Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | adding machine-id to a number of profiles | 2017-12-04 | |
| | |||
* | Consistent home directory nomenclature | 2017-11-17 | |
| | |||
* | fix and harden various profiles | 2017-10-29 | |
| | |||
* | disable non-abstract session bus address | 2017-10-22 | |
| | | | | | systematically blacklist /run/user/*/bus in all profiles with 'net none'. targets distros like Fedora | ||
* | private-lib developments | 2017-10-09 | |
| | |||
* | private-lib developments | 2017-10-09 | |
| | |||
* | various profile enhancements | 2017-09-25 | |
| | | | | | | | * okular needs kdeinit4 for open file dialog since recently * memory-deny-write-execute should be a safe addition for desktop use of dnscrypt and unbound * cleanup works | ||
* | merge #1565 | 2017-09-22 | |
| | |||
* | Fixup merge of #1565 | 2017-09-22 | |
| | |||
* | 1 LIST | 2017-09-19 | |
| | |||
* | whitelist /var - Xubuntu fixes | 2017-09-17 | |
| | |||
* | Fix nodvd placement | 2017-08-13 | |
| | |||
* | added nodvd to most profiles | 2017-08-13 | |
| | |||
* | Fix notv placement | 2017-08-11 | |
| | |||
* | added notv to most profiles | 2017-08-11 | |
| | |||
* | Fix comments in 88 profiles | 2017-08-07 | |
| | | | | There may actually be some other comments that were removed, but the bulk have been restored | ||
* | Unify all profiles | 2017-08-07 | |
| | |||
* | Add back net none/netfilter as needed | 2017-08-02 | |
| | |||
* | Initial adding of memory-deny-write-execute to profiles | 2017-08-02 | |
| | | | | | | | | - mdwe breaks most vm-based languages so python/java/javascript and some mono programs are not compatible - mdwe also breaks most 3d accelerated programs such as 3d games - mdwe is similar to PaX's mprotect meaning PaX flag managers can be used as reference -- See https://github.com/copperhead/paxd-archive/blob/master/paxd.conf -- See https://github.com/nning/linux-pax-flags | ||
* | Harden profiles | 2017-08-02 | |
| | | | | | | | | - Added 'disable-devel.conf' to many profiles - Added 'disable-mnt' to many profiles - Added 'noexec' to many profiles - Removed 'netfilter' and 'net none' from profiles with 'protocol unix' - Cleaned up profiles using defaults | ||
* | test: add novideo to profiles (part 1) | 2017-06-15 | |
| | |||
* | commented out ipc-namespace in most profiles - it breaks newer versions of ↵ | 2017-05-25 | |
| | | | | GDK with the following error: Gdk-ERROR **: The program 'thunderbird' received an X Window System error | ||
* | added /etc/firejail/globals.local for global customizations | 2017-05-23 | |
| | |||
* | Harden more profiles | 2017-04-17 | |
| | |||
* | Harden 19 more profiles | 2017-04-15 | |
| | |||
* | persistent support for all profile files | 2017-02-09 | |
| | |||
* | blacklisted various program files | 2016-12-01 | |
| | |||
* | reversed incorrect changes | 2016-11-19 | |
| | |||
* | profile fixes | 2016-11-05 | |
| | |||
* | private-tmp changes | 2016-11-03 | |
| | |||
* | Allow evince to access /tmp | 2016-10-09 | |
| | | | | | firefox will save files under /tmp/mozilla_* and try to open them with evince when evince is the default PDF reader. | ||
* | Added tracelog | 2016-09-25 | |
| | |||
* | If you give a mouse a cookie... | 2016-07-09 | |
| | |||
* | profile update | 2016-06-23 | |
| | |||
* | private-bin conversion | 2016-06-10 | |
| | |||
* | private-bin conversion | 2016-06-10 | |
| | |||
* | merged Various #542 pull request from Fred-Barclay | 2016-05-31 | |
| | |||
* | profiles: Add nonewprivs where sensible | 2016-05-25 | |
| | |||
* | delete blacklist wine from profiles | 2016-04-12 | |
| | |||
* | introducing disable-passwdmgr.inc | 2016-03-28 | |
| | |||
* | consolidated disable-terminals into disable-common | 2016-03-27 | |
| | |||
* | consolidating disable-mgmt and disable-sercret into disable-common | 2016-03-26 | |
| | |||
* | profile work | 2016-03-26 | |
| | |||
* | profile update | 2016-03-12 | |
| | |||
* | split out terminal blacklisting in disable-terminals.inc | 2016-02-12 | |
| | |||
* | tracelog fixes | 2015-12-06 | |
| | |||
* | traclog added to various profiles | 2015-12-06 | |
| | |||
* | added disable-devel.inc | 2015-11-01 | |
| | |||
* | merged disable-history.inc into disable-common.inc | 2015-10-30 | |
| | |||
* | enable --protocol by default in profiles | 2015-10-28 | |
| |