aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
...
| * Minor profile tweaks.Libravatar Antz2019-11-26
| | | | | | | | thunderbird-wayland profile did not include thunderbird-wayland.local
* | cleanupLibravatar smitsohu2019-12-03
| |
* | fix stack alignmentLibravatar smitsohu2019-11-30
| | | | | | | | apparently on x86 and on other platforms like aarch64 a 16 byte aligned stack is expected todo: replace this with a generic check
* | libreoffice aliasenLibravatar rusty-snake2019-11-28
| |
* | add private-tmp debug messageLibravatar smitsohu2019-11-28
| |
* | mask more private options runtime directories, just to be sureLibravatar smitsohu2019-11-28
| |
* | fix interaction between private options and allusers optionLibravatar smitsohu2019-11-28
| |
* | Fix profile: ffmpeg (#3064)Libravatar the-antz2019-11-27
|/ | | Fix broken libx265 encoding (needs the set_mempolicy syscall).
* blacklist /tmp/.X11-unix in gist.profileLibravatar glitsj162019-11-25
| | | Thanks to @rusty-snake for requesting this in https://github.com/netblue30/firejail/pull/3061.
* Update README.mdLibravatar glitsj162019-11-25
|
* Update RELNOTESLibravatar glitsj162019-11-25
|
* Add gist-paste to firecfg.configLibravatar glitsj162019-11-25
|
* Add redirect profile for gist-paste (#3062)Libravatar glitsj162019-11-25
|
* Add new profile: gist (#3061)Libravatar glitsj162019-11-25
| | | | | | | | | | | | * Create gist.profile * Add gist config to disable-programs.inc * Add gist to firecfg.config * Update RELNOTES * Update README.md
* blacklist gksu, gksudo, kdesudoLibravatar rusty-snake2019-11-25
|
* various fixupsLibravatar rusty-snake2019-11-25
|
* apparmor: misc fix for pcscdLibravatar Vincent432019-11-24
|
* apparmor: don't allow mounts and paths manipulationLibravatar Vincent432019-11-24
| | | | | | | | | | | | | AppArmor security relies on path based rules and rewriting paths may allow to bypass them. Those actions are priveliged so vast majority of apps shouldn't need them anyway. If some app need those rules then it's better to consider them as unsuitable for apparmor option rather than weaken generic profile for all apps. See related issue reported by apparmor usage in snap: https://bugs.launchpad.net/snapd/+bug/1791711
* apparmor: allow access to pcscd socket (smartcards)Libravatar Vincent432019-11-24
|
* Add new profile: unf (#3060)Libravatar glitsj162019-11-24
| | | | | | * Create unf.profile * Add unf to firecfg.config
* Add new profile: gmpc (#3059)Libravatar glitsj162019-11-24
| | | | | | | | * Create gmpc.profile * Add gmpc config to disable-programs.inc * Add gmpc to firecfg.config
* Add new profile: drawio (#3058)Libravatar glitsj162019-11-24
| | | | | | | | * Create drawio.profile * Add drawio config to disable-programs.inc * Add drawio to firecfg.config
* Add new profile: ddgtk (#3057)Libravatar glitsj162019-11-24
| | | | | | * Create ddgtk.profile * Add ddgtk to firecfg.config
* Add new profile: cameramonitor (#3056)Libravatar glitsj162019-11-24
| | | | | | * Create cameramonitor.profile * Add cameramonitor to firecfg.config
* New profile: audio-recorder (#3055)Libravatar glitsj162019-11-24
| | | | | | * Create audio-recorder.profile * Add audio-recorder to firecfg.config
* mergesLibravatar Tad2019-11-24
|
* Merge pull request #3054 from adrianlshaw/profanityLibravatar SkewedZeppelin2019-11-24
|\ | | | | Add profanity profile
| * profanity: reorder alphabeticallyLibravatar Adrian L. Shaw2019-11-24
| |
| * profanity: reorder alphabeticallyLibravatar Adrian L. Shaw2019-11-24
| |
| * profanity: allow Python plugins and reorder rulesLibravatar Adrian L. Shaw2019-11-24
| |
| * Separate the whitelist section of profanity profileLibravatar Adrian L. Shaw2019-11-24
| |
| * Sort and harden profanity profileLibravatar Adrian L. Shaw2019-11-24
| |
| * Add profile for the Profanity chat clientLibravatar Adrian L. Shaw2019-11-24
|/
* Use seccomp ! syntax in electron-mail.profileLibravatar glitsj162019-11-23
|
* Add new electron-mail profile (#3053)Libravatar glitsj162019-11-23
| | | | | | | | * Create electron-mail.profile * Add electron-mail to disable-programs.inc * Add electron-mail to firecfg.config
* Add lensfun support for gimpLibravatar glitsj162019-11-22
|
* Add babl/gegl support for gimp (#3051)Libravatar glitsj162019-11-22
| | | | | | | | * Add babl/gegl caches for gimp * Add gir-1.0 to wusc * Add babl/gegl support to gimp.profile
* improving remount performanceLibravatar smitsohu2019-11-19
|
* fix previous commitLibravatar netblue302019-11-15
|
* enable apparmor profile from firecfgLibravatar netblue302019-11-15
|
* fixing the fixLibravatar smitsohu2019-11-14
| | | | | get previous commit acbf707889ae241bfd476f5371df4599103b6606 in line with treatment of other directories in /run/firejail/mnt
* blacklist private-home runtime directoryLibravatar smitsohu2019-11-14
| | | | | as far as possible avoid creating locations in the file system that are both writable and executable
* simplify private option ownership checks and make them more consistentLibravatar smitsohu2019-11-14
| | | | | | allowing private and home directory to be owned by different users if the home directory is inside /home was thought to add flexibility, but the scenario is maybe a bit too exotic, and ignoring it paves the way for a simplification
* readme/relnotes updatesLibravatar netblue302019-11-13
|
* Merge pull request #3044 from netblue30/ssh_ncLibravatar netblue302019-11-13
|\ | | | | RFC: profiles: allow nc in ssh profile by default
| * profiles: allow nc in ssh profile by defaultLibravatar Reiner Herrmann2019-11-13
| |
* | Merge pull request #3037 from vutny/fix-3029Libravatar netblue302019-11-13
|\ \ | | | | | | Resolve #3029: drop outdated Skype profile
| * | Resolve #3029: drop outdated Skype profileLibravatar Denys Havrysh2019-11-12
| | |
* | | wine: propose allow-debuggers insteadLibravatar smitsohu2019-11-13
| | |
* | | harden wine profileLibravatar smitsohu2019-11-13
| |/ |/|
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-29 23:53:38 +0000