Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Merge pull request #2130 from crass/fix-2045 | netblue30 | 2018-10-04 |
|\ | | | | | FIX-2045: Fix command name parsing for program paths with spaces. | ||
| * | Fix command name parsing so that program paths with spaces do not cause the ↵ | Glenn Washburn | 2018-10-01 |
| | | | | | | | | wrong or no profile to be detected. | ||
* | | Fixes #2048 | ಚಿರಾಗ್ ನಟರಾಜ್ | 2018-10-03 |
| | | |||
* | | configure.ac: set sysconfdir only if none was specified manually | Reiner Herrmann | 2018-10-03 |
| | | | | | | | | Fixes #2125 | ||
* | | Fixes #2048 | ಚಿರಾಗ್ ನಟರಾಜ್ | 2018-10-03 |
| | | |||
* | | AppArmor: Allow writing to removable media | Vincent43 | 2018-10-02 |
| | | |||
* | | Merges | Tad | 2018-10-02 |
| | | |||
* | | Merge pull request #2131 from veloute/discordfix | SkewedZeppelin | 2018-10-02 |
|\ \ | | | | | | | fixed discord not able to check for updates | ||
| * | | fixed discord not able to check for updates | veloute | 2018-10-02 |
| |/ | |||
* / | incomplete fix: whitelisting of symlinks to other home dirs | smitsohu | 2018-10-02 |
|/ | | | | | | | | | belongs to previous commit 51eeef2059f00de117472046601e10a9fd958d51 short summary of the new behavior, which should catch a few corner cases better: - a non-existant file in another homedir (say homedirs are "/foo/user" and "/foo/user2") is silently ignored (previously a tmpfs was mounted on the users homedir, which was wrong) - a symlink pointing to an existing file in another homedir now works (but the link will be always dangling; you need --allusers to see this) - a symlink pointing back to the entire homedir now works as expected | ||
* | mount empty home if macro can't be whitelisted | smitsohu | 2018-10-01 |
| | |||
* | tests: skip audit.exp if tests are already running in a pid namespace | Reiner Herrmann | 2018-10-01 |
| | |||
* | fs_whitelist: reduce number of loop iterations | smitsohu | 2018-10-01 |
| | |||
* | tiny memleaks | smitsohu | 2018-10-01 |
| | |||
* | regression: fix whitelisting of symlinks to other home dirs, small improvements | smitsohu | 2018-10-01 |
| | | | | | | | | handling of home dir paths is more explicit and rigorous now, which should make it easier to audit. Also this should come handy if one day fs_private() supports home directories outside /home rf. #2123 | ||
* | cleanup | smitsohu | 2018-09-30 |
| | |||
* | Merge pull request #2127 from veloute/vimfix | Fred Barclay | 2018-09-29 |
|\ | | | | | fixed vim missing from firecfg.config | ||
| * | fixed vim missing from firecfg.config | veloute | 2018-09-30 |
| | | |||
* | | Use list for checking multiple possible values | Fred-Barclay | 2018-09-28 |
| | | |||
* | | fixed fs-print test | startx2017 | 2018-09-28 |
|/ | |||
* | manpage cleanup | netblue30 | 2018-09-26 |
| | |||
* | Fixes #2122 | ಚಿರಾಗ್ ನಟರಾಜ್ | 2018-09-25 |
| | |||
* | manpages: fix apparmor profile path | Vincent43 | 2018-09-22 |
| | |||
* | manpages: fix alignment | Vincent43 | 2018-09-22 |
| | |||
* | manpages: update AppArmor info | Vincent43 | 2018-09-22 |
| | |||
* | Add profile for spectre-meltdown-checker | Tad | 2018-09-22 |
| | | | | Will need to support allow-debuggers in profiles before it can be enabled in firecfg | ||
* | tests: skip more tests if capabilities/seccomp of host differs | Reiner Herrmann | 2018-09-21 |
| | |||
* | tests: skip tests checking for /dev/kmsg which might not be available | Reiner Herrmann | 2018-09-21 |
| | |||
* | Fix check for nobody user | Reiner Herrmann | 2018-09-21 |
| | | | | Fixes #2117 | ||
* | --version 0.9.57 | netblue30 | 2018-09-19 |
| | |||
* | Misc profile hardening | Tad | 2018-09-19 |
| | |||
* | 0.9.56 released0.9.56 | netblue30 | 2018-09-18 |
| | |||
* | error strings | smitsohu | 2018-09-17 |
| | |||
* | fix --bandwidth, --cpu.print | netblue30 | 2018-09-15 |
| | |||
* | add start-tor-browser.desktop profile | netblue30 | 2018-09-15 |
| | |||
* | add start-tor-browser.desktop profile | netblue30 | 2018-09-15 |
| | |||
* | Merges | Tad | 2018-09-14 |
| | |||
* | Merge pull request #2115 from flacks/profiles/gnome-music | SkewedZeppelin | 2018-09-15 |
|\ | | | | | Amend gnome-music profile | ||
| * | Amend gnome-music profile | Jean Lucas | 2018-09-14 |
|/ | | | | | | | - At least gnome-music 3.28.2 requires 'env' - Add 'gio-launch-desktop' and 'yelp' so launching the "Help" menu doesn't crash the application - Enabling the disabled private-etc tested to be working | ||
* | exit if execl fails (arg_audit) | smitsohu | 2018-09-11 |
| | |||
* | add switch to disable/enable private-cache | smitsohu | 2018-09-10 |
| | |||
* | small rlimits adjustment | smitsohu | 2018-09-10 |
| | |||
* | remove seccomp warning | netblue30 | 2018-09-09 |
| | |||
* | Merge branch 'master' of http://github.com/netblue30/firejail | netblue30 | 2018-09-09 |
|\ | |||
| * | set rlimits at later timepoint during sandbox setup | smitsohu | 2018-09-09 |
| | | |||
* | | support for firetunnel utility | netblue30 | 2018-09-09 |
|/ | |||
* | remove blacklist /usr/lib/llvm* in dusable-devel.inc - problems with ↵ | netblue30 | 2018-09-07 |
| | | | | hardware acceleration on Radeon cards, see issue #2106 | ||
* | Disable tracelog in Tor Browser profiles, see #1930, fixes #2108 | Tad | 2018-09-06 |
| | |||
* | disallow overriding of global rlimits, tiny improvements | smitsohu | 2018-09-06 |
| | |||
* | cleanup | netblue30 | 2018-09-05 |
| |