Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Harden /var | Tad | 2017-08-22 |
| | |||
* | Add Jason A. Donenfeld's pass to common blacklist | James Elford | 2017-08-20 |
| | | | | | pass is a password manager that keeps files under ~/.password-store by default. See http://www.passwordstore.org/ for more info | ||
* | Fix bad noexec sorting | Fred Barclay | 2017-08-09 |
| | |||
* | Sorting | Fred-Barclay | 2017-08-08 |
| | |||
* | Change KDE4 services folder to read-only | smitsohu | 2017-08-06 |
| | | | Configurations in this folder are not secret, but need to be protected from manipulation. Let's make it available to all KDE apps for legitimate use. Discussion in #1428 | ||
* | Change ~/.local/share/kservices5 to read-only | Vladimir Schowalter | 2017-08-03 |
| | |||
* | Add fish-shell history and config to disable-common.inc | James Elford | 2017-05-22 |
| | |||
* | rephrase | SYN-cook | 2017-05-11 |
| | |||
* | layout | SYN-cook | 2017-05-11 |
| | |||
* | add noexec folders (tmp/.X11-unix and .config/pulse) | SYN-cook | 2017-05-11 |
| | |||
* | fix trash functionality for file managers | netblue30 | 2017-05-01 |
| | |||
* | noexec ~/.local/share | SYN-cook | 2017-04-21 |
| | | | #1238 | ||
* | add .pam_environment, kwin to blacklist | SYN-cook | 2017-04-04 |
| | |||
* | tidy up (#1182) | SYN-cook | 2017-03-31 |
| | | | | | | | | | | | | | | | | * minor reorganization * tidy up * tidy up * tidy up * tidy up * tidy up * tidy up | ||
* | restrict more KDE files (#1181) | SYN-cook | 2017-03-31 |
| | | | | | | | | | | * update noblacklist * blacklist local plasma overrides, plasmoids * add more KDE configuration (kdeglobals, plasmoids) * kdeglobals now in disable-common.inc | ||
* | various profile fixes and enhancements (#1177) | SYN-cook | 2017-03-29 |
| | | | | | | | | | | | | | | | | | | | | * private-dev breaks playing CDs * reenable services * blacklist kservices5 folder * blacklist nautilus scripts * blacklist ~/.kde4 files, k3b config, nautilus/nemo * sort * update noblacklisting * update blacklisting * update blacklisting/whitelisting (okular) | ||
* | blacklist KDE config (konsole, services) | SYN-cook | 2017-03-28 |
| | |||
* | blacklist krunnerrc | SYN-cook | 2017-03-27 |
| | |||
* | blacklist more KDE files (#1163) | SYN-cook | 2017-03-27 |
| | | | | | | | | | | | | | | | | * blacklist more KDE files * undo doubling of ~/.profile * remove ksmserverrc * remove ksmserverrc * blacklist kdeconnect * blacklist KDE device actions * blacklist kglobalaccel | ||
* | Merge pull request #1156 from SYN-cook/master | netblue30 | 2017-03-26 |
|\ | | | | | profile enhancements | ||
| * | move ~/.pki blacklist to disable-common.inc | SYN-cook | 2017-03-24 |
| | | |||
* | | Merge pull request #1152 from SYN-cook/master | netblue30 | 2017-03-22 |
|\| | | | | | blacklist X11 startup scripts | ||
| * | don't blacklist ~/.profile | SYN-cook | 2017-03-22 |
| | | | | | | sorry for the mistake... ~./profile is not only sourced by some display managers but also by shells, so we should keep everything as before | ||
| * | more blacklisting (X11 session autostart) | SYN-cook | 2017-03-21 |
| | | | | | | reorganization, added files according to Debian documentation | ||
* | | Merge pull request #1149 from SYN-cook/master | netblue30 | 2017-03-20 |
|\| | | | | | complete autostart blacklist for KDE | ||
| * | complete autostart blacklist for KDE | SYN-cook | 2017-03-19 |
| | | |||
* | | Handles #1150 | Fred Barclay | 2017-03-19 |
|/ | | | | Terminix is being renamed to tilix. This adds ${PATH}/tilix to the blacklisted terminals in disable-common.inc without removing terminix (since there will still be users of terminix). | ||
* | persistent config | netblue30 | 2017-02-09 |
| | |||
* | profile merges | netblue30 | 2017-01-25 |
| | |||
* | Prevent tmux connecting to an existing session | ecat3 | 2017-01-22 |
| | |||
* | profile merges | netblue30 | 2017-01-20 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2017-01-20 |
|\ | |||
| * | Merge pull request #1044 from KellerFuchs/disable-path-local | netblue30 | 2017-01-20 |
| |\ | | | | | | | Make ~/.local read-only | ||
| | * | disable-common: Make ~/.local read-only | The Fox in the Shell | 2017-01-12 |
| | | | |||
| | * | disable-common: Make directories commonly found in $PATH read-only | The Fox in the Shell | 2017-01-12 |
| | | | |||
* | | | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2017-01-20 |
|\| | | |||
| * | | Merge pull request #1056 from SYN-cook/master | netblue30 | 2017-01-20 |
| |\ \ | | | | | | | | | blacklist GNOME keyring and Konqueror | ||
| | * | | blacklist GNOME (and other) keyrings | SYN-cook | 2017-01-17 |
| | | | | | | | | | | | | in .local/share | ||
* | | | | profile merges | netblue30 | 2017-01-20 |
|/ / / | |||
* | | | Merge pull request #1034 from KellerFuchs/disable-local | netblue30 | 2017-01-11 |
|\ \ \ | | | | | | | | | etc: Support local customizations in *.inc | ||
| * | | | etc: Support local customizations in *.inc | The Fox in the Shell | 2017-01-09 |
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | This is useful for places, like hashbang.sh, which have site-specific modifications of the *.inc files. With the current setup, the package manager cannot automatically install updated versions of those files, as it would need to somehow merge the site-specific and upstream changes. Having the site-specific changes in separate files solves this. | ||
* | | | Merge pull request #1035 from KellerFuchs/disable-mutt | netblue30 | 2017-01-11 |
|\ \ \ | |_|/ |/| | | disable-common: Make mutt and msmtp's rc files read-only | ||
| * | | disable-common: Make mutt and msmtp's rc files R/O | The Fox in the Shell | 2017-01-10 |
| |/ | | | | | | | Those allow arbitrary command executions through various mechanisms | ||
* / | hands off bash aliases | SYN-cook | 2016-12-27 |
|/ | | | manipulating aliases means manipulating users (to do things they don't want to do) | ||
* | Merge pull request #979 from curiosity-seeker/master | netblue30 | 2016-12-16 |
|\ | | | | | Correct skanlite.profile | ||
| * | Update disable-common.inc | curiosity-seeker | 2016-12-15 |
| | | |||
* | | Add keepassx2 profile | Fred Barclay | 2016-12-14 |
|/ | |||
* | remove konsole from the list of restricted terminals in disable-common.inc | netblue30 | 2016-12-08 |
| | |||
* | Update disable-common.inc | vismir2 | 2016-12-03 |
| | |||
* | Added profile | vismir2 | 2016-12-03 |
| | | | Added truecrypt and zuluCrypt |