aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* Add alteratives and ld.so.cache to all private-etc linesLibravatar rusty-snake2021-10-27
| | | | Command is the same as in d8d97acb
* Add disable-proc to firefox-commonLibravatar rusty-snake2021-10-23
|
* Remove 'none' from private-etc linesLibravatar rusty-snake2021-10-23
|
* wrc: whitelist journal socketsLibravatar smitsohu2021-10-23
| | | | fixes --tracelog among other things
* add wrc to several profilesLibravatar smitsohu2021-10-23
|
* promote /run/udev/data to wrcLibravatar smitsohu2021-10-23
|
* disable-exec: add /run/shmLibravatar smitsohu2021-10-23
|
* cleanupLibravatar smitsohu2021-10-22
|
* private-bin: switch effective uidLibravatar smitsohu2021-10-22
|
* private-bin: fix #4626, refactor symlink detectionLibravatar smitsohu2021-10-22
|
* README updateLibravatar netblue302021-10-21
|
* Merge pull request #4628 from smitsohu/aaLibravatar netblue302021-10-21
|\ | | | | add basic Firejail support to AppArmor base abstraction (#3226)
| * add basic Firejail support to AppArmor base abstraction (#3226)Libravatar smitsohu2021-10-21
| |
* | Merge pull request #4600 from crocket/masterLibravatar netblue302021-10-21
|\ \ | | | | | | Add profiles for imv, retroarch, and torbrowser
| * | Add profiles for imv, retroarch, and torbrowserLibravatar crocket2021-10-17
| | | | | | | | | | | | | | | imv, retroarch, and torbrowser are also added to firecfg.config
* | | Merge pull request #4612 from jose1711/blobwars_fixLibravatar netblue302021-10-21
|\ \ \ | | | | | | | | blobwars: add path to game assets compatible with Arch
| * | | blobwars: add path to game assets compatible with ArchLibravatar Jose Riha2021-10-17
| | | |
* | | | Merge pull request #4613 from jose1711/joystick_supportLibravatar netblue302021-10-21
|\ \ \ \ | | | | | | | | | | Drop noinput for games with joystick/gamepad support
| * | | | Drop noinput for games with joystick/gamepad supportLibravatar Jose Riha2021-10-17
| | | | | | | | | | | | | | | | | | | | Fixes #4608
* | | | | Merge pull request #4621 from jose1711/tremulous_archfixLibravatar netblue302021-10-21
|\ \ \ \ \ | | | | | | | | | | | | Fix tremulous profile for Arch users
| * | | | | Update etc/profile-m-z/tremulous.profileLibravatar Jose Riha2021-10-19
| | | | | | | | | | | | | | | | | | Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
| * | | | | Update etc/profile-m-z/tremulous.profileLibravatar Jose Riha2021-10-19
| | | | | | | | | | | | | | | | | | Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
| * | | | | Update etc/profile-m-z/tremulous.profileLibravatar Jose Riha2021-10-19
| | | | | | | | | | | | | | | | | | Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
| * | | | | Fix tremulous profile for Arch usersLibravatar Jose Riha2021-10-18
| | | | | |
* | | | | | Merge pull request #4622 from jose1711/jumnbump_fixLibravatar netblue302021-10-21
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix jumpnbump for Arch users
| * | | | | | Fix jumpnbump for Arch usersLibravatar Jose Riha2021-10-19
| |/ / / / / | | | | | | | | | | | | | | | | | | Fixes #4611.
* | | | | | Merge pull request #4624 from jose1711/warsow_archfixLibravatar netblue302021-10-21
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix warsow profile for Arch users
| * | | | | | Update etc/profile-m-z/warsow.profileLibravatar Jose Riha2021-10-19
| | | | | | | | | | | | | | | | | | | | | Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
| * | | | | | Update etc/profile-m-z/warsow.profileLibravatar Jose Riha2021-10-19
| | | | | | | | | | | | | | | | | | | | | Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
| * | | | | | Update etc/profile-m-z/warsow.profileLibravatar Jose Riha2021-10-19
| | | | | | | | | | | | | | | | | | | | | Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
| * | | | | | Fix warsow profile for Arch usersLibravatar Jose Riha2021-10-19
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Warsow uses a shell wrapper hence requires some modifications. Netlink was added to protocols as the game was segfaulting after changing resolution and saving the setting.
