Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | | asunder profile | 2018-03-17 | ||
|/ | ||||
* | more apparmor deployment | 2018-03-17 | ||
| | ||||
* | apparmor deployment | 2018-03-16 | ||
| | ||||
* | Add a LibreOffice profile alias for Base | 2018-03-15 | ||
| | ||||
* | removing private-lib from evince, issue #1711 | 2018-03-14 | ||
| | ||||
* | fix private-etc in spotify profile - #1768 | 2018-03-13 | ||
| | ||||
* | fix qupzilla, falkon (seccomp, tracelog, private-tmp) - #1794, #1736 | 2018-03-13 | ||
| | ||||
* | fix unbound (ip-transparent option) - #1731 | 2018-03-13 | ||
| | ||||
* | harden kwrite | 2018-03-13 | ||
| | ||||
* | noblacklist /etc/profile.d cleanup | 2018-03-13 | ||
| | ||||
* | fix PROMPT_COMMAND for bash - this was the problem on CentOS that we needed ↵ | 2018-03-13 | ||
| | | | | to unblacklist /etc/profile.d; I'll do some cleanup in the next commit | |||
* | (Temporarily?) fix private-lib for evince. See #1711"e | 2018-03-12 | ||
| | ||||
* | Even more fixes for /etc/profile | 2018-03-12 | ||
| | ||||
* | More fixes for /etc/profile and mdwe | 2018-03-12 | ||
| | | | | | - Adds noblacklist /etc/profile.d to many profiles like 2e17082ba4b3399bf5d68bb75587934ea028cc5c and 970f739e2be202a39ab82f589d5773267b903de6 - Disables mdwe to workaround #1803 like 970f739e2be202a39ab82f589d5773267b903de6 | |||
* | Merge branch 'master' of http://github.com/netblue30/firejail | 2018-03-12 | ||
|\ | ||||
| * | Add a profile for gnome-builder | 2018-03-12 | ||
| | | ||||
| * | Remove mdwe from viewnior - fix #1808 | 2018-03-12 | ||
| | | ||||
* | | bringing back private-lib in evince, and some fixes for Arch Linux | 2018-03-12 | ||
|/ | ||||
* | fix bash on CentOS 7 | 2018-03-12 | ||
| | ||||
* | fix speller support in gedit profile | 2018-03-12 | ||
| | ||||
* | Add a steam profile alias for steam-native | 2018-03-10 | ||
| | ||||
* | Disable memory-deny-write-execute in evince profile | 2018-03-07 | ||
| | | | It started breaking application in Archlinux, see https://github.com/netblue30/firejail/issues/1803 | |||
* | Add falkon profile - see #1794 | 2018-03-05 | ||
| | ||||
* | Fix #1797 - Brave doesn't open with noexec /tmp | 2018-03-05 | ||
| | ||||
* | fix kioexec/krun for KDE authentication | 2018-03-05 | ||
| | ||||
* | Merge branch 'master' of https://github.com/netblue30/firejail | 2018-03-05 | ||
|\ | ||||
| * | Add VS Code profile - see request in #1139 | 2018-03-03 | ||
| | | ||||
| * | Add netlink to protocol list and drop chroot from seccomp filter - should ↵ | 2018-03-02 | ||
| | | | | | | | | | | | | | | | | fix #1792. Brackets no longer opens without netlink in the protocol list, or with chroot blacklisted by the seccomp filter (which this commit changes from 'seccomp' to 'seccomp.keep'). | |||
* | | blacklist smartgit password file - #1796 | 2018-03-05 | ||
|/ | ||||
* | let konsole access its settings - #1789 | 2018-03-02 | ||
| | ||||
* | cleanup: remove empty private-bin and private-etc lines | 2018-03-01 | ||
| | ||||
* | add join-or-start to dolphin, okular and kwrite | 2018-03-01 | ||
| | | | | fixes registration of d-bus services, closes #1391 | |||
* | Fixup private-bin in start-tor-browser.profile after ↵ | 2018-02-27 | ||
| | | | | 63d455fbe6cfde2f97137f51b779d44f22cb4675 | |||
* | Sync start-tor-browser with torbrowser-launcher profile' | 2018-02-27 | ||
| | | | | | | start-tor-browser.profile should stay seperate from torbrowser-launcher for the case when downloaded manually. The other tor-browser-* are okay to extend torbrowser-launcher because their paths are known. | |||
* | Add ld.so.cache to torbrowser-launcher.profile | 2018-02-26 | ||
| | ||||
* | Add ld.so.cache to firefox-common.profile, fixes #1767 | 2018-02-26 | ||
| | ||||
* | drop cap_mac_admin in apparmor profile | 2018-02-27 | ||
| | ||||
* | Merge pull request #1787 from joelazar/master | 2018-02-26 | ||
|\ | | | | | .Xauthority moved from blacklist to read-only | |||
| * | .Xauthority moved from blacklist to read-only | 2018-02-26 | ||
| | | ||||
* | | Add join-or-start to kate (should fix #1784) | 2018-02-24 | ||
| | | ||||
* | | man page, README.md, RELNOTES | 2018-02-21 | ||
|/ | ||||
* | Minor bitcoin-qt nitpicks and update README | 2018-02-20 | ||
| | ||||
* | Revert "Also whitelist .bitcoin-testnet just in case" | 2018-02-20 | ||
| | | | | | | | | This reverts commit 254d2a9d9b6e752c0e3188fa90e4c5856eae5979. Testnet blockchain is in ~/.bitcoin/testnet3/ no need for anything else. And config is in ./.config/Bitcoin/Bitcoin-Qt-testnet.conf | |||
* | Also whitelist .bitcoin-testnet just in case | 2018-02-20 | ||
| | ||||
* | Remove unecassary blacklist for bitcoin-qt config. Comment about private-lib | 2018-02-20 | ||
| | ||||
* | Add a profile for Bitcoin Core QT client / wallet | 2018-02-20 | ||
| | ||||
* | Add a profile for Vivaldi Snapshot | 2018-02-20 | ||
| | ||||
* | Apparmor: Allow log Firejail blacklist violations | 2018-02-19 | ||
| | ||||
* | Log denied write access for easier debugging | 2018-02-19 | ||
| | | | After more testing we can disable logging gain. | |||
* | Apparmor: blacklist /proc and /sys access from firejail | 2018-02-19 | ||
| | | | | | Firejail does blacklisting sensitive /proc and /sys files on its own: https://github.com/netblue30/firejail/blob/master/src/firejail/fs.c#L530 There is no need to duplicate this in apparmor using whitelisting approach which is much harder to do and needs never ending maintenance. |