Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Merge pull request #3065 from the-antz/profile-thunderbird-wayland | smitsohu | 2019-12-03 |
|\ | | | | | Minor profile tweaks. | ||
| * | Minor profile tweaks. | Antz | 2019-11-26 |
| | | | | | | | | thunderbird-wayland profile did not include thunderbird-wayland.local | ||
* | | cleanup | smitsohu | 2019-12-03 |
| | | |||
* | | fix stack alignment | smitsohu | 2019-11-30 |
| | | | | | | | | apparently on x86 and on other platforms like aarch64 a 16 byte aligned stack is expected todo: replace this with a generic check | ||
* | | libreoffice aliasen | rusty-snake | 2019-11-28 |
| | | |||
* | | add private-tmp debug message | smitsohu | 2019-11-28 |
| | | |||
* | | mask more private options runtime directories, just to be sure | smitsohu | 2019-11-28 |
| | | |||
* | | fix interaction between private options and allusers option | smitsohu | 2019-11-28 |
| | | |||
* | | Fix profile: ffmpeg (#3064) | the-antz | 2019-11-27 |
|/ | | | Fix broken libx265 encoding (needs the set_mempolicy syscall). | ||
* | blacklist /tmp/.X11-unix in gist.profile | glitsj16 | 2019-11-25 |
| | | | Thanks to @rusty-snake for requesting this in https://github.com/netblue30/firejail/pull/3061. | ||
* | Update README.md | glitsj16 | 2019-11-25 |
| | |||
* | Update RELNOTES | glitsj16 | 2019-11-25 |
| | |||
* | Add gist-paste to firecfg.config | glitsj16 | 2019-11-25 |
| | |||
* | Add redirect profile for gist-paste (#3062) | glitsj16 | 2019-11-25 |
| | |||
* | Add new profile: gist (#3061) | glitsj16 | 2019-11-25 |
| | | | | | | | | | | | | * Create gist.profile * Add gist config to disable-programs.inc * Add gist to firecfg.config * Update RELNOTES * Update README.md | ||
* | blacklist gksu, gksudo, kdesudo | rusty-snake | 2019-11-25 |
| | |||
* | various fixups | rusty-snake | 2019-11-25 |
| | |||
* | apparmor: misc fix for pcscd | Vincent43 | 2019-11-24 |
| | |||
* | apparmor: don't allow mounts and paths manipulation | Vincent43 | 2019-11-24 |
| | | | | | | | | | | | | | AppArmor security relies on path based rules and rewriting paths may allow to bypass them. Those actions are priveliged so vast majority of apps shouldn't need them anyway. If some app need those rules then it's better to consider them as unsuitable for apparmor option rather than weaken generic profile for all apps. See related issue reported by apparmor usage in snap: https://bugs.launchpad.net/snapd/+bug/1791711 | ||
* | apparmor: allow access to pcscd socket (smartcards) | Vincent43 | 2019-11-24 |
| | |||
* | Add new profile: unf (#3060) | glitsj16 | 2019-11-24 |
| | | | | | | * Create unf.profile * Add unf to firecfg.config | ||
* | Add new profile: gmpc (#3059) | glitsj16 | 2019-11-24 |
| | | | | | | | | * Create gmpc.profile * Add gmpc config to disable-programs.inc * Add gmpc to firecfg.config | ||
* | Add new profile: drawio (#3058) | glitsj16 | 2019-11-24 |
| | | | | | | | | * Create drawio.profile * Add drawio config to disable-programs.inc * Add drawio to firecfg.config | ||
* | Add new profile: ddgtk (#3057) | glitsj16 | 2019-11-24 |
| | | | | | | * Create ddgtk.profile * Add ddgtk to firecfg.config | ||
* | Add new profile: cameramonitor (#3056) | glitsj16 | 2019-11-24 |
| | | | | | | * Create cameramonitor.profile * Add cameramonitor to firecfg.config | ||
* | New profile: audio-recorder (#3055) | glitsj16 | 2019-11-24 |
| | | | | | | * Create audio-recorder.profile * Add audio-recorder to firecfg.config | ||
* | merges | Tad | 2019-11-24 |
| | |||
* | Merge pull request #3054 from adrianlshaw/profanity | SkewedZeppelin | 2019-11-24 |
|\ | | | | | Add profanity profile | ||
| * | profanity: reorder alphabetically | Adrian L. Shaw | 2019-11-24 |
| | | |||
| * | profanity: reorder alphabetically | Adrian L. Shaw | 2019-11-24 |
| | | |||
| * | profanity: allow Python plugins and reorder rules | Adrian L. Shaw | 2019-11-24 |
| | | |||
| * | Separate the whitelist section of profanity profile | Adrian L. Shaw | 2019-11-24 |
| | | |||
| * | Sort and harden profanity profile | Adrian L. Shaw | 2019-11-24 |
| | | |||
| * | Add profile for the Profanity chat client | Adrian L. Shaw | 2019-11-24 |
|/ | |||
* | Use seccomp ! syntax in electron-mail.profile | glitsj16 | 2019-11-23 |
| | |||
* | Add new electron-mail profile (#3053) | glitsj16 | 2019-11-23 |
| | | | | | | | | * Create electron-mail.profile * Add electron-mail to disable-programs.inc * Add electron-mail to firecfg.config | ||
* | Add lensfun support for gimp | glitsj16 | 2019-11-22 |
| | |||
* | Add babl/gegl support for gimp (#3051) | glitsj16 | 2019-11-22 |
| | | | | | | | | * Add babl/gegl caches for gimp * Add gir-1.0 to wusc * Add babl/gegl support to gimp.profile | ||
* | improving remount performance | smitsohu | 2019-11-19 |
| | |||
* | fix previous commit | netblue30 | 2019-11-15 |
| | |||
* | enable apparmor profile from firecfg | netblue30 | 2019-11-15 |
| | |||
* | fixing the fix | smitsohu | 2019-11-14 |
| | | | | | get previous commit acbf707889ae241bfd476f5371df4599103b6606 in line with treatment of other directories in /run/firejail/mnt | ||
* | blacklist private-home runtime directory | smitsohu | 2019-11-14 |
| | | | | | as far as possible avoid creating locations in the file system that are both writable and executable | ||
* | simplify private option ownership checks and make them more consistent | smitsohu | 2019-11-14 |
| | | | | | | allowing private and home directory to be owned by different users if the home directory is inside /home was thought to add flexibility, but the scenario is maybe a bit too exotic, and ignoring it paves the way for a simplification | ||
* | readme/relnotes updates | netblue30 | 2019-11-13 |
| | |||
* | Merge pull request #3044 from netblue30/ssh_nc | netblue30 | 2019-11-13 |
|\ | | | | | RFC: profiles: allow nc in ssh profile by default | ||
| * | profiles: allow nc in ssh profile by default | Reiner Herrmann | 2019-11-13 |
| | | |||
* | | Merge pull request #3037 from vutny/fix-3029 | netblue30 | 2019-11-13 |
|\ \ | | | | | | | Resolve #3029: drop outdated Skype profile | ||
| * | | Resolve #3029: drop outdated Skype profile | Denys Havrysh | 2019-11-12 |
| | | | |||
* | | | wine: propose allow-debuggers instead | smitsohu | 2019-11-13 |
| | | |