ಚಿರಾಗ್ ನಟರಾಜ್
957f5a65b2
Fixes #2048
2018-10-03 12:21:48 +00:00
ಚಿರಾಗ್ ನಟರಾಜ್
30775f9888
Fixes #2048
2018-10-03 04:09:13 +00:00
Vincent43
2216780803
AppArmor: Allow writing to removable media
2018-10-02 22:18:37 +01:00
veloute
f52039da7e
fixed discord not able to check for updates
2018-10-02 15:28:39 +10:00
Tad
4642e8a301
Add profile for spectre-meltdown-checker
...
Will need to support allow-debuggers in profiles before it can be enabled in firecfg
2018-09-22 01:44:35 -04:00
Tad
c0ba48bec1
Misc profile hardening
2018-09-19 15:32:48 -04:00
netblue30
ced63a5d0d
add start-tor-browser.desktop profile
2018-09-15 11:24:32 -04:00
Jean Lucas
dd3c0ee765
Amend gnome-music profile
...
- At least gnome-music 3.28.2 requires 'env'
- Add 'gio-launch-desktop' and 'yelp' so launching the "Help" menu
doesn't crash the application
- Enabling the disabled private-etc tested to be working
2018-09-14 22:21:04 -04:00
smitsohu
58d9899f31
add switch to disable/enable private-cache
2018-09-10 22:54:23 +02:00
netblue30
cef2514caa
remove blacklist /usr/lib/llvm* in dusable-devel.inc - problems with hardware acceleration on Radeon cards, see issue #2106
2018-09-07 08:15:59 -04:00
Tad
736216cacf
Disable tracelog in Tor Browser profiles, see #1930 , fixes #2108
2018-09-06 16:49:16 -04:00
netblue30
b68138cba6
adding fluxbox, blackbox, awesome, i3 profiles
2018-09-03 14:25:18 -04:00
netblue30
2581cf8539
Merge pull request #2104 from matu3ba/profiles
...
hardening evince, dbus not needed
2018-09-03 08:12:16 -05:00
Tad
0fcbc06e11
Merges
2018-09-03 04:06:12 -04:00
veloute
bf77f08e62
created jdownloader profile ( #2105 )
...
* created jdownloader profile
* fixed some issues
* few more changes
2018-09-03 04:03:00 -04:00
janph
61de79537a
hardening evince, dbus not needed
2018-09-01 14:28:17 +02:00
startx2017
ef4409e7b7
added whois and dig profiles
2018-08-30 07:29:05 -04:00
Vincent43
5451cde71a
apparmor: cleanup /home path
2018-08-29 13:00:10 +01:00
Vincent43
f10fead1c2
spotify.profile: allow /etc/hosts
2018-08-28 17:37:19 +01:00
Vincent43
9c6ce24a50
apparmor: disable exec from home by default
...
Executing from /home was supposed to be disabled by default
2018-08-27 17:29:03 +01:00
Vincent43
1b309f879c
apparmor: improve rules for filesystem access
...
* Make clear distinction for read, write and execute.
* Don't allow write and execute at the same time.
* Simplify and improve syntax to catch more exceptions with fewer rules
2018-08-27 17:23:57 +01:00
Fred-Barclay
a799848383
Add private-bin to 0ad
2018-08-26 13:57:18 -05:00
Tad
ea1836ca82
Fixup obs.profile (no python)
2018-08-23 14:51:36 -04:00
1dnrr
467be071b4
Create pybitmessage.profile ( #2092 )
...
