Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Apparmor: restrict access | Vincent43 | 2018-01-21 |
| | | | Access to writable files can be restricted to their owner only. | ||
* | Add whitelist-var-common to 4 profiles | Tad | 2018-01-21 |
| | |||
* | Merge pull request #1713 from Vincent43/patch-1 | smitsohu | 2018-01-20 |
|\ | | | | | Apparmor: fix broken file dialogs in kde plasma | ||
| * | Revert: Escape '#' character in path | Vincent43 | 2018-01-17 |
| | | | | | | | | | | Escaping this create warning and is dropped anyway: Warning from /etc/apparmor.d/firejail-default (/etc/apparmor.d/firejail-default line 163): Character # was quoted unnecessarily, dropped preceding quote ('\') character | ||
| * | Escape '#' character in path | Vincent43 | 2018-01-05 |
| | | |||
| * | Apparmor: fix broken file dialogs in kde plasma | Vincent43 | 2018-01-04 |
| | | | | | | | | | | | | | | | | | | For some time apparmor started breaking file dialogs in kde plasma (gwenview, calibre, qbittorrent, etc). typical audit report below: AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/run/user/1000/#28520" pid=1997 comm="qbittorrent" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="link" profile="firejail-default" name="/run/user/1000/qBittorrentZcaeTi.1.slave-socket" pid=3679 comm="qbittorrent" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/run/user/1000/#79965" This commit fixes this issue. Tested on Archlinux (linux 4.14.11, kde 5.11.5) | ||
* | | Add a profile for Fritzing, and update README | Tad | 2018-01-20 |
| | | |||
* | | moved QTWEBENGINE_DISABLE_SANDBOX=1 to viber profile | netblue30 | 2018-01-19 |
| | | |||
* | | removed mem-deny-execute from transmission-qt profile, #1736 | netblue30 | 2018-01-19 |
| | | |||
* | | remove QML_DISABLE_DISK_CACHE from disable-common.inc | smitsohu | 2018-01-18 |
| | | | | | | hardcoded since 1e7045b55cc1e189dba6d9ed21c05c90663f3736 | ||
* | | temporarely removed private-lib, GnomeShell problems: #1711 | netblue30 | 2018-01-18 |
| | | |||
* | | Add pycharm-professional profile | Fred-Barclay | 2018-01-17 |
| | | |||
* | | Update pycharm-community profile after 4815e53842a85534638e037339ac61023da0a8b7 | Fred-Barclay | 2018-01-17 |
| | | |||
* | | Experimental - blacklist snap folder in user home. | Fred-Barclay | 2018-01-17 |
| | | |||
* | | Blacklist pycharm config files | Fred-Barclay | 2018-01-17 |
| | | |||
* | | Add pycharm-community profile | Fred-Barclay | 2018-01-17 |
| | | |||
* | | Merge pull request #1715 from viq/patch-1 | Fred Barclay | 2018-01-16 |
|\ \ | | | | | | | Create discord-canary.profile | ||
| * | | Create discord-canary.profile | viq | 2018-01-05 |
| | | | | | | | | | Created by adding `whitelist ${HOME}/.config/discordcanary` to `electron.profile` and replacing references to electron. Seems to work for me with light usage. | ||
* | | | Add crypto-policies to private-etc in all profiles with private-etc *ssl* | Tad | 2018-01-15 |
| | | | | | | | | | | | | | | | | | | Seems to be necessary under Fedora like pki This also fixes an issue with no audio in Lollypop on Fedora | ||
* | | | Fixup 68ccf1efee030470bf3f1666429e31374f2ae3a6 | Tad | 2018-01-15 |
| | | | | | | | | | | | | https://github.com/netblue30/firejail/commit/68ccf1efee030470bf3f1666429e31374f2ae3a6#r26873132 | ||
* | | | Add pki to private-etc in all profiles with private-etc *ssl* | Tad | 2018-01-15 |
| | | | |||
* | | | Fix #1724, Tor browser not working on Ubuntu and Fedora | Tad | 2018-01-14 |
| | | | |||
