Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
| * | Correctly set address length in arp frames | 2019-01-02 | ||
| | | | | | | | | | | | | | | | | | | | | Kernel commit 99137b7 introduced an additional check of the address length. This exposed a bug in the arp code where the address length was being set incorrectly. Now the length is set from the ETH_ALEN constant declared in linux/if_ether.h This fixes #2314 | |||
* | | Merge pull request #2328 from glitsj16/ocenaudio | 2019-01-04 | ||
|\ \ | |/ |/| | Fix ocenaudio profile | |||
| * | Fix ocenaudio profile | 2019-01-04 | ||
|/ | ||||
* | Add a profile for ghostwriter (#2319) | 2018-12-30 | ||
| | | | | | * Add a profile for ghostwriter | |||
* | Merge pull request #2313 from rusty-snake/patch-1 | 2018-12-27 | ||
|\ | | | | | Fix gajim.profile | |||
| * | Update gajim.profile | 2018-12-27 | ||
| | | ||||
| * | Merge branch 'patch-1' of github.com:rusty-snake/firejail into patch-1 | 2018-12-27 | ||
| |\ | ||||
| | * | Some additional hardening | 2018-12-27 | ||
| | | | ||||
| * | | Some additional hardening for gajim | 2018-12-27 | ||
| |/ | ||||
| * | Add profile alias for gajim-history-manager | 2018-12-27 | ||
| | | ||||
| * | Fix Gajim.profile | 2018-12-26 | ||
| | | ||||
| * | Fix gajim.profile | 2018-12-23 | ||
| | | ||||
* | | Remove network access from cherrytree.profile | 2018-12-25 | ||
| | | ||||
* | | Bah humbug! Backporting fixes for the new Brave browser to 0.9.56. | 2018-12-25 | ||
|/ | | | | Merry Christmas to all! | |||
* | Merges | 2018-12-22 | ||
| | ||||
* | Merge pull request #2308 from rusty-snake/patch-2 | 2018-12-23 | ||
|\ | | | | | Update disable-common.inc, disable-programs.inc. | |||
| * | updates for ~/.cargo | 2018-12-21 | ||
| | | ||||
| * | adaptations in bibletime.profile and rhythmbox.profile | 2018-12-20 | ||
| | | ||||
| * | Update disable-common.inc, disable-programs.inc | 2018-12-20 | ||
|/ | ||||
* | README/RELNOTES update | 2018-12-18 | ||
| | ||||
* | README/RELNOTES update | 2018-12-18 | ||
| | ||||
* | join: also check proc file to detect nonewprivs bit | 2018-12-17 | ||
| | | | | | redundant check that adds defense in depth and maybe one day can replace the other, file based check | |||
* | Merge pull request #2297 from smitsohu/patch | 2018-12-17 | ||
|\ | | | | | enforce nonewprivs instead of seccomp for chroot sandboxes | |||
| * | enforce nonewprivs instead of seccomp for chroot sandboxes | 2018-12-15 | ||
| | | | | | | | | | | currently users are able to specify a seccomp filter of their choosing, leaving the real defense to nonewprivs anyway. | |||
* | | New profile for supertuxkart. (#2298) | 2018-12-16 | ||
| | | | | | | | | | | | | * New profile supertuxkart * review fixes | |||
* | | Merge pull request #2299 from glitsj16/man | 2018-12-16 | ||
|\ \ | | | | | | | fix netstats typo in man firejail | |||
| * | | fix netstats typo in man firejail | 2018-12-16 | ||
|/ / | ||||
* / | Fix bibletime.profile (#2295) | 2018-12-15 | ||
|/ | | | | | | | | * Fix bibletime.profile Fix: bibletime don't starts on Fedora and Arch Use `seccomp.drop` from firefox. | |||
* | join: check prctl return value | 2018-12-14 | ||
| | ||||
* | add explicit nonewprivs support to join option; accompanying small improvements | 2018-12-14 | ||
| | ||||
* | firecfg: improve error string | 2018-12-13 | ||
| | | | | emphasize that only firecfg needs all permissions, not firejail | |||
* | pulseaudio: use create_dir_as_user(); small adjustments | 2018-12-13 | ||
| | ||||
* | Merge pull request #2293 from smitsohu/smitsohu-patch-libreoffice | 2018-12-13 | ||
|\ | | | | | enable apparmor in libreoffice profile | |||
| * | enable apparmor in libreoffice profile | 2018-12-09 | ||
| | | | | | | | | depends on aa37fe19fed6be8e44db461691149237ee71da94 | |||
* | | Revert "pulseaudio: use env variable fallback in more cases" | 2018-12-13 | ||
| | | | | | | | | | | | | | | | | | | This reverts commit 93779cb9cd0d098cd3587e2f795200d98e3af1ee. That commit removed restrictions, but also added new inconsistencies. Starting again from the previous state is easier than evolving the current state, hence reverting the commit. | |||
* | | pulseaudio: use env variable fallback in more cases | 2018-12-11 | ||
| | | | | | | | | | | | | setting the PULSE_CLIENTCONFIG environment variable to the unmounted file is a safe fallback, use it in more cases when mounting is considered not an option | |||
* | | add create_empty_dir_as_user function, refactor | 2018-12-11 | ||
| | | ||||
* | | xorg: check if Xauthority mount point was created | 2018-12-11 | ||
| | | | | | | | | and print more meaningful error message | |||
* | | profile enhancements: blacklist kdesu daemon socket, rework ↵ | 2018-12-11 | ||
| | | | | | | | | c083a7b737050c532977b46fac6400f1dbc24ff6 | |||
* | | Merge pull request #2294 from rusty-snake/add-thunderbird-wayland | 2018-12-10 | ||
|\ \ | | | | | | | Add a profile for thunderbird-wayland | |||
| * | | Add a profile for thunderbird-wayland | 2018-12-10 | ||
|/ / | ||||
* | | Fixes #1951 | 2018-12-09 | ||
| | | ||||
* | | update dolphin profile | 2018-12-07 | ||
| | | | | | | services previously started by kdeinit now run inside the sandbox due to KDE_FORK_SLAVES being set | |||
* | | improve sandboxing of KDE apps: set KDE_FORK_SLAVES, blacklist slave-sockets | 2018-12-07 | ||
| | | | | | | | | | | | | | | | | | | | | setting the KDE_FORK_SLAVES environment variable removes all inconsistencies that arise from slaves running outside the sandbox or in a different sandbox; it also makes it slightly more difficult to abuse KIO in general and helps to mitigate security problems due to thumbnailing, which now always happens inside the same sandbox. The trade-off is more concurrently running slave processes. closes #2285 | |||
* | | add HAS_NODBUS conditional, ${RUNUSER} makro | 2018-12-07 | ||
|/ | ||||
* | merges | 2018-11-29 | ||
| | ||||
* | Merge pull request #2281 from pirate486743186/mpsyt-profile | 2018-11-29 | ||
|\ | | | | | restricting more, HOME and tmp in mpsyt.profile | |||
| * | restricting more, HOME and tmp in mpsyt.profile | 2018-11-28 | ||
|/ | ||||
* | Merge pull request #2276 from smitsohu/tmpfs | 2018-11-28 | ||
|\ | | | | | refactor private-cache and tmpfs | |||
| * | refactor private-cache and tmpfs | 2018-11-26 | ||
| | | | | | | | | | | | | has the immediate benefit that the result of combining --noexec and --tmpfs does not depend on the sequence of the options |