aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAge
* Add spectacle's profile (#3717)Libravatar Neo000012020-11-02
| | | | | | | * Update firecfg.config * Update disable-programs.inc * Create spectacle.profile
* added bluetooth to the list of protocols allowed by seccompLibravatar netblue302020-10-28
|
* reverted --bind as root - some security problemsLibravatar netblue302020-10-27
|
* compile time option to disable --private-cache and --tmpfs for regular userLibravatar netblue302020-10-27
|
* Merge pull request #3676 from rusty-snake/tmpfs-inside-homeLibravatar netblue302020-10-25
|\ | | | | Allow --tmpfs and --bind inside $HOME for unprivileged users
| * Likewise allow --bind inside $HOME for usersLibravatar rusty-snake2020-10-23
| |
| * Allow --tmpfs inside $HOME for unprivileged usersLibravatar rusty-snake2020-10-23
| | | | | | | | | | | | | | --tmpfs was added in 0.9.14 and restricted to root only in 0.9.38 due to priv-esc CVE-2016-10117 (e.g. --tmpfs=/etc and modify /etc/sudoers). This commit reintroduce it for normal users, if the realpath of it is inside users-home.
* | harden peek; update README.md; add gnome-sound-…Libravatar rusty-snake2020-10-23
|/ | | | …recorder to firecfg.config
* fix #3478Libravatar netblue302020-10-19
|
* fix manpage wanings (#3563)Libravatar netblue302020-10-19
|
* Apply --rmenv immediately to help to avoid the env var length checkLibravatar Topi Miettinen2020-10-16
| | | | | | | | | | | | | | | | | | Remove environment variables with --rmenv immediately. This fixes removing long environment variables (LS_COLORS generated by vivid), previously the length filter would trip before the command was processed. This changes user visible behavior slightly, for example --rmenv=LANG now applies also to Firejail, while earlier it would only apply to sandboxed program. Partially fixes #3673, but not handling `rmenv` in profiles. Also suggest --rmenv when there are problems with enviroment variables. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
* Remove unused variablesLibravatar Reiner Herrmann2020-10-14
| | | | | Fixes clang-analyzer warnings: "Although the value stored to 'xxxxx' is used in the enclosing expression, the value is never actually read from 'xxxxx'"
* merges, fix for #3662 etc.Libravatar netblue302020-10-13
|
* allowing links in netnsLibravatar dpellegr2020-10-12
|
* man: call preproc.awk via Makefile, as the shebang hardcodes the pathLibravatar Reiner Herrmann2020-10-10
|
* build: add -fPIE to LDFLAGSLibravatar Reiner Herrmann2020-10-08
| | | | | | | according to GCC documentation (https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html): "For predictable results, you must also specify the same set of options used for compilation (-fpie, -fPIE, or model suboptions) when you specify this linker option."
* selinux: exit when selinux is enabled but opening handle failsLibravatar Reiner Herrmann2020-10-06
|
* selinux: don't try to relabel path when selinux is not enabledLibravatar Reiner Herrmann2020-10-06
| | | | Fixes: #3654
* fix indentationLibravatar Reiner Herrmann2020-10-06
|
* DHCP fixesLibravatar netblue302020-10-06
|
* Fix typoLibravatar Reiner Herrmann2020-10-05
|
* Fix spellingLibravatar Reiner Herrmann2020-10-05
|
* testing 0.9.64rc1 - disable dumpable working for this release, problems on ↵0.9.64rc1Libravatar netblue2020-10-04
| | | | Debian8; we will bring it back in the next release
* move to addgroup --system (#3632)Libravatar netblue302020-10-03
|
* New profile: equalxLibravatar rusty-snake2020-10-03
|
* chromium-freeworld profile (#3633)Libravatar rusty-snake2020-10-03
|
* more nvidia (#3644)Libravatar netblue302020-10-03
|
* temporary fix for nvidia/nogroups/noroot issue (#3644, #841)Libravatar netblue302020-10-02
|
* profstats - add count for whitelisted home dir, dbus-user noneLibravatar netblue302020-10-02
|
* fix build with clangLibravatar Reiner Herrmann2020-10-01
| | | | error: adding 'int' to a string does not append to the string [-Werror,-Wstring-plus-int]
* build: remove -pie from CFLAGS, as it is a linker optionLibravatar Reiner Herrmann2020-10-01
| | | | building with clang printed a warning
* some cleanup for the previous commit (#3530)Libravatar netblue302020-10-01
|
* don't execute include disable-shell.inc for appimages (#3530)Libravatar netblue302020-10-01
|
* document private-bin and private-lib disabled by default when running ↵Libravatar netblue302020-10-01
| | | | appimages (#3530)
* disable /pulse for --nosound (#3263)Libravatar netblue302020-10-01
|
* replaced --nowrap with --wrap in firemon (#2992)Libravatar netblue302020-10-01
|
* print error for /home/netblue in profile files (#3071)Libravatar netblue302020-10-01
|
* fix shell=none for --audit (#3116)Libravatar netblue302020-10-01
|
* removing fork from ls.c in order to get firetools running the file managerLibravatar netblue302020-09-30
|
* manpages: file transferLibravatar startx20172020-09-30
|
* manpages: network configurationLibravatar startx20172020-09-30
|
* manpages: configuration for dbusLibravatar startx20172020-09-30
|
* clean gcc ananlyzer warnings - #3377Libravatar netblue302020-09-28
|
* free some memory; get rid of false positive from gcc static analyzerLibravatar netblue302020-09-28
|
* new profile: xournalppLibravatar rusty-snake2020-09-25
|
* print errors to stderr and prefix them consistentlyLibravatar Reiner Herrmann2020-09-12
|
* add --include (#3571)Libravatar rusty-snake2020-09-11
| | | | | | | * add --include closes #2923 * Priorize searching in cwd
* disable dbus proxy at compile time (default enabled) - part 1Libravatar netblue302020-09-09
|
* profstats: track dbus-system noneLibravatar netblue302020-09-08
|
* manpages: configuration for user namespace, x11Libravatar startx20172020-09-03
|
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 22:24:26 +0000