Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | added whois and dig profiles | startx2017 | 2018-08-30 |
| | |||
* | apparmor: cleanup /home path | Vincent43 | 2018-08-29 |
| | |||
* | spotify.profile: allow /etc/hosts | Vincent43 | 2018-08-28 |
| | |||
* | apparmor: disable exec from home by default | Vincent43 | 2018-08-27 |
| | | | Executing from /home was supposed to be disabled by default | ||
* | apparmor: improve rules for filesystem access | Vincent43 | 2018-08-27 |
| | | | | | * Make clear distinction for read, write and execute. * Don't allow write and execute at the same time. * Simplify and improve syntax to catch more exceptions with fewer rules | ||
* | Add private-bin to 0ad | Fred-Barclay | 2018-08-26 |
| | |||
* | Fixup obs.profile (no python) | Tad | 2018-08-23 |
| | |||
* | Create pybitmessage.profile (#2092) | 1dnrr | 2018-08-23 |
| | | | tested on fedora-28 with pybitmessage 0.6.3.2 | ||
* | Update disable-common.inc | 1dnrr | 2018-08-23 |
| | |||
* | Misc fixes | Tad | 2018-08-22 |
| | |||
* | fix microphone in slack profile - #2034 | smitsohu | 2018-08-23 |
| | |||
* | Update steam.profile to support proton/steamplay | Tad | 2018-08-21 |
| | |||
* | Document how to access local mail with thunderbird and claws-mail (fixes #1509) | ಚಿರಾಗ್ ನಟರಾಜ್ | 2018-08-20 |
| | |||
* | Simplify fix for #2062 | Tad | 2018-08-20 |
| | |||
* | Add a profile for ClamTK | Tad | 2018-08-19 |
| | |||
* | Minor steam.profile fixup from downstream ParrotSec fork | Tad | 2018-08-19 |
| | |||
* | Fixup f9aeac080a830fc1aaf07f0beff781a1ed7e42ad | Tad | 2018-08-19 |
| | |||
* | qutebrowser.profile: noblacklist /usr/lib/llvm | Vincent43 | 2018-08-19 |
| | | | Fixes https://github.com/netblue30/firejail/issues/2087 | ||
* | Revert "apparmor fix: somehow it cannot find the firejail profile to load it" | Vincent43 | 2018-08-19 |
| | | | | | | | | | | | | This reverts commit 949a221a1b92e422e6dcb7ea6089ed5c8d5cc22a. The 'firejail-default' is the name of 'unnatached' profile not path to it. Moreover names starting with '/' are changing profile type back to 'standard' which in this case means we literally create profile for the profile file itself '/etc/apparmor.d/firejail-default'. That means firejail would never load this profile to contain any app thus we have to revert this. For more info, see https://www.suse.com/documentation/sles-15/singlehtml/book_security/book_security.html#sec.apparmor.profiles.types.unattached | ||
* | Fix for #2062 | ಚಿರಾಗ್ ನಟರಾಜ್ | 2018-08-19 |
| | |||
* | apparmor fix: somehow it cannot find the firejail profile to load it | netblue30 | 2018-08-19 |
| | |||
* | wireshark.profile: enable apparmor | Vincent43 | 2018-08-15 |
| | |||
* | apparmor: cleanup duplicate rules | Vincent43 | 2018-08-15 |
| | | | Those are already covered with https://github.com/netblue30/firejail/blob/0.9.56-rc1/etc/firejail-default#L33 | ||
* | apparmor: allow execution from /usr/lib64 | Vincent43 | 2018-08-15 |
| | | | /usr/lib64 was missing from execution whitelist and it's used in openSUSE, see https://github.com/netblue30/firejail/issues/2078 | ||
* | Merge pull request #2081 from SkewedZeppelin/descriptions | netblue30 | 2018-08-14 |
|\ | | | | | Add descriptions to profiles | ||
| * | Cleanup descriptions | Tad | 2018-08-13 |
| | | |||
| * | Add descriptions to profiles, pulled from Arch Linux | Tad | 2018-08-13 |
| | | |||
| * | Add descriptions to profiles, pulled from Ubuntu 18.04 | Tad | 2018-08-13 |
| | | |||
* | | spotify.profile: remove /sys from blacklist | Vincent43 | 2018-08-14 |
| | | | | | | Blacklisting whole /sys is too restrictive, it may break various graphics stacks, see https://github.com/netblue30/firejail/issues/2080 | ||
* | | Add seccomp line from firefox-common to Tor Browser profiles | Tad | 2018-08-14 |
|/ | | | | - The next version of TBB is based on Firefox 60 and will need the same changes to prevent breakage | ||
* | Add profile for electrum0.9.56-rc1 | Tad | 2018-08-13 |
| | | | | + minor nitpicks to beaker.profile | ||
* | Add Beaker browser | Jean Lucas | 2018-08-12 |
| | |||
* | Minor private-etc cleanup | Tad | 2018-08-08 |
| | | | | Command: grep "private-etc none," -Ril . | ||
* | Stop breaking PKI with private-etc | Tad | 2018-08-08 |
| | | | | | Command: grep "crypto-policies" -iL $(grep "private-etc" -il $(grep "inet,inet6" . -Rl)) + fixes for #2077 | ||
* | Merges | Tad | 2018-08-08 |
| | | | | | + a fix for Totem + and a bit missed from 3c2a7e4c91aa030218b5ad7fa6291d16f1d51b53 | ||
* | Add various `vim` related profiles | Frederik “Freso” S. Olesen | 2018-08-08 |
| | |||
* | Sound fixes | Tad | 2018-07-31 |
| | | | | | | | | | | | | | | | - Adds machine-id to all profiles with 'private-etc *pulse*' - This fixes sound under many profiles - This is related to #2037, except this adds etc machine-id not spoofed machine-id - Spoofed machine-id seems to break pulseaudio on some systems - We already do this in profiles like firefox-common (see the note in it) - pulseaudio's enable-shm set to yes or no doesn't fix this issue on systems where it occurs - We can revert this in the future if we find a fix - Command used: grep -e music -e videos -e audio -e pulse -e asound -il $(grep "machine-id" -iL $(grep "private-etc" . -Rl)) | ||
* | Disable private-etc for xviewer.profile | Tad | 2018-07-29 |
| | | | | - Breaks xviewer under Fedora 28 Cinnamon | ||
* | Document #1945 | ಚಿರಾಗ್ ನಟರಾಜ್ | 2018-07-25 |
| | |||
* | Document that nodbus breaks Ubuntu titlebar menu (#1942) | ಚಿರಾಗ್ ನಟರಾಜ್ | 2018-07-25 |
| | |||
* | created flameshot profile (#2063) | veloute | 2018-07-25 |
| | | | | | | | | * created flameshot profile * made requested changes * private-etc fixed | ||
* | Add profile for patch and shellcheck | Tad | 2018-07-24 |
| | |||
* | Few disable-xdg.inc fixes | Tad | 2018-07-24 |
| | |||
* | Add disable-xdg.inc to ~15 profiles | Tad | 2018-07-24 |
| | |||
* | Add disable-xdg.inc to ~100 profiles | Tad | 2018-07-24 |
| | |||
* | Initial adding of disable-xdg.inc | Tad | 2018-07-24 |
| | |||
* | Add disable-xdg.inc | Tad | 2018-07-24 |
| | |||
* | Add netlink protocol | Salvo 'LtWorf' Tomaselli | 2018-07-23 |
| | | | Because otherwise it can't work. | ||
* | noblacklist added for SNs folders | veloute | 2018-07-23 |
| | |||
* | added firefox-beta.profile | veloute | 2018-07-23 |
| |