Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Move apparmor option to the top of the options list in all profiles | Tad | 2018-03-17 |
| | |||
* | more apparmor deployment | Vincent43 | 2018-03-17 |
| | |||
* | apparmor deployment | netblue30 | 2018-03-16 |
| | |||
* | Add a LibreOffice profile alias for Base | Tad | 2018-03-15 |
| | |||
* | removing private-lib from evince, issue #1711 | netblue30 | 2018-03-14 |
| | |||
* | fix private-etc in spotify profile - #1768 | smitsohu | 2018-03-13 |
| | |||
* | fix qupzilla, falkon (seccomp, tracelog, private-tmp) - #1794, #1736 | smitsohu | 2018-03-13 |
| | |||
* | fix unbound (ip-transparent option) - #1731 | smitsohu | 2018-03-13 |
| | |||
* | harden kwrite | smitsohu | 2018-03-13 |
| | |||
* | noblacklist /etc/profile.d cleanup | netblue30 | 2018-03-13 |
| | |||
* | fix PROMPT_COMMAND for bash - this was the problem on CentOS that we needed ↵ | netblue30 | 2018-03-13 |
| | | | | to unblacklist /etc/profile.d; I'll do some cleanup in the next commit | ||
* | (Temporarily?) fix private-lib for evince. See #1711"e | Fred-Barclay | 2018-03-12 |
| | |||
* | Even more fixes for /etc/profile | Fred-Barclay | 2018-03-12 |
| | |||
* | More fixes for /etc/profile and mdwe | Tad | 2018-03-12 |
| | | | | | - Adds noblacklist /etc/profile.d to many profiles like 2e17082ba4b3399bf5d68bb75587934ea028cc5c and 970f739e2be202a39ab82f589d5773267b903de6 - Disables mdwe to workaround #1803 like 970f739e2be202a39ab82f589d5773267b903de6 | ||
* | Merge branch 'master' of http://github.com/netblue30/firejail | netblue30 | 2018-03-12 |
|\ | |||
| * | Add a profile for gnome-builder | Tad | 2018-03-12 |
| | | |||
| * | Remove mdwe from viewnior - fix #1808 | Fred-Barclay | 2018-03-12 |
| | | |||
* | | bringing back private-lib in evince, and some fixes for Arch Linux | netblue30 | 2018-03-12 |
|/ | |||
* | fix bash on CentOS 7 | startx2017 | 2018-03-12 |
| | |||
* | fix speller support in gedit profile | startx2017 | 2018-03-12 |
| | |||
* | Add a steam profile alias for steam-native | Tad | 2018-03-10 |
| | |||
* | Disable memory-deny-write-execute in evince profile | Vincent43 | 2018-03-07 |
| | | | It started breaking application in Archlinux, see https://github.com/netblue30/firejail/issues/1803 | ||
* | Add falkon profile - see #1794 | Fred-Barclay | 2018-03-05 |
| | |||
* | Fix #1797 - Brave doesn't open with noexec /tmp | Fred-Barclay | 2018-03-05 |
| | |||
* | fix kioexec/krun for KDE authentication | netblue30 | 2018-03-05 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2018-03-05 |
|\ | |||
| * | Add VS Code profile - see request in #1139 | Fred-Barclay | 2018-03-03 |
| | | |||
| * | Add netlink to protocol list and drop chroot from seccomp filter - should ↵ | Fred-Barclay | 2018-03-02 |
| | | | | | | | | | | | | | | | | fix #1792. Brackets no longer opens without netlink in the protocol list, or with chroot blacklisted by the seccomp filter (which this commit changes from 'seccomp' to 'seccomp.keep'). | ||
* | | blacklist smartgit password file - #1796 | smitsohu | 2018-03-05 |
|/ | |||
* | let konsole access its settings - #1789 | smitsohu | 2018-03-02 |
| | |||
* | cleanup: remove empty private-bin and private-etc lines | smitsohu | 2018-03-01 |
| | |||
* | add join-or-start to dolphin, okular and kwrite | smitsohu | 2018-03-01 |
| | | | | fixes registration of d-bus services, closes #1391 | ||
* | Fixup private-bin in start-tor-browser.profile after ↵ | Tad | 2018-02-27 |
| | | | | 63d455fbe6cfde2f97137f51b779d44f22cb4675 | ||
* | Sync start-tor-browser with torbrowser-launcher profile' | Tad | 2018-02-27 |
| | | | | | | start-tor-browser.profile should stay seperate from torbrowser-launcher for the case when downloaded manually. The other tor-browser-* are okay to extend torbrowser-launcher because their paths are known. | ||
* | Add ld.so.cache to torbrowser-launcher.profile | Tad | 2018-02-26 |
| | |||
* | Add ld.so.cache to firefox-common.profile, fixes #1767 | smitsohu | 2018-02-26 |
| | |||
* | drop cap_mac_admin in apparmor profile | smitsohu | 2018-02-27 |
| | |||
* | Merge pull request #1787 from joelazar/master | Fred Barclay | 2018-02-26 |
|\ | | | | | .Xauthority moved from blacklist to read-only | ||
| * | .Xauthority moved from blacklist to read-only | joelazar | 2018-02-26 |
| | | |||
* | | Add join-or-start to kate (should fix #1784) | Fred-Barclay | 2018-02-24 |
| | | |||
* | | man page, README.md, RELNOTES | netblue30 | 2018-02-21 |
|/ | |||
* | Minor bitcoin-qt nitpicks and update README | Tad | 2018-02-20 |
| | |||
* | Revert "Also whitelist .bitcoin-testnet just in case" | Witold Baryluk | 2018-02-20 |
| | | | | | | | | This reverts commit 254d2a9d9b6e752c0e3188fa90e4c5856eae5979. Testnet blockchain is in ~/.bitcoin/testnet3/ no need for anything else. And config is in ./.config/Bitcoin/Bitcoin-Qt-testnet.conf | ||
* | Also whitelist .bitcoin-testnet just in case | Witold Baryluk | 2018-02-20 |
| | |||
* | Remove unecassary blacklist for bitcoin-qt config. Comment about private-lib | Witold Baryluk | 2018-02-20 |
| | |||
* | Add a profile for Bitcoin Core QT client / wallet | Witold Baryluk | 2018-02-20 |
| | |||
* | Add a profile for Vivaldi Snapshot | Witold Baryluk | 2018-02-20 |
| | |||
* | Apparmor: Allow log Firejail blacklist violations | Vincent43 | 2018-02-19 |
| | |||
* | Log denied write access for easier debugging | Vincent43 | 2018-02-19 |
| | | | After more testing we can disable logging gain. | ||
* | Apparmor: blacklist /proc and /sys access from firejail | Vincent43 | 2018-02-19 |
| | | | | | Firejail does blacklisting sensitive /proc and /sys files on its own: https://github.com/netblue30/firejail/blob/master/src/firejail/fs.c#L530 There is no need to duplicate this in apparmor using whitelisting approach which is much harder to do and needs never ending maintenance. |