Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | services folder is read-only now | smitsohu | 2017-08-06 |
| | |||
* | Change KDE4 services folder to read-only | smitsohu | 2017-08-06 |
| | | | Configurations in this folder are not secret, but need to be protected from manipulation. Let's make it available to all KDE apps for legitimate use. Discussion in #1428 | ||
* | Add a profile for Gnome Twitch | Tad | 2017-08-05 |
| | |||
* | Update firecfg.config and add a wireshark-* alias | Tad | 2017-08-04 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2017-08-04 |
|\ | |||
| * | Gwenview: drop kbuildsycoca5 from private-bin | Vladimir Schowalter | 2017-08-04 |
| | | |||
* | | private-lib: support for /etc/firejail/firejail.config | netblue30 | 2017-08-04 |
|/ | |||
* | Add 12 new profiles | Tad | 2017-08-03 |
| | | | | apktool, Baobab, dex2jar, gitg, Hashcat, MusicBrainz Picard, OBS Studio, Remmina, sdat2img, Sound Converter, SQLiteBrowser, Truecraft | ||
* | profile fixes | Vladimir Schowalter | 2017-08-04 |
| | | | | | | | | * Update qbittorrent.profile * Update gwenview.profile * Update disable-programs.inc | ||
* | Change ~/.local/share/kservices5 to read-only | Vladimir Schowalter | 2017-08-03 |
| | |||
* | Merge pull request #1426 from VladimirSchowalter20/master | startx2017 | 2017-08-02 |
|\ | | | | | Apparmor: add local configuration | ||
| * | Minor fix for completness | Vladimir Schowalter | 2017-08-02 |
| | | |||
| * | Apparmor: add local configuration | Vladimir Schowalter | 2017-08-02 |
| | | |||
* | | Merge pull request #1424 from ↵ | startx2017 | 2017-08-02 |
|\ \ | | | | | | | | | | | | | VladimirSchowalter20/VladimirSchowalter20-apparmor-kde-fix Apparmor: update whitelist path for kde | ||
| * | | Apparmor: update whitelist path for kde | Vladimir Schowalter | 2017-08-02 |
| |/ | |||
* | | Add rambox profile from #1425 | Fred Barclay | 2017-08-02 |
| | | |||
* | | Fixes | Fred-Barclay | 2017-08-02 |
| | | |||
* | | Add back net none/netfilter as needed | Fred-Barclay | 2017-08-02 |
| | | |||
* | | Partially synchronize Chromium-based profiles | Tad | 2017-08-02 |
| | | |||
* | | Add noexec to more profiles as tested by @curiosity-seeker | Tad | 2017-08-02 |
| | | | | | | | | See https://github.com/netblue30/firejail/pull/1367#issuecomment-315793729 | ||
* | | Initial adding of memory-deny-write-execute to profiles | Tad | 2017-08-02 |
| | | | | | | | | | | | | | | | | - mdwe breaks most vm-based languages so python/java/javascript and some mono programs are not compatible - mdwe also breaks most 3d accelerated programs such as 3d games - mdwe is similar to PaX's mprotect meaning PaX flag managers can be used as reference -- See https://github.com/copperhead/paxd-archive/blob/master/paxd.conf -- See https://github.com/nning/linux-pax-flags | ||
* | | Harden profiles | Tad | 2017-08-02 |
|/ | | | | | | | | - Added 'disable-devel.conf' to many profiles - Added 'disable-mnt' to many profiles - Added 'noexec' to many profiles - Removed 'netfilter' and 'net none' from profiles with 'protocol unix' - Cleaned up profiles using defaults | ||
* | x11/xpra support | netblue30 | 2017-08-01 |
| | |||
* | Add some /proc dirs to firejail apparmor profile | Vladimir Schowalter | 2017-08-02 |
| | |||
* | Fix #1420 | Tad | 2017-07-31 |
| | |||
* | telegram is called telegram-desktop in Debian | Rahiel Kasim | 2017-07-30 |
| | |||
* | Add a profile for arm | Tad | 2017-07-29 |
| | |||
* | new profiles | netblue30 | 2017-07-29 |
| | |||
* | arp rework | netblue30 | 2017-07-29 |
| | |||
* | Zoom cache dir | Raphaël Droz | 2017-07-27 |
| | | | | | Zoom seems to use of a QT cache-disk feature which depends upon a ~/.cache/<app>/qmlcache directory. If it can not, Zoom will segfault with mprotect failed in ExecutableAllocator::makeExecutable: Permission denied | ||
* | Allow eom and xviewer to write to user's trash | Fred-Barclay | 2017-07-27 |
| | |||
* | Updates after merges | Fred-Barclay | 2017-07-27 |
| | |||
* | Add Electron and Riot profiles | Aidan Gauland | 2017-07-27 |
| | | | | | | | * Add a generic profile for Electron applications. * Add a specific profile for Riot based on this new Electron profile. * Addresses vector-im/riot-web#3004 * Fulfils profile request for Riot.im in netblue30/firejail#1139 | ||
* | Add access to trash | Panzerfather | 2017-07-23 |
| | | | Eog needs access to trash to delete files | ||
* | apparmor fixes | netblue30 | 2017-07-21 |
| | |||
* | Merge pull request #1372 from rccavalcanti/chromium_arch | netblue30 | 2017-07-16 |
|\ | | | | | Fix permission denied for chromium-flags.conf in Arch | ||
| * | Fix permission denied for chromium-flags.conf in Arch | Rafael Cavalcanti | 2017-07-10 |
| | | |||
* | | Fix typo | Fred-Barclay | 2017-07-14 |
| | | |||
* | | Re-add .ssh to noblacklist for andriod-studio and idea.sh | Fred-Barclay | 2017-07-14 |
| | | |||
* | | Add quiet to exiftool profile | announ | 2017-07-13 |
| | | |||
* | | Fix .java after e2449ae7d25925cec444ac08bbfb9cbc7199e647 | Tad | 2017-07-13 |
| | | |||
* | | Update after merge #1374 | Fred-Barclay | 2017-07-13 |
| | | | | | | | | | | This introduces blacklist ~/.java to disable-programs.inc, so it may break some existing profiles that depend on it. | ||
* | | Merge pull request #1374 from SpotComms/idea | Fred Barclay | 2017-07-13 |
|\ \ | | | | | | | Add profiles for IntelliJ IDEA and Android Studio | ||
| * | | Update idea.sh.profile | Fred Barclay | 2017-07-13 |
| | | | | | | | | | Don't allow ~/.ssh access | ||
| * | | Update android-studio.profile | Fred Barclay | 2017-07-13 |
| | | | | | | | | | Don't allow ~/.ssh access | ||
| * | | Add a profile for IntelliJ IDEA and Android Studio | Tad | 2017-07-11 |
| | | | |||
* | | | Cleanup from merges #1369 and #1373 | Fred-Barclay | 2017-07-13 |
| | | | |||
* | | | Merge pull request #1373 from SpotComms/sa | Fred Barclay | 2017-07-11 |
|\ \ \ | | | | | | | | | Add a profile for SILENTARMY | ||
| * | | | Add a profile for SILENTARMY | Tad | 2017-07-11 |
| |/ / | |||
* | / | profiles: tracelog breaks integrated browser in steam | Reiner Herrmann | 2017-07-11 |
| |/ |/| | | | | | | | Thanks to @viq for the hint. Fixes: #1280 |