| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | test: remove entire dest/ after fcopy test, not just contentsfred_ctests |  Fred-Barclay | 2018-12-28 |
| | | |||
| * | typo | Fred-Barclay | 2018-12-28 |
| | | |||
| * | Remove network access from cherrytree.profile |  tinmanx | 2018-12-25 |
| | | |||
| * | Bah humbug! Backporting fixes for the new Brave browser to 0.9.56. | Fred-Barclay | 2018-12-25 |
| | | | | | Merry Christmas to all! | ||
| * | Merges |  Tad | 2018-12-22 |
| | | |||
| * | Merge pull request #2308 from rusty-snake/patch-2 |  SkewedZeppelin | 2018-12-23 |
| |\ | | | | | Update disable-common.inc, disable-programs.inc. | ||
| | * | updates for ~/.cargo |  rusty-snake | 2018-12-21 |
| | | | |||
| | * | adaptations in bibletime.profile and rhythmbox.profile | rusty-snake | 2018-12-20 |
| | | | |||
| | * | Update disable-common.inc, disable-programs.inc | rusty-snake | 2018-12-20 |
| |/ | |||
| * | README/RELNOTES update |  netblue30 | 2018-12-18 |
| | | |||
| * | README/RELNOTES update | netblue30 | 2018-12-18 |
| | | |||
| * | join: also check proc file to detect nonewprivs bit |  smitsohu | 2018-12-17 |
| | | | | | | redundant check that adds defense in depth and maybe one day can replace the other, file based check | ||
| * | Merge pull request #2297 from smitsohu/patch |  startx2017 | 2018-12-17 |
| |\ | | | | | enforce nonewprivs instead of seccomp for chroot sandboxes | ||
| | * | enforce nonewprivs instead of seccomp for chroot sandboxes | smitsohu | 2018-12-15 |
| | | | | | | | | | | | currently users are able to specify a seccomp filter of their choosing, leaving the real defense to nonewprivs anyway. | ||
| * | | New profile for supertuxkart. (#2298) |  rusty-snake | 2018-12-16 |
| | | | | | | | | | | | | | * New profile supertuxkart * review fixes | ||
| * | | Merge pull request #2299 from glitsj16/man |  glitsj16 | 2018-12-16 |
| |\ \ | | | | | | | fix netstats typo in man firejail | ||
| | * | | fix netstats typo in man firejail | glitsj16 | 2018-12-16 |
| |/ / | |||
| * / | Fix bibletime.profile (#2295) | rusty-snake | 2018-12-15 |
| |/ | | | | | | | | * Fix bibletime.profile Fix: bibletime don't starts on Fedora and Arch Use `seccomp.drop` from firefox. | ||
| * | join: check prctl return value | smitsohu | 2018-12-14 |
| | | |||
| * | add explicit nonewprivs support to join option; accompanying small improvements | smitsohu | 2018-12-14 |
| | | |||
| * | firecfg: improve error string | smitsohu | 2018-12-13 |
| | | | | | emphasize that only firecfg needs all permissions, not firejail | ||
| * | pulseaudio: use create_dir_as_user(); small adjustments | smitsohu | 2018-12-13 |
| | | |||
| * | Merge pull request #2293 from smitsohu/smitsohu-patch-libreoffice | smitsohu | 2018-12-13 |
| |\ | | | | | enable apparmor in libreoffice profile | ||
| | * | enable apparmor in libreoffice profile | smitsohu | 2018-12-09 |
| | | | | | | | | | depends on aa37fe19fed6be8e44db461691149237ee71da94 | ||
| * | | Revert "pulseaudio: use env variable fallback in more cases" | smitsohu | 2018-12-13 |
| | | | | | | | | | | | | | | | | | | | This reverts commit 93779cb9cd0d098cd3587e2f795200d98e3af1ee. That commit removed restrictions, but also added new inconsistencies. Starting again from the previous state is easier than evolving the current state, hence reverting the commit. | ||
| * | | pulseaudio: use env variable fallback in more cases | smitsohu | 2018-12-11 |
| | | | | | | | | | | | | | setting the PULSE_CLIENTCONFIG environment variable to the unmounted file is a safe fallback, use it in more cases when mounting is considered not an option | ||
