| Commit message (Collapse) | Author | Age |
|
|
| |
Supporting 'level 1 hack' to allow opening hyperlinks with firefox needs xdg-open (besides bash,sh). Adding xdg-open to private-bin is not enough, as it pulls in a long list of other commands and that's pretty unmaintainable IMO. So I opted to drop private-bin here.
|
|
|
| |
Suggested in review.
|
|
|
| |
Pointed out in review that this comment was removed by mistake.
|
|
|
| |
No longer used for claws-mail and sylpheed only.
|
| |
|
| |
|
| |
|
|\ |
|
| |\
| | |
| | | |
claws-mail and sylpheed D-Bus hardening
|
| | | |
|
| | |
| | |
| | | |
Relates to https://github.com/netblue30/firejail/issues/5477.
|
| |\ \
| | | |
| | | | |
electron hardening fixes
|
| | | | |
|
| | |/ |
|
|/ / |
|
|\ \
| | |
| | | |
A temporary fix to the bug caused by apparmor profiles stacking.
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add profile for Chatterino
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Remove waf from private-bin
- Move optional commands to the top
- Reorder allow lua/python
|
| | | |
| | | |
| | | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
I'll try the rest manually soon
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Blacklist google-drive-ocamlfuse config
|
| | | | | |
|
| | | | | |
|
| |_|_|/
|/| | | |
|
|\ \ \ \
| | | | |
| | | | | |
Update DBus wiki link
|
| |/ / / |
|
|\ \ \ \
| | | | |
| | | | | |
window manager profiles: fix browser/electron internal sandboxes
|
| | |/ /
| |/| | |
|
|/ / / |
|
| | | |
|
|/ / |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
* gpg-agent: sort private-bin (even though it's commented)
* gpg-agent: fix private-bin
|
| |
| |
| |
| |
| |
| |
| | |
* add comment on intentional duplication of blacklisted kernel configuration
* disable-proc.inc: update the duplication comment
* disable-common.inc: add duplication notice for kernel configuration
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* disable-programs.inc: add ssmtp support
* Create ssmtp.profile
* ssmtp: support Debian/Ubuntu
* README.md: add ssmtp to 'New profiles' section
* disable-common.inc: move ssmtp support to keep CI happy
* ssmtp: improve dead.letter comment
Suggested in [review](https://github.com/netblue30/firejail/pull/5544#pullrequestreview-1225322546).
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* seahorse: fixes and hardening
* seahorse-daemon: hardening
* seahorse-tool: move private-etc items to seahorse
* seahorse: unbreak nautilus file encryption
As suggested [in review](https://github.com/netblue30/firejail/pull/5543#pullrequestreview-1225250520).
* seahorse-tool: move private-tmp to seahorse
* seahorse: add private-tmp
* seahorse: fix access to ssh-agent socket
|
| | |
|
|\ \
| | |
| | | |
Revert "remove make deb and use make deb-apparmor to build packages"
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 82299440533f54bd45bd5ec69136233c04028c15.
The idea is to later enable building the .deb package with AppArmor by
default with `make deb` and to then remove `make deb-apparmor` (though
note that some ci changes might also be needed in tandem[1]). This
could potentially allow building a .deb package for all firejail
versions (including past and future ones) with just `make deb`.
Also, note that other options can be added/removed to the default `deb`
target (besides AppArmor-related ones), so ideally there would be only a
single `deb` target with all the desired options applied.
So instead of releasing a version without `make deb` and then
potentially adding it back and removing `make deb-apparmor`, just leave
the targets as is (considering the current release, 0.9.70) for now.
[1] https://github.com/netblue30/firejail/pull/5176#issuecomment-1146855467
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* audacity: networking updates
* audacity: fix allowing to run local server
* audacity: move comment so it's more visible
As suggested [in review](https://github.com/netblue30/firejail/pull/5540#pullrequestreview-1225225897).
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* audacity: support more config locations
* disable-programs.inc: add more audacity locations
* audacity: cover all XDG supported locations
* audacity: cover all XDG supported locations
* audacity: fix state dir entree in disable-programs.inc
* unbreak disable-programs.inc
Oh my, GitHub syntax highlighting support completely threw me off here. Thanks to @kmk3 for [saving the bacon](https://github.com/netblue30/firejail/pull/5538#pullrequestreview-1224604663)!
|