| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
- fix description
- add gnome-klotski, five-or-more, swell-foop
[skip ci]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- blobwars
- gravity-beams-and-evaporating-stars
- hyperrogue
- jumpnbump-menu (alias)
- jumpnbump
- magicor
- mindless
- mirrormagic
- mrrescue
- scorched3d-wrapper (alias)
- scorchwentbonkers
- seahorse-adventures
- wordwarvi
- xbill
|
| | |
|
| | |
|
| |\ |
|
| | |\
| | |
| | | |
Preserve CFLAGS given to configure in common.mk.in
|
| | | | |
|
| |/ / |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
| |
- four-in-a-row
- gnome-mahjongg
- gnome-robots
- gnome-sudoku
- gnome-taquin
- gnome-tetravex
harden gnome-chess
|
| |\
| |
| | |
Create ferdi.profile
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
System calls (names and numbers) are not exactly the same for 32 bit
and 64 bit architectures. Let's allow defining separate filters for
32-bit arch using seccomp.32, seccomp.32.drop, seccomp.32.keep. This
is useful for mixed 64/32 bit application environments like Steam and
Wine.
Implement protocol and mdwx filtering also for 32 bit arch. It's still
better to block secondary archs completely if not needed.
Lists of supported system calls are also updated.
Warn if preload libraries would be needed due to trace, tracelog or
postexecseccomp (seccomp.drop=execve etc), because a 32-bit dynamic
linker does not understand the 64 bit preload libraries.
Closes #3267.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| |/
|
|
|
| |
Since target addresses for other (conditional) jumps are in hex, it's
very confusing to have one jump address in decimal.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rules for xdg-dbus-proxy:
dbus-user filter
dbus-user.own org.gnome.Pomodoro
dbus-user.talk ca.desrt.dconf
dbus-user.talk org.gnome.Shell
dbus-system none
dbus-user filter
dbus-user.own org.gnome.Todo
dbus-user.talk ca.desrt.dconf
dbus-user.talk org.gnome.evolution.dataserver.AddressBook9
dbus-user.talk org.gnome.evolution.dataserver.Calendar8
dbus-user.talk org.gnome.evolution.dataserver.Sources5
dbus-user.talk org.gnome.evolution.dataserver.Subprocess.Backend.*
dbus-user.talk org.gnome.OnlineAccounts
dbus-user.talk org.gnome.SettingsDaemon.Color
dbus-system filter
dbus-system.talk org.freedesktop.login1
dbus-user filter
dbus.own com.github.dahenson.agenda
dbus.talk ca.desrt.dconf
dbus-system block
|
| | |
|
| |\
| |
| |
| |
| | |
dmfreemon/add-name-or-private-dir-to-xpra-window-title
add name or private directory being used to the window title when xpra is being used
|
| | | |
|
| | |
| |
| |
| | |
when xpra is being used
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
new condition: HAS_NOSOUND
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
patch for xdg-dbus-proxy
```
--- a/etc/gnome-screenshot.profile
+++ b/etc/gnome-screenshot.profile
@@ -45,3 +45,8 @@ private-bin gnome-screenshot
private-dev
private-etc dconf,fonts,gtk-3.0,localtime,machine-id
private-tmp
+
+dbus-user filter
+dbus-user.own org.gnome.Screenshot
+dbus-user.talk org.gnome.Shell.Screenshot
+dbus-system block
```
patch for whitelist-runuser-common.inc
```
--- a/etc/gnome-screenshot.profile
+++ b/etc/gnome-screenshot.profile
@@ -17,11 +17,8 @@ include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc
-whitelist ${RUNUSER}/bus
-whitelist ${RUNUSER}/pulse
-whitelist ${RUNUSER}/gdm/Xauthority
-whitelist ${RUNUSER}/wayland-0
include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc
include whitelist-var-common.inc
apparmor
```
|
| | |
| |
| |
| | |
previous commit 3d35c039074cc11fbacf8de5bc8cb1a0952ceae4
issue #3277
|
| | |
| |
| | |
issue #3277
|
| |\ \
| |/
|/| |
remount hardening: move to file descriptor based mounts
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
add AppArmor confinement to processes started with --join and,
more importantly, --join-or-start
|
| | | |
|
| | |
| |
| |
| | |
blacklist process_vm_readv and process_vm_writev
while we're at it also remove duplicate iopl blacklisting
|
| |/ |
|
| |
|
|
| |
The check is already performed by sbox_run
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We require the command passed to sbox_run to be an absolute path,
and avoid resolving PATH.
Note that PATH-based attacks were already difficult to pull of,
because sbox_run clears the environment before executing the command.
This patch hopefully makes then impossible.
As an additional precaution, we check that the executable is owned by either
the root user or the root group, and is not world-writable.
The use of O_PATH, fstat and fexecve aims to prevent a race condition when
the invoked path (e.g., /usr/lib/firejail/fnet) is owned by root
or is a symlink to a binary owned by root, but the containing directory
(e.g., /usr/lib/firejail) is somehow owned by a user.
This is quite unlikely (but may be possible by abusing some other setuid
executable is a specific way), and would allow swapping the binary or symlink
to a malicious one after we checked ownership.
"Locking in" the file descriptor gets rid of the race condition.
We have to get rid of the `/proc/[pid]/comm` check in dhcp_read_pidfile,
because fexecve sets the comm value to the fd being exec'd (e.g., 3)
instead of the name of the file.
This is not a problem, unless by the time we pick up the pidfile of dhclient,
it has already crashed, and the pid number have wrapper around.
Needless to say, this is extremely unlikely
(and does not cause a security issue, anyways).
|
| |
|
|
|
|
|
| |
Running /sbin/dhclient or /usr/sbin/dhclient avoids PATH-based vulnerabilities.
We also check that the dhclient is owned by root.
We take an approach similar to netfiler.c and assume that the required binary
ar in /sbin or /usr/sbin, or (like on Arch) /sbin is a symlink to /usr/bin.
|
| |
|
|
|
|
| |
- spelling suggestion from @glitsj16 on fda62527
- drop python2 from openshot it never has a python2 version
- #3126 note in manpage: cannot combine --private with --private=
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add profile for offical Linux Teams application
* fix: add mkdir suggestions in Teams profile
* Merge suggestions for Teams profile
* Add suggestion to Teams profile
* Add Teams to firecfg.config
* Add paths from Teams profile to disable-programs
* Remove the duplicated whitelist for downloads in Teams profile
Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
* Cleanup teams profile after testing
* Add comment to Teams profile
Co-authored-by: rusty-snake <print_hello_world+GitHub@protonmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running `firejail --noprofile --private-bin=bash,ls ls -1Za /usr/bin`
shows that the SELinux labels are not correct:
```
user_u:object_r:user_tmpfs_t:s0 .
system_u:object_r:usr_t:s0 ..
user_u:object_r:user_tmpfs_t:s0 bash
user_u:object_r:user_tmpfs_t:s0 ls
```
After fixing this:
```
system_u:object_r:bin_t:s0 .
system_u:object_r:usr_t:s0 ..
system_u:object_r:shell_exec_t:s0 bash
system_u:object_r:bin_t:s0 ls
```
Most copied files and created directories should now have correct
labels (bind mounted objects keep their labels). This is useful to
avoid having to change the SELinux rules when using Firejail.
|
| | |
|
rusty-snake
netblue30
Lior Stern
Topi Miettinen
smitsohu
0x7969
Tad
rusty-snake
dmfreemon@users.noreply.github.com
startx2017
Hans-Christoph Steiner
Kristóf Marussy
Andreas Hunkeler