Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Review klavaro.profile | rusty-snake | 2019-02-06 |
| | |||
* | Add a profile for klavaro | rusty-snake | 2019-02-06 |
| | |||
* | fix small memleak | Reiner Herrmann | 2019-02-05 |
| | |||
* | variable only used when whitelisting enabled | Reiner Herrmann | 2019-02-05 |
| | |||
* | cnt only used for debugging | Reiner Herrmann | 2019-02-05 |
| | |||
* | move usage check to single place | Reiner Herrmann | 2019-02-05 |
| | |||
* | use correct struct member for offset | Reiner Herrmann | 2019-02-05 |
| | | | | Fixes: #2381 | ||
* | simplify yes/no option parsing | Reiner Herrmann | 2019-02-05 |
| | |||
* | profiles: grant zoom access to its configuration | Patrik Flykt | 2019-02-05 |
| | | | | https://bugs.debian.org/921454 | ||
* | Merge pull request #2390 from glitsj16/apparmor | Reiner Herrmann | 2019-02-05 |
|\ | | | | | Retain local apparmor customizations | ||
| * | Update firejail-local | glitsj16 | 2019-02-05 |
| | | |||
| * | Stress apparmor local overrides | glitsj16 | 2019-02-05 |
| | | | | | | As per discussion on https://github.com/netblue30/firejail/pull/2390, we better use slightly stronger/less optional wording when it comes to where local apparmor overrides need to be done. | ||
| * | Retain local apparmor customizations | glitsj16 | 2019-02-05 |
|/ | | | This fixes https://github.com/netblue30/firejail/issues/2388. | ||
* | firejail.config fixes | smitsohu | 2019-02-04 |
| | | | | always print a warning, treat join-or-start like join | ||
* | Add '$HOME/.local/share/pki' to blacklist | Vincent43 | 2019-02-03 |
| | | | | | Since nss 3.42, '$HOME/.local/share/pki' is supported dir for storing certs https://hg.mozilla.org/projects/nss/rev/da45424cb9a0b4d8e45e5040e2e3b574d994e254 | ||
* | relnotes | netblue30 | 2019-02-02 |
| | |||
* | remove noexec home from chromium-based browsers | netblue30 | 2019-02-02 |
| | |||
* | Merge pull request #2386 from SkewedZeppelin/noexecpf | netblue30 | 2019-02-02 |
|\ | | | | | Temporary fix for noexec ${HOME} breakage | ||
| * | Temporary fix for noexec ${HOME} breakage | Tad | 2019-02-02 |
|/ | |||
* | Add a missing path to vivaldi profile, partial fix for #2383 | Tad | 2019-02-01 |
| | |||
* | Merge pull request #2384 from carloabelli/mpris | Vincent43 | 2019-02-01 |
|\ | | | | | remove nodbus from MPRIS client profiles | ||
| * | remove nodbus from MPRIS client profiles | Carlo Abelli | 2019-02-01 |
| | | | | | | | | | | | | | | MPRIS is a D-Bus interface for controlling media players. The nodbus option prevents these players from being controlled through MPRIS. It seems that most of the other media players did not have the nodbus option or it was already commented out. | ||
* | | --name rework | netblue30 | 2019-02-01 |
|/ | |||
* | Merge pull request #2372 from rusty-snake/additional-blacklisting | SkewedZeppelin | 2019-01-30 |
|\ | | | | | additional blacklisting | ||
| * | Update some IDE profiles | rusty-snake | 2019-01-29 |
| | | |||
| * | Update wget.profile | rusty-snake | 2019-01-27 |
| | | |||
| * | additional blacklisting | rusty-snake | 2019-01-27 |
| | | |||
* | | pybitmessage.profile: remove memory-deny-write-execute | Vincent43 | 2019-01-30 |
| | | | | | | On some systems it causes app to crash on startup, see https://github.com/netblue30/firejail/issues/2379 | ||
* | | alphabetize | smitsohu | 2019-01-30 |
| | | |||
* | | misc profile hardening (xdg blacklist, private-cache, netfilter) | smitsohu | 2019-01-30 |
| | | |||
* | | Fixup qtox profile, closes #2374 | Tad | 2019-01-28 |
| | | |||
* | | Fixup cliqz profile, closes #2377 | philotux | 2019-01-28 |
| | | |||
* | | Fix parsing of cgroup option in config | Reiner Herrmann | 2019-01-27 |
| | | |||
* | | enable/disable cgroup in firejail.config | netblue30 | 2019-01-27 |
| | | |||
* | | Merge pull request #2373 from rusty-snake/fix_gnome-maps | Fred Barclay | 2019-01-27 |
|\ \ | | | | | | | Fix gnome-maps | ||
| * | | Fix gnome-maps | rusty-snake | 2019-01-27 |
| |/ | |||
* | | Allow processes confined with AppArmor to obtain some process information | Reiner Herrmann | 2019-01-27 |
| | | | | | | | | | | | | | | | | 'firejail --apparmor chromium' logged a huge amount of apparmor denials, because it wants to use read/readby permissions. Allow those accesses, but keep full tracing disabled by default. See also: https://bugs.debian.org/912587 and apparmor.d(5) | ||
* | | moving to 0.9.59 | netblue30 | 2019-01-27 |
|/ | |||
* | Merge branch 'master' of http://github.com/netblue30/firejail0.9.58 | netblue30 | 2019-01-26 |
|\ | |||
| * | Add deb-apparmor build to Gitlab CI | Fred-Barclay | 2019-01-26 |
| | | |||
| * | Switch ubuntu:latest to ubuntu:rolling for Gitlab CI | Fred-Barclay | 2019-01-26 |
| | | | | | | | | | | | | | | Ubuntu:rolling is the latest Ubuntu release (LTS and/or non-LTS). Since debian:latest already provides a reasonable base for testing firejail builds on older Debian-based systems, use ubuntu:rolling to test on relatively new systems. | ||
* | | fix seccomp-run-files.exp | netblue30 | 2019-01-26 |
|/ | |||
* | release 0.9.58 testing | netblue30 | 2019-01-26 |
| | |||
* | porting make deb-apparmor from LTS build | netblue30 | 2019-01-26 |
| | |||
* | remove duplicated tests from make test-profiles | netblue30 | 2019-01-26 |
| | |||
* | kodi.profile: switch back to default seccomp filter | Vincent43 | 2019-01-24 |
| | | | As mincore syscall was dropped from default list we can use it again. | ||
* | fix skypeforlinux | netblue30 | 2019-01-23 |
| | |||
* | removed mincore syscall from default seccomp filter | netblue30 | 2019-01-23 |
| | |||
* | improve gwenview and dolphin profiles - #2306 #2348 | smitsohu | 2019-01-22 |
| | |||
* | Merge pull request #2362 from glitsj16/github-desktop | glitsj16 | 2019-01-22 |
|\ | | | | | Refactoring github-desktop profile and firecfg |