github-starred/firejail

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 06:06:02 -06:00

Author	SHA1	Message	Date
netblue30	9a6cd6df57	cleanup	2023-11-02 09:25:04 -04:00
netblue30	32c58dcf79	shorter function names, new filesystem for --landlock command	2023-11-02 08:34:59 -04:00
netblue	b61232065d	detect landlock at run time	2023-10-31 16:55:55 -04:00
netblue30	41ef8c1c76	detect landlock at compile time	2023-10-31 12:04:32 -04:00
netblue30	aaeb5be22c	manpage fix	2023-10-31 09:48:19 -04:00
netblue30	d0bca0312b	spelling	2023-10-31 09:40:03 -04:00
netblue30	203005dfb0	apply landlock rules in the sandbox thread before the application is started	2023-10-26 10:21:40 -04:00
netblue	d2d135f1da	fixes	2023-10-26 08:38:24 -04:00
netblue30	faab26d729	cleanup	2023-10-25 17:57:25 -04:00
netblue30	5ceced9e73	integration: home directory (private, whitelist)	2023-10-25 17:27:40 -04:00
netblue30	be69206621	cleanup	2023-10-25 16:29:29 -04:00
netblue30	1b53f6b2b4	usage.c, checkcfg.c	2023-10-25 09:49:51 -04:00
netblue30	8bff695106	zsh completion	2023-10-25 09:42:13 -04:00
netblue30	5120d5953b	bash completion	2023-10-25 09:39:52 -04:00
netblue30	f8c663c22d	profile.c, sandbox.c, man pages	2023-10-25 09:32:32 -04:00
netblue30	cd071155c0	main.c, sandbox.c, util.c	2023-10-24 20:24:00 -04:00
netblue30	992302c0bd	firejail.h, basic compile	2023-10-24 12:56:42 -04:00
netblue30	ecada68cf2	configure.ac	2023-10-24 12:43:46 -04:00
netblue30	fa075b62fb	enabled nettraces by default in the main build - you would need to be root to run these options	2023-10-24 09:13:27 -04:00
dependabot[bot]	62773e758a	build(deps): bump github/codeql-action from 2.22.3 to 2.22.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.3 to 2.22.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`0116bc2df5...49abf0ba24`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-10-23 16:47:44 +00:00
dependabot[bot]	c4b0d88fad	build(deps): bump actions/checkout from 4.1.0 to 4.1.1 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`8ade135a41...b4ffde65f4`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-10-23 16:46:42 +00:00
glitsj16	2e2c2327f2	profiles: support more msmtp configuration paths (#6060 ) Since version 1.8.6 msmtp supports per-user configuration at either ~/.msmtprc (already supported by firejail) or `$XDG_CONFIG_HOME/msmtp/config`. System-wide support can be placed at /etc/msmtprc. This adds the missing paths to the relevant .inc and .profile files. Note that `blacklist ${HOME}/.msmtprc` is present on both disable-common.inc and disable-programs.inc, so the new paths are added to both files. References: https://wiki.archlinux.org/title/Msmtp#Basic_setup https://marlam.de/msmtp/msmtp.html#Configuration-files	2023-10-22 23:51:12 +00:00
mammo0	ac63d80630	contrib/syntax: remove 'text/plain' from firejail-profile.lang.in (#6059 ) The `mimetypes` property contains the section `text/plain`. This causes for example the Gnome Editor to recognize every simple text file as a firejail profile file. See this issue: https://gitlab.gnome.org/GNOME/gnome-text-editor/-/issues/612 Fixes #6057.	2023-10-22 23:50:42 +00:00
Kelvin M. Klann	123ab46938	RELNOTES: reword profiles item For extra clarity. Relates to #5987.	2023-10-22 14:38:46 -03:00
Kelvin M. Klann	e5334dbe96	RELNOTES: add profile items These profile-related changes seem significant enough to warrant entries, as #6021 adds some guidance on the use of private-opt and #5987 standardizes the format of commented code in all profiles. Relates to #5987 #6021.	2023-10-18 21:09:53 -03:00
Kelvin M. Klann	c069a42205	RELNOTES: add ci item Relates to #6026.	2023-10-18 21:02:55 -03:00
glitsj16	1759055304	profiles: exchange private-opt with a whitelist (#6021 ) * profiles: drop private-opt (existing whitelist) * profiles: replace private-opt with whitelist In most profiles. Kept private-opt for enpass (~85MB), mate-dictionary (<20MB), minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't check: xmr-stak. * docs: note potential issues with private-opt	2023-10-18 22:47:07 +00:00
Frostbyte4664	63c45f5de5	steam.profile: Allow Baba Is You (#6054 )	2023-10-16 20:14:22 +00:00
