Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
| * | | Allow --tmpfs inside $HOME for unprivileged users | rusty-snake | 2020-10-23 | |
| | | | | | | | | | | | | | | | | | | | | | --tmpfs was added in 0.9.14 and restricted to root only in 0.9.38 due to priv-esc CVE-2016-10117 (e.g. --tmpfs=/etc and modify /etc/sudoers). This commit reintroduce it for normal users, if the realpath of it is inside users-home. | |||
* | | | harden peek; update README.md; add gnome-sound-… | rusty-snake | 2020-10-23 | |
|/ / | | | | | | | …recorder to firecfg.config | |||
* | | fix #3478 | netblue30 | 2020-10-19 | |
| | | ||||
* | | fix manpage wanings (#3563) | netblue30 | 2020-10-19 | |
| | | ||||
* | | Apply --rmenv immediately to help to avoid the env var length check | Topi Miettinen | 2020-10-16 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove environment variables with --rmenv immediately. This fixes removing long environment variables (LS_COLORS generated by vivid), previously the length filter would trip before the command was processed. This changes user visible behavior slightly, for example --rmenv=LANG now applies also to Firejail, while earlier it would only apply to sandboxed program. Partially fixes #3673, but not handling `rmenv` in profiles. Also suggest --rmenv when there are problems with enviroment variables. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | |||
* | | Remove unused variables | Reiner Herrmann | 2020-10-14 | |
| | | | | | | | | | | Fixes clang-analyzer warnings: "Although the value stored to 'xxxxx' is used in the enclosing expression, the value is never actually read from 'xxxxx'" | |||
* | | merges, fix for #3662 etc. | netblue30 | 2020-10-13 | |
| | | ||||
* | | allowing links in netns | dpellegr | 2020-10-12 | |
| | | ||||
* | | man: call preproc.awk via Makefile, as the shebang hardcodes the path | Reiner Herrmann | 2020-10-10 | |
| | | ||||
* | | build: add -fPIE to LDFLAGS | Reiner Herrmann | 2020-10-08 | |
| | | | | | | | | | | | | | | according to GCC documentation (https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html): "For predictable results, you must also specify the same set of options used for compilation (-fpie, -fPIE, or model suboptions) when you specify this linker option." | |||
* | | selinux: exit when selinux is enabled but opening handle fails | Reiner Herrmann | 2020-10-06 | |
| | | ||||
* | | selinux: don't try to relabel path when selinux is not enabled | Reiner Herrmann | 2020-10-06 | |
| | | | | | | | | Fixes: #3654 | |||
* | | fix indentation | Reiner Herrmann | 2020-10-06 | |
| | | ||||
* | | DHCP fixes | netblue30 | 2020-10-06 | |
| | | ||||
* | | Fix typo | Reiner Herrmann | 2020-10-05 | |
| | | ||||
* | | Fix spelling | Reiner Herrmann | 2020-10-05 | |
| | | ||||
* | | testing 0.9.64rc1 - disable dumpable working for this release, problems on ↵0.9.64rc1 | netblue | 2020-10-04 | |
| | | | | | | | | Debian8; we will bring it back in the next release | |||
* | | move to addgroup --system (#3632) | netblue30 | 2020-10-03 | |
| | | ||||
* | | New profile: equalx | rusty-snake | 2020-10-03 | |
| | | ||||
* | | chromium-freeworld profile (#3633) | rusty-snake | 2020-10-03 | |
| | | ||||
* | | more nvidia (#3644) | netblue30 | 2020-10-03 | |
| | | ||||
* | | temporary fix for nvidia/nogroups/noroot issue (#3644, #841) | netblue30 | 2020-10-02 | |
| | | ||||
* | | profstats - add count for whitelisted home dir, dbus-user none | netblue30 | 2020-10-02 | |
| | | ||||
* | | fix build with clang | Reiner Herrmann | 2020-10-01 | |
