Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | wine: enable allow-debuggers by default - #446 | smitsohu | 2019-12-11 |
| | |||
* | gpg additions (#3077) | glitsj16 | 2019-12-10 |
| | | | | | | | | * Add 'quiet' to gpg.profile * Add 'quiet' to gpg-agent.profile * Create gpg2.profile | ||
* | Fix DeVeDe-NG export | rusty-snake | 2019-12-06 |
| | | | | It is better to comment wusc in ffmpeg? | ||
* | fix brasero | rusty-snake | 2019-12-06 |
| | |||
* | Merge pull request #3065 from the-antz/profile-thunderbird-wayland | smitsohu | 2019-12-03 |
|\ | | | | | Minor profile tweaks. | ||
| * | Minor profile tweaks. | Antz | 2019-11-26 |
| | | | | | | | | thunderbird-wayland profile did not include thunderbird-wayland.local | ||
* | | libreoffice aliasen | rusty-snake | 2019-11-28 |
| | | |||
* | | Fix profile: ffmpeg (#3064) | the-antz | 2019-11-27 |
|/ | | | Fix broken libx265 encoding (needs the set_mempolicy syscall). | ||
* | blacklist /tmp/.X11-unix in gist.profile | glitsj16 | 2019-11-25 |
| | | | Thanks to @rusty-snake for requesting this in https://github.com/netblue30/firejail/pull/3061. | ||
* | Add redirect profile for gist-paste (#3062) | glitsj16 | 2019-11-25 |
| | |||
* | Add new profile: gist (#3061) | glitsj16 | 2019-11-25 |
| | | | | | | | | | | | | * Create gist.profile * Add gist config to disable-programs.inc * Add gist to firecfg.config * Update RELNOTES * Update README.md | ||
* | blacklist gksu, gksudo, kdesudo | rusty-snake | 2019-11-25 |
| | |||
* | various fixups | rusty-snake | 2019-11-25 |
| | |||
* | apparmor: misc fix for pcscd | Vincent43 | 2019-11-24 |
| | |||
* | apparmor: don't allow mounts and paths manipulation | Vincent43 | 2019-11-24 |
| | | | | | | | | | | | | | AppArmor security relies on path based rules and rewriting paths may allow to bypass them. Those actions are priveliged so vast majority of apps shouldn't need them anyway. If some app need those rules then it's better to consider them as unsuitable for apparmor option rather than weaken generic profile for all apps. See related issue reported by apparmor usage in snap: https://bugs.launchpad.net/snapd/+bug/1791711 | ||
* | apparmor: allow access to pcscd socket (smartcards) | Vincent43 | 2019-11-24 |
| | |||
* | Add new profile: unf (#3060) | glitsj16 | 2019-11-24 |
| | | | | | | * Create unf.profile * Add unf to firecfg.config | ||
* | Add new profile: gmpc (#3059) | glitsj16 | 2019-11-24 |
| | | | | | | | | * Create gmpc.profile * Add gmpc config to disable-programs.inc * Add gmpc to firecfg.config | ||
* | Add new profile: drawio (#3058) | glitsj16 | 2019-11-24 |
| | | | | | | | | * Create drawio.profile * Add drawio config to disable-programs.inc * Add drawio to firecfg.config | ||
* | Add new profile: ddgtk (#3057) | glitsj16 | 2019-11-24 |
| | | | | | | * Create ddgtk.profile * Add ddgtk to firecfg.config | ||
* | Add new profile: cameramonitor (#3056) | glitsj16 | 2019-11-24 |
| | | | | | | * Create cameramonitor.profile * Add cameramonitor to firecfg.config | ||
* | New profile: audio-recorder (#3055) | glitsj16 | 2019-11-24 |
| | | | | | | * Create audio-recorder.profile * Add audio-recorder to firecfg.config | ||
* | merges | Tad | 2019-11-24 |
| | |||
* | profanity: reorder alphabetically | Adrian L. Shaw | 2019-11-24 |
| | |||
* | profanity: reorder alphabetically | Adrian L. Shaw | 2019-11-24 |
| | |||
* | profanity: allow Python plugins and reorder rules | Adrian L. Shaw | 2019-11-24 |
| | |||
* | Separate the whitelist section of profanity profile | Adrian L. Shaw | 2019-11-24 |
| | |||
* | Sort and harden profanity profile | Adrian L. Shaw | 2019-11-24 |
| | |||
* | Add profile for the Profanity chat client | Adrian L. Shaw | 2019-11-24 |
| | |||
* | Use seccomp ! syntax in electron-mail.profile | glitsj16 | 2019-11-23 |
| | |||
* | Add new electron-mail profile (#3053) | glitsj16 | 2019-11-23 |
| | | | | | | | | * Create electron-mail.profile * Add electron-mail to disable-programs.inc * Add electron-mail to firecfg.config | ||
* | Add lensfun support for gimp | glitsj16 | 2019-11-22 |
| | |||
* | Add babl/gegl support for gimp (#3051) | glitsj16 | 2019-11-22 |
| | | | | | | | | * Add babl/gegl caches for gimp * Add gir-1.0 to wusc * Add babl/gegl support to gimp.profile | ||
* | Merge pull request #3044 from netblue30/ssh_nc | netblue30 | 2019-11-13 |
|\ | | | | | RFC: profiles: allow nc in ssh profile by default | ||
| * | profiles: allow nc in ssh profile by default | Reiner Herrmann | 2019-11-13 |
| | | |||
* | | Merge pull request #3037 from vutny/fix-3029 | netblue30 | 2019-11-13 |
|\ \ | | | | | | | Resolve #3029: drop outdated Skype profile | ||
| * | | Resolve #3029: drop outdated Skype profile | Denys Havrysh | 2019-11-12 |
| | | | |||
* | | | wine: propose allow-debuggers instead | smitsohu | 2019-11-13 |
| | | | |||
* | | | harden wine profile | smitsohu | 2019-11-13 |
| |/ |/| | |||
* | | add signal mediation to apparmor profile | smitsohu | 2019-11-13 |
| | | | | | | | | second line of defense, as there is always a pid namespace, too | ||
* | | some apparmor profile cleanup | smitsohu | 2019-11-12 |
| | | | | | | | | | | | | | | | | writing in /run/firejail/profile has always been restricted to root user, and in addition this folder is blacklisted since recently; @{profile_name} is built-in and adds a bit of flexibility; apparmor cannot be used to restrict directory search permission, so add more rules for sensitive paths | ||
* | | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2019-11-12 |
|\ \ | |||
| * | | Fix dig.profile on Ubuntu | glitsj16 | 2019-11-11 |
| | | | | | | | | | Fixes #3038. | ||
* | | | blacklist .fscrypt directories | smitsohu | 2019-11-12 |
|/ / | |||
* | | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2019-11-11 |
|\| | |||
| * | rework strings.profile | rusty-snake | 2019-11-10 |
| | | | | | | | | close #2988 | ||
* | | tentatively fix k3b profile - #2989 | smitsohu | 2019-11-11 |
|/ | |||
* | add kfind profile | smitsohu | 2019-11-09 |
| | |||
* | fix nano support in git profile | smitsohu | 2019-11-09 |
| | |||
* | harden baloo | smitsohu | 2019-11-09 |
| |