Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Add iana-etc's services to private-etc in steam.profile, fixes #1688 | Tad | 2017-12-22 |
| | |||
* | disable-common.inc: read-only access to ~/.ssh/authorized_keys | Alexander GQ Gerasiov | 2017-12-22 |
| | | | | | | | | | | | | | | | disable-common.inc blacklists whole .ssh, but some profiles (e.g. idea.sh) unblacklists it to allow git over ssh with public key auth. But this creates security hole, since firejailed app could modify ~/.ssh/authorized_keys and allow arbitrary code execution on the host with sshd installed (e.g. ssh localhost and run any program) or even open backdoor for remote attacker. This commits disallows write access to ~/.ssh/authorized_keys even if .ssh was unblacklisted. Signed-off-by: Alexander GQ Gerasiov <gq@cs.msu.su> | ||
* | Add Figaro's Password Manager 2 to disable-passwdmgr.inc | netblue30 | 2017-12-18 |
| | |||
* | Fix #1674 | Tad | 2017-12-17 |
| | | | | look into why this is breaking | ||
* | Profile fixes | Tad | 2017-12-17 |
| | |||
* | Add new path for TelegramDesktop files. | Alexander GQ Gerasiov | 2017-12-17 |
| | | | | | Latest versions of TelegramDesktop supports both old (~/.TelegramDesktop) and new (~/.local/share/TelegramDesktop) location of sensitive data files. | ||
* | disable-common.inc: Blacklist .homesick | Alexander GQ Gerasiov | 2017-12-17 |
| | | | | | homesick is dotfiles manager. It keeps dotfiles (e.g. .bashrc) in repository under ~/.homesick and puts symlinks into home directory. | ||
* | Fix #1680, same as #1437 | Tad | 2017-12-16 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2017-12-11 |
|\ | |||
| * | fix trash blacklist in caja profile | smitsohu | 2017-12-10 |
| | | |||
* | | fix qutebrowser | smitsohu | 2017-12-11 |
|/ | |||
* | fix (and harden) kmail - #1541 | smitsohu | 2017-12-10 |
| | |||
* | remove mutt blacklist redundancies | smitsohu | 2017-12-09 |
| | |||
* | improve fetchmail profile - #1661 | smitsohu | 2017-12-09 |
| | |||
* | typo fix | smitsohu | 2017-12-08 |
| | |||
* | sort whitelist-common.inc | smitsohu | 2017-12-08 |
| | |||
* | pedantic comment fix | smitsohu | 2017-12-08 |
| | |||
* | fix sound in firefox started from thunderbird | smitsohu | 2017-12-08 |
| | | | | | and move disable-mnt from thunderbird to firefox profile, in alignment with recent commit from @Fred-Barclay | ||
* | allow kcalc to read various settings | smitsohu | 2017-12-07 |
| | |||
* | fix ktorrent kio | smitsohu | 2017-12-07 |
| | | | minimal fix to get file dialog working when there is no kdeinit4 outside the sandbox (relevant e.g. for Debian up to Stretch) | ||
* | adding machine-id to a number of profiles | netblue30 | 2017-12-04 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | Fred-Barclay | 2017-12-02 |
|\ | |||
| * | Merge pull request #1662 from netblue30/enable-mnt_browsers | Fred Barclay | 2017-11-30 |
| |\ | | | | | | | Add disable-mnt to common browser profiles. | ||
| | * | Add disable-mnt to surf profile | Fred-Barclay | 2017-11-29 |
| | | | |||
| | * | (Re)add disable-mnt to common browser profiles. | Fred-Barclay | 2017-11-28 |
| | | | |||
| * | | qtox needs libstdc++.so.6 | soredake | 2017-11-29 |
| |/ | |||
* / | Add machine-id to firefox filters, see b7828e463f868e66e1d5fc6fc48328b6437e0504 | Fred-Barclay | 2017-12-02 |
|/ | |||
* | kopete samba fix (part 2) | smitsohu | 2017-11-28 |
| | |||
* | kopete samba fix | smitsohu | 2017-11-28 |
| | |||
* | kdeinit4 profile | smitsohu | 2017-11-27 |
| | |||
* | Blacklist s3cmd and s3fs configs | Danil Semelenov | 2017-11-25 |
| | |||
* | extend qt5ct support - #1540 | smitsohu | 2017-11-24 |
| | | | | | configuration files should be available to all Qt apps. qt5ct is used e.g. by Manjaro for their theming. | ||
* | okular private-etc fix | smitsohu | 2017-11-23 |
| | |||
* | add p11-kit support - #1646 | smitsohu | 2017-11-23 |
| | |||
* | more profile improvements | smitsohu | 2017-11-23 |
| | |||
* | unblock dbus in zathura profile - #1654 | smitsohu | 2017-11-20 |
| | |||
* | strip trailing whitespace | Fred-Barclay | 2017-11-19 |
| | |||
* | More qtox profile tightening | Fred-Barclay | 2017-11-18 |
| | |||
* | some profile improvements | smitsohu | 2017-11-19 |
| | |||
* | netfilter template support | netblue30 | 2017-11-18 |
| | |||
* | Consistent home directory nomenclature | Fred-Barclay | 2017-11-17 |
| | |||
* | Fix #1651 - dropbox failed to start | Fred-Barclay | 2017-11-17 |
| | |||
* | archaudit-report and cower for Arch platforms, #1642 | netblue30 | 2017-11-15 |
| | |||
* | makepkg profile for Arch platform, #1642 | netblue30 | 2017-11-15 |
| | |||
* | bsdtar profile, #1642 | netblue30 | 2017-11-15 |
| | |||
* | added ping profile, #1642 | netblue30 | 2017-11-15 |
| | |||
* | Merge pull request #1647 from sgtpep/patch-1 | netblue30 | 2017-11-15 |
|\ | | | | | Blacklist the Electron Cash Wallet | ||
| * | Blacklist the Electron Cash Wallet | Danil Semelenov | 2017-11-14 |
| | | |||
* | | cleanup | netblue30 | 2017-11-13 |
|/ | |||
* | Add private-dev to qtox | Fred-Barclay | 2017-11-12 |
| |