Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | merges | 2018-10-04 | |
| | |||
* | Merge pull request #2130 from crass/fix-2045 | 2018-10-04 | |
|\ | | | | | FIX-2045: Fix command name parsing for program paths with spaces. | ||
| * | Fix command name parsing so that program paths with spaces do not cause the ↵ | 2018-10-01 | |
| | | | | | | | | wrong or no profile to be detected. | ||
* | | Fixes #2048 | 2018-10-03 | |
| | | |||
* | | configure.ac: set sysconfdir only if none was specified manually | 2018-10-03 | |
| | | | | | | | | Fixes #2125 | ||
* | | Fixes #2048 | 2018-10-03 | |
| | | |||
* | | AppArmor: Allow writing to removable media | 2018-10-02 | |
| | | |||
* | | Merges | 2018-10-02 | |
| | | |||
* | | Merge pull request #2131 from veloute/discordfix | 2018-10-02 | |
|\ \ | | | | | | | fixed discord not able to check for updates | ||
| * | | fixed discord not able to check for updates | 2018-10-02 | |
| |/ | |||
* / | incomplete fix: whitelisting of symlinks to other home dirs | 2018-10-02 | |
|/ | | | | | | | | | belongs to previous commit 51eeef2059f00de117472046601e10a9fd958d51 short summary of the new behavior, which should catch a few corner cases better: - a non-existant file in another homedir (say homedirs are "/foo/user" and "/foo/user2") is silently ignored (previously a tmpfs was mounted on the users homedir, which was wrong) - a symlink pointing to an existing file in another homedir now works (but the link will be always dangling; you need --allusers to see this) - a symlink pointing back to the entire homedir now works as expected | ||
* | mount empty home if macro can't be whitelisted | 2018-10-01 | |
| | |||
* | tests: skip audit.exp if tests are already running in a pid namespace | 2018-10-01 | |
| | |||
* | fs_whitelist: reduce number of loop iterations | 2018-10-01 | |
| | |||
* | tiny memleaks | 2018-10-01 | |
| | |||
* | regression: fix whitelisting of symlinks to other home dirs, small improvements | 2018-10-01 | |
| | | | | | | | | handling of home dir paths is more explicit and rigorous now, which should make it easier to audit. Also this should come handy if one day fs_private() supports home directories outside /home rf. #2123 | ||
* | cleanup | 2018-09-30 | |
| | |||
* | Merge pull request #2127 from veloute/vimfix | 2018-09-29 | |
|\ | | | | | fixed vim missing from firecfg.config | ||
| * | fixed vim missing from firecfg.config | 2018-09-30 | |
| | | |||
* | | Use list for checking multiple possible values | 2018-09-28 | |
| | | |||
* | | fixed fs-print test | 2018-09-28 | |
|/ | |||
* | manpage cleanup | 2018-09-26 | |
| | |||
* | Fixes #2122 | 2018-09-25 | |
| | |||
* | manpages: fix apparmor profile path | 2018-09-22 | |
| | |||
* | manpages: fix alignment | 2018-09-22 | |
| | |||
* | manpages: update AppArmor info | 2018-09-22 | |
| | |||
* | Add profile for spectre-meltdown-checker | 2018-09-22 | |
| | | | | Will need to support allow-debuggers in profiles before it can be enabled in firecfg | ||
* | tests: skip more tests if capabilities/seccomp of host differs | 2018-09-21 | |
| | |||
* | tests: skip tests checking for /dev/kmsg which might not be available | 2018-09-21 | |
| | |||
* | Fix check for nobody user | 2018-09-21 | |
| | | | | Fixes #2117 | ||
* | --version 0.9.57 | 2018-09-19 | |
| | |||
* | Misc profile hardening | 2018-09-19 | |
| | |||
* | 0.9.56 released0.9.56 | 2018-09-18 | |
| | |||
* | error strings | 2018-09-17 | |
| | |||
* | fix --bandwidth, --cpu.print | 2018-09-15 | |
| | |||
* | add start-tor-browser.desktop profile | 2018-09-15 | |
| | |||
* | add start-tor-browser.desktop profile | 2018-09-15 | |
| | |||
* | Merges | 2018-09-14 | |
| | |||
* | Merge pull request #2115 from flacks/profiles/gnome-music | 2018-09-15 | |
|\ | | | | | Amend gnome-music profile | ||
| * | Amend gnome-music profile | 2018-09-14 | |
|/ | | | | | | | - At least gnome-music 3.28.2 requires 'env' - Add 'gio-launch-desktop' and 'yelp' so launching the "Help" menu doesn't crash the application - Enabling the disabled private-etc tested to be working | ||
* | exit if execl fails (arg_audit) | 2018-09-11 | |
| | |||
* | add switch to disable/enable private-cache | 2018-09-10 | |
| | |||
* | small rlimits adjustment | 2018-09-10 | |
| | |||
* | remove seccomp warning | 2018-09-09 | |
| | |||
* | Merge branch 'master' of http://github.com/netblue30/firejail | 2018-09-09 | |
|\ | |||
| * | set rlimits at later timepoint during sandbox setup | 2018-09-09 | |
| | | |||
* | | support for firetunnel utility | 2018-09-09 | |
|/ | |||
* | remove blacklist /usr/lib/llvm* in dusable-devel.inc - problems with ↵ | 2018-09-07 | |
| | | | | hardware acceleration on Radeon cards, see issue #2106 | ||
* | Disable tracelog in Tor Browser profiles, see #1930, fixes #2108 | 2018-09-06 | |
| | |||
* | disallow overriding of global rlimits, tiny improvements | 2018-09-06 | |
| |