* | | | Update firecfg.config and add a profile alias for idea.sh | Tad | 2018-01-14 |
| | | | |||
* | | | Add a profile for OnionShare | Tad | 2018-01-14 |
| | | | |||
* | | | Add a profile for Pitivi | Tad | 2018-01-12 |
| | | | |||
* | | | disable qml disk cache globally | smitsohu | 2018-01-08 |
|/ / | |||
* | | Fixup b9846aed427487f5acc764eb21369b0c9cb2b41a | Tad | 2018-01-04 |
| | | |||
* | | Add a Firefox profile alias for Firefox Developer Edition | Tad | 2018-01-04 |
|/ | |||
* | improve theming support (kvantum, qt5ct) - #1540 | smitsohu | 2018-01-02 |
| | |||
* | Merge pull request #1701 from bn0785ac/master | netblue30 | 2018-01-02 |
|\ | | | | | tor flavours | ||
| * | TBB pt-br fixup | Tad | 2018-01-01 |
| | | |||
| * | Simplfy locale specific Tor Browser profiles | Tad | 2018-01-01 |
| | | |||
| * | tor flavours | Your Name | 2017-12-30 |
| | | |||
* | | Merge pull request #1710 from bitfreak25/master | SpotComms | 2018-01-01 |
|\ \ | | | | | | | Add profile for "playonlinux" | ||
| * | | Add profile for "playonlinux" | bitfreak25 | 2018-01-01 |
| | | | | | | | | | | | | | | | | | | | | | This profile have been successfully tested by starting a windows application through it. "wine.profile" has been used as template for this. Only "noblacklist ${PATH}/nc" has been added because playonlinux needs it to run. Please note that this is currently not tested due to security aspects, so it may need a rework later on. Because opening a unknown windows application through it could possibly be a security risk. | ||
* | | | Merge pull request #1708 from bitfreak25/master | SpotComms | 2018-01-01 |
|\| | | | | | | | | Fix #1702 - Couldn't start 'minetest' in Debian Testing | ||
| * | | Fixup fix for #1702 | Tad | 2018-01-01 |
| | | | |||
| * | | Fix #1702 - Couldn't start 'minetest' in Debian Testing | bitfreak25 | 2018-01-01 |
| |/ | | | | | This removes the "private-etc" line from the "minetest"-profile for a successfully start of the game. | ||
* | | Blacklist the Dash wallet directory | Danil Semelenov | 2017-12-31 |
| | | |||
* | | Add "sylpheed" to profiles | bitfreak25 | 2017-12-30 |
|/ | | | This profile have been successfully tested by sending and receiving an Email. "claws-mail.profile" has been used as template for this. | ||
* | inox edgy flavours | Your Name | 2017-12-30 |
| | |||
* | Fix #1690 - qbittorrent doesn't launch on some Arch and Mint 17.3 systems | Fred Barclay | 2017-12-28 |
| | |||
* | Add netlink and noblacklist openssl to teamspeak3 profile - potential fix ↵ | Fred-Barclay | 2017-12-27 |
| | | | | for #1695 | ||
* | adding basilisk profile - #1693 | netblue30 | 2017-12-27 |
| | |||
* | Merge pull request #1697 from sgtpep/patch-4 | netblue30 | 2017-12-27 |
|\ | | | | | Blacklist the monero wallets directory | ||
| * | Blacklist the monero wallets directory | Danil Semelenov | 2017-12-27 |
| | | | | | | ~/Monero/wallets is the default path suggested by the official wallet application, but it can be changed by user. | ||
* | | Blacklist ~/.ethereum | Danil Semelenov | 2017-12-27 |
|/ | |||
* | Fix #1686: comment out icedove dirs and don't attempt to mkdir ~/.icedove to ↵ | Fred Barclay | 2017-12-24 |
| | | | | avoid clash with Thunderbird on Debian systems. | ||
* | Merge pull request #1691 from DiGitHubCap/master | Fred Barclay | 2017-12-22 |
|\ | | | | | Fix Deluge | ||
| * | Fix Deluge | DiGitHubCap | 2017-12-22 |
| | | | | | | | | | | Deluge needs access to more than the deluge binary if it runs as a daemon (or if you want to access it via the web or command line) |