Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Browsers: private-dev conditional with BROWSER_DISABLE_U2F | rusty-snake | 2020-01-21 |
| | | | | see also #3170 | ||
* | Add comment for python-based plugins in claws-mail.profile | glitsj16 | 2020-01-20 |
| | |||
* | tests: add additional device counts to whitelist-dev test | Reiner Herrmann | 2020-01-20 |
| | |||
* | Fix firefox (#3171) | Antz | 2020-01-20 |
| | |||
* | Improve --version command example | glitsj16 | 2020-01-20 |
| | | | Fixes #3135. | ||
* | harden celluloid.profile | rusty-snake | 2020-01-19 |
| | |||
* | create rtv.profile | rusty-snake | 2020-01-19 |
| | |||
* | Merge pull request #3168 from glitsj16/fix-asprinf | Reiner Herrmann | 2020-01-19 |
|\ | | | | | Fix typos in fs_bin.c | ||
| * | Update copyright to 2020 in fs_bin.c | glitsj16 | 2020-01-19 |
| | | |||
| * | fix typo in fs_bin.c | glitsj16 | 2020-01-19 |
|/ | |||
* | fixes for 'blacklist ${RUNUSER}/wayland-*' (#3166) | glitsj16 | 2020-01-18 |
| | | | | | | | | | | | | | | | | | | | | * unbreak audio-recorder Support both X11 and Wayland by default. Users can add 'blacklist ${RUNUSER}/wayland-*' or 'x11 none' in their audio-recorder.local. * unbreak ddgtk Support both X11 and Wayland by default. Users can add 'blacklist ${RUNUSER}/wayland-*' or 'x11 none' in their ddgtk.local. * unbreak and harden gconf-editor Support both X11 and Wayland by default. Also whitelist /usr/share/gconf-editor for wusc. * unbreak seahorse Support both X11 and Wayland by default. * add blacklist ${RUNUSER}/wayland-* to dnscrypt-proxy | ||
* | Update SECURITY.md | Reiner Herrmann | 2020-01-18 |
| | |||
* | Update SECURITY.md | rusty-snake | 2020-01-18 |
| | | | | @reinerh is this still right? > :white_check_mark: Debian 11 (testing/unstable), 10 **backports**; Ubuntu 19.10 | ||
* | add tvbrowser.profile | rusty-snake | 2020-01-18 |
| | | | | Thanks @Micha-Btz for all the testing. | ||
* | make devilspie2 redircet to devilspie (#3163) | rusty-snake | 2020-01-18 |
| | |||
* | die python2 die !! #3164 (meld) | rusty-snake | 2020-01-18 |
| | | | | https://github.com/netblue30/firejail/issues/3164#issuecomment-575892401 | ||
* | harden baoba and transmission-common | rusty-snake | 2020-01-18 |
| | |||
* | refactor claws-mail and sylpheed as whitelist profiles (#3162) | glitsj16 | 2020-01-18 |
| | | | | | | | | | | | | | | * refactor claws-mail as whitelist profile * refactor sylpheed as whitelist profile * Create email-common.profile * safeguard ${DOCUMENTS} * Add disable-xdg to email-common.profile Thanks @rusty-snake for the review. | ||
* | Merge pull request #3161 from rusty-snake/bl-wayland | rusty-snake | 2020-01-18 |
|\ | | | | | blacklist ${RUNUSER}/wayland-* in every profile with blacklist /tmp/.X11-unix or x11 none | ||
| * | add RUNUSER and Disable Wayland to the template | rusty-snake | 2020-01-18 |
| | | |||
| * | add 'blacklist ${RUNUSER}/wayland-*' to all profi… | rusty-snake | 2020-01-18 |
| | | | | | | | | …les with 'x11 none' | ||
| * | add 'blacklist ${RUNUSER}/wayland-*' to all profi… | rusty-snake | 2020-01-18 |
|/ | | | | …les with 'blacklist /tmp/.X11-unix' | ||
* | 'blacklist /tmp/.X11-unix' is implied by x11 none | rusty-snake | 2020-01-18 |
| | |||
* | fix x11 none in devilspie2 | glitsj16 | 2020-01-17 |
| | |||
* | Fix x11 none in devilspie | glitsj16 | 2020-01-17 |
| | |||
