Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | packaging badge | netblue30 | 2019-07-16 |
| | |||
* | apparmor: minor improvements | Vincent43 | 2019-07-16 |
| | | | | | | | Use @{PID} consistently. Remove 'deny /proc/** w,' suggestion as it will break all whitelisted entries. | ||
* | check for dir existence before private-* mount | smitsohu | 2019-07-16 |
| | | | fixes #2859 | ||
* | profile support for allow-debuggers (#2856) | Sebastian Hafner | 2019-07-15 |
| | |||
* | apparmor: allow writing to /proc/@{PID}/comm | Vincent43 | 2019-07-14 |
| | | | | | | This is needed by various electron apps, see: https://github.com/netblue30/firejail/issues/2538 https://github.com/netblue30/firejail/issues/2854 | ||
* | homedirs: turn "informational error" into warning | smitsohu | 2019-07-14 |
| | |||
* | don't allow root directory as home | smitsohu | 2019-07-14 |
| | |||
* | Merge pull request #2858 from veloute/sn-fix | veloute | 2019-07-13 |
|\ | | | | | fix seccomp issues with standardnotes-desktop. see issue #2854 | ||
| * | issues with electron-based apps. see issue #2854 | veloute | 2019-07-13 |
|/ | |||
* | update version table | Reiner Herrmann | 2019-07-13 |
| | |||
* | uniformly mask /home in all private home options | smitsohu | 2019-07-12 |
| | |||
* | private-home: remove redundancy | smitsohu | 2019-07-12 |
| | |||
* | Merge pull request #2855 from veloute/galc-fix | rusty-snake | 2019-07-12 |
|\ | | | | | ipc-namespace breaks galculator on archlinux | ||
| * | ipc-namespace breaks galculator on archlinux | veloute | 2019-07-12 |
| | | |||
* | | rename some variables so they don't shadow others with same name | Reiner Herrmann | 2019-07-11 |
| | | | | | | | | via lgtm.com | ||
* | | fix minor issues from lgtm.com | Reiner Herrmann | 2019-07-11 |
| | | |||
* | | Merge pull request #2850 from disconnect3d/patch-1 | Reiner Herrmann | 2019-07-11 |
|\ \ | | | | | | | Update pid.c | ||
| * | | Update pid.c | Disconnect3d | 2019-07-10 |
| | | | | | | | | | Remove redundant `child` variable in src/lib/pid.c | ||
* | | | Update libpostexecseccomp.c (#2851) | Disconnect3d | 2019-07-11 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update libpostexecseccomp.c Remove `if (size != 0)` condition, which is always true as there is a `if (size <= 0)` condition before. Also note that if the `if (size <= 0)` condition wouldn't be there and `size` would be 0, there would have been an undefined behavior in due to division by zero in `(unsigned short) size / (unsigned short) sizeof(struct sock_filter);`. Found with LGTM: https://lgtm.com/projects/g/netblue30/firejail/snapshot/961c4ca00425b60a7bc8543460031a8ebf3d8aa6/files/src/libpostexecseccomp/libpostexecseccomp.c#x838c24f710410160:1 | ||
* | | | Support media on other drives in youtube-dl.profile | glitsj16 | 2019-07-11 |
| | | | | | | | | | Thanks to @SkewedZeppelin for catching this, see comments in https://github.com/netblue30/firejail/pull/2584. | ||
* | | | remove duplicate fclose/free | Reiner Herrmann | 2019-07-10 |
| | | | |||
* | | | less.profile: make ${HOME} read-only | Vincent43 | 2019-07-10 |
|/ / | | | | | less is usually used to view various text files including configs so blacklisting many of them in ${HOME} make it less(sic!) usable. We can make them read-only instead. | ||
* | | Add gdb-firejail.sh to contrib for easy debugging of firejail with gdb. | Glenn Washburn | 2019-07-09 |
| | | |||
* | | Sort private-bin in obs.profile (#2848) | glitsj16 | 2019-07-09 |
