Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | shorten fedora firefox private-bin | rusty-snake | 2019-10-12 |
| | | | | | Possible `false,pidof,rmdir,true` can also be removed. unsure. [skip ci] | ||
* | kalgebra.profile, kalgebramobile.profile | rusty-snake | 2019-10-12 |
| | |||
* | add HAS_X11 conditional, disconnect session manager - #2205 | smitsohu | 2019-10-08 |
| | |||
* | Fix wusc for geary | glitsj16 | 2019-10-07 |
| | | | The included firefox.profile has wusc now. We need to whitelist /usr/share/geary to avoid breakage. | ||
* | Move wusc into eo-common.profile | glitsj16 | 2019-10-07 |
| | |||
* | Move wusc into eo-common.profile | glitsj16 | 2019-10-07 |
| | |||
* | Move wusc into eo-common.profile | glitsj16 | 2019-10-07 |
| | |||
* | various profile fixes | rusty-snake | 2019-10-06 |
| | |||
* | Fix wusc in thunderbird | glitsj16 | 2019-10-06 |
| | |||
* | Wusc fixes (#2992) | glitsj16 | 2019-10-06 |
| | | | | | | | | | | | | * Add wusc to eom * Fix wusc in firefox Without access to /usr/share/ca-certificates all HTTPS traffic gets the FF dialog 'Warning: Potential Security Risk Ahead'. Probably needed in thunderbird profile too (untested). * Fix wusc ordering in meld Just an alphabetical ordering nitpick. | ||
* | whitelist-usr-share-common.inc (#2972) | rusty-snake | 2019-10-05 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Work on whitelist-usr-share-common * sorting; add Modules + QT/KDE stuff * add wusc.inc to more profiles [needs testing] * update * gitg, firefox, evince * /usr/share/{p11-kit,pixmaps,pki,qt5,tcl8.6,terminfo} * more profiles * remove wusc.inc from feedreader Even with 'whitelist /usr/share/*', feedreader trys to dereference a NULL pointer. * more profiles * whitelist /usr/share breaks wget even with whitelist /usr/share/* * extend wusc.inc * update * Add alsa,crypto-policies and zoneinfo * readd wusc.inc to wget and feedreader * update * testing results: Debian Buster with KDE * more KDE stuff * fix tb | ||
* | remove trailing slashes | rusty-snake | 2019-10-05 |
| | |||
* | Update firefox-common-addons.inc | rusty-snake | 2019-10-05 |
| | |||
* | add private-tmp to unbound profile | smitsohu | 2019-10-01 |
| | |||
* | Update evince | rusty-snake | 2019-09-28 |
| | | | | | | | private-lib: - Add note about possible two-page-view breaktage - add libgraphite2.so.* remove mdwe | ||
* | fixup! add missing blacklist paths | rusty-snake | 2019-09-28 |
| | |||
* | Fix sorting (caught by GitLab CI tests) | Fred Barclay | 2019-09-28 |
| | |||
* | fix ffprobe | rusty-snake | 2019-09-28 |
| | | | | | | | | | | | $ firejail ffprobe VIDEO execvp: No such file or directory $ firejail --noprofile --private-bin=ffprobe ffprobe VIDEO execvp: No such file or directory $ firejail --ignore=private-bin ffprobe VIDEO Works ffprobe is the only file in PATH that is touched (see --build). | ||
* | add missing blacklist paths | rusty-snake | 2019-09-28 |
| | |||
* | KeePassXC: Added a warning regarding tray icon | Timo Hardebusch | 2019-09-28 |
| | |||
* | profiles: fix audio playback with ffplay | Reiner Herrmann | 2019-09-28 |
| | | | | https://bugs.debian.org/941241 | ||
* | protect files that can execute commands | rusty-snake | 2019-09-22 |
| | |||
* | Inkscape: allow xcf export | rusty-snake | 2019-09-22 |
| | | | close #2967 | ||
* | add allow-debuggers to steam.profile (#2971) | corecontingency | 2019-09-21 |
| | |||
* | readd .config/dconf to whitelist-common because … | rusty-snake | 2019-09-21 |
| | | | | … it breaks feedreader and potential also other programs | ||
* | Create pngquant.profile | rusty-snake | 2019-09-21 |
| | |||
* | Create gnome-latex.profile | rusty-snake | 2019-09-20 |
| | |||
* | apparmor: permit writing to trace file | smitsohu | 2019-09-18 |
| | |||
* | Add allow-perl.inc to w3m.profile (#2965) | Ethan R | 2019-09-16 |
| | | | | | | * Removed disable-interpreters.inc from w3m.profile * disable-interpreters + allow-perl | ||
* | Fix #2899 | rusty-snake | 2019-09-15 |
| | |||
* | typos [skip ci] | rusty-snake | 2019-09-14 |
| | |||
* | "Net None" Option Breaks Functionality (#2962) | Barış Ekin Yıldırım | 2019-09-14 |
| | | | Netfilter is fine but "net none" option breaks functionality of marketplace. | ||
* | Fix #2945 (Signal 1.27 Fails to Start) | rusty-snake | 2019-09-13 |
| | |||
* | Update SkypeForLinux profile for latest version (#2960) | Denys Havrysh | 2019-09-13 |
| | | | Fixes #2933 | ||
* | Add ar profile (#2949) | glitsj16 | 2019-09-08 |
| | | | | | | * Add ar to firecfg * Create ar.profile | ||
* | Fix private-bin in tar.profile | glitsj16 | 2019-09-06 |
| | | | Fixes #2942. | ||
* | Fix gnome-schedule | glitsj16 | 2019-09-06 |
| | | | This fixes #2941. | ||
* | Update syscalls.txt | rusty-snake | 2019-09-05 |
| | |||
* | remove ~/.config/dconf from whitelist-common.inc | rusty-snake | 2019-09-05 |
| | | | | | - dconf database is read-only (fde6e04b) and accessed over dbus, there are no reasons to keep it in the sandbox | ||
* | explain removal of nodbus in qpdfview.profile | smitsohu | 2019-09-05 |
| | | | see previous commit, #2879 | ||
* | Merge pull request #2879 from Edu4rdSHL/patch-1 | smitsohu | 2019-09-05 |
|\ | | | | | qpdfview: Fix issue when opening a file from file manager | ||
| * | Fix issue when opening a file from file manager | Eduard Tolosa | 2019-07-29 |
| | | | | | | I can confirm https://github.com/netblue30/firejail/pull/2837#issuecomment-511334363 when opening a file from `pcmanfm`, it doesn't open if qpdfview contains `nodbus` | ||
* | | fixup! Use new seccomp syntax from #2926 in more profiles | rusty-snake | 2019-08-30 |
| | | |||
* | | fix #2669 | rusty-snake | 2019-08-30 |
| | | |||
* | | Use new seccomp syntax (#2926) in more profiles | rusty-snake | 2019-08-30 |
| | | | | | | | | | | | | | | | | | | | | Rules for redirecting profiles: - add exceptions: just add 'seccomp !SYSCALL' - remove exception: ``` seccomp ignore seccomp ``` | ||
* | | Use new seccomp syntax from #2926 in more profiles | rusty-snake | 2019-08-30 |
| | | |||
* | | Use new seccomp syntax from #2926 | rusty-snake | 2019-08-30 |
| | | |||
* | | Fix private-bin order in ghostwriter.profile | glitsj16 | 2019-08-26 |
| | | |||
* | | Fix order of private-cache in mpsyt.profile | glitsj16 | 2019-08-26 |
| | | |||
* | | Fic private-etc ordering for gnome-schedule | glitsj16 | 2019-08-26 |
| | |