Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Improve library handling: use DT_RPATH/DT_RUNPATH to find more libs | Topi Miettinen | 2017-08-05 |
| | | | | | | Helps in more complex cases like this: libpulse.so wants libpulsecommon-10.0.so, which is located in /usr/lib/x86_64-linux-gnu/pulseaudio. This path is specified with DT_RUNPATH. | ||
* | Merge pull request #1436 from SpotComms/gt | Fred Barclay | 2017-08-05 |
|\ | | | | | Add a profile for Gnome Twitch | ||
| * | Add a profile for Gnome Twitch | Tad | 2017-08-05 |
| | | |||
* | | private-lib: preliminary support for directories in private-lib list | netblue30 | 2017-08-05 |
|/ | |||
* | Merge pull request #1435 from SpotComms/fc | Fred Barclay | 2017-08-04 |
|\ | | | | | Update firecfg.config and add a wireshark-* alias | ||
| * | Update firecfg.config and add a wireshark-* alias | Tad | 2017-08-04 |
|/ | |||
* | .gitignore update | netblue30 | 2017-08-04 |
| | |||
* | private-lib: add src/fldd | netblue30 | 2017-08-04 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2017-08-04 |
|\ | |||
| * | Merge pull request #1432 from VladimirSchowalter20/master | Fred Barclay | 2017-08-04 |
| |\ | | | | | | | Gwenview: drop kbuildsycoca5 from private-bin | ||
| | * | Gwenview: drop kbuildsycoca5 from private-bin | Vladimir Schowalter | 2017-08-04 |
| |/ | |||
* | | private-lib: support for /etc/firejail/firejail.config | netblue30 | 2017-08-04 |
| | | |||
* | | private-lib: bringing in private-lib list from command line | netblue30 | 2017-08-04 |
| | | |||
* | | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2017-08-04 |
|\| | |||
| * | Merge pull request #1431 from SpotComms/np | Fred Barclay | 2017-08-03 |
| |\ | | | | | | | Add 8 new profiles | ||
| | * | Add 12 new profiles | Tad | 2017-08-03 |
| |/ | | | | | | | apktool, Baobab, dex2jar, gitg, Hashcat, MusicBrainz Picard, OBS Studio, Remmina, sdat2img, Sound Converter, SQLiteBrowser, Truecraft | ||
* | | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2017-08-03 |
|\| | |||
| * | Merge pull request #1430 from VladimirSchowalter20/master | Fred Barclay | 2017-08-03 |
| |\ | | | | | | | profile fixes | ||
| | * | profile fixes | Vladimir Schowalter | 2017-08-04 |
| |/ | | | | | | | | | | | | | | | * Update qbittorrent.profile * Update gwenview.profile * Update disable-programs.inc | ||
| * | Merge pull request #1428 from VladimirSchowalter20/master | Fred Barclay | 2017-08-03 |
| |\ | | | | | | | Change ${HOME}/.local/share/kservices5 to read-only | ||
| | * | Change ~/.local/share/kservices5 to read-only | Vladimir Schowalter | 2017-08-03 |
| |/ | |||
* / | private-lib: split fldd as a separate application | netblue30 | 2017-08-03 |
|/ | |||
* | Merge pull request #1426 from VladimirSchowalter20/master | startx2017 | 2017-08-02 |
|\ | | | | | Apparmor: add local configuration | ||
| * | Minor fix for completness | Vladimir Schowalter | 2017-08-02 |
| | | |||
| * | Apparmor: add local configuration | Vladimir Schowalter | 2017-08-02 |
| | | |||
* | | Merge pull request #1424 from ↵ | startx2017 | 2017-08-02 |
|\ \ | | | | | | | | | | | | | VladimirSchowalter20/VladimirSchowalter20-apparmor-kde-fix Apparmor: update whitelist path for kde | ||
| * | | Apparmor: update whitelist path for kde | Vladimir Schowalter | 2017-08-02 |
| |/ | |||
* | | Add rambox profile from #1425 | Fred Barclay | 2017-08-02 |
| | | |||
* | | merges | Fred Barclay | 2017-08-02 |
| | | |||
* | | Merge pull request #1367 from SpotComms/mh | Fred Barclay | 2017-08-02 |
|\ \ | |/ |/| | Harden profiles | ||
| * | Fixes | Fred-Barclay | 2017-08-02 |
| | | |||
| * | Add back net none/netfilter as needed | Fred-Barclay | 2017-08-02 |
| | | |||
| * | Partially synchronize Chromium-based profiles | Tad | 2017-08-02 |
| | | |||
| * | Add noexec to more profiles as tested by @curiosity-seeker | Tad | 2017-08-02 |
| | | | | | | | | See https://github.com/netblue30/firejail/pull/1367#issuecomment-315793729 | ||
| * | Initial adding of memory-deny-write-execute to profiles | Tad | 2017-08-02 |
| | | | | | | | | | | | | | | | | - mdwe breaks most vm-based languages so python/java/javascript and some mono programs are not compatible - mdwe also breaks most 3d accelerated programs such as 3d games - mdwe is similar to PaX's mprotect meaning PaX flag managers can be used as reference -- See https://github.com/copperhead/paxd-archive/blob/master/paxd.conf -- See https://github.com/nning/linux-pax-flags | ||
| * | Harden profiles | Tad | 2017-08-02 |
| | | | | | | | | | | | | | | | | - Added 'disable-devel.conf' to many profiles - Added 'disable-mnt' to many profiles - Added 'noexec' to many profiles - Removed 'netfilter' and 'net none' from profiles with 'protocol unix' - Cleaned up profiles using defaults | ||
* | | get_mempolicy syscall was temporarily removed from the default seccomp list. ↵ | netblue30 | 2017-08-02 |
|/ | | | | | | It seems to break playing youtube videos on Firefox Nightly - #1414 | ||
* | x11/xpra support | netblue30 | 2017-08-01 |
| | |||
* | merges | netblue30 | 2017-08-01 |
| | |||
* | Merge pull request #1423 from VladimirSchowalter20/VladimirSchowalter20-apparmor | netblue30 | 2017-08-01 |
|\ | | | | | Add some /proc dirs to firejail apparmor profile | ||
| * | Add some /proc dirs to firejail apparmor profile | Vladimir Schowalter | 2017-08-02 |
|/ | |||
* | compile cleanup | netblue30 | 2017-08-01 |
| | |||
* | Fix tracing with private-lib | Topi Miettinen | 2017-08-01 |
| | |||
* | Merge pull request #1421 from SpotComms/fix1420 | Fred Barclay | 2017-07-31 |
|\ | | | | | Fix #1420 | ||
| * | Fix #1420 | Tad | 2017-07-31 |
|/ | |||
* | Merge pull request #1415 from chiraag-nataraj/master | netblue30 | 2017-07-31 |
|\ | | | | | Tentative implementation for #1405 | ||
| * | Ensure malloc was successful | Chiraag Nataraj | 2017-07-30 |
| | | |||
| * | Remove debugging stuff, free start_child, exit properly | Chiraag Nataraj | 2017-07-30 |
| | | |||
| * | Tentative implementation for #1405 | Chiraag Nataraj | 2017-07-30 |
| | | |||
* | | Fixes for the private-lib and memory-deny-write-execute features | Topi Miettinen | 2017-07-30 |
| | |