Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | extend qt5ct support - #1540 | smitsohu | 2017-11-24 |
| | | | | | configuration files should be available to all Qt apps. qt5ct is used e.g. by Manjaro for their theming. | ||
* | Consistent home directory nomenclature | Fred-Barclay | 2017-11-17 |
| | |||
* | private-lib cleanup | netblue30 | 2017-10-10 |
| | |||
* | private-lib developments | netblue30 | 2017-10-09 |
| | |||
* | Tighten multiple profiles. | Fred-Barclay | 2017-10-04 |
| | | | | | This adds whitelist-var-common, machine-id, memory-deny-write-execute, and noexec home and tmp when possible. | ||
* | profile enhancements (mostly novideo) | smitsohu | 2017-08-29 |
| | |||
* | Fix nodvd placement | Tad | 2017-08-13 |
| | |||
* | added nodvd to most profiles | netblue30 | 2017-08-13 |
| | |||
* | Fix notv placement | Tad | 2017-08-11 |
| | |||
* | added notv to most profiles | netblue30 | 2017-08-11 |
| | |||
* | Fix comments in 88 profiles | Tad | 2017-08-07 |
| | | | | There may actually be some other comments that were removed, but the bulk have been restored | ||
* | Unify all profiles | Tad | 2017-08-07 |
| | |||
* | various profile fixes (#1433) | Vladimir Schowalter | 2017-08-06 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * calibre: add netlink protocol (FB note: removed before merge) calibre started without netlink protocol throws following error in console: Exception in thread Thread-8: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner self.run() File "/usr/lib/calibre/calibre/utils/mdns.py", line 43, in run _all_ip_addresses = self.get_all_ips() File "/usr/lib/calibre/calibre/utils/mdns.py", line 27, in get_all_ips for x in netifaces.interfaces(): OSError: [Errno 95] Operation not supported * mpv: add nogroups, tracelog, ipc-namespace, private-dev I used testes all above options and didn't noticed any breakage. * qbittorrent: add netlink protocol, private-etc Netlink protocol is needed if user select to bind specific network interface in config. Otherwise it throws an error in qbittorent log: The network interface defined is invalid: tun0 Example private-etc is added but commented out by default. It's tested but as there are many different system configurations users should enable it manually. * vlc: disable memory-deny-write-execute With memory-deny-write-execute vlc freezes after loading video file. According to https://github.com/VladimirSchowalter20/firejail/commit/b18f42ab0236de7eed5888f43ba36cdaf990cbca memory-deny-write-execute is similar to PAX mprotect feature and linked github project explicitly disables that feature for vlc binary, see https://github.com/copperhead/paxd-archive/commit/deb39e0b91996e2e9c7917b3543030880cd476f4 * Update vlc.profile * wine: add nogroups Nogroups should be safe addition for wine * wireshark: allow users to run wireshark as non-root Wireshark can be run unprivileged when user is part of wireshark group. Unfortunately enabling nogroups,nonewprivs and seccomp will break it with permissions errors. Also added example private-etc option which is commented out by default for now. * cosmetic fix * mpv: comment out ipc-namespace for now As requested in review https://github.com/netblue30/firejail/pull/1433#discussion_r131550515 * calibre: disable netlink protocol It throws an error but actual breakage isn't observed for now. | ||
* | profile fixes | Vladimir Schowalter | 2017-08-04 |
| | | | | | | | | * Update qbittorrent.profile * Update gwenview.profile * Update disable-programs.inc | ||
* | whitelisted transmission, deluge and qbittorrent profiles; please use ↵ | netblue30 | 2017-05-25 |
| | | | | ~/Downloads to save your files | ||
* | added /etc/firejail/globals.local for global customizations | netblue30 | 2017-05-23 |
| | |||
* | noblacklist .config/qt5ct (part 1) | Fred Barclay | 2017-04-15 |
| | |||
* | persistent support for all profile files | netblue30 | 2017-02-09 |
| | |||
* | added nogroups to qbittorrent profile | Fred Barclay | 2017-02-05 |
| | |||
* | private-tmp changes | valoq | 2016-11-03 |
| | |||
* | squash attempt 2 | Fred-Barclay | 2016-10-24 |
| | |||
* | nosound | netblue30 | 2016-07-08 |
| | |||
* | profile update | netblue30 | 2016-06-23 |
| | |||
* | removed private-bin from qbittorrent | netblue30 | 2016-06-11 |
| | |||
* | private-bin conversion | netblue30 | 2016-06-10 |
| | |||
* | private-bin conversion | netblue30 | 2016-06-10 |
| | |||
* | merged Various #542 pull request from Fred-Barclay | netblue30 | 2016-05-31 |
| | |||
* | profiles: Add nonewprivs where sensible | The Fox in the Shell | 2016-05-25 |
| | |||
* | delete blacklist wine from profiles | avoidr | 2016-04-12 |
| | |||
* | introducing disable-passwdmgr.inc | netblue30 | 2016-03-28 |
| | |||
* | consolidated disable-terminals into disable-common | netblue30 | 2016-03-27 |
| | |||
* | consolidating disable-mgmt and disable-sercret into disable-common | netblue30 | 2016-03-26 |
| | |||
* | profile work | netblue30 | 2016-03-26 |
| | |||
* | profile update | netblue30 | 2016-03-12 |
| | |||
* | split out terminal blacklisting in disable-terminals.inc | netblue30 | 2016-02-12 |
| | |||
* | tracelog fixes | netblue30 | 2015-12-06 |
| | |||
* | traclog added to various profiles | netblue30 | 2015-12-06 |
| | |||
* | added disable-devel.inc | netblue30 | 2015-11-01 |
| | |||
* | merged disable-history.inc into disable-common.inc | netblue30 | 2015-10-30 |
| | |||
* | enable --protocol by default in profiles | netblue30 | 2015-10-28 |
| | |||
* | disabled Wine and VirtualBox in default profiles | netblue30 | 2015-09-24 |
| | |||
* | fixes | netblue30 | 2015-09-24 |
| | |||
* | security profile work | netblue30 | 2015-09-24 |
| | |||
* | testing, admin work | netblue30 | 2015-09-01 |
| | |||
* | disable-history.inc integration - included in all profile files | netblue30 | 2015-08-12 |
| | |||
* | Baseline firejail 0.9.28 | netblue30 | 2015-08-08 |