Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | in addition to bd976150 -- Temp fix firecfg (#2634) | rusty-snake | 2019-04-10 |
| | |||
* | fix previous commit, more seccomp testing | netblue30 | 2019-04-09 |
| | |||
* | seccomp fixes | netblue30 | 2019-04-09 |
| | |||
* | seccomp testing | netblue30 | 2019-04-08 |
| | |||
* | fix assogiate profile | netblue30 | 2019-04-08 |
| | |||
* | Fix typo in gnome-chess.profile (#2640) | glitsj16 | 2019-04-08 |
| | |||
* | Merge branch 'master' of http://github.com/netblue30/firejail | netblue30 | 2019-04-07 |
|\ | |||
| * | Merge pull request #2639 from rusty-snake/fix-git-in-IDEs | Fred Barclay | 2019-04-07 |
| |\ | | | | | | | Fix git in some IDE's | ||
| | * | Fix git in some IDE's | rusty-snake | 2019-04-07 |
| |/ | |||
* / | adding disable-exec.inc to more profiles | netblue30 | 2019-04-07 |
|/ | |||
* | Add note about firejail-profiles to issues instructions | Fred Barclay | 2019-04-06 |
| | |||
* | Fixup 536510ff795373a4427cf1cdfde4a59ebb957282 | SkewedZeppelin | 2019-04-06 |
| | |||
* | fix etr profile | netblue30 | 2019-04-05 |
| | |||
* | Fix assogiate (#2636) | glitsj16 | 2019-04-02 |
| | |||
* | Add autokey profiles (#2635) | glitsj16 | 2019-04-02 |
| | | | | | | | | | | | | | | | | | | * Add autokey to firecfg.config * Update README.md * Update RELNOTES * Create autokey-common.profile * Create autokey-gtk.profile * Create autokey-qt.profile * Create autokey-run.profile * Create autokey-shell.profile | ||
* | Temp fix firecfg (#2634) | glitsj16 | 2019-04-02 |
| | | | | | | | | | | | | | | * Temp fixes for firecfg.config * Create Builder.profile * Create clocks.profile * Create Logs.profile * Create Maps.profile * Add TODO to firecfg.config | ||
* | Fixup #2631 | SkewedZeppelin | 2019-03-31 |
| | |||
* | Fix gnome-logs.profile (#2630) | rusty-snake | 2019-03-31 |
| | | | | | | * Fix gnome-logs.profile * supplemented comment for using gnome-logs.local | ||
* | Merge pull request #2625 from veloute/gnome-chess-fix | SkewedZeppelin | 2019-03-30 |
|\ | | | | | add gnuchess to play against computer | ||
| * | add gnuchess to play against computer | veloute | 2019-03-29 |
| | | |||
* | | Merge pull request #2631 from pianoslum/2621-AddWarningAboutEvinceTwoPage | SkewedZeppelin | 2019-03-30 |
|\ \ | | | | | | | Add warning about nodbus breaking evince two-page-view on some systems | ||
| * | | Add warning about nodbus breaking evince two-page-view on some systems | pianoslum | 2019-03-30 |
| | | | | | | | | | | | | See https://github.com/netblue30/firejail/issues/2621 | ||
* | | | Add anki.profile (#2626) | rusty-snake | 2019-03-30 |
| | | | |||
* | | | Fixes for man firejail (#2628) | glitsj16 | 2019-03-29 |
| | | | |||
* | | | Fix typo's in firecfg util.c (#2627) | glitsj16 | 2019-03-29 |
| |/ |/| | |||
* | | Five more game profiles | Tad | 2019-03-28 |
| | | |||
* | | Add VCS support to meld (#2615) | rusty-snake | 2019-03-28 |
| | | | | | | | | | | | | | | | | | | | | * Add hg,bzr,git,svn,cvs to meld's private-bin * Update meld.profile * Update meld.profile * Update meld.profile | ||
* | | Fix dconf-editor access to glib schemas (#2622) | glitsj16 | 2019-03-28 |
| | | | | | | | | | | | | * Fix dconf-editor access to glib schemas * Fix dconf access to glib schemas | ||
* | | Refactor pidgin as whitelist profile (#2620) | glitsj16 | 2019-03-27 |
| | | |||
* | | mount runtime seccomp files read-only (#2602) | smitsohu | 2019-03-23 |
| | | | | | | | | | | | | | | avoid creating locations in the file system that are both writable and executable (in this case for processes with euid of the user). for the same reason also remove user owned libfiles when it is not needed any more | ||
* | | Add kid3, kid3-cli, kid3-qt (#2614) | rusty-snake | 2019-03-22 |
| | | |||
* | | Merge pull request #2611 from rusty-snake/add-freemind | SkewedZeppelin | 2019-03-21 |
|\ \ | | | | | | | Add freemind | ||
| * | | remove noexec | rusty-snake | 2019-03-21 |
| | | | | | | | | | | | | disable-exec.inc is there | ||
| * | | Reorder rusty-snake in README | rusty-snake | 2019-03-21 |
| | | | |||
| * | | Add freemind.profile | rusty-snake | 2019-03-21 |
|/ / | |||
* | | Another five more game profiles | Tad | 2019-03-20 |
| | | |||
* | | Four more game profiles | Tad | 2019-03-20 |
| | | |||
* | | Add a profile for DCSS | Tad | 2019-03-20 |
| | | |||
* | | Five more game profiles | Tad | 2019-03-20 |
| | | |||
* | | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2019-03-20 |
|\ \ | |||
| * | | New profiles: Maelstrom and ostrichrider | Tad | 2019-03-20 |
| | | | |||
| * | | Harden easystroke (#2606) | glitsj16 | 2019-03-18 |
| | | | |||
| * | | pavucontrol does not work with ipc-namespace (#2604) | veloute | 2019-03-17 |
| | | | |||
* | | | hardening: run more code unprivileged | smitsohu | 2019-03-20 |
| | | | |||
* | | | security: too early to register signal handler | smitsohu | 2019-03-20 |
|/ / | |||
* | | minor enhancement: added robustness for setres[gu]id function calls | smitsohu | 2019-03-16 |
| | | |||
* | | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2019-03-16 |
|\ \ | |||
| * | | Follow-up on flatpak/snap support (#2601) | glitsj16 | 2019-03-16 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove obsolete snap support from disable-programs.inc * Remove obsolete snap support from pycharm-community.profile * Update RELNOTES to reflect non-existing/dropped flatpak/snap support * Update firejail.txt to reflect flatpak/snap packages are not supported | ||
| * | | Seahorse revisited (#2600) | glitsj16 | 2019-03-16 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactor seahorse into a whitelist profile * Refactor seahorse-tool as a whitelist profile * Create seahorse-daemon.profile * Add seahorse-daemon to firecfg * Drop blacklist /tmp/.X11-unix from seahorse.profile Thanks to @rusty-snake for pointing out blacklisting /tmp/.X11-unix is ridiculous for GUI's. * Add non-GUI option to seahorse-daemon | ||
* | | | hardening: replace setuid/setgid calls with setresuid/setresgid | smitsohu | 2019-03-16 |
|/ / | | | | | | | | | | | | | | | | | | | when nesting containers and sandboxes, it is possible setuid() fails silently to reset the saved uid, which is then cleared only by the next execve. This is solved by replacing setuid() with more robust setresuid() function calls. Also add code to drop privileges when entering the run_no_sandbox() function (along with some minor tidy up). |