* | hardenings for various profiles (#3160) | glitsj16 | 2020-01-17 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * harden devilspie * harden devilspie2 * harden curl * harden wget * harden curl * harden dig * harden claws-mail * harden dnscrypt-proxy * harden dnscrypt-proxy * harden dnscrypt-proxy * harden exfalso * refactor easystroke as whitelist profile * refactor enchant as whitelist profile * safeguard ${DOCUMENTS} Thanks @rusty-snake for the suggestion. * drop x11-none Thanks @rusty-snake for catching this. * drop x11 none Thanks @rusty-snake for saving the bacon... * drop x11 none Thanks @rusty-snake for catching this. * drop x11 none Thanks @rusty-snake for preventing breakage! * drop ipc-namespace Better safe than sorry... | ||
* | join: wait with effective uid of the user | smitsohu | 2020-01-17 |
| | | | | issue #3130 | ||
* | fix join timeout if sleep interval is not a multiple | smitsohu | 2020-01-17 |
| | |||
* | Fix gfeeds | rusty-snake | 2020-01-17 |
| | |||
* | Harden feedreader | rusty-snake | 2020-01-17 |
| | |||
* | More fixes for ffmpeg support in Arch Linux | Vincent43 | 2020-01-17 |
| | | | | | This is continuation of fixes needed after recent ffmpeg change in Arch Linux. See https://github.com/netblue30/firejail/issues/3147 | ||
* | profiles: whitelist transmission-daemon config directory | Reiner Herrmann | 2020-01-17 |
| | | | | Reported at: https://bugs.debian.org/948993 | ||
* | Fix missing lib libmfx.so.1 (standardnotes-desktop) (#3151) | Florian Begusch | 2020-01-16 |
| | |||
* | fix wire-desktop [1] | rusty-snake | 2020-01-16 |
| | | | | [1]: https://github.com/netblue30/firejail/issues/2946#issuecomment-574861226 | ||
* | fix ffmpeg privat-etc | rusty-snake | 2020-01-15 |
| | | | | closes #3147 | ||
* | Update RELNOTES, README.md|Add firefox-x11.profile | rusty-snake | 2020-01-13 |
| | |||
* | Fix sorting private-etc in i2prouter.profile | glitsj16 | 2020-01-13 |
| | | | @rusty-snake For now I've fixed the sorting to let it pass CI. Do you think sort.py should put java-{8,9}-openjdk before java-10-openjdk? | ||
* | update i2prouter profile, and remove from firecfg (#3123) | corecontingency | 2020-01-13 |
| | |||
* | aria2c fixes (#3143) | glitsj16 | 2020-01-13 |
| | | | | | | * Support XDG_CONFIG_HOME for aria2c * Fix aria2c.profile | ||
* | fix #3141 | rusty-snake | 2020-01-12 |
| | |||
* | move whitelist /usr/share/webext from firefox-com… | rusty-snake | 2020-01-12 |
| | | | | | …mon.profile to firefox.profile. See https://github.com/netblue30/firejail/commit/c8f78d7b536ec2dce4cc74de2653ae6c8c99b553#commitcomment-36763119 | ||
* | profiles: whitelist /usr/share/webext in firefox-common | Reiner Herrmann | 2020-01-12 |
| | | | | | directory is used for system-wide installed webext-addons. Reported at: https://bugs.debian.org/948558 | ||
* | gitlab-ci: build with stretch image | Reiner Herrmann | 2020-01-11 |
| | |||
* | freecad: allow access to python | smitsohu | 2020-01-10 |
| | |||
* | readme update | netblue30 | 2020-01-09 |
| | |||
* | Merge pull request #3131 from smitsohu/webengine | netblue30 | 2020-01-09 |
|\ | | | | | allow chroot syscall where apps depend on QtWebengine | ||
| * | allow chroot syscall where apps depend on QtWebengine | smitsohu | 2020-01-08 |
| | | | | | | | | derived from QtWebengine reverse dependencies | ||
* | | Merge pull request #3134 from nblock/dev/cmus | Fred Barclay | 2020-01-08 |
|\ \ | | | | | | | cmus: allow access to resolv.conf | ||
| * | | cmus: allow access to resolv.conf | Florian Preinstorfer | 2020-01-08 |
|/ / | |||
* | | misc profile fixups and hardening | rusty-snake | 2020-01-08 |
| | |