aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
...
* | Add new profile: gist (#3061)Libravatar glitsj162019-11-25
| | | | | | | | | | | | | | | | | | | | | | | | * Create gist.profile * Add gist config to disable-programs.inc * Add gist to firecfg.config * Update RELNOTES * Update README.md
* | blacklist gksu, gksudo, kdesudoLibravatar rusty-snake2019-11-25
| |
* | various fixupsLibravatar rusty-snake2019-11-25
| |
* | apparmor: misc fix for pcscdLibravatar Vincent432019-11-24
| |
* | apparmor: don't allow mounts and paths manipulationLibravatar Vincent432019-11-24
| | | | | | | | | | | | | | | | | | | | | | | | | | AppArmor security relies on path based rules and rewriting paths may allow to bypass them. Those actions are priveliged so vast majority of apps shouldn't need them anyway. If some app need those rules then it's better to consider them as unsuitable for apparmor option rather than weaken generic profile for all apps. See related issue reported by apparmor usage in snap: https://bugs.launchpad.net/snapd/+bug/1791711
* | apparmor: allow access to pcscd socket (smartcards)Libravatar Vincent432019-11-24
| |
* | Add new profile: unf (#3060)Libravatar glitsj162019-11-24
| | | | | | | | | | | | * Create unf.profile * Add unf to firecfg.config
* | Add new profile: gmpc (#3059)Libravatar glitsj162019-11-24
| | | | | | | | | | | | | | | | * Create gmpc.profile * Add gmpc config to disable-programs.inc * Add gmpc to firecfg.config
* | Add new profile: drawio (#3058)Libravatar glitsj162019-11-24
| | | | | | | | | | | | | | | | * Create drawio.profile * Add drawio config to disable-programs.inc * Add drawio to firecfg.config
* | Add new profile: ddgtk (#3057)Libravatar glitsj162019-11-24
| | | | | | | | | | | | * Create ddgtk.profile * Add ddgtk to firecfg.config
* | Add new profile: cameramonitor (#3056)Libravatar glitsj162019-11-24
| | | | | | | | | | | | * Create cameramonitor.profile * Add cameramonitor to firecfg.config
* | New profile: audio-recorder (#3055)Libravatar glitsj162019-11-24
| | | | | | | | | | | | * Create audio-recorder.profile * Add audio-recorder to firecfg.config
* | mergesLibravatar Tad2019-11-24
| |
* | profanity: reorder alphabeticallyLibravatar Adrian L. Shaw2019-11-24
| |
* | profanity: reorder alphabeticallyLibravatar Adrian L. Shaw2019-11-24
| |
* | profanity: allow Python plugins and reorder rulesLibravatar Adrian L. Shaw2019-11-24
| |
* | Separate the whitelist section of profanity profileLibravatar Adrian L. Shaw2019-11-24
| |
* | Sort and harden profanity profileLibravatar Adrian L. Shaw2019-11-24
| |
* | Add profile for the Profanity chat clientLibravatar Adrian L. Shaw2019-11-24
| |
* | Use seccomp ! syntax in electron-mail.profileLibravatar glitsj162019-11-23
| |
* | Add new electron-mail profile (#3053)Libravatar glitsj162019-11-23
| | | | | | | | | | | | | | | | * Create electron-mail.profile * Add electron-mail to disable-programs.inc * Add electron-mail to firecfg.config
* | Add lensfun support for gimpLibravatar glitsj162019-11-22
| |
* | Add babl/gegl support for gimp (#3051)Libravatar glitsj162019-11-22
|/ | | | | | | | * Add babl/gegl caches for gimp * Add gir-1.0 to wusc * Add babl/gegl support to gimp.profile
* Merge pull request #3044 from netblue30/ssh_ncLibravatar netblue302019-11-13
|\ | | | | RFC: profiles: allow nc in ssh profile by default
| * profiles: allow nc in ssh profile by defaultLibravatar Reiner Herrmann2019-11-13
| |
* | Merge pull request #3037 from vutny/fix-3029Libravatar netblue302019-11-13
|\ \ | | | | | | Resolve #3029: drop outdated Skype profile
| * | Resolve #3029: drop outdated Skype profileLibravatar Denys Havrysh2019-11-12
| | |
* | | wine: propose allow-debuggers insteadLibravatar smitsohu2019-11-13
| | |
* | | harden wine profileLibravatar smitsohu2019-11-13
| |/ |/|
* | add signal mediation to apparmor profileLibravatar smitsohu2019-11-13
| | | | | | | | second line of defense, as there is always a pid namespace, too
* | some apparmor profile cleanupLibravatar smitsohu2019-11-12
| | | | | | | | | | | | | | | | writing in /run/firejail/profile has always been restricted to root user, and in addition this folder is blacklisted since recently; @{profile_name} is built-in and adds a bit of flexibility; apparmor cannot be used to restrict directory search permission, so add more rules for sensitive paths
* | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2019-11-12
|\ \
| * | Fix dig.profile on UbuntuLibravatar glitsj162019-11-11
| | | | | | | | | Fixes #3038.
* | | blacklist .fscrypt directoriesLibravatar smitsohu2019-11-12
|/ /
* | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2019-11-11
|\|
| * rework strings.profileLibravatar rusty-snake2019-11-10
| | | | | | | | close #2988
* | tentatively fix k3b profile - #2989Libravatar smitsohu2019-11-11
|/
* add kfind profileLibravatar smitsohu2019-11-09
|
* fix nano support in git profileLibravatar smitsohu2019-11-09
|
* harden balooLibravatar smitsohu2019-11-09
|
* Fix #3024Libravatar rusty-snake2019-11-08
| | | | html5, flash and widevine media support unavailable since vivaldi 2.9
* dia profile: disable interpreters but allow pythonLibravatar netblue302019-11-08
|
* dia apparently wants access to python interpreter and environment for ↵Libravatar Jan2019-11-08
| | | | scripting, even though it is written in C, maybe another fix would be better
* Update QOwnNotes.profile (#3028)Libravatar Niklas Goerke2019-11-07
| | | | | | | | | | | | | * Update QOwnNotes.profile Fix startup problem in Ubuntu 19.10: "bus[17]: D-Bus library appears to be incorrectly set up: see the manual page for dbus-uuidgen to correct this issue. (Failed to open "/var/lib/dbus/machine-id": Datei oder Verzeichnis nicht gefunden; Failed to open "/etc/machine-id": Datei oder Verzeichnis nicht gefunden) D-Bus not built with -rdynamic so unable to print a backtrace" * Update etc/QOwnNotes.profile Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
* Add libdrm to wuscLibravatar glitsj162019-10-30
|
* Move libdrm whitelisting to wuscLibravatar glitsj162019-10-30
|
* Update mpv.profileLibravatar rusty-snake2019-10-30
|
* Wusc fixes for profiles allowing perl (#3021)Libravatar glitsj162019-10-30
| | | | | | | | | | | | * Grant wusc access to perl in spectre-meltdown.profile * Grant wusc access to perl for exiftool.profile * Grant wusc access to perl for conplay.profile * Grant wusc access to perl for clawsker.profile * Grant wusc access to perl for checkbashisms.profile
* Slack profile: use temporary cache (#3019)Libravatar Denys Havrysh2019-10-30
| | | Fixes #3015
* Fix ebook-viewer/calibre on manjaro (#2998)Libravatar rusty-snake2019-10-28
| | | | | | | | * Fix ebook-viewer on manjaro closes #2996 * Move fix to calibre.profile
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-26 18:22:27 +0000