Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Add seccomp filters for remmina, from an strace session connecting via RDP | James Elford | 2018-02-07 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2018-02-06 |
|\ | |||
| * | Allow Spotify to run Zenity | Rafael Cavalcanti | 2018-02-05 |
| | | |||
| * | Fix Tor Browser Launcher dirs not getting created on first launch | Tad | 2018-02-04 |
| | | |||
* | | pdfchain profile | smitsohu | 2018-02-06 |
| | | |||
* | | further harden KDE | smitsohu | 2018-02-06 |
| | | | | | | | | | | and whitelist some kio settings, because we don't know if slave processes will run inside or outside the sandbox. also prevents weird bugs that depend on sequence in which applications were started. | ||
* | | enable private-etc for gwenview | smitsohu | 2018-02-06 |
|/ | |||
* | Apparmor: minor fixes | Vincent43 | 2018-02-03 |
| | | | | | 1. Allow for seven digit PID same as upstream do https://gitlab.com/apparmor/apparmor/commit/630cb2a981cdc731847e8fdaafc45bcd337fe747 2. Fixed dbus functionality. Disabled by default. | ||
* | enable email encryption for thunderbird, kmail | smitsohu | 2018-02-03 |
| | | | | see #1653 #1572 | ||
* | blacklist klipper | smitsohu | 2018-02-02 |
| | | | | further to 8aec7694cb4c7c0d07b333b689ab19faacb519f9 | ||
* | KDE related enhancements | smitsohu | 2018-02-01 |
| | |||
* | unbound fix (part 2) - whitelist /var/run | smitsohu | 2018-02-01 |
| | |||
* | unbound fix (writable-var) - #1731 | smitsohu | 2018-01-31 |
| | |||
* | fix cd/dvd for dragon | smitsohu | 2018-01-31 |
| | |||
* | consistent directory nomenclature for kaffeine | smitsohu | 2018-01-30 |
| | |||
* | kaffeine profile | smitsohu | 2018-01-30 |
| | |||
* | harden KDE | smitsohu | 2018-01-30 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | Fred-Barclay | 2018-01-28 |
|\ | |||
| * | Add a profile for Red Eclipse | Tad | 2018-01-26 |
| | | |||
| * | Replace xmr-stak-cpu profile with unified xmr-stak profile | Tad | 2018-01-25 |
| | | |||
* | | noblacklist /usr/share/perl in hexchat - potential fix for #1754 | Fred-Barclay | 2018-01-28 |
|/ | |||
* | apparmor support for --overlay sandboxes | netblue30 | 2018-01-24 |
| | |||
* | Merge pull request #1745 from Vincent43/patch-1 | smitsohu | 2018-01-23 |
|\ | | | | | Apparmor: restrict access to writable files | ||
| * | Apparmor: Revert /proc changes | Vincent43 | 2018-01-23 |
| | | |||
| * | Apparmor: fix kodi plugins | Vincent43 | 2018-01-22 |
| | | | | | | | | Kodi plugins need /proc/@PID/net/dev access outside user processes: AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/28/net/dev" pid=2354 comm="kodi.bin" requested_mask="r" denied_mask="r" | ||
| * | Apparmor: restrict access | Vincent43 | 2018-01-21 |
| | | | | | | Access to writable files can be restricted to their owner only. | ||
* | | Partial revert of f2fdcf7361f99d4b62d6427d078445c2ea1dc6cb for gedit | Tad | 2018-01-22 |
| | | | | | | | | - This appears to be a general issue with private-lib, that might've already been fixed in master | ||
* | | Add another profile alias for idea.sh | Tad | 2018-01-22 |
| | | |||
* | | Allow audio in Tor browser, and fix gedit not launching | Tad | 2018-01-22 |
|/ | | | | - Tor browser doesn't have nosound, so include pulse in private-etc | ||
* | Add whitelist-var-common to 4 profiles | Tad | 2018-01-21 |
| | |||
* | Merge pull request #1713 from Vincent43/patch-1 | smitsohu | 2018-01-20 |
|\ | | | | | Apparmor: fix broken file dialogs in kde plasma | ||
| * | Revert: Escape '#' character in path | Vincent43 | 2018-01-17 |
| | | | | | | | | | | Escaping this create warning and is dropped anyway: Warning from /etc/apparmor.d/firejail-default (/etc/apparmor.d/firejail-default line 163): Character # was quoted unnecessarily, dropped preceding quote ('\') character | ||
| * | Escape '#' character in path | Vincent43 | 2018-01-05 |
| | | |||
| * | Apparmor: fix broken file dialogs in kde plasma | Vincent43 | 2018-01-04 |
| | | | | | | | | | | | | | | | | | | For some time apparmor started breaking file dialogs in kde plasma (gwenview, calibre, qbittorrent, etc). typical audit report below: AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/run/user/1000/#28520" pid=1997 comm="qbittorrent" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="link" profile="firejail-default" name="/run/user/1000/qBittorrentZcaeTi.1.slave-socket" pid=3679 comm="qbittorrent" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/run/user/1000/#79965" This commit fixes this issue. Tested on Archlinux (linux 4.14.11, kde 5.11.5) | ||
* | | Add a profile for Fritzing, and update README | Tad | 2018-01-20 |
| | | |||
* | | moved QTWEBENGINE_DISABLE_SANDBOX=1 to viber profile | netblue30 | 2018-01-19 |
| | | |||
* | | removed mem-deny-execute from transmission-qt profile, #1736 | netblue30 | 2018-01-19 |
| | | |||
* | | remove QML_DISABLE_DISK_CACHE from disable-common.inc | smitsohu | 2018-01-18 |
| | | | | | | hardcoded since 1e7045b55cc1e189dba6d9ed21c05c90663f3736 | ||
* | | temporarely removed private-lib, GnomeShell problems: #1711 | netblue30 | 2018-01-18 |
| | | |||
* | | Add pycharm-professional profile | Fred-Barclay | 2018-01-17 |
| | | |||
* | | Update pycharm-community profile after 4815e53842a85534638e037339ac61023da0a8b7 | Fred-Barclay | 2018-01-17 |
| | | |||
* | | Experimental - blacklist snap folder in user home. | Fred-Barclay | 2018-01-17 |
| | | |||
* | | Blacklist pycharm config files | Fred-Barclay | 2018-01-17 |
| | | |||
* | | Add pycharm-community profile | Fred-Barclay | 2018-01-17 |
| | | |||
* | | Merge pull request #1715 from viq/patch-1 | Fred Barclay | 2018-01-16 |
|\ \ | | | | | | | Create discord-canary.profile | ||
| * | | Create discord-canary.profile | viq | 2018-01-05 |
| | | | | | | | | | Created by adding `whitelist ${HOME}/.config/discordcanary` to `electron.profile` and replacing references to electron. Seems to work for me with light usage. | ||
* | | | Add crypto-policies to private-etc in all profiles with private-etc *ssl* | Tad | 2018-01-15 |
| | | | | | | | | | | | | | | | | | | Seems to be necessary under Fedora like pki This also fixes an issue with no audio in Lollypop on Fedora | ||
* | | | Fixup 68ccf1efee030470bf3f1666429e31374f2ae3a6 | Tad | 2018-01-15 |
| | | | | | | | | | | | | https://github.com/netblue30/firejail/commit/68ccf1efee030470bf3f1666429e31374f2ae3a6#r26873132 | ||
* | | | Add pki to private-etc in all profiles with private-etc *ssl* | Tad | 2018-01-15 |
| | | | |||
* | | | Fix #1724, Tor browser not working on Ubuntu and Fedora | Tad | 2018-01-14 |
| | | |