firejail - Mirror of https://github.com/netblue30/firejail

	Commit message (Collapse)	Author	Age
*	Replace `nodbus` with dbus-* filters	Fred Barclay	2020-04-07
\| \| \| \| \| \| \| \| \| \| \| \| \|	See - 07fac581f6b9b5ed068f4c54a9521b51826375c5 for new dbus filters - https://github.com/netblue30/firejail/pull/3326#issuecomment-610423183 Except for ocenaudio, access/restrictions on dbus options should be unchanged Ocenaudio profile: dbus filters were sandboxed (initially `nodbus` was enabled) since comments indicated blocking dbus meant preferences were broken
*	Whitelist runuser common (#3286)	rusty-snake	2020-03-31
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* introduce whitelist-runuser-common.inc * If an applications does not need a whitelist it can/should be nowhitelisted. Example: nowhitelist ${RUNUSER}/pulse include whitelist-runuser-common.inc * ${RUNUSER}/bus is inaccessible with nodbus regardless of the whitelist. (as it should) * strange wayland setups with an second wayland-compostior need to whitelist ${RUNUSER}/wayland-1, ${RUNUSER}/wayland-2 and so on. * some display-manager store there Xauthority file in ${RUNUSER}. test results with fedora 31: - ssdm: ~/.Xauthority is used - lightdm: /run/lightdm/USER/Xauthority - gdm: /run/user/UID/gdm/Xauthority * IMPORTANT: ATM we can only enable this for non-graphical and GTK3 programs because mutter (GNOMEs window-manger) stores the Xauthority file for Xwayland under /run/user/UID/.mutter-Xwaylandauth.XXXXXX where XXXXXX is random. Until we have whitelist globbing we can't whitelist this file. QT/KDE and other toolkits without full wayland support won't be able to start. * wru update 1 - add wru to more profiles. - blacklist ${RUNUSER} works for the most cli programs too. * add wruc to more profiles * fixes * fixes * wruc: hide pulse pid * update * remove wruc from all the x11 profiles * fixes * fix ordering * read-only * revert read-only * update *
*	Update file.profile	rusty-snake	2020-03-15
\| \| \| \| \| \| \| \|	* fix private-lib, closes #3233 * make private-etc and private-lib opt-in see https://github.com/netblue30/firejail/issues/3233#issuecomment-589871765 disable-devel.inc: remove duplicated line
*	add 'blacklist ${RUNUSER}/wayland-*' to all profi…	rusty-snake	2020-01-18
\| \| \| \|	…les with 'x11 none'
*	fix file.profile (broken on Debian Buster)	smitsohu	2019-08-12
\|
*	update and harden file.profile	smitsohu	2019-08-11
\|
*	add 'x11 none' to more profiles with 'net none'	rusty-snake	2019-06-20
\|
*	automatically fixed all private-{bin,etc} lines	rusty-snake	2019-06-13
\|
*	add disable-exec.inc to all profiles with apparmor (#2576)	smitsohu	2019-03-12
\| \| \| \| \| \|	* add disable-exec.inc to all profiles with apparmor - #2385 #2505 * drop disable-exec.inc from generic electron.profile
*	Harden file.profile (#2458)	glitsj16	2019-02-24
\|
*	Add alternatives to private-etc for profiles in etc/	Fred-Barclay	2019-02-17
\| \| \| \|	See discussion in #2399
*	Update file.profile	glitsj16	2018-11-05
\| \| \|	Add support for bsdtar and libfakeroot support for makepkg on Arch.
*	Merge pull request #2201 from SkewedZeppelin/u2f-ap	netblue30	2018-10-17
\|\ \| \| \| \|	Add nou2f to all profiles
\| *	Add nou2f to all profiles	Tad	2018-10-15
\| \| \| \| \| \| \| \|	- Closes #2194
* \|	Remove "/etc/firejail/" from all include paths, now that profile_read will ↵	Glenn Washburn	2018-10-17
\|/ \| \| \|	search for the file.
*	profiles: file needs access to libmagic	Reiner Herrmann	2018-10-12
\|
*	profiles: drop private-tmp from file, as running on temporary files is ↵	Reiner Herrmann	2018-10-12
\| \| \| \|	common use case
*	Harden file.profile	glitsj16	2018-10-11
\|
*	Fix file.profile	glitsj16	2018-10-11
\|
*	Add descriptions to profiles, pulled from Ubuntu 18.04	Tad	2018-08-13
\|
*	recalibrate dbus access, deploy nodbus option	smitsohu	2018-03-28
\| \| \| \| \| \| \|	see #1822 and #1825. also systematically replaces 'blacklist /run/user/*/bus' with 'nodbus'. with contributions from @Fred-Barclay
*	disable non-abstract session bus address	smitsohu	2017-10-22
\| \| \| \| \|	systematically blacklist /run/user/*/bus in all profiles with 'net none'. targets distros like Fedora
*	added private-lib to eog, eom, file, gpicview, less, strings, and tar	netblue30	2017-10-16
\|
*	improve servers, harden musescore	smitsohu	2017-08-31
\|
*	profile enhancements (mostly novideo)	smitsohu	2017-08-29
\|
*	Fix nodvd placement	Tad	2017-08-13
\|
*	added nodvd to most profiles	netblue30	2017-08-13
\|
*	Fix notv placement	Tad	2017-08-11
\|
*	added notv to most profiles	netblue30	2017-08-11
\|
*	Fix comments in 88 profiles	Tad	2017-08-07
\| \| \| \|	There may actually be some other comments that were removed, but the bulk have been restored
*	Unify all profiles	Tad	2017-08-07
\|
*	Add back net none/netfilter as needed	Fred-Barclay	2017-08-02
\|
*	Harden profiles	Tad	2017-08-02
\| \| \| \| \| \| \| \|	- Added 'disable-devel.conf' to many profiles - Added 'disable-mnt' to many profiles - Added 'noexec' to many profiles - Removed 'netfilter' and 'net none' from profiles with 'protocol unix' - Cleaned up profiles using defaults
*	fix quiet in profiles	netblue30	2017-06-08
\|
*	added /etc/firejail/globals.local for global customizations	netblue30	2017-05-23
\|
*	persistent support for all profile files	netblue30	2017-02-09
\|
*	quiet fix	netblue30	2016-11-29
\|
*	updated default.profile	valoq	2016-11-20
\|
*	squash attempt 2	Fred-Barclay	2016-10-24
\|
*	removed private-tmp from sysutils	netblue30	2016-10-03
\|
*	profile cleanup	netblue30	2016-09-28
\|
*	added quiet profile command	netblue30	2016-08-01
\|
*	cleanup and some new tests	netblue30	2016-07-31
\|
*	Add file.profile	Thomas Jarosch	2016-07-31