| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Remove obsolete snap support from disable-programs.inc
* Remove obsolete snap support from pycharm-community.profile
* Update RELNOTES to reflect non-existing/dropped flatpak/snap support
* Update firejail.txt to reflect flatpak/snap packages are not supported
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Refactor seahorse into a whitelist profile
* Refactor seahorse-tool as a whitelist profile
* Create seahorse-daemon.profile
* Add seahorse-daemon to firecfg
* Drop blacklist /tmp/.X11-unix from seahorse.profile
Thanks to @rusty-snake for pointing out blacklisting /tmp/.X11-unix is ridiculous for GUI's.
* Add non-GUI option to seahorse-daemon
|
| |/
|
|
|
|
|
|
|
|
| |
when nesting containers and sandboxes, it is possible setuid() fails
silently to reset the saved uid, which is then cleared only by
the next execve. This is solved by replacing setuid() with more
robust setresuid() function calls.
Also add code to drop privileges when entering the run_no_sandbox()
function (along with some minor tidy up).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Harden atool
* Harden cpio
* Fix ordering in private-* options
* Harden gzip
* Harden tar
* Harden bsdtar
* Harden+ tar
* Harden+ gzip
* Harden+ cpio
* Create bzip2.profile
* Description for bunzip2
* Add bzip2/bunzip2 to firecfg
|
| |
|
|
|
|
|
|
|
|
|
| |
The command was only recognized if it was passed as the first argument.
Passing it on any other position on the command line caused the following
error:
Error: invalid --keep-var-tmp command line option
Supplying it as the first argument also resulted in other commands that are
parsed after it to be silently ignored.
|
| | |
|
| |
|
|
|
|
| |
* Create nomacs.profile
* Fix nomacs.profile
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create lrunzip.profile
* Create lrz.profile
* Create lrzcat.profile
* Create lrzip.profile
* Create lrztar.profile
* Create lrzuntar.profile
* Create zpaq.profile
* Add lrzip and friends to firecfg
|
| | |
|
| |
|
|
| |
firetools
|
| | |
|
| |\
| |
| | |
fix start-tor-browser.desktop.profile
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
+ add code-oss to firecfg
+ potential fix for https://github.com/netblue30/firejail/issues/2051#issuecomment-470665213
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* Delete hardinfo.profile
The profile is pretty broken as-is. A lot of the info is missing/incorrect and a quick-fix isn't on my horizon. Let's remove it for now and see if we can do better later on.
* Remove hardinfo from firecfg
|
| | |
| |
| |
| |
| | |
Some profiles may need adjusting if app uses memfd_create(2) and
memory-deny-write-execute was enabled.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Harden transmission-cli.profile
* Harden transmission-gtk.profile
* Harden transmission-qt.profile
* Harden transmission-show.profile
* Create transmission-create.profile
* Create transmission-daemon.profile
* Create transmission-edit.profile
* Create transmission-remote.profile
* Create transmission-remote-cli.profile
* Create transmission-remote-gtk.profile
* Fix spacing in transmission-remote-cli.profile
* Add transmission-daemon to firecfg
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Create gnome-schedule.profile
* Add gnome-schedule configs to disable-programs.inc
* Add gnome-schedule to firecfg
* mkfile and whitelist changes for gnome-schedule
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* Create transgui.profile
* Add transgui config to disable-programs.inc
* Add transgui to firecfg
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* Create sysprof.profile
* Create sysprof-cli.profile
* Add sysprof to firecfg
|
| | |
| |
| |
| |
| |
| | |
* Create simplescreenrecorder.profile
* Add simplescreenrecorder to firecfg
|
| | |
| |
| |
| |
| |
| | |
* Create geekbench.profile
* Add geekbench to firecfg
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* Create xfce4-mixer.profile
* Add xfce4-mixer config to disable-programs.inc
* Add xfce4-mixer to firecfg
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* Create pavucontrol.profile
* Add pavucontrol config to disable-programs.inc
* Add pavucontrol to firecfg
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* Create d-feet.profile
* Add d-feet config to disable-programs.inc
* Add d-feet to firecfg
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* Create seahorse.profile
* Create seahorse-tool.profile
* Add seahorse to firecfg
|
| | |
| |
| |
| |
| |
| | |
* Create regextester.profile
* Add regextester to firecfg
|
| | |
| |
| |
| |
| |
| | |
* Create hardinfo.profile
* Add hardinfo to firecfg
|
| | |
| |
| |
| |
| |
| | |
* Create gnome-system-log.profile
* Add gnome-system-log to firecfg
|
| | |
| |
| |
| |
| |
| | |
* Create gnome-nettool.profile
* Add gnome-nettool to firecfg
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* Create netactview.profile
* Add netactview config to disable-programs.inc
* Add netactview to firecfg
|
rusty-snake
rusty-snake
Tad
smitsohu
glitsj16
Lukáš Krejčí
7twin
netblue30
Topi Miettinen