aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
...
| * | | | | | change Fedora ssh fixLibravatar glitsj162021-11-10
| | | | | | | | | | | | | | | | | | | | | Suggested in https://github.com/netblue30/firejail/pull/4675#discussion_r746510840. Makes sense!
| * | | | | | add Fedora fixLibravatar glitsj162021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Added Fedora path as per https://github.com/netblue30/firejail/pull/4675#pullrequestreview-802438767. NOTE: there are several other profiles touching /usr/libexec, so untill someone on Fedora can shed some light on what files are installed under /usr/libexec, I only blacklisted ssh-keysign. I'll pick this up tomorrow, a bit pressed for time in the non-digital worlds...
| * | | | | | add Fedora fixesLibravatar glitsj162021-11-10
| | | | | | | | | | | | | | | | | | | | | Added Fedora path as per https://github.com/netblue30/firejail/pull/4675#pullrequestreview-802438767.
| * | | | | | fixes for sshLibravatar glitsj162021-11-10
| | | | | | | | | | | | | | | | | | | | | Counterpart fix for changes in allow-ssh.inc.
| * | | | | | fixes for sshLibravatar glitsj162021-11-10
|/ / / / / / | | | | | | | | | | | | After seeing https://github.com/netblue30/firejail/commit/9a81078ddbbb4215d06f7d1861481ece05ebda99 it dawned on me that Arch Linux doesn't have /usr/lib/openssh, but uses /usr/lib/ssh instead. That's a different path than what's referenced in our current {allow-ssh,disable-common}.inc files. Some very superficial checks revealed that OpenSSH seems to be packaged quite differently, at least on Debian/Ubuntu and Arch Linux. And then there's version differences on non-rolling distro's to consider. All in all IMO it makes more sense to (no)blacklist /usr/lib/openssh and /usr/lib/ssh instead of referencing all the possible individual files that live under those paths.
* | | | | | disable-common.inc: fix sshLibravatar netblue302021-11-09
| | | | | |
* | | | | | disable-common.inc: more SUIDLibravatar netblue302021-11-09
| | | | | |
* | | | | | disable-common.inc: vmware SUID binariesLibravatar netblue302021-11-09
| | | | | |
* | | | | | disable-common.inc: disable chrome-sandboxLibravatar netblue302021-11-09
| | | | | |
* | | | | | disable-common.inc: blacklist sshLibravatar netblue302021-11-09
|/ / / / /
* | | | | Merge pull request #4574 from a1346054/shellcheck-fixLibravatar Kelvin M. Klann2021-11-05
|\ \ \ \ \ | | | | | | | | | | | | Fix shellcheck warnings
| * | | | | Fix some shellcheck warningsLibravatar a13460542021-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Note: This does not modify the configure script, which is a source of a lot of the remaining shellcheck warnings, because it comes from autoconf and so it makes little sense to try to fix it here. Also, it does not modify the scripts in contrib, because they possibly are maintained at some other place. Similarly with the other scripts that don't appear to be called from any of the makefiles.
* | | | | | adding more SUID executables to disable-common.incLibravatar netblue302021-11-04
| | | | | |
* | | | | | README: bump debian stable codenameLibravatar Reiner Herrmann2021-11-03
| | | | | |
* | | | | | apparmor base drop-in: remove chroot/overlay pathsLibravatar smitsohu2021-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As the upstream AppArmor base abstraction does not contain references to paths in /run/firejail/mnt/oroot there is not much point to have them in our drop-in
* | | | | | improve detection of firejail login shellLibravatar smitsohu2021-11-01
| | | | | |
* | | | | | ids: add some more pathsLibravatar smitsohu2021-10-31
| | | | | |
* | | | | | Create .gitattributesLibravatar rusty-snake2021-10-30
| | | | | | | | | | | | | | | | | | Just to make GitHub's language detection not detecting our includes as PHP/Pascal/C++.
