Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Add a profile for Gnome Twitch | 2017-08-05 | |
| | |||
* | Update firecfg.config and add a wireshark-* alias | 2017-08-04 | |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | 2017-08-04 | |
|\ | |||
| * | Gwenview: drop kbuildsycoca5 from private-bin | 2017-08-04 | |
| | | |||
* | | private-lib: support for /etc/firejail/firejail.config | 2017-08-04 | |
|/ | |||
* | Add 12 new profiles | 2017-08-03 | |
| | | | | apktool, Baobab, dex2jar, gitg, Hashcat, MusicBrainz Picard, OBS Studio, Remmina, sdat2img, Sound Converter, SQLiteBrowser, Truecraft | ||
* | profile fixes | 2017-08-04 | |
| | | | | | | | | * Update qbittorrent.profile * Update gwenview.profile * Update disable-programs.inc | ||
* | Change ~/.local/share/kservices5 to read-only | 2017-08-03 | |
| | |||
* | Merge pull request #1426 from VladimirSchowalter20/master | 2017-08-02 | |
|\ | | | | | Apparmor: add local configuration | ||
| * | Minor fix for completness | 2017-08-02 | |
| | | |||
| * | Apparmor: add local configuration | 2017-08-02 | |
| | | |||
* | | Merge pull request #1424 from ↵ | 2017-08-02 | |
|\ \ | | | | | | | | | | | | | VladimirSchowalter20/VladimirSchowalter20-apparmor-kde-fix Apparmor: update whitelist path for kde | ||
| * | | Apparmor: update whitelist path for kde | 2017-08-02 | |
| |/ | |||
* | | Add rambox profile from #1425 | 2017-08-02 | |
| | | |||
* | | Fixes | 2017-08-02 | |
| | | |||
* | | Add back net none/netfilter as needed | 2017-08-02 | |
| | | |||
* | | Partially synchronize Chromium-based profiles | 2017-08-02 | |
| | | |||
* | | Add noexec to more profiles as tested by @curiosity-seeker | 2017-08-02 | |
| | | | | | | | | See https://github.com/netblue30/firejail/pull/1367#issuecomment-315793729 | ||
* | | Initial adding of memory-deny-write-execute to profiles | 2017-08-02 | |
| | | | | | | | | | | | | | | | | - mdwe breaks most vm-based languages so python/java/javascript and some mono programs are not compatible - mdwe also breaks most 3d accelerated programs such as 3d games - mdwe is similar to PaX's mprotect meaning PaX flag managers can be used as reference -- See https://github.com/copperhead/paxd-archive/blob/master/paxd.conf -- See https://github.com/nning/linux-pax-flags | ||
* | | Harden profiles | 2017-08-02 | |
|/ | | | | | | | | - Added 'disable-devel.conf' to many profiles - Added 'disable-mnt' to many profiles - Added 'noexec' to many profiles - Removed 'netfilter' and 'net none' from profiles with 'protocol unix' - Cleaned up profiles using defaults | ||
* | x11/xpra support | 2017-08-01 | |
| | |||
* | Add some /proc dirs to firejail apparmor profile | 2017-08-02 | |
| | |||
* | Fix #1420 | 2017-07-31 | |
| | |||
* | telegram is called telegram-desktop in Debian | 2017-07-30 | |
| | |||
* | Add a profile for arm | 2017-07-29 | |
| | |||
* | new profiles | 2017-07-29 | |
| | |||
* | arp rework | 2017-07-29 | |
| | |||
* | Zoom cache dir | 2017-07-27 | |
| | | | | | Zoom seems to use of a QT cache-disk feature which depends upon a ~/.cache/<app>/qmlcache directory. If it can not, Zoom will segfault with mprotect failed in ExecutableAllocator::makeExecutable: Permission denied | ||
* | Allow eom and xviewer to write to user's trash | 2017-07-27 | |
| | |||
* | Updates after merges | 2017-07-27 | |
| | |||
* | Add Electron and Riot profiles | 2017-07-27 | |
| | | | | | | | * Add a generic profile for Electron applications. * Add a specific profile for Riot based on this new Electron profile. * Addresses vector-im/riot-web#3004 * Fulfils profile request for Riot.im in netblue30/firejail#1139 | ||
* | Add access to trash | 2017-07-23 | |
| | | | Eog needs access to trash to delete files | ||
* | apparmor fixes | 2017-07-21 | |
| | |||
* | Merge pull request #1372 from rccavalcanti/chromium_arch | 2017-07-16 | |
|\ | | | | | Fix permission denied for chromium-flags.conf in Arch | ||
| * | Fix permission denied for chromium-flags.conf in Arch | 2017-07-10 | |
| | | |||
* | | Fix typo | 2017-07-14 | |
| | | |||
* | | Re-add .ssh to noblacklist for andriod-studio and idea.sh | 2017-07-14 | |
| | | |||
* | | Add quiet to exiftool profile | 2017-07-13 | |
| | | |||
* | | Fix .java after e2449ae7d25925cec444ac08bbfb9cbc7199e647 | 2017-07-13 | |
| | | |||
* | | Update after merge #1374 | 2017-07-13 | |
| | | | | | | | | | | This introduces blacklist ~/.java to disable-programs.inc, so it may break some existing profiles that depend on it. | ||
* | | Merge pull request #1374 from SpotComms/idea | 2017-07-13 | |
|\ \ | | | | | | | Add profiles for IntelliJ IDEA and Android Studio | ||
| * | | Update idea.sh.profile | 2017-07-13 | |
| | | | | | | | | | Don't allow ~/.ssh access | ||
| * | | Update android-studio.profile | 2017-07-13 | |
| | | | | | | | | | Don't allow ~/.ssh access | ||
| * | | Add a profile for IntelliJ IDEA and Android Studio | 2017-07-11 | |
| | | | |||
* | | | Cleanup from merges #1369 and #1373 | 2017-07-13 | |
| | | | |||
* | | | Merge pull request #1373 from SpotComms/sa | 2017-07-11 | |
|\ \ \ | | | | | | | | | Add a profile for SILENTARMY | ||
| * | | | Add a profile for SILENTARMY | 2017-07-11 | |
| |/ / | |||
* | / | profiles: tracelog breaks integrated browser in steam | 2017-07-11 | |
| |/ |/| | | | | | | | Thanks to @viq for the hint. Fixes: #1280 | ||
* | | Fix #1370 | 2017-07-09 | |
| | | |||
* | | Add profile for Peek | 2017-07-09 | |
|/ |