| | | | | | | | | error: adding 'int' to a string does not append to the string [-Werror,-Wstring-plus-int] | |||
* | | build: remove -pie from CFLAGS, as it is a linker option | Reiner Herrmann | 2020-10-01 | |
| | | | | | | | | building with clang printed a warning | |||
* | | some cleanup for the previous commit (#3530) | netblue30 | 2020-10-01 | |
| | | ||||
* | | don't execute include disable-shell.inc for appimages (#3530) | netblue30 | 2020-10-01 | |
| | | ||||
* | | document private-bin and private-lib disabled by default when running ↵ | netblue30 | 2020-10-01 | |
| | | | | | | | | appimages (#3530) | |||
* | | disable /pulse for --nosound (#3263) | netblue30 | 2020-10-01 | |
| | | ||||
* | | replaced --nowrap with --wrap in firemon (#2992) | netblue30 | 2020-10-01 | |
| | | ||||
* | | print error for /home/netblue in profile files (#3071) | netblue30 | 2020-10-01 | |
| | | ||||
* | | fix shell=none for --audit (#3116) | netblue30 | 2020-10-01 | |
| | | ||||
* | | removing fork from ls.c in order to get firetools running the file manager | netblue30 | 2020-09-30 | |
| | | ||||
* | | manpages: file transfer | startx2017 | 2020-09-30 | |
| | | ||||
* | | manpages: network configuration | startx2017 | 2020-09-30 | |
| | | ||||
* | | manpages: configuration for dbus | startx2017 | 2020-09-30 | |
| | | ||||
* | | clean gcc ananlyzer warnings - #3377 | netblue30 | 2020-09-28 | |
| | | ||||
* | | free some memory; get rid of false positive from gcc static analyzer | netblue30 | 2020-09-28 | |
| | | ||||
* | | new profile: xournalpp | rusty-snake | 2020-09-25 | |
| | | ||||
* | | print errors to stderr and prefix them consistently | Reiner Herrmann | 2020-09-12 | |
| | | ||||
* | | add --include (#3571) | rusty-snake | 2020-09-11 | |
| | | | | | | | | | | | | | | * add --include closes #2923 * Priorize searching in cwd | |||
* | | disable dbus proxy at compile time (default enabled) - part 1 | netblue30 | 2020-09-09 | |
| | | ||||
* | | profstats: track dbus-system none | netblue30 | 2020-09-08 | |
| | | ||||
* | | manpages: configuration for user namespace, x11 | startx2017 | 2020-09-03 | |
| | | ||||
* | | manpages: configuration for tunnel, chroot, private-home | startx2017 | 2020-09-03 | |
| | | ||||
* | | various | rusty-snake | 2020-09-03 | |
| | | | | | | | | | | | | | | | | | | | | | | | | * README.md & RELNOTES * Allow gnome-build do read and write .bash_history, it has a build-in terminal * D-Bus filter for gnome-passwordsafe * wruc for supertuxkart * wruc+wusc for totem * dbus-system none for totem * remove src/man/preproc.c it is replaced by preproc.awk * remove dead-code form preproc.awk | |||
* | | Add profile for twitch,youtube,youtube-music; fix git-cola ,add cola (#3577) | kortewegdevries | 2020-09-03 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Add profile for twitch,youtube wrappers * Fix git-cola, add Youtube music wrapper profiles * Fixes for git-cola again * Add profile for alternative name for git-cola * Fixes * Fix | |||
* | | New profiles for balsa,trojita,kube (#3603) | kortewegdevries | 2020-09-03 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Added minecraft-launcher-profile Initial * Changed minecraft-launcher profile Added space,tracelog,nodvd * New profiles for balsa,trojita,kube * Switch to whitelisting * Enable gpg,firefox uniformity between other clients * Hyperlinks * Fix Co-authored-by: kortewegdevries <k0rtic_dv@aol.com> | |||
* | | bringing in awk preprocessor from rusty-snake | netblue30 | 2020-09-02 | |
| | | ||||
* | | manpage: remove overlayfs from non-overlayfs builds | startx2017 | 2020-09-02 | |
| | |