firejail - Mirror of https://github.com/netblue30/firejail

	Commit message (Collapse)	Author	Age
*	Whitelist runuser common (#3286)	rusty-snake	2020-03-31
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* introduce whitelist-runuser-common.inc * If an applications does not need a whitelist it can/should be nowhitelisted. Example: nowhitelist ${RUNUSER}/pulse include whitelist-runuser-common.inc * ${RUNUSER}/bus is inaccessible with nodbus regardless of the whitelist. (as it should) * strange wayland setups with an second wayland-compostior need to whitelist ${RUNUSER}/wayland-1, ${RUNUSER}/wayland-2 and so on. * some display-manager store there Xauthority file in ${RUNUSER}. test results with fedora 31: - ssdm: ~/.Xauthority is used - lightdm: /run/lightdm/USER/Xauthority - gdm: /run/user/UID/gdm/Xauthority * IMPORTANT: ATM we can only enable this for non-graphical and GTK3 programs because mutter (GNOMEs window-manger) stores the Xauthority file for Xwayland under /run/user/UID/.mutter-Xwaylandauth.XXXXXX where XXXXXX is random. Until we have whitelist globbing we can't whitelist this file. QT/KDE and other toolkits without full wayland support won't be able to start. * wru update 1 - add wru to more profiles. - blacklist ${RUNUSER} works for the most cli programs too. * add wruc to more profiles * fixes * fixes * wruc: hide pulse pid * update * remove wruc from all the x11 profiles * fixes * fix ordering * read-only * revert read-only * update *
*	Fixing the bug in 189772034b211578aca59540d7277f45da4f45d2 breaking meld	KOLANICH	2020-02-07
\|
*	clarify dropping python2 support in meld.profile (#3167)	glitsj16	2020-01-27
\| \| \| \| \| \|	* clarify dropping python2 support in meld.profile * properly comment the python2 situation in meld
*	die python2 die !! #3164 (meld)	rusty-snake	2020-01-18
\| \| \| \|	https://github.com/netblue30/firejail/issues/3164#issuecomment-575892401
*	Wusc fixes (#2992)	glitsj16	2019-10-06
\| \| \| \| \| \| \| \| \| \| \| \|	* Add wusc to eom * Fix wusc in firefox Without access to /usr/share/ca-certificates all HTTPS traffic gets the FF dialog 'Warning: Potential Security Risk Ahead'. Probably needed in thunderbird profile too (untested). * Fix wusc ordering in meld Just an alphabetical ordering nitpick.
*	whitelist-usr-share-common.inc (#2972)	rusty-snake	2019-10-05
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Work on whitelist-usr-share-common * sorting; add Modules + QT/KDE stuff * add wusc.inc to more profiles [needs testing] * update * gitg, firefox, evince * /usr/share/{p11-kit,pixmaps,pki,qt5,tcl8.6,terminfo} * more profiles * remove wusc.inc from feedreader Even with 'whitelist /usr/share/', feedreader trys to dereference a NULL pointer. more profiles * whitelist /usr/share breaks wget even with whitelist /usr/share/* * extend wusc.inc * update * Add alsa,crypto-policies and zoneinfo * readd wusc.inc to wget and feedreader * update * testing results: Debian Buster with KDE * more KDE stuff * fix tb
*	add missing blacklist paths	rusty-snake	2019-09-28
\|
*	Fix typo's in meld.profile	glitsj16	2019-06-13
\|
*	hardening & fixing	rusty-snake	2019-06-13
\|
*	many profile cleanups	rusty-snake	2019-06-02
\|
*	Create allow-INTERPETER.inc (#2736)	rusty-snake	2019-06-01
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Create allow-INTERPETER.inc * allow-lua.inc * allow-perl.inc * allow-python2.inc * allow-python3.inc * Create allow-java.inc * Update profiles to use new allow-INTERPRETER.inc includes * Update profiles to use new allow-INTERPRETER.inc includes 2/x * Fix order of allow-INTERPRETER.inc includes * Update profiles to use new allow-INTERPRETER.inc includes 3/x * Fixup comment about allow-java.inc https://github.com/netblue30/firejail/pull/2736#discussion_r289597997 * Add Arch Linux specific paths to allow-perl.inc
*	some little profile fixes	rusty-snake	2019-04-26
\|
*	Revert "Merge branch 'master' of github.com:netblue30/firejail"	Tad	2019-04-24
\| \| \| \| \|	This reverts commit 0d42e12f11825f84d6bf6f9c667cd16272a3700c, reversing changes made to 63efb454a4af0ee5d4905f7cfae193138aef3e15.