* | | | | | adding noprofile.profile from rusty-snakeLibravatar netblue302021-10-30
| | | | | |
* | | | | | Merge pull request #4643 from rusty-snake/profile-checksLibravatar Kelvin M. Klann2021-10-29
|\ \ \ \ \ \ | | | | | | | | | | | | | | Profile Checks
| * | | | | | Add Profile ChecksLibravatar rusty-snake2021-10-29
| | | | | | |
| * | | | | | Sort src/firecfg/firecfg.configLibravatar rusty-snake2021-10-27
| | | | | | |
| * | | | | | Sort disaple-programs.incLibravatar rusty-snake2021-10-27
| | | | | | |
| * | | | | | Add alteratives and ld.so.cache to all private-etc linesLibravatar rusty-snake2021-10-27
| | |/ / / / | |/| | | | | | | | | | | | | | | | Command is the same as in d8d97acb
* | | | | | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2021-10-28
|\ \ \ \ \ \
| * \ \ \ \ \ Merge pull request #4634 from pirate486743186/patch-1Libravatar netblue302021-10-27
| |\ \ \ \ \ \ | | |/ / / / / | |/| | | | | [minor] update mpv.profile
| | * | | | | update mpv.profileLibravatar pirate4867431862021-10-24
| |/ / / / / | | | | | | | | | | | | add yt-dlp in private-bin
* | | | | | private-bin fixup (#4646)Libravatar smitsohu2021-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cannot create fslogger file as user, so raise privs and create it as root
* | | | | | more cleanupLibravatar smitsohu2021-10-28
|/ / / / / | | | | | | | | | | | | | | | | | | | | possible because selinux_relabel_path now raises privs itself where necessary
* | | | | Add disable-proc to firefox-commonLibravatar rusty-snake2021-10-23
| | | | |
* | | | | Remove 'none' from private-etc linesLibravatar rusty-snake2021-10-23
| | | | |
* | | | | wrc: whitelist journal socketsLibravatar smitsohu2021-10-23
| | | | | | | | | | | | | | | | | | | | fixes --tracelog among other things
* | | | | add wrc to several profilesLibravatar smitsohu2021-10-23
| | | | |
* | | | | promote /run/udev/data to wrcLibravatar smitsohu2021-10-23
| | | | |
* | | | | disable-exec: add /run/shmLibravatar smitsohu2021-10-23
| | | | |
* | | | | cleanupLibravatar smitsohu2021-10-22
| | | | |
* | | | | private-bin: switch effective uidLibravatar smitsohu2021-10-22
| | | | |
* | | | | private-bin: fix #4626, refactor symlink detectionLibravatar smitsohu2021-10-22
| |/ / / |/| | |
* | | | README updateLibravatar netblue302021-10-21
| | | |
* | | | Merge pull request #4628 from smitsohu/aaLibravatar netblue302021-10-21
|\ \ \ \ | | | | | | | | | | add basic Firejail support to AppArmor base abstraction (#3226)
| * | | | add basic Firejail support to AppArmor base abstraction (#3226)Libravatar smitsohu2021-10-21
| | | | |
* | | | | Merge pull request #4600 from crocket/masterLibravatar netblue302021-10-21
|\ \ \ \ \ | | | | | | | | | | | | Add profiles for imv, retroarch, and torbrowser
| * | | | | Add profiles for imv, retroarch, and torbrowserLibravatar crocket2021-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | imv, retroarch, and torbrowser are also added to firecfg.config
* | | | | | Merge pull request #4612 from jose1711/blobwars_fixLibravatar netblue302021-10-21
|\ \ \ \ \ \ | | | | | | | | | | | | | | blobwars: add path to game assets compatible with Arch
| * | | | | | blobwars: add path to game assets compatible with ArchLibravatar Jose Riha2021-10-17
| | | | | | |
* | | | | | | Merge pull request #4613 from jose1711/joystick_supportLibravatar netblue302021-10-21
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Drop noinput for games with joystick/gamepad support
| * | | | | | | Drop noinput for games with joystick/gamepad supportLibravatar Jose Riha2021-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #4608
* | | | | | | | Merge pull request #4621 from jose1711/tremulous_archfixLibravatar netblue302021-10-21
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Fix tremulous profile for Arch users
| * | | | | | | | Update etc/profile-m-z/tremulous.profileLibravatar Jose Riha2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
| * | | | | | | | Update etc/profile-m-z/tremulous.profileLibravatar Jose Riha2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-08-22 10:49:52 +0000