* | | | | | small fixLibravatar netblue302021-10-20
| | | | | |
* | | | | | --noprinter optionLibravatar netblue302021-10-20
| | | | | |
* | | | | | Merge pull request #4521 from rusty-snake/disable-proc.incLibravatar smitsohu2021-10-20
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Create disable-proc.inc
| * | | | | Update disable-proc.incLibravatar rusty-snake2021-10-09
| | | | | |
| * | | | | Update disable-proc.incLibravatar rusty-snake2021-09-10
| | | | | |
| * | | | | Create disable-proc.incLibravatar rusty-snake2021-09-09
| | | | | |
* | | | | | mountinfo: improve readabilityLibravatar smitsohu2021-10-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removes the inconsistency that some blacklisted paths could be remounted (files specified explicitly) and some could not. Now all blacklisted paths can be mounted nosuid, nodev, noexec if users specify this. Also fixes the bug that mount id can indeed be 0. Other than that no functional or algorithmic changes, only readability improvements.
* | | | | | readabilityLibravatar smitsohu2021-10-18
| | | | | |
* | | | | | cleanupLibravatar smitsohu2021-10-18
| | | | | |
* | | | | | man pagesLibravatar smitsohu2021-10-18
| |/ / / / |/| | | |
* | | | | Merge pull request #4610 from kmk3/fix-misc-get-group-idLibravatar smitsohu2021-10-17
|\ \ \ \ \ | | | | | | | | | | | | Fix misc in get_group_id
| * | | | | util.c: rename "group" arg to "groupname" in get_group_idLibravatar Kelvin M. Klann2021-10-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To make things clearer, since there is already a `struct group` in the same function.
| * | | | | util.c: fix return type of get_group_idLibravatar Kelvin M. Klann2021-10-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | gr_gid is of type gid_t (not uid_t). From grp.h(0p) of POSIX.1-2017: > DESCRIPTION > > The <grp.h> header shall declare the group structure, which shall > include the following members: > > char *gr_name The name of the group. > gid_t gr_gid Numerical group ID. > char **gr_mem Pointer to a null-terminated array of character > pointers to member names. > > The <grp.h> header shall define the gid_t and size_t types as > described in <sys/types.h>. Note: The callers already store the result in gid_t variables. First caused by commit dc3564b18 ("fixes", 2016-03-09).
| * | | | | util.c: remove tty comment from get_group_idLibravatar Kelvin M. Klann2021-10-16
| | |/ / / | |/| | | | | | | | | | | | | | | | | | This amends commit 40ed53c20 ("nvidia fix", 2016-10-08) and commit 74149d248 ("fixes", 2016-03-20).
* | | | | Merge pull request #4606 from kmk3/rm-limits-h-libtraceLibravatar smitsohu2021-10-17
|\ \ \ \ \ | |/ / / / |/| | | | libtrace.c: use realpath instead of readlink to avoid PATH_MAX
| * | | | libtrace.c: use realpath instead of readlink to avoid PATH_MAXLibravatar Kelvin M. Klann2021-10-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PATH_MAX is not guaranteed to be defined and it may be defined to -1. Avoid depending on it by getting the result directly from realpath. See commit 579f856c5 ("firejail.h: add missing linux/limits.h include") / PR #4583 for details. Note: This replaces the static char array currently used with a dynamic one returned from realpath. Misc: This is a continuation of #4583.
* | | | | add /run/shm to wrcLibravatar smitsohu2021-10-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | found in Debian Bullseye. /run/shm is a symbolic link to /dev/shm, and whitelisting it will just recreate the symbolic link.
* | | | | cgroup: minor refactor, add v2 support, bugfixesLibravatar smitsohu2021-10-16
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds minimal cgroupv2 support, and fixes an effective user id assertion in --join (instead of asserting effective user id of the user, drop privileges completely in a child process).
* | | | build: allow building with sanitizer (#4594)Libravatar Reiner Herrmann2021-10-13
| | | |
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-05 12:03:20 +0000