Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | private-bin and private-lib fixes | netblue30 | 2017-11-08 | |
| | ||||
* | modif: --profile-path was deprecated | netblue30 | 2017-10-27 | |
| | ||||
* | --timeout, fix #1614 | netblue30 | 2017-10-25 | |
| | ||||
* | implemented --rlimit-cpu - set max CPU time for processes running in the ↵ | startx2017 | 2017-10-24 | |
| | | | | sandbox; for issue #1614, more to come... | |||
* | --build: save the resulting profile in a file | netblue30 | 2017-10-22 | |
| | ||||
* | allow blacklists noexec etc. in private home directories; fix bug #1608 | netblue30 | 2017-10-20 | |
| | ||||
* | merge --rlimit-as | startx2017 | 2017-10-15 | |
| | ||||
* | globbing - manpage | startx2017 | 2017-10-15 | |
| | ||||
* | apparmor | netblue30 | 2017-10-12 | |
| | ||||
* | Update manpages to use HTTPS links | Kunal Mehta | 2017-10-07 | |
| | | | | | All of these websites support HTTPS, and nearly all of them redirect to it anyways. | |||
* | potential fix for mutt/gnupg issue #1585 | netblue30 | 2017-10-02 | |
| | ||||
* | Update man page since --private-dev allows disc devices like cdrom | Fred-Barclay | 2017-09-19 | |
| | ||||
* | spelling | netblue30 | 2017-09-17 | |
| | ||||
* | profile build tool | netblue30 | 2017-09-17 | |
| | ||||
* | --writable-run-user man page | netblue30 | 2017-09-14 | |
| | ||||
* | --writable-run-user, solving ssh/gnupg authentication problems for smarcards | netblue30 | 2017-09-14 | |
| | ||||
* | fix manpage for --output | netblue30 | 2017-09-12 | |
| | ||||
* | --profile.print option | netblue30 | 2017-09-02 | |
| | ||||
* | man page | netblue30 | 2017-08-23 | |
| | ||||
* | cleanup | netblue30 | 2017-08-23 | |
| | ||||
* | Feature: switch/config option to block secondary architectures | Topi Miettinen | 2017-08-19 | |
| | | | | | | | | | Add a feature for a new (opt-in) command line switch and config file option to block secondary architectures entirely. Also block changing Linux execution domain with personality() system call for the primary architecture. Closes #1479 | |||
* | Postpone installation of seccomp filters just before execve | Topi Miettinen | 2017-08-19 | |
| | ||||
* | Minor manpage correction | Reiner Herrmann | 2017-08-18 | |
| | ||||
* | memory-deny-write-execute testing | netblue30 | 2017-08-18 | |
| | ||||
* | private-lib | netblue30 | 2017-08-17 | |
| | ||||
* | memory-deny-write-execute | netblue30 | 2017-08-17 | |
| | ||||
* | --net=none documentation | netblue30 | 2017-08-17 | |
| | ||||
* | update RELNOTES/Readme.md/--help; man page update for #1439 | startx2017 | 2017-08-14 | |
| | ||||
* | Allow any syscall to be blacklisted (#1447) | Topi Miettinen | 2017-08-13 | |
| | | | | | | | Allow any syscall to be blacklisted with aid of LD_PRELOAD library, libpostexecseccomp.so. Closes: #1447 | |||
* | modif: --output split in two commands, --output and --output-stderr; fix for ↵ | netblue30 | 2017-08-13 | |
| | | | | #1458 | |||
* | added --nodvd | netblue30 | 2017-08-12 | |
| | ||||
* | typo | Reiner Herrmann | 2017-08-10 | |
| | ||||
* | --notv for #1446 | startx2017 | 2017-08-10 | |
| | ||||
* | Seccomp: split @default into more meaningful smaller groups | Topi Miettinen | 2017-08-06 | |
| | ||||
* | Seccomp: system call grouping and call numbers | Topi Miettinen | 2017-08-06 | |
| | ||||
* | get_mempolicy syscall was temporarily removed from the default seccomp list. ↵ | netblue30 | 2017-08-02 | |
| | | | | | | It seems to break playing youtube videos on Firefox Nightly - #1414 | |||
* | Memory-deny-write-execute feature | Topi Miettinen | 2017-07-30 | |
| | | | | Feature to block attempts to create writable and executable memory. | |||
* | Private /lib feature | Topi Miettinen | 2017-07-30 | |
| | ||||
* | merges | netblue30 | 2017-07-25 | |
| | ||||
* | support for Xephyr screen size | netblue30 | 2017-07-19 | |
| | ||||
* | per-profile disable-mnt | netblue30 | 2017-07-04 | |
| | ||||
* | merges | netblue30 | 2017-06-22 | |
| | ||||
* | novideo fixes | netblue30 | 2017-06-11 | |
| | ||||
* | fix manpage: removed --seccomp.errno, currently supported by the regular ↵ | startx2017 | 2017-05-26 | |
| | | | | --seccomp=command | |||
* | Remove trailing whitespace from src/ | Fred Barclay | 2017-05-24 | |
| | ||||
* | --novideo option | Fred Barclay | 2017-05-22 | |
| | | | | | Still a work in progress. Code needs cleanup and improvement, but it does block /dev/video* in all of my tests so far. | |||
* | bringing back firecfg --fix | netblue30 | 2017-05-19 | |
| | ||||
* | support /dev/video* in private-dev, bringing back private-dev in firefox profile | netblue30 | 2017-05-19 | |
| | ||||
* | merged 0.9.46-bugfixes on mainline following 0.9.46 release | startx2017 | 2017-05-17 | |
| | ||||
* | --fix-sound support in firecfg | netblue30 | 2017-05-03 | |
| |