dependabot[bot]	3f641c04a1	build(deps): bump github/codeql-action from 2.22.0 to 2.22.3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.0 to 2.22.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`2cb752a87e...0116bc2df5`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-10-16 12:56:08 +00:00
glitsj16	bb3442a6af	ssmtp: allow (SUID) binary (#6052 )	2023-10-15 14:34:03 +00:00
glitsj16	759af6ff1f	disable-common.inc: more SUID binaries (#6051 )	2023-10-15 13:37:09 +00:00
Kelvin M. Klann	61d8d14ab7	Merge pull request #6049 from kmk3/dc-add-more-suid disable-common.inc: add more suid programs	2023-10-15 12:00:03 +00:00
Kelvin M. Klann	c4f5a07d20	disable-common.inc: add more suid programs Programs: $ pacman -Qo fusermount3 groupmems mount.cifs wall write /usr/bin/fusermount3 is owned by fuse3 3.16.1-1 /usr/bin/groupmems is owned by shadow 4.14.0-4 /usr/bin/mount.cifs is owned by cifs-utils 7.0-3 /usr/bin/wall is owned by util-linux 2.39.2-1 /usr/bin/write is owned by util-linux 2.39.2-1	2023-10-11 07:26:43 -03:00
Kelvin M. Klann	741dac237c	disable-common.inc: sort suid section	2023-10-11 07:18:04 -03:00
glitsj16	84ade11cbe	pavucontrol-qt: fix broken whitelisting in ${HOME} (#6045 )	2023-10-09 18:23:53 +00:00
dependabot[bot]	16edbd8268	build(deps): bump github/codeql-action from 2.21.9 to 2.22.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.9 to 2.22.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`ddccb87388...2cb752a87e`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-10-09 08:08:13 +00:00
dependabot[bot]	202a079115	build(deps): bump step-security/harden-runner from 2.5.1 to 2.6.0 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.5.1 to 2.6.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](`8ca2b8b2ec...1b05615854`) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-10-09 08:07:54 +00:00
glitsj16	e49f8885fe	tshark: CLI hardening (#6040 )	2023-10-07 20:47:09 +00:00
glitsj16	670e46f42c	New profile: termshark (#6039 ) * Create termshark.profile * firecfg.config: add termshark support * termshark: CLI hardening	2023-10-07 20:46:32 +00:00
glitsj16	8412db10ed	wireshark: fix access to dumpcap (#6038 )	2023-10-07 20:45:24 +00:00
glitsj16	6a43e0d37f	nicotine: allow sound notifications (#6037 )	2023-10-07 20:44:45 +00:00
glu8716	983402e958	nicotine: support Fcitx and dconf via dbus-user filter (#6036 ) * Update nicotine.profile * dbus.user set to filter	2023-10-07 20:44:10 +00:00
netblue30	2a8621cd94	Merge pull request #6009 from jtrv/tidal-hifi New profile: tidal-hifi	2023-10-05 09:07:02 -04:00
netblue30	0617a70f4d	Merge pull request #6026 from kmk3/ci-allow-manual-run ci: allow running workflows manually	2023-10-05 09:05:10 -04:00
netblue30	eb517f9abf	Merge pull request #6030 from glitsj16/np-floorp New profile: floorp	2023-10-05 09:04:34 -04:00
glitsj16	067d1a827f	Create brz.profile and bzr.profile (#6028 ) From Breezy's documentation[1] [2]: > Breezy is a friendly fork of the Bazaar (bzr) project, hosted on > http://bazaar.canonical.com/. It is backwards compatibility with > Bazaar's disk format and protocols. One of the key differences with > Bazaar is that Breezy runs on Python 3, rather than on Python 2. breezy is also the drop-in replacement for bazaar on Arch Linux since pacman 6.0.2-8[3]. > By default, Breezy provides support for both the Bazaar and Git file > formats. Note: The profile is implemented as a git redirect. [1] https://github.com/breezy-team/breezy [2] https://www.breezy-vcs.org/ [3] `c68a4e6602`	2023-10-03 20:09:34 +00:00
glitsj16	ac8c2191ec	New profile: lettura (#6027 ) * disable-programs.inc: add lettura support * Create lettura.profile * firecfg.config: add lettura	2023-10-03 20:08:17 +00:00
glitsj16	0ed7ba1b88	disable-programs.inc: fix sorting	2023-10-02 16:48:12 +00:00
dependabot[bot]	f3fc98499f	build(deps): bump github/codeql-action from 2.21.8 to 2.21.9 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.8 to 2.21.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`6a28655e3d...ddccb87388`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-10-02 16:22:06 +00:00
glitsj16	1af1f0320e	Create floorp.profile	2023-10-02 16:10:23 +00:00

1 2 3 4 5 ...

9733 commits