |
Profiles: add I2P
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
Changed to default seccomp
Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
|
| | |
|
|/
|
| |
Thanks @rusty-snake for catching this!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Refactor transmission-cli
* Create transmission-common.profile
* Refactor transmission-create
* Refactor transmission-daemon
* Refactor transmission-edit
* Refactor transmission-gtk
* Refactor transmission-qt
* Refactor transmission-remote-cli
* Refactor transmission-remote-gtk
* Refactor transmission-remote
* Refactor transmission-show
|
|
|
|
| |
because libtrace hooked libc calls were being executed before the libtrace library was initialized. This was due to other loaded libraries being initialized first.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* beginn fixup
* continue
* continue
* continue
* continue
* continue
* continue
|
| |
|
|\
| |
| | |
get_user() do not use the unreliable getlogin()
|
| | |
|
|\ \
| | |
| | | |
tighten private-bin and etc for torbrowser-launcher.profile
|
| | | |
|
| | | |
|
|/ / |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* nano: add quiet option
* ffmpegthumbnailer: fix quiet leakage
* ffplay: fix quiet leakage
* ffprobe: fix quiet leakage
* rnano: fix quiet leakage
* qt-faststart: fix quiet leakage
* scp: fix quiet leakage
* sftp: fix quiet leakage
* transmission-create: fix quiet leakage
* transmission-edit: fix quiet leakage
* transmission-remote-cli: fix quiet leakage
* transmission-remote-gtk: fix quiet leakage
* dnscrypt-proxy: add quiet option
* dnsmasq: add quiet option
* seahorse-daemon: add quiet option
* xpra: add quiet option
* Xephyr: add quiet option
* Xvfb: add quiet option
|