| * | | add create_empty_dir_as_user function, refactor | smitsohu | 2018-12-11 |
| | | | |||
| * | | xorg: check if Xauthority mount point was created | smitsohu | 2018-12-11 |
| | | | | | | | | | and print more meaningful error message | ||
| * | | profile enhancements: blacklist kdesu daemon socket, rework ↵ | smitsohu | 2018-12-11 |
| | | | | | | | | | c083a7b737050c532977b46fac6400f1dbc24ff6 | ||
| * | | Merge pull request #2294 from rusty-snake/add-thunderbird-wayland | SkewedZeppelin | 2018-12-10 |
| |\ \ | | | | | | | Add a profile for thunderbird-wayland | ||
| | * | | Add a profile for thunderbird-wayland |  rusty-snake | 2018-12-10 |
| |/ / | |||
| * | | Fixes #1951 |  ಚಿರಾಗ್ ನಟರಾಜ್ | 2018-12-09 |
| | | | |||
| * | | update dolphin profile | smitsohu | 2018-12-07 |
| | | | | | | | services previously started by kdeinit now run inside the sandbox due to KDE_FORK_SLAVES being set | ||
| * | | improve sandboxing of KDE apps: set KDE_FORK_SLAVES, blacklist slave-sockets | smitsohu | 2018-12-07 |
| | | | | | | | | | | | | | | | | | | | | | setting the KDE_FORK_SLAVES environment variable removes all inconsistencies that arise from slaves running outside the sandbox or in a different sandbox; it also makes it slightly more difficult to abuse KIO in general and helps to mitigate security problems due to thumbnailing, which now always happens inside the same sandbox. The trade-off is more concurrently running slave processes. closes #2285 | ||
| * | | add HAS_NODBUS conditional, ${RUNUSER} makro | smitsohu | 2018-12-07 |
| |/ | |||
| * | merges | Tad | 2018-11-29 |
| | | |||
| * | Merge pull request #2281 from pirate486743186/mpsyt-profile | SkewedZeppelin | 2018-11-29 |
| |\ | | | | | restricting more, HOME and tmp in mpsyt.profile | ||
| | * | restricting more, HOME and tmp in mpsyt.profile |  pirate486743186 | 2018-11-28 |
| |/ | |||
| * | Merge pull request #2276 from smitsohu/tmpfs | netblue30 | 2018-11-28 |
| |\ | | | | | refactor private-cache and tmpfs | ||
| | * | refactor private-cache and tmpfs | smitsohu | 2018-11-26 |
| | | | | | | | | | | | | | has the immediate benefit that the result of combining --noexec and --tmpfs does not depend on the sequence of the options | ||
| * | | merges | Tad | 2018-11-27 |
| | | | |||
| * | | Merge pull request #2280 from pirate486743186/patch-2 | SkewedZeppelin | 2018-11-27 |
| |\ \ | | | | | | | new profile mpsyt.profile | ||
| | * | | new profile mpsyt.profile | pirate486743186 | 2018-11-28 |
| | | | | |||
| * | | | Merge pull request #2279 from pirate486743186/patch-1 | SkewedZeppelin | 2018-11-27 |
| |\ \ \ | |/ / |/| | | allowing youtube-dl and python in gnome-mpv | ||
| | * | | allowing youtube-dl and python in gnome-mpv | pirate486743186 | 2018-11-27 |
| |/ / | |||
| * | | Merge pull request #2275 from pirate486743186/python-local | SkewedZeppelin | 2018-11-27 |
| |\ \ | | | | | | | allowing local python* in mpv and youtube-dl #2262 | ||
| | * | | allowing local python* in mpv and youtube-dl #2262 | pirate486743186 | 2018-11-26 |
| | |/ | |||
| * | | merges | Tad | 2018-11-27 |
| | | | |||
| * | | Merge pull request #2278 from rusty-snake/patch-1 | SkewedZeppelin | 2018-11-27 |
| |\ \ | | | | | | | Update kdenlive.profile | ||
| | * | | Update kdenlive.profile | rusty-snake | 2018-11-27 |
| |/ / | | | | | Add mlt-melt to private-bin, this is needed on Fedora-systems. | ||
 |
index : firejail | |
| Mirror of https://github.com/netblue30/firejail | Firejail Authors |
| aboutsummaryrefslogtreecommitdiffstats |