Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Add spectacle's profile (#3717) | Neo00001 | 2020-11-02 |
| | | | | | | | * Update firecfg.config * Update disable-programs.inc * Create spectacle.profile | ||
* | added bluetooth to the list of protocols allowed by seccomp | netblue30 | 2020-10-28 |
| | |||
* | reverted --bind as root - some security problems | netblue30 | 2020-10-27 |
| | |||
* | compile time option to disable --private-cache and --tmpfs for regular user | netblue30 | 2020-10-27 |
| | |||
* | Merge pull request #3676 from rusty-snake/tmpfs-inside-home | netblue30 | 2020-10-25 |
|\ | | | | | Allow --tmpfs and --bind inside $HOME for unprivileged users | ||
| * | Likewise allow --bind inside $HOME for users | rusty-snake | 2020-10-23 |
| | | |||
| * | Allow --tmpfs inside $HOME for unprivileged users | rusty-snake | 2020-10-23 |
| | | | | | | | | | | | | | | --tmpfs was added in 0.9.14 and restricted to root only in 0.9.38 due to priv-esc CVE-2016-10117 (e.g. --tmpfs=/etc and modify /etc/sudoers). This commit reintroduce it for normal users, if the realpath of it is inside users-home. | ||
* | | harden peek; update README.md; add gnome-sound-… | rusty-snake | 2020-10-23 |
|/ | | | | …recorder to firecfg.config | ||
* | fix #3478 | netblue30 | 2020-10-19 |
| | |||
* | fix manpage wanings (#3563) | netblue30 | 2020-10-19 |
| | |||
* | Apply --rmenv immediately to help to avoid the env var length check | Topi Miettinen | 2020-10-16 |
| | | | | | | | | | | | | | | | | | | Remove environment variables with --rmenv immediately. This fixes removing long environment variables (LS_COLORS generated by vivid), previously the length filter would trip before the command was processed. This changes user visible behavior slightly, for example --rmenv=LANG now applies also to Firejail, while earlier it would only apply to sandboxed program. Partially fixes #3673, but not handling `rmenv` in profiles. Also suggest --rmenv when there are problems with enviroment variables. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | ||
* | Remove unused variables | Reiner Herrmann | 2020-10-14 |
| | | | | | Fixes clang-analyzer warnings: "Although the value stored to 'xxxxx' is used in the enclosing expression, the value is never actually read from 'xxxxx'" | ||
* | merges, fix for #3662 etc. | netblue30 | 2020-10-13 |
| | |||
* | allowing links in netns | dpellegr | 2020-10-12 |
| | |||
* | man: call preproc.awk via Makefile, as the shebang hardcodes the path | Reiner Herrmann | 2020-10-10 |
| | |||
* | build: add -fPIE to LDFLAGS | Reiner Herrmann | 2020-10-08 |
| | | | | | | | according to GCC documentation (https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html): "For predictable results, you must also specify the same set of options used for compilation (-fpie, -fPIE, or model suboptions) when you specify this linker option." | ||
* | selinux: exit when selinux is enabled but opening handle fails | Reiner Herrmann | 2020-10-06 |
| | |||
* | selinux: don't try to relabel path when selinux is not enabled | Reiner Herrmann | 2020-10-06 |
| | | | | Fixes: #3654 | ||
* | fix indentation | Reiner Herrmann | 2020-10-06 |
| | |||
* | DHCP fixes | netblue30 | 2020-10-06 |
| | |||
* | Fix typo | Reiner Herrmann | 2020-10-05 |
| | |||
* | Fix spelling | Reiner Herrmann | 2020-10-05 |
| | |||
* | testing 0.9.64rc1 - disable dumpable working for this release, problems on ↵0.9.64rc1 | netblue | 2020-10-04 |
| | | | | Debian8; we will bring it back in the next release | ||
* | move to addgroup --system (#3632) | netblue30 | 2020-10-03 |
| | |||
* | New profile: equalx | rusty-snake | 2020-10-03 |
| | |||
* | chromium-freeworld profile (#3633) | rusty-snake | 2020-10-03 |
| | |||
* | more nvidia (#3644) | netblue30 | 2020-10-03 |
| | |||
* | temporary fix for nvidia/nogroups/noroot issue (#3644, #841) | netblue30 | 2020-10-02 |
| | |||
* | profstats - add count for whitelisted home dir, dbus-user none | netblue30 | 2020-10-02 |
| | |||
* | fix build with clang | Reiner Herrmann | 2020-10-01 |
| | | | | error: adding 'int' to a string does not append to the string [-Werror,-Wstring-plus-int] | ||
* | build: remove -pie from CFLAGS, as it is a linker option | Reiner Herrmann | 2020-10-01 |
| | | | | building with clang printed a warning | ||
* | some cleanup for the previous commit (#3530) | netblue30 | 2020-10-01 |
| | |||
* | don't execute include disable-shell.inc for appimages (#3530) | netblue30 | 2020-10-01 |
| | |||
* | document private-bin and private-lib disabled by default when running ↵ | netblue30 | 2020-10-01 |
| | | | | appimages (#3530) | ||
* | disable /pulse for --nosound (#3263) | netblue30 | 2020-10-01 |
| | |||
* | replaced --nowrap with --wrap in firemon (#2992) | netblue30 | 2020-10-01 |
| | |||
* | print error for /home/netblue in profile files (#3071) | netblue30 | 2020-10-01 |
| | |||
* | fix shell=none for --audit (#3116) | netblue30 | 2020-10-01 |
| | |||
* | removing fork from ls.c in order to get firetools running the file manager | netblue30 | 2020-09-30 |
| | |||
* | manpages: file transfer | startx2017 | 2020-09-30 |
| | |||
* | manpages: network configuration | startx2017 | 2020-09-30 |
| | |||
* | manpages: configuration for dbus | startx2017 | 2020-09-30 |
| | |||
* | clean gcc ananlyzer warnings - #3377 | netblue30 | 2020-09-28 |
| | |||
* | free some memory; get rid of false positive from gcc static analyzer | netblue30 | 2020-09-28 |
| | |||
* | new profile: xournalpp | rusty-snake | 2020-09-25 |
| | |||
* | print errors to stderr and prefix them consistently | Reiner Herrmann | 2020-09-12 |
| | |||
* | add --include (#3571) | rusty-snake | 2020-09-11 |
| | | | | | | | * add --include closes #2923 * Priorize searching in cwd | ||
* | disable dbus proxy at compile time (default enabled) - part 1 | netblue30 | 2020-09-09 |
| | |||
* | profstats: track dbus-system none | netblue30 | 2020-09-08 |
| | |||
* | manpages: configuration for user namespace, x11 | startx2017 | 2020-09-03 |
| |