*	Merge branch 'master' of github.com:netblue30/firejail	rusty-snake	2019-04-24
\|\
\| *	blacklist .git-credential & .config/git (#2663) …	rusty-snake	2019-04-24
\| \| \| \| \| \| \| \| \| \|	and noblacklist they in all profiles with noblacklist .gitconfig
* \|	blacklist .git-credentials & .config/git (#2663) …	rusty-snake	2019-04-24
\|/ \| \| \| \|	and noblacklist they in all profiles with noblacklist .gitconfig
*	Add VCS support to meld (#2615)	rusty-snake	2019-03-28
\| \| \| \| \| \| \| \| \| \|	* Add hg,bzr,git,svn,cvs to meld's private-bin * Update meld.profile * Update meld.profile * Update meld.profile
*	add disable-exec.inc to all profiles with apparmor (#2576)	smitsohu	2019-03-12
\| \| \| \| \| \|	* add disable-exec.inc to all profiles with apparmor - #2385 #2505 * drop disable-exec.inc from generic electron.profile
*	Harden meld.profile (#2577)	rusty-snake	2019-03-12
\| \| \| \| \| \| \| \|	* Harden meld.profile * Fix meld.profile * Update meld.profile
*	Fix and harden meld (#2572)	glitsj16	2019-03-12
\|
*	Merge pull request #2201 from SkewedZeppelin/u2f-ap	netblue30	2018-10-17
\|\ \| \| \| \|	Add nou2f to all profiles
\| *	Add nou2f to all profiles	Tad	2018-10-15
\| \| \| \| \| \| \| \|	- Closes #2194
* \|	Remove "/etc/firejail/" from all include paths, now that profile_read will ↵	Glenn Washburn	2018-10-17
\|/ \| \| \|	search for the file.
*	Misc profile hardening	Tad	2018-09-19
\|
*	Cleanup descriptions	Tad	2018-08-13
\|
*	Add descriptions to profiles, pulled from Ubuntu 18.04	Tad	2018-08-13
\|
*	Add private-cache to many profiles	Tad	2018-06-14
\| \| \| \|	grep "cache" -L $(grep "redirect" -iL $(grep "whitelist" -RL))
*	recalibrate dbus access, deploy nodbus option	smitsohu	2018-03-28
\| \| \| \| \| \| \|	see #1822 and #1825. also systematically replaces 'blacklist /run/user/*/bus' with 'nodbus'. with contributions from @Fred-Barclay
*	disable non-abstract session bus address	smitsohu	2017-10-22
\| \| \| \| \|	systematically blacklist /run/user/*/bus in all profiles with 'net none'. targets distros like Fedora
*	Enable private-bin in 4 profiles after e6c1c54e3f1d986af2bb70578a01884892749f79	Tad	2017-10-13
\|
*	python cleanup in profile files	startx2017	2017-10-13
\|
*	Merge pull request #1466 from SpotComms/fixnd	Fred Barclay	2017-08-13
\|\ \| \| \| \|	Fix nodvd placement
\| *	Fix nodvd placement	Tad	2017-08-13
\| \|
* \|	Harden 17 profiles using private-bin	Tad	2017-08-13
\|/
*	added nodvd to most profiles	netblue30	2017-08-13
\|
*	Fix notv placement	Tad	2017-08-11
\|
*	added notv to most profiles	netblue30	2017-08-11
\|
*	Unify all profiles	Tad	2017-08-07
\|
*	Add back net none/netfilter as needed	Fred-Barclay	2017-08-02
\|
*	Harden profiles	Tad	2017-08-02
\| \| \| \| \| \| \| \|	- Added 'disable-devel.conf' to many profiles - Added 'disable-mnt' to many profiles - Added 'noexec' to many profiles - Removed 'netfilter' and 'net none' from profiles with 'protocol unix' - Cleaned up profiles using defaults
*	Harden 50 profiles	Tad	2017-07-04
\| \| \| \| \|	Hardened many profiles using disable-mnt and novideo Fixed gnome-font-viewer
*	commented out ipc-namespace in most profiles - it breaks newer versions of ↵	netblue30	2017-05-25
\| \| \| \|	GDK with the following error: Gdk-ERROR **: The program 'thunderbird' received an X Window System error
*	added /etc/firejail/globals.local for global customizations	netblue30	2017-05-23
\|
*	Harden some more profiles	Tad	2017-04-17
\|
*	Add a profile for meld	Tad	2017-04-16