| | | |||
* | | Add redirects for mpg123 (#2847) | glitsj16 | 2019-07-09 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create conplay.profile * Create mpg123.bin.profile * Create mpg123-alsa.profile * Create mpg123-id3dump.profile * Create mpg123-jack.profile * Create mpg123-nas.profile * Create mpg123-openal.profile * Create mpg123-oss.profile * Create mpg123-portaudio.profile * Create mpg123-pulse.profile * Create mpg123-strip.profile * Create out123.profile * Add mpg123 redirects to fireconfig | ||
* | | Merge pull request #2844 from crass/fix-561-trace-appimage | netblue30 | 2019-07-09 |
|\ \ | | | | | | | Fix issue #561. Refactor/Optimize code to get and use pid and process name. | ||
| * | | Fix issue #561. Refactor/Optimize code to get and use pid and process name. | Glenn Washburn | 2019-07-09 |
| | | | |||
* | | | Merge pull request #2843 from crass/fix-2842-extra-appimage-envvars | netblue30 | 2019-07-09 |
|\ \ \ | | | | | | | | | Add OWD and ARGV0 environment variables. Correctly create APPIMAGE envvar. | ||
| * | | | Add OWD and ARGV0 environment variables. Correctly create APPIMAGE envvar. | Glenn Washburn | 2019-07-09 |
| |/ / | |||
* | | | Merge pull request #2845 from smitsohu/homedir2 | netblue30 | 2019-07-09 |
|\ \ \ | |/ / |/| | | improve support for home directories outside /home | ||
| * | | main.c: define O_PATH (CentOS 6 fix) | smitsohu | 2019-07-09 |
| | | | |||
| * | | move to fd based homedir mounts | smitsohu | 2019-07-09 |
| | | | |||
| * | | add symlink resolution for home directories | smitsohu | 2019-07-09 |
| | | | |||
* | | | Fix #2726 | Fred Barclay | 2019-07-08 |
| | | | | | | | | | | | | private-bin was too restrictive and didn't allow desktop recording | ||
* | | | keep dconf database read-only | smitsohu | 2019-07-08 |
|/ / | |||
* | | more simplification of fs_check_chroot_dir | smitsohu | 2019-07-08 |
| | | |||
* | | Fix #2840 | rusty-snake | 2019-07-08 |
| | | |||
* | | reduce redundancy in fs_check_chroot_dir | smitsohu | 2019-07-08 |
| | | |||
* | | misc cleanup (safe_fd function) | smitsohu | 2019-07-07 |
| | | |||
* | | relocate mountinfo functionality test | smitsohu | 2019-07-07 |
| | | |||
* | | Use __clone2 on ia64 | Reiner Herrmann | 2019-07-07 |
| | | | | | | | | | | clone has a different interfaces there, as the stack size needs to be known. | ||
* | | Add to comment on pip install in youtube-dl.profile | glitsj16 | 2019-07-07 |
| | | | | | | Try to help users more explicitly when they have youtube installed under ${HOME}, see #2833. | ||
* | | Fix slow OSD in mpv.profile | glitsj16 | 2019-07-07 |
| | | | | | | Fixes #2838. | ||
* | | Harden qpdfview.profile with `nodbus` (#2837) | Eduard Tolosa | 2019-07-07 |
| | | |||
* | | Fix #2834 (#2835) | Eduard Tolosa | 2019-07-07 |
| | | |||
* | | Add electron4 to allow it to launch on Arch Linux (#2832) | Nick Fox | 2019-07-06 |
| | | |||
* | | Add youtube-dl config handling (#2836) | glitsj16 | 2019-07-06 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add youtube-dl config to disable-programs.inc * Add config handling to youtube-dl * Add youtube-dl config handling to celluloid.profile * Add youtube-dl config handling to mpv.profile * Add youtube-dl config handling to smplayer.profile * Add youtube-dl config handling to mpsyt.profile | ||
* | | mpg123 | startx2017 | 2019-07-06 |
| | | |||
* | | fix --timeout | netblue30 | 2019-07-04 |
| | | |||
* | | Fix seccomp sorting in riot-desktop | glitsj16 | 2019-07-04 |
| | |