| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Add cheese.profile
|
| | |
|
|\ \
| | |
| | | |
Add a conditional to control DRM/noexec exception for browsers
|
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Update firecfg.config
* Create gramps.profile
* Update disable-programs.inc
* Create newsboat.profile
* Update disable-programs.inc
* Update firecfg.config
* Create freeoffice-planmaker
* Create freeoffice-textmaker
* Create freeoffice-presentations
* Update disable-programs.inc
* Update firecfg.config
* Update newsboat.profile
* Update newsboat.profile
* Update gramps.profile
* Update freeoffice-textmaker
* Update freeoffice-planmaker
* Update freeoffice-presentations
* Update freeoffice-planmaker
* Update freeoffice-presentations
* Update freeoffice-textmaker
* Rename freeoffice-planmaker to freeoffice-planmaker.profile
* Rename freeoffice-presentations to freeoffice-presentations.profile
* Rename freeoffice-textmaker to freeoffice-textmaker.profile
* Update gramps.profile
* Update freeoffice-planmaker.profile
* Update freeoffice-presentations.profile
* Update freeoffice-textmaker.profile
* Update freeoffice-textmaker.profile
* Update freeoffice-presentations.profile
* Update newsboat.profile
* Update gramps.profile
* Update freeoffice-planmaker.profile
* Update freeoffice-presentations.profile
* Update freeoffice-textmaker.profile
|
|/ |
|
|
|
|
|
| |
Requested by @nyancat18 in
https://github.com/netblue30/firejail/issues/1139#issuecomment-314527143
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add autokey to firecfg.config
* Update README.md
* Update RELNOTES
* Create autokey-common.profile
* Create autokey-gtk.profile
* Create autokey-qt.profile
* Create autokey-run.profile
* Create autokey-shell.profile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Temp fixes for firecfg.config
* Create Builder.profile
* Create clocks.profile
* Create Logs.profile
* Create Maps.profile
* Add TODO to firecfg.config
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
avoid creating locations in the file system that are both writable and
executable (in this case for processes with euid of the user).
for the same reason also remove user owned libfiles
when it is not needed any more
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| | |
|
| | |
|
|/ |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Remove obsolete snap support from disable-programs.inc
* Remove obsolete snap support from pycharm-community.profile
* Update RELNOTES to reflect non-existing/dropped flatpak/snap support
* Update firejail.txt to reflect flatpak/snap packages are not supported
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Refactor seahorse into a whitelist profile
* Refactor seahorse-tool as a whitelist profile
* Create seahorse-daemon.profile
* Add seahorse-daemon to firecfg
* Drop blacklist /tmp/.X11-unix from seahorse.profile
Thanks to @rusty-snake for pointing out blacklisting /tmp/.X11-unix is ridiculous for GUI's.
* Add non-GUI option to seahorse-daemon
|
|/
|
|
|
|
|
|
|
|
| |
when nesting containers and sandboxes, it is possible setuid() fails
silently to reset the saved uid, which is then cleared only by
the next execve. This is solved by replacing setuid() with more
robust setresuid() function calls.
Also add code to drop privileges when entering the run_no_sandbox()
function (along with some minor tidy up).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Harden atool
* Harden cpio
* Fix ordering in private-* options
* Harden gzip
* Harden tar
* Harden bsdtar
* Harden+ tar
* Harden+ gzip
* Harden+ cpio
* Create bzip2.profile
* Description for bunzip2
* Add bzip2/bunzip2 to firecfg
|
|
|
|
|
|
|
|
|
|
|
| |
The command was only recognized if it was passed as the first argument.
Passing it on any other position on the command line caused the following
error:
Error: invalid --keep-var-tmp command line option
Supplying it as the first argument also resulted in other commands that are
parsed after it to be silently ignored.
|
| |
|
|
|
|
|
|
| |
* Create nomacs.profile
* Fix nomacs.profile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create lrunzip.profile
* Create lrz.profile
* Create lrzcat.profile
* Create lrzip.profile
* Create lrztar.profile
* Create lrzuntar.profile
* Create zpaq.profile
* Add lrzip and friends to firecfg
|
| |
|
|
|
|
| |
firetools
|
| |
|
|\
| |
| | |
fix start-tor-browser.desktop.profile
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
+ add code-oss to firecfg
+ potential fix for https://github.com/netblue30/firejail/issues/2051#issuecomment-470665213
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Delete hardinfo.profile
The profile is pretty broken as-is. A lot of the info is missing/incorrect and a quick-fix isn't on my horizon. Let's remove it for now and see if we can do better later on.
* Remove hardinfo from firecfg
|
| |
| |
| |
| |
| | |
Some profiles may need adjusting if app uses memfd_create(2) and
memory-deny-write-execute was enabled.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Harden transmission-cli.profile
* Harden transmission-gtk.profile
* Harden transmission-qt.profile
* Harden transmission-show.profile
* Create transmission-create.profile
* Create transmission-daemon.profile
* Create transmission-edit.profile
* Create transmission-remote.profile
* Create transmission-remote-cli.profile
* Create transmission-remote-gtk.profile
* Fix spacing in transmission-remote-cli.profile
* Add transmission-daemon to firecfg
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Create gnome-schedule.profile
* Add gnome-schedule configs to disable-programs.inc
* Add gnome-schedule to firecfg
* mkfile and whitelist changes for gnome-schedule
|
| | |
|
| | |
|