Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Revert changes in #2928 to seccomp group @default | Topi Miettinen | 2019-09-04 |
| | | | | | Reconstruct @default by not relying on the changed system call groups @privileged and @resources. | ||
* | fixup! Use new seccomp syntax from #2926 in more profiles | rusty-snake | 2019-08-30 |
| | |||
* | fix #2669 | rusty-snake | 2019-08-30 |
| | |||
* | Use new seccomp syntax (#2926) in more profiles | rusty-snake | 2019-08-30 |
| | | | | | | | | | | Rules for redirecting profiles: - add exceptions: just add 'seccomp !SYSCALL' - remove exception: ``` seccomp ignore seccomp ``` | ||
* | Use new seccomp syntax from #2926 in more profiles | rusty-snake | 2019-08-30 |
| | |||
* | Use new seccomp syntax from #2926 | rusty-snake | 2019-08-30 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2019-08-29 |
|\ | |||
| * | Merge pull request #2928 from topimiettinen/seccomp-more-groups | netblue30 | 2019-08-29 |
| |\ | | | | | | | Add further seccomp groups | ||
| | * | Add further seccomp groups | Topi Miettinen | 2019-08-28 |
| | | | | | | | | | | | | Get further seccomp group definitions from systemd. | ||
* | | | readme/relnotes | netblue30 | 2019-08-29 |
|/ / | |||
* | | fix previous merge | netblue30 | 2019-08-29 |
| | | |||
* | | Merge pull request #2926 from topimiettinen/seccomp-allow-exceptions | netblue30 | 2019-08-29 |
|\ \ | | | | | | | Allow exceptions to seccomp lists | ||
| * \ | Merge branch 'master' into seccomp-allow-exceptions | netblue30 | 2019-08-29 |
| |\ \ | |/ / |/| | | |||
* | | | seccomp numeric testing | netblue30 | 2019-08-28 |
| | | | |||
* | | | Merge pull request #2929 from aoand/master | netblue30 | 2019-08-28 |
|\ \ \ | | | | | | | | | seccomp fix: allow numeric syscalls | ||
| * | | | seccomp fix: allow numeric syscalls | aoand | 2019-08-26 |
|/ / / | | | | | | | | | | as per man page, numeric syscall is indicated by the dollar sign '$' | ||
* | | | Fix private-bin order in ghostwriter.profile | glitsj16 | 2019-08-26 |
| | | | |||
* | | | Fix order of private-cache in mpsyt.profile | glitsj16 | 2019-08-26 |
| | | | |||
* | | | Fic private-etc ordering for gnome-schedule | glitsj16 | 2019-08-26 |
| | | | |||
* | | | misc fixes | rusty-snake | 2019-08-26 |
| | | | | | | | | | | | | | | | | | | - fix for #2038 - update RELNOTES - fix #2925 | ||
* | | | many profile fixes (1) | rusty-snake | 2019-08-26 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - add novideo to a lot of profiles (there are still more profiles where novideo can be added) - remove commente mdwe from some gnome applications - add descriptions to some profiles - blacklist ${HOME}/.cargo/credentials - move ${HOME}/.git-credentials and ${HOME}/.git-credential-cache to 'top secret' in disable-common.inc - some ordering in disable-programs.inc - merge tor browser blacklists to ${HOME}/.tor-browser* - qupzilla.profile redirect to falkon.profile - blacklist gnome-builder paths - fix transmission profiles inlude - much more | ||
* | | | add support for seccomp to sort.py [skip ci] | rusty-snake | 2019-08-25 |
| | | | |||
* | | | fix shebang in some contrib scripts [skip ci] | rusty-snake | 2019-08-25 |
| | | | |||
* | | | harden strings profile | smitsohu | 2019-08-25 |
| |/ |/| | |||
| * | Allow exceptions to seccomp lists | Topi Miettinen | 2019-08-25 |
|/ | | | | | | | Prefix ! can be used to make exceptions to system call blacklists and whitelists used by seccomp, seccomp.drop and seccomp.keep. Closes #1366 | ||
