Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
| * | /proc/sys can be nosuid,noexec,nodev | Topi Miettinen | 2017-07-25 | |
| | | ||||
* | | Merge pull request #1403 from topimiettinen/seccomp-add-syscalls | netblue30 | 2017-07-25 | |
|\ \ | |/ |/| | Block some obsolete or unusual syscalls | |||
| * | Block some obsolete or unusual syscalls | Topi Miettinen | 2017-07-25 | |
|/ | ||||
* | Merge pull request #1397 from Panzerfather/master | Fred Barclay | 2017-07-22 | |
|\ | | | | | Add access to trash for eog | |||
| * | Add access to trash | Panzerfather | 2017-07-23 | |
|/ | | | Eog needs access to trash to delete files | |||
* | apparmor fixes | netblue30 | 2017-07-21 | |
| | ||||
* | merges | netblue30 | 2017-07-20 | |
| | ||||
* | Merge pull request #1393 from topimiettinen/improve-mounting | netblue30 | 2017-07-20 | |
|\ | | | | | Improve mount handling | |||
| * | Improve mount handling | Topi Miettinen | 2017-07-19 | |
| | | | | | | | | | | noexec/read-only/read-write handling: copy underlying FS flags before remounting. If the flags are already OK, don't remount unnecessarily. | |||
* | | Merge pull request #1394 from topimiettinen/fix-typo | netblue30 | 2017-07-20 | |
|\ \ | |/ |/| | Fix typo usr->user | |||
| * | Fix typo usr->user | Topi Miettinen | 2017-07-19 | |
|/ | | | | | This typo may have prevented blacklists of /run/user/{uid}/gnupg and /run/user/{uid}/systemd from working. | |||
* | support for Xephyr screen size | netblue30 | 2017-07-19 | |
| | ||||
* | xvfb fixes | netblue30 | 2017-07-17 | |
| | ||||
* | Merge pull request #1390 from SpotComms/periodfix | netblue30 | 2017-07-17 | |
|\ | | | | | Fix #1383 | |||
| * | Fix #1383 | Tad | 2017-07-16 | |
| | | ||||
* | | Merge pull request #1372 from rccavalcanti/chromium_arch | netblue30 | 2017-07-16 | |
|\ \ | |/ |/| | Fix permission denied for chromium-flags.conf in Arch | |||
| * | Fix permission denied for chromium-flags.conf in Arch | Rafael Cavalcanti | 2017-07-10 | |
| | | ||||
* | | Fix typo | Fred-Barclay | 2017-07-14 | |
| | | ||||
* | | Re-add .ssh to noblacklist for andriod-studio and idea.sh | Fred-Barclay | 2017-07-14 | |
| | | ||||
* | | Merge pull request #1379 from announ/patch-1 | Fred Barclay | 2017-07-13 | |
|\ \ | | | | | | | Add quiet to exiftool profile | |||
| * | | Add quiet to exiftool profile | announ | 2017-07-13 | |
|/ / | ||||
* | | Merge pull request #1377 from SpotComms/fixjava | Fred Barclay | 2017-07-13 | |
|\ \ | | | | | | | Fix .java after e2449ae7d25925cec444ac08bbfb9cbc7199e647 | |||
| * | | Fix .java after e2449ae7d25925cec444ac08bbfb9cbc7199e647 | Tad | 2017-07-13 | |
|/ / | ||||
* | | Update after merge #1374 | Fred-Barclay | 2017-07-13 | |
| | | | | | | | | | | This introduces blacklist ~/.java to disable-programs.inc, so it may break some existing profiles that depend on it. | |||
* | | Merge pull request #1374 from SpotComms/idea | Fred Barclay | 2017-07-13 | |
|\ \ | | | | | | | Add profiles for IntelliJ IDEA and Android Studio | |||
| * | | Update idea.sh.profile | Fred Barclay | 2017-07-13 | |
| | | | | | | | | | Don't allow ~/.ssh access | |||
| * | | Update android-studio.profile | Fred Barclay | 2017-07-13 | |
| | | | | | | | | | Don't allow ~/.ssh access | |||
| * | | Add a profile for IntelliJ IDEA and Android Studio | Tad | 2017-07-11 | |
| | | | ||||
* | | | Cleanup from merges #1369 and #1373 | Fred-Barclay | 2017-07-13 | |
| | | | ||||
* | | | fix xpra broken earlier | netblue30 | 2017-07-12 | |
| | | | ||||
* | | | cleanup | netblue30 | 2017-07-12 | |
| | | | ||||
* | | | Merge pull request #1373 from SpotComms/sa | Fred Barclay | 2017-07-11 | |
|\ \ \ | | | | | | | | | Add a profile for SILENTARMY | |||
| * | | | Add a profile for SILENTARMY | Tad | 2017-07-11 | |
| |/ / | ||||
* | | | fix #1371; rework seccomp_filter_drop() function | startx2017 | 2017-07-11 | |
| | | | ||||
* | | | profiles: tracelog breaks integrated browser in steam | Reiner Herrmann | 2017-07-11 | |
| |/ |/| | | | | | | | Thanks to @viq for the hint. Fixes: #1280 | |||
* | | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2017-07-10 | |
|\ \ | ||||
| * | | Fix #1370 | Fred-Barclay | 2017-07-09 | |
| | | | ||||
| * | | Merge pull request #1369 from SpotComms/peek | Fred Barclay | 2017-07-09 | |
| |\ \ | | | | | | | | | Add profile for Peek | |||
| | * | | Add profile for Peek | SpotComms | 2017-07-09 | |
| | |/ | ||||
* | / | fix discretionary access control for sandboxes running as root with --noprofile | netblue30 | 2017-07-08 | |
|/ / | ||||
* | | fixing the previous fix | startx2017 | 2017-07-07 | |
| | | ||||
* | | fix firemon --name | startx2017 | 2017-07-07 | |
| | | ||||
* | | run --netstats on 1s interval; caching user name. | startx2017 | 2017-07-07 | |
| | | ||||
* | | shorter firejail name in --top and --netstats | startx2017 | 2017-07-07 | |
| | | ||||
* | | bugfix: fix --allusers when running as root | startx2017 | 2017-07-07 | |
|/ | ||||
* | merges | netblue30 | 2017-07-05 | |
| | ||||
* | Merge pull request #1365 from SpotComms/master | netblue30 | 2017-07-05 | |
|\ | | | | | Harden 50 profiles | |||
| * | Harden 50 profiles | Tad | 2017-07-04 | |
| | | | | | | | | | | Hardened many profiles using disable-mnt and novideo Fixed gnome-font-viewer | |||
* | | add ld.so.cache to private-etc | Fred-Barclay | 2017-07-04 | |
|/ | ||||
* | per-profile disable-mnt | netblue30 | 2017-07-04 | |
| |