aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
* fix braseroLibravatar rusty-snake2019-12-06
|
* Merge pull request #3065 from the-antz/profile-thunderbird-waylandLibravatar smitsohu2019-12-03
|\ | | | | Minor profile tweaks.
| * Minor profile tweaks.Libravatar Antz2019-11-26
| | | | | | | | thunderbird-wayland profile did not include thunderbird-wayland.local
* | libreoffice aliasenLibravatar rusty-snake2019-11-28
| |
* | Fix profile: ffmpeg (#3064)Libravatar the-antz2019-11-27
|/ | | Fix broken libx265 encoding (needs the set_mempolicy syscall).
* blacklist /tmp/.X11-unix in gist.profileLibravatar glitsj162019-11-25
| | | Thanks to @rusty-snake for requesting this in https://github.com/netblue30/firejail/pull/3061.
* Add redirect profile for gist-paste (#3062)Libravatar glitsj162019-11-25
|
* Add new profile: gist (#3061)Libravatar glitsj162019-11-25
| | | | | | | | | | | | * Create gist.profile * Add gist config to disable-programs.inc * Add gist to firecfg.config * Update RELNOTES * Update README.md
* blacklist gksu, gksudo, kdesudoLibravatar rusty-snake2019-11-25
|
* various fixupsLibravatar rusty-snake2019-11-25
|
* apparmor: misc fix for pcscdLibravatar Vincent432019-11-24
|
* apparmor: don't allow mounts and paths manipulationLibravatar Vincent432019-11-24
| | | | | | | | | | | | | AppArmor security relies on path based rules and rewriting paths may allow to bypass them. Those actions are priveliged so vast majority of apps shouldn't need them anyway. If some app need those rules then it's better to consider them as unsuitable for apparmor option rather than weaken generic profile for all apps. See related issue reported by apparmor usage in snap: https://bugs.launchpad.net/snapd/+bug/1791711
* apparmor: allow access to pcscd socket (smartcards)Libravatar Vincent432019-11-24
|
* Add new profile: unf (#3060)Libravatar glitsj162019-11-24
| | | | | | * Create unf.profile * Add unf to firecfg.config
* Add new profile: gmpc (#3059)Libravatar glitsj162019-11-24
| | | | | | | | * Create gmpc.profile * Add gmpc config to disable-programs.inc * Add gmpc to firecfg.config
* Add new profile: drawio (#3058)Libravatar glitsj162019-11-24
| | | | | | | | * Create drawio.profile * Add drawio config to disable-programs.inc * Add drawio to firecfg.config
* Add new profile: ddgtk (#3057)Libravatar glitsj162019-11-24
| | | | | | * Create ddgtk.profile * Add ddgtk to firecfg.config
* Add new profile: cameramonitor (#3056)Libravatar glitsj162019-11-24
| | | | | | * Create cameramonitor.profile * Add cameramonitor to firecfg.config
* New profile: audio-recorder (#3055)Libravatar glitsj162019-11-24
| | | | | | * Create audio-recorder.profile * Add audio-recorder to firecfg.config
* mergesLibravatar Tad2019-11-24
|
* profanity: reorder alphabeticallyLibravatar Adrian L. Shaw2019-11-24
|
* profanity: reorder alphabeticallyLibravatar Adrian L. Shaw2019-11-24
|
* profanity: allow Python plugins and reorder rulesLibravatar Adrian L. Shaw2019-11-24
|
* Separate the whitelist section of profanity profileLibravatar Adrian L. Shaw2019-11-24
|
* Sort and harden profanity profileLibravatar Adrian L. Shaw2019-11-24
|
* Add profile for the Profanity chat clientLibravatar Adrian L. Shaw2019-11-24
|
* Use seccomp ! syntax in electron-mail.profileLibravatar glitsj162019-11-23
|
* Add new electron-mail profile (#3053)Libravatar glitsj162019-11-23
| | | | | | | | * Create electron-mail.profile * Add electron-mail to disable-programs.inc * Add electron-mail to firecfg.config
* Add lensfun support for gimpLibravatar glitsj162019-11-22
|
* Add babl/gegl support for gimp (#3051)Libravatar glitsj162019-11-22
| | | | | | | | * Add babl/gegl caches for gimp * Add gir-1.0 to wusc * Add babl/gegl support to gimp.profile
* Merge pull request #3044 from netblue30/ssh_ncLibravatar netblue302019-11-13
|\ | | | | RFC: profiles: allow nc in ssh profile by default
| * profiles: allow nc in ssh profile by defaultLibravatar Reiner Herrmann2019-11-13
| |
* | Merge pull request #3037 from vutny/fix-3029Libravatar netblue302019-11-13
|\ \ | | | | | | Resolve #3029: drop outdated Skype profile
| * | Resolve #3029: drop outdated Skype profileLibravatar Denys Havrysh2019-11-12
| | |
* | | wine: propose allow-debuggers insteadLibravatar smitsohu2019-11-13
| | |
* | | harden wine profileLibravatar smitsohu2019-11-13
| |/ |/|
* | add signal mediation to apparmor profileLibravatar smitsohu2019-11-13
| | | | | | | | second line of defense, as there is always a pid namespace, too
* | some apparmor profile cleanupLibravatar smitsohu2019-11-12
| | | | | | | | | | | | | | | | writing in /run/firejail/profile has always been restricted to root user, and in addition this folder is blacklisted since recently; @{profile_name} is built-in and adds a bit of flexibility; apparmor cannot be used to restrict directory search permission, so add more rules for sensitive paths
* | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2019-11-12
|\ \
| * | Fix dig.profile on UbuntuLibravatar glitsj162019-11-11
| | | | | | | | | Fixes #3038.
* | | blacklist .fscrypt directoriesLibravatar smitsohu2019-11-12
|/ /
* | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2019-11-11
|\|
| * rework strings.profileLibravatar rusty-snake2019-11-10
| | | | | | | | close #2988
* | tentatively fix k3b profile - #2989Libravatar smitsohu2019-11-11
|/
* add kfind profileLibravatar smitsohu2019-11-09
|
* fix nano support in git profileLibravatar smitsohu2019-11-09
|
* harden balooLibravatar smitsohu2019-11-09
|
* Fix #3024Libravatar rusty-snake2019-11-08
| | | | html5, flash and widevine media support unavailable since vivaldi 2.9
* dia profile: disable interpreters but allow pythonLibravatar netblue302019-11-08
|
* dia apparently wants access to python interpreter and environment for ↵Libravatar Jan2019-11-08
| | | | scripting, even though it is written in C, maybe another fix would be better
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-05 13:15:12 +0000