Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Partially synchronize Chromium-based profiles | Tad | 2017-08-02 |
| | |||
* | Add noexec to more profiles as tested by @curiosity-seeker | Tad | 2017-08-02 |
| | | | | See https://github.com/netblue30/firejail/pull/1367#issuecomment-315793729 | ||
* | Initial adding of memory-deny-write-execute to profiles | Tad | 2017-08-02 |
| | | | | | | | | - mdwe breaks most vm-based languages so python/java/javascript and some mono programs are not compatible - mdwe also breaks most 3d accelerated programs such as 3d games - mdwe is similar to PaX's mprotect meaning PaX flag managers can be used as reference -- See https://github.com/copperhead/paxd-archive/blob/master/paxd.conf -- See https://github.com/nning/linux-pax-flags | ||
* | Harden profiles | Tad | 2017-08-02 |
| | | | | | | | | - Added 'disable-devel.conf' to many profiles - Added 'disable-mnt' to many profiles - Added 'noexec' to many profiles - Removed 'netfilter' and 'net none' from profiles with 'protocol unix' - Cleaned up profiles using defaults | ||
* | x11/xpra support | netblue30 | 2017-08-01 |
| | |||
* | merges | netblue30 | 2017-08-01 |
| | |||
* | Merge pull request #1423 from VladimirSchowalter20/VladimirSchowalter20-apparmor | netblue30 | 2017-08-01 |
|\ | | | | | Add some /proc dirs to firejail apparmor profile | ||
| * | Add some /proc dirs to firejail apparmor profile | Vladimir Schowalter | 2017-08-02 |
|/ | |||
* | compile cleanup | netblue30 | 2017-08-01 |
| | |||
* | Fix tracing with private-lib | Topi Miettinen | 2017-08-01 |
| | |||
* | Merge pull request #1421 from SpotComms/fix1420 | Fred Barclay | 2017-07-31 |
|\ | | | | | Fix #1420 | ||
| * | Fix #1420 | Tad | 2017-07-31 |
|/ | |||
* | Merge pull request #1415 from chiraag-nataraj/master | netblue30 | 2017-07-31 |
|\ | | | | | Tentative implementation for #1405 | ||
| * | Ensure malloc was successful | Chiraag Nataraj | 2017-07-30 |
| | | |||
| * | Remove debugging stuff, free start_child, exit properly | Chiraag Nataraj | 2017-07-30 |
| | | |||
| * | Tentative implementation for #1405 | Chiraag Nataraj | 2017-07-30 |
| | | |||
* | | Fixes for the private-lib and memory-deny-write-execute features | Topi Miettinen | 2017-07-30 |
| | | |||
* | | Memory-deny-write-execute feature | Topi Miettinen | 2017-07-30 |
| | | | | | | | | Feature to block attempts to create writable and executable memory. | ||
* | | Improve loading of seccomp filter | Topi Miettinen | 2017-07-30 |
| | | | | | | | | Also fixes a memory leak and double load. | ||
* | | Private /lib feature | Topi Miettinen | 2017-07-30 |
| | | |||
* | | merges | Fred-Barclay | 2017-07-30 |
| | | |||
* | | merges | netblue30 | 2017-07-30 |
| | | |||
* | | Merge pull request #1416 from rahiel/telegram | netblue30 | 2017-07-30 |
|\ \ | |/ |/| | telegram is called telegram-desktop in Debian | ||
| * | telegram is called telegram-desktop in Debian | Rahiel Kasim | 2017-07-30 |
|/ | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2017-07-29 |
|\ | |||
| * | Merge pull request #1411 from SpotComms/arm | Fred Barclay | 2017-07-29 |
| |\ | | | | | | | Add a profile for arm | ||
| | * | Add a profile for arm | Tad | 2017-07-29 |
| | | | |||
| * | | merges | Fred-Barclay | 2017-07-29 |
| |/ | |||
* / | --shell=none fix | netblue30 | 2017-07-29 |
|/ | |||
* | merges | netblue30 | 2017-07-29 |
| | |||
* | merges | netblue30 | 2017-07-29 |
| | |||
* | Merge pull request #1410 from topimiettinen/seccomp-print | netblue30 | 2017-07-29 |
|\ | | | | | Improve seccomp printing | ||
| * | Improve seccomp printing | Topi Miettinen | 2017-07-28 |
| | | |||
* | | new profiles | netblue30 | 2017-07-29 |
| | | |||
* | | arp rework | netblue30 | 2017-07-29 |
|/ | |||
* | network testing | netblue30 | 2017-07-27 |
| | |||
* | tentative fix for arp cahce pollution - #1406 | netblue30 | 2017-07-27 |
| | |||
* | merges | netblue30 | 2017-07-27 |
| | |||
* | Merge pull request #1409 from caoliver/master | netblue30 | 2017-07-27 |
|\ | | | | | Fix typo for fnet moveif invocation on 2nd interface. | ||
| * | Fix typo for fnet moveif invocation on 2nd interface. | Christopher A. Oliver | 2017-07-27 |
|/ | |||
* | Merge pull request #1408 from drzraf/patch-1 | Fred Barclay | 2017-07-27 |
|\ | | | | | Zoom cache dir | ||
| * | Zoom cache dir | Raphaƫl Droz | 2017-07-27 |
|/ | | | | | Zoom seems to use of a QT cache-disk feature which depends upon a ~/.cache/<app>/qmlcache directory. If it can not, Zoom will segfault with mprotect failed in ExecutableAllocator::makeExecutable: Permission denied | ||
* | Allow eom and xviewer to write to user's trash | Fred-Barclay | 2017-07-27 |
| | |||
* | Updates after merges | Fred-Barclay | 2017-07-27 |
| | |||
* | Merge pull request #1407 from aidalgol/riot-profile | Fred Barclay | 2017-07-27 |
|\ | | | | | Add Electron and Riot profiles | ||
| * | Add Electron and Riot profiles | Aidan Gauland | 2017-07-27 |
| | | | | | | | | | | | | | | * Add a generic profile for Electron applications. * Add a specific profile for Riot based on this new Electron profile. * Addresses vector-im/riot-web#3004 * Fulfils profile request for Riot.im in netblue30/firejail#1139 | ||
* | | merges | netblue30 | 2017-07-27 |
|/ | |||
* | Improve cross build support by using configured compiler instead of make default | Helmut Grohne | 2017-07-26 |
| | | | | https://bugs.debian.org/869707 | ||
* | merges | netblue30 | 2017-07-25 |
| | |||
* | Merge pull request #1402 from topimiettinen/nosuid-noexec-nodev-proc-sys | netblue30 | 2017-07-25 |
|\ | | | | | /proc/sys can be nosuid,noexec,nodev |