Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Initial adding of memory-deny-write-execute to profiles | Tad | 2017-08-02 |
| | | | | | | | | - mdwe breaks most vm-based languages so python/java/javascript and some mono programs are not compatible - mdwe also breaks most 3d accelerated programs such as 3d games - mdwe is similar to PaX's mprotect meaning PaX flag managers can be used as reference -- See https://github.com/copperhead/paxd-archive/blob/master/paxd.conf -- See https://github.com/nning/linux-pax-flags | ||
* | Harden profiles | Tad | 2017-08-02 |
| | | | | | | | | - Added 'disable-devel.conf' to many profiles - Added 'disable-mnt' to many profiles - Added 'noexec' to many profiles - Removed 'netfilter' and 'net none' from profiles with 'protocol unix' - Cleaned up profiles using defaults | ||
* | x11/xpra support | netblue30 | 2017-08-01 |
| | |||
* | Add some /proc dirs to firejail apparmor profile | Vladimir Schowalter | 2017-08-02 |
| | |||
* | Fix #1420 | Tad | 2017-07-31 |
| | |||
* | telegram is called telegram-desktop in Debian | Rahiel Kasim | 2017-07-30 |
| | |||
* | Add a profile for arm | Tad | 2017-07-29 |
| | |||
* | new profiles | netblue30 | 2017-07-29 |
| | |||
* | arp rework | netblue30 | 2017-07-29 |
| | |||
* | Zoom cache dir | Raphaël Droz | 2017-07-27 |
| | | | | | Zoom seems to use of a QT cache-disk feature which depends upon a ~/.cache/<app>/qmlcache directory. If it can not, Zoom will segfault with mprotect failed in ExecutableAllocator::makeExecutable: Permission denied | ||
* | Allow eom and xviewer to write to user's trash | Fred-Barclay | 2017-07-27 |
| | |||
* | Updates after merges | Fred-Barclay | 2017-07-27 |
| | |||
* | Add Electron and Riot profiles | Aidan Gauland | 2017-07-27 |
| | | | | | | | * Add a generic profile for Electron applications. * Add a specific profile for Riot based on this new Electron profile. * Addresses vector-im/riot-web#3004 * Fulfils profile request for Riot.im in netblue30/firejail#1139 | ||
* | Add access to trash | Panzerfather | 2017-07-23 |
| | | | Eog needs access to trash to delete files | ||
* | apparmor fixes | netblue30 | 2017-07-21 |
| | |||
* | Merge pull request #1372 from rccavalcanti/chromium_arch | netblue30 | 2017-07-16 |
|\ | | | | | Fix permission denied for chromium-flags.conf in Arch | ||
| * | Fix permission denied for chromium-flags.conf in Arch | Rafael Cavalcanti | 2017-07-10 |
| | | |||
* | | Fix typo | Fred-Barclay | 2017-07-14 |
| | | |||
* | | Re-add .ssh to noblacklist for andriod-studio and idea.sh | Fred-Barclay | 2017-07-14 |
| | | |||
* | | Add quiet to exiftool profile | announ | 2017-07-13 |
| | | |||
* | | Fix .java after e2449ae7d25925cec444ac08bbfb9cbc7199e647 | Tad | 2017-07-13 |
| | | |||
* | | Update after merge #1374 | Fred-Barclay | 2017-07-13 |
| | | | | | | | | | | This introduces blacklist ~/.java to disable-programs.inc, so it may break some existing profiles that depend on it. | ||
* | | Merge pull request #1374 from SpotComms/idea | Fred Barclay | 2017-07-13 |
|\ \ | | | | | | | Add profiles for IntelliJ IDEA and Android Studio | ||
| * | | Update idea.sh.profile | Fred Barclay | 2017-07-13 |
| | | | | | | | | | Don't allow ~/.ssh access | ||
| * | | Update android-studio.profile | Fred Barclay | 2017-07-13 |
| | | | | | | | | | Don't allow ~/.ssh access | ||
| * | | Add a profile for IntelliJ IDEA and Android Studio | Tad | 2017-07-11 |
| | | | |||
* | | | Cleanup from merges #1369 and #1373 | Fred-Barclay | 2017-07-13 |
| | | | |||
* | | | Merge pull request #1373 from SpotComms/sa | Fred Barclay | 2017-07-11 |
|\ \ \ | | | | | | | | | Add a profile for SILENTARMY | ||
| * | | | Add a profile for SILENTARMY | Tad | 2017-07-11 |
| |/ / | |||
* | / | profiles: tracelog breaks integrated browser in steam | Reiner Herrmann | 2017-07-11 |
| |/ |/| | | | | | | | Thanks to @viq for the hint. Fixes: #1280 | ||
* | | Fix #1370 | Fred-Barclay | 2017-07-09 |
| | | |||
* | | Add profile for Peek | SpotComms | 2017-07-09 |
|/ | |||
* | Merge pull request #1365 from SpotComms/master | netblue30 | 2017-07-05 |
|\ | | | | | Harden 50 profiles | ||
| * | Harden 50 profiles | Tad | 2017-07-04 |
| | | | | | | | | | | Hardened many profiles using disable-mnt and novideo Fixed gnome-font-viewer | ||
* | | add ld.so.cache to private-etc | Fred-Barclay | 2017-07-04 |
|/ | |||
* | Merge pull request #1363 from announ/ytdlnetrc | netblue30 | 2017-07-04 |
|\ | | | | | Allow ~/.netrc for youtube-dl | ||
| * | Allow ~/.netrc for youtube-dl | announ | 2017-07-04 |
| | | |||
* | | fix palemoon profile | netblue30 | 2017-07-04 |
|/ | |||
* | Allow env for youtube-dl in mpv profile | announ | 2017-06-30 |
| | | | | youtube-dl uses `/usr/bin/env` as its interpreter. If `env` is not available, mpvʼs execution of youtube-dl fails. | ||
* | Merge pull request #1357 from BafDyce/liferea | netblue30 | 2017-06-30 |
|\ | | | | | Add profile for Liferea | ||
| * | Add profile for Liferea | Fabian Würfl | 2017-06-29 |
| | | |||
* | | geary typo | Fred-Barclay | 2017-06-29 |
|/ | |||
* | geary profile | startx2017 | 2017-06-29 |
| | |||
* | KWrite profile | startx2017 | 2017-06-29 |
| | |||
* | More fixes for #1349 and 1acfd077b124cbfc8ed257f0c0aacf4f4cbaba38 | Tad | 2017-06-27 |
| | |||
* | profiles: steampath/pid were blacklisted in disable-programs, but not ↵ | Reiner Herrmann | 2017-06-26 |
| | | | | | | | allowed in steam profile Probably related to #1280. Reported also in https://bugs.debian.org/866014 | ||
* | fix sh in private-bin in several profiles | netblue30 | 2017-06-24 |
| | |||
* | Update Waterfox profile | hawkeye116477 | 2017-06-22 |
| | | | Fix #1335 | ||
* | Update Cyberfox Profile | hawkeye116477 | 2017-06-22 |
| | | | Fix #1335 | ||
* | handbrake fixes | netblue30 | 2017-06-19 |
| |