firejail - Mirror of https://github.com/netblue30/firejail

	Commit message (Collapse)	Author	Age
*	reorganize github etc directory	netblue30	2020-04-21
\|
*	Replace `nodbus` with dbus-* filters	Fred Barclay	2020-04-07
\| \| \| \| \| \| \| \| \| \| \| \| \|	See - 07fac581f6b9b5ed068f4c54a9521b51826375c5 for new dbus filters - https://github.com/netblue30/firejail/pull/3326#issuecomment-610423183 Except for ocenaudio, access/restrictions on dbus options should be unchanged Ocenaudio profile: dbus filters were sandboxed (initially `nodbus` was enabled) since comments indicated blocking dbus meant preferences were broken
*	Whitelist runuser common (#3286)	rusty-snake	2020-03-31
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* introduce whitelist-runuser-common.inc * If an applications does not need a whitelist it can/should be nowhitelisted. Example: nowhitelist ${RUNUSER}/pulse include whitelist-runuser-common.inc * ${RUNUSER}/bus is inaccessible with nodbus regardless of the whitelist. (as it should) * strange wayland setups with an second wayland-compostior need to whitelist ${RUNUSER}/wayland-1, ${RUNUSER}/wayland-2 and so on. * some display-manager store there Xauthority file in ${RUNUSER}. test results with fedora 31: - ssdm: ~/.Xauthority is used - lightdm: /run/lightdm/USER/Xauthority - gdm: /run/user/UID/gdm/Xauthority * IMPORTANT: ATM we can only enable this for non-graphical and GTK3 programs because mutter (GNOMEs window-manger) stores the Xauthority file for Xwayland under /run/user/UID/.mutter-Xwaylandauth.XXXXXX where XXXXXX is random. Until we have whitelist globbing we can't whitelist this file. QT/KDE and other toolkits without full wayland support won't be able to start. * wru update 1 - add wru to more profiles. - blacklist ${RUNUSER} works for the most cli programs too. * add wruc to more profiles * fixes * fixes * wruc: hide pulse pid * update * remove wruc from all the x11 profiles * fixes * fix ordering * read-only * revert read-only * update *
*	automatically fixed all private-{bin,etc} lines	rusty-snake	2019-06-13
\|
*	adding disable-exec.inc to the remaining profiles	netblue30	2019-04-12
\|
*	Fix #2548 (#2549)	7twin	2019-03-09
\| \| \| \| \| \| \| \|	* Fix #2548 * Aligned order with other profiles Firejail profiles common practice to put the quiet as early as possible
*	Add alternatives to private-etc for profiles in etc/	Fred-Barclay	2019-02-17
\| \| \| \|	See discussion in #2399
*	flameshot.profile: remove memory-deny-write-execute	Vincent43	2019-01-18
\| \| \|	memory-deny-write-execute may break app, see https://github.com/netblue30/firejail/issues/1139#issuecomment-455420202
*	Merge pull request #2201 from SkewedZeppelin/u2f-ap	netblue30	2018-10-17
\|\ \| \| \| \|	Add nou2f to all profiles
\| *	Add nou2f to all profiles	Tad	2018-10-15
\| \| \| \| \| \| \| \|	- Closes #2194
* \|	Remove "/etc/firejail/" from all include paths, now that profile_read will ↵	Glenn Washburn	2018-10-17
\|/ \| \| \|	search for the file.
*	Add descriptions to profiles, pulled from Ubuntu 18.04	Tad	2018-08-13
\|
*	Stop breaking PKI with private-etc	Tad	2018-08-08
\| \| \| \| \|	Command: grep "crypto-policies" -iL $(grep "private-etc" -il $(grep "inet,inet6" . -Rl)) + fixes for #2077
*	created flameshot profile (#2063)	veloute	2018-07-25
	* created flameshot profile * made requested changes * private-etc fixed