tested on fedora-28 with pybitmessage 0.6.3.2
2018-08-23 15:37:01 +01:00
1dnrr
6b84a6a9e8
Update disable-common.inc
2018-08-23 07:30:54 +00:00
Tad
3f6643d40f
Misc fixes
2018-08-22 20:54:28 -04:00
smitsohu
5c84896527
fix microphone in slack profile - #2034
2018-08-23 02:01:38 +02:00
Tad
3a7deadb9a
Update steam.profile to support proton/steamplay
2018-08-21 21:58:03 -04:00
ಚಿರಾಗ್ ನಟರಾಜ್
1e13e50799
Document how to access local mail with thunderbird and claws-mail ( fixes #1509 )
2018-08-20 11:26:58 -04:00
Tad
5ee6ed83bb
Simplify fix for #2062
2018-08-20 10:48:34 -04:00
Tad
78a8f830c2
Add a profile for ClamTK
2018-08-19 15:50:17 -04:00
Tad
03ea090ab6
Minor steam.profile fixup from downstream ParrotSec fork
2018-08-19 15:48:51 -04:00
Tad
7894082835
Fixup f9aeac080a
2018-08-19 15:47:36 -04:00
Vincent43
2ec445ac8d
qutebrowser.profile: noblacklist /usr/lib/llvm
...
Fixes https://github.com/netblue30/firejail/issues/2087
2018-08-19 18:48:02 +01:00
Vincent43
1e6af96b39
Revert "apparmor fix: somehow it cannot find the firejail profile to load it"
...
This reverts commit 949a221a1bhttps://www.suse.com/documentation/sles-15/singlehtml/book_security/book_security.html#sec.apparmor.profiles.types.unattached
2018-08-19 17:29:44 +02:00
ಚಿರಾಗ್ ನಟರಾಜ್
f9aeac080a
Fix for #2062
2018-08-19 11:11:25 -04:00
netblue30
949a221a1b
apparmor fix: somehow it cannot find the firejail profile to load it
2018-08-19 08:46:52 -04:00
Vincent43
2833b9f964
wireshark.profile: enable apparmor
2018-08-15 14:03:22 +02:00
Vincent43
cf91dc8836
apparmor: cleanup duplicate rules
...
Those are already covered with https://github.com/netblue30/firejail/blob/0.9.56-rc1/etc/firejail-default#L33
2018-08-15 12:58:27 +01:00
Vincent43
43b215ea39
apparmor: allow execution from /usr/lib64
...
/usr/lib64 was missing from execution whitelist and it's used in openSUSE, see https://github.com/netblue30/firejail/issues/2078
2018-08-15 12:38:31 +01:00
netblue30
5b644e86c5
Merge pull request #2081 from SkewedZeppelin/descriptions
...
Add descriptions to profiles
2018-08-14 19:29:25 -05:00
Vincent43
516f8d0561
spotify.profile: remove /sys from blacklist
...
Blacklisting whole /sys is too restrictive, it may break various graphics stacks, see https://github.com/netblue30/firejail/issues/2080
2018-08-14 17:59:21 +01:00
Tad
defb5a4891
Add seccomp line from firefox-common to Tor Browser profiles
...
- The next version of TBB is based on Firefox 60 and will need the same changes to prevent breakage
2018-08-14 11:42:02 -04:00
Tad
82a0cd2e71
Cleanup descriptions
2018-08-13 22:35:05 -04:00
Tad
3f2d3f25c4
Add descriptions to profiles, pulled from Arch Linux
2018-08-13 21:57:08 -04:00
Tad
40330b246d
Add descriptions to profiles, pulled from Ubuntu 18.04
2018-08-13 21:48:41 -04:00
Tad
9c44e7a437
Add profile for electrum
...
+ minor nitpicks to beaker.profile
2018-08-13 04:02:26 -04:00
Jean Lucas
def4279413
Add Beaker browser
2018-08-12 11:37:53 -04:00
Tad
35fb03e8ae
Minor private-etc cleanup
...
Command: grep "private-etc none," -Ril .
2018-08-08 19:51:47 -04:00
Tad
898387577f
Stop breaking PKI with private-etc
...
Command: grep "crypto-policies" -iL $(grep "private-etc" -il $(grep "inet,inet6" . -Rl))
+ fixes for #2077
2018-08-08 19:49:32 -04:00
