| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |\ |
|
| | | |
|
| |/ |
|
| | |
|
| |\
| |
| | |
Update wire-desktop.profile
|
| | |
| |
| | |
Co-Authored-By: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rules for xdg-dbus-proxy:
dbus-user filter
dbus-user.own org.gnome.Pomodoro
dbus-user.talk ca.desrt.dconf
dbus-user.talk org.gnome.Shell
dbus-system none
dbus-user filter
dbus-user.own org.gnome.Todo
dbus-user.talk ca.desrt.dconf
dbus-user.talk org.gnome.evolution.dataserver.AddressBook9
dbus-user.talk org.gnome.evolution.dataserver.Calendar8
dbus-user.talk org.gnome.evolution.dataserver.Sources5
dbus-user.talk org.gnome.evolution.dataserver.Subprocess.Backend.*
dbus-user.talk org.gnome.OnlineAccounts
dbus-user.talk org.gnome.SettingsDaemon.Color
dbus-system filter
dbus-system.talk org.freedesktop.login1
dbus-user filter
dbus.own com.github.dahenson.agenda
dbus.talk ca.desrt.dconf
dbus-system block
|
| | |
|
| |\
| |
| |
| |
| | |
dmfreemon/add-name-or-private-dir-to-xpra-window-title
add name or private directory being used to the window title when xpra is being used
|
| | | |
|
| | |
| |
| |
| | |
when xpra is being used
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| |/ / |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
remove netfilter from profiles with net none
allow Viber to use dig, dig is in its private-bin, so I assume that it
need it.
blacklist resolvectl which can also be used for dns lookups
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
new condition: HAS_NOSOUND
|
| | | | |
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
patch for xdg-dbus-proxy
```
--- a/etc/gnome-screenshot.profile
+++ b/etc/gnome-screenshot.profile
@@ -45,3 +45,8 @@ private-bin gnome-screenshot
private-dev
private-etc dconf,fonts,gtk-3.0,localtime,machine-id
private-tmp
+
+dbus-user filter
+dbus-user.own org.gnome.Screenshot
+dbus-user.talk org.gnome.Shell.Screenshot
+dbus-system block
```
patch for whitelist-runuser-common.inc
```
--- a/etc/gnome-screenshot.profile
+++ b/etc/gnome-screenshot.profile
@@ -17,11 +17,8 @@ include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc
-whitelist ${RUNUSER}/bus
-whitelist ${RUNUSER}/pulse
-whitelist ${RUNUSER}/gdm/Xauthority
-whitelist ${RUNUSER}/wayland-0
include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc
include whitelist-var-common.inc
apparmor
```
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* fix private-lib, closes #3233
* make private-etc and private-lib opt-in
see https://github.com/netblue30/firejail/issues/3233#issuecomment-589871765
disable-devel.inc: remove duplicated line
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
$PATH and $XDG_DATA_DIRS can contain subdirs of flatpak/exports,
some applications crash if they cann't access these files.
Layout on my system:
~/.local/share/flatpak/exports
|-bin
|-share
|-applications
|-icons
|
| | |
| |
| |
| | |
previous commit 3d35c039074cc11fbacf8de5bc8cb1a0952ceae4
issue #3277
|
| | |
| |
| | |
issue #3277
|
| |\ \
| | |
| | | |
remount hardening: move to file descriptor based mounts
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
file-roller fails to extract archives without access to bash
Noticed on LMDE 4 (Debian 10 base) with Cinnamon desktop
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* discord 0.10 | fix #3247
* revert private-bin move & use disable-exec
* fix slack, see https://github.com/netblue30/firejail/issues/2946#issuecomment-598612520
|
| |\ \ \
| |_|/
|/| | |
zoom.profile: fix zoom SSO workflow
|
netblue30
rusty-snake
0x7969
rusty-snake
smitsohu
dmfreemon@users.noreply.github.com
glitsj16
startx2017
Fred Barclay