| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* README.md & RELNOTES
* Allow gnome-build do read and write .bash_history, it has a build-in
terminal
* D-Bus filter for gnome-passwordsafe
* wruc for supertuxkart
* wruc+wusc for totem
* dbus-system none for totem
* remove src/man/preproc.c it is replaced by preproc.awk
* remove dead-code form preproc.awk
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add profile for twitch,youtube wrappers
* Fix git-cola, add Youtube music wrapper profiles
* Fixes for git-cola again
* Add profile for alternative name for git-cola
* Fixes
* Fix
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Added minecraft-launcher-profile
Initial
* Changed minecraft-launcher profile
Added space,tracelog,nodvd
* New profiles for balsa,trojita,kube
* Switch to whitelisting
* Enable gpg,firefox uniformity between other clients
* Hyperlinks
* Fix
Co-authored-by: kortewegdevries <k0rtic_dv@aol.com>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Profile for Psi
* Fix pidgin buddy icon
* Profile for man
* Add profile for smuxi
* Comment man in firecfg
* Add pinentry programs
* Update etc/profile-m-z/psi.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
| |
* Matrix clients
Initial
* Add profile for fractal, # 1139
* Fixes
|
|
|
|
|
|
|
|
|
| |
* Various profiles
Initial
* Various fixes # 1
Removed blacklist,no3d; added icon flatpak paths;sorting;added space
|
|\ |
|
| |\ |
|
| | | |
|
| | | |
|
| |/ |
|
|/ |
|
|
|
| |
fixes e.g. --shell=none --seccomp.drop=write --seccomp-error-action=kill
|
|
|
|
|
|
|
|
|
|
| |
1) close #3612
2) remove an implicit limitation on rlimit-fsize option
(could not set limit to smaller than 6 bytes without affecting
the ability to join a sandbox)
3) rename 'join-or-start' file to just 'join'
4) when waiting for a sandbox that is not fully configured yet,
increase polling frequency from 10 per second to 100 per second
|
| |
|
|
|
| |
closes #3356
|
|
|
| |
closes #3584
|
|
|
|
| |
issue #3568
|
| |
|
|
|
|
| |
... and don't fail hard without need if there is a FUSE mount
|
|
|
|
| |
don't report success if read failed
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| |\
| | |
| | | |
hardening: run plugins with dumpable flag cleared
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1) copy xauth binary into the sandbox and set mode to 0711, so it runs
with cleared dumpable flag for unprivileged users
2) run xauth in an sbox sandbox
3) generate Xauthority file in runtime directory instead of /tmp;
this way xauth is able to connect to the X11 socket even if the
abstract socket doesn't exist, for example because a new network
namespace was instantiated
|
| | | |
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | |/
| |/| |
|
| |/
|/| |
|
|\ \
| | |
| | | |
harden bandwidth command
|
| | |
| | |
| | | |
add extra checks to defend against command injection (respective strings are controlled by Firejail, so this should be redundant and only for the paranoid), run shell in a minimal sandbox
|
| | |
| | |
| | |
| | | |
on Ubuntu autopkgtest runs on armhf, /dev/zero creation fails.
|
| | | |
|
|\ \ \
| | | |
| | | | |
seccomp: logging
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allow `log` as an alternative seccomp error action instead of killing
or returning an errno code.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Initial,amend: wrong dir,delete gtk-*,added new files
Co-authored-by: kortewegdevries <k0rtic_dv@aol.com>
|
| | | |
| | | |
| | | |
| | | | |
add check so that environment variable FIREJAIL_CHROOT_X11 can be used
to mount /tmp/.X11-unix into the chroot; issue #3568
|