* | Merge pull request #2921 from rusty-snake/allow-common-devel.inc | rusty-snake | 2019-08-22 |
|\ | | | | | Introduce allow-common-devel.inc | ||
| * | add allow-common-devel to more profiles | rusty-snake | 2019-08-22 |
| | | |||
| * | Introduce allow-common-devel.inc | rusty-snake | 2019-08-22 |
| | | |||
* | | update syscalls.txt | rusty-snake | 2019-08-22 |
| | | |||
* | | various fixes and improvements | rusty-snake | 2019-08-22 |
|/ | | | | | | | | | | | | - install contrib/syscalls.sh - add GitLab-CI status to README.md - read-only ${HOME}/.cargo/env - move blacklist ${HOME}/.cargo/registry, ${HOME}/.cargo/config to disable-programs - typo in man firejail firejail-profiles firecfg - better descriptions in man firejail-profiles - fixes in man firejail - template descriptions in firejail-profiles | ||
* | Enable private-bin in transmission-daemon | glitsj16 | 2019-08-21 |
| | |||
* | Enable private-bin in transmission-cli | glitsj16 | 2019-08-21 |
| | |||
* | Fix private-etc order in i2prouter | glitsj16 | 2019-08-21 |
| | |||
* | Fix teamspeak3 | glitsj16 | 2019-08-21 |
| | | | Fixes #2901. | ||
* | Merge pull request #2919 from corecontingency/master | rusty-snake | 2019-08-21 |
|\ | | | | | Profiles: add I2P | ||
| * | added i2prouter to firecfg | core_contingency | 2019-08-21 |
| | | |||
| * | Applied further suggestions from code review | core_contingency | 2019-08-21 |
| | | |||
| * | Apply suggestions from code review | corecontingency | 2019-08-21 |
| | | | | | | | | | | Changed to default seccomp Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com> | ||
| * | profiles: add i2p | core_contingency | 2019-08-21 |
| | | |||
* | | Drop fonts from private-etc in transmission-remote-cli | glitsj16 | 2019-08-21 |
|/ | | | Thanks @rusty-snake for catching this! | ||
* | Refactor transmission profiles (#2920) | glitsj16 | 2019-08-21 |
| | | | | | | | | | | | | | | | | | | | | | | | | * Refactor transmission-cli * Create transmission-common.profile * Refactor transmission-create * Refactor transmission-daemon * Refactor transmission-edit * Refactor transmission-gtk * Refactor transmission-qt * Refactor transmission-remote-cli * Refactor transmission-remote-gtk * Refactor transmission-remote * Refactor transmission-show | ||
* | Fix revert of previous trace fix. The issue was that programs were crashing ↵ | Glenn Washburn | 2019-08-21 |
| | | | | because libtrace hooked libc calls were being executed before the libtrace library was initialized. This was due to other loaded libraries being initialized first. | ||
* | fix #2912 and update CONTRIBUTING.md | rusty-snake | 2019-08-19 |
| | |||
* | fix private-bin for tb-starter-wrapper #2863 | rusty-snake | 2019-08-19 |
| | |||
* | noblacklist but no blacklist (#2886) | rusty-snake | 2019-08-19 |
| | | | | | | | | | | | | | | | | * beginn fixup * continue * continue * continue * continue * continue * continue | ||
* | readme | netblue30 | 2019-08-18 |
| | |||
* | Merge pull request #2909 from gm10/fix-get_user | netblue30 | 2019-08-18 |
|\ | | | | | get_user() do not use the unreliable getlogin() | ||
| * | get_user() do not use the unreliable getlogin() | gm10 | 2019-08-13 |
| | | |||
* | | Merge pull request #2915 from corecontingency/master | netblue30 | 2019-08-18 |
|\ \ | | | | | | | tighten private-bin and etc for torbrowser-launcher.profile | ||
| * | | tighten private-bin and etc for torbrowser-launcher.profile | core_contingency | 2019-08-17 |
| | | |