| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
besides some cosmetic tweaks, fixes --whitelist=/a/b
where /a/b is a symbolic link to /a/c/d
and c is the user home directory: create
path as user and not as root.
(going forward, a better and more comprehensive fix
would be to prevent all mount point traversals in
whitelist_mkpath, but it will take a bit of time
to implement)
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add Sway profile
* Fix issue
Not working then including firefox-common-addons.profile
* Allow sway's fallback config
* So I agree with @glitsj16 and @BL4CKH47H4CK3R
so..
`No its not needed as it reveals lots of important /usr/share folders like /usr/share/fonts which can used for font fingerprinting and OS detection. Like the site or attacker will know that which font you are using. Linux and windows common font are not same so its a problem. Besides there are so many other important folders as I see. Librewolf can launch and work perfectly without this options`
* well..
Revert `include whitelist-usr-share-common.inc`
Sync with Firefox profile
* 😄 What just hapened
* 🔄 Sync with upstream
* Merge tested from PR
* 🔄 Sync with upstream
* Merge tested from PR
* Revert changes
* Add Sway profile
* Fix issue
Not working then including firefox-common-addons.profile
* Allow sway's fallback config
* So I agree with @glitsj16 and @BL4CKH47H4CK3R
so..
`No its not needed as it reveals lots of important /usr/share folders like /usr/share/fonts which can used for font fingerprinting and OS detection. Like the site or attacker will know that which font you are using. Linux and windows common font are not same so its a problem. Besides there are so many other important folders as I see. Librewolf can launch and work perfectly without this options`
* 🔄 Rebase
* 😄 What just hapened
* Merge tested from PR
* 🔄 Sync with upstream
* Merge tested from PR
* Revert changes
* Update
* Update librewolf.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
| |
* opt-in for brave's native tor support
* fix brave's native tor support
* warn about potential tor breakage when using apparmor
* update comment for opting in to tor
* move brave's tor apparmor fix in brave.profile
|
|
|
| |
Follow-up for https://github.com/netblue30/firejail/commit/692311bcc6fe0744d7831459ad7ec0bc5811b9a9. Thanks to @rusty-snake for tracking this down in #4202.
|
|
|
| |
Fixes #4202 until we have tooling to generate system-specific lists at install time, as suggested by @loveshack.
|
|
|
|
| |
[skip ci]
|
|\
| |
| | |
profstats - fix printf for include globals
|
|/
|
| |
profstats - correct variable for include global
|
| |
|
|
|
| |
requested in #1139 by @vatonbero
|
|
|
|
|
| |
* New profile: Quodlibet
* New profile: Quodlibet
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
discord-canary.profile:
fix #4175
flameshot.profile:
- private-tmp break flameshot (wayland only?)
- Screengrabbing (under wayland) is done via dbus, the following names
must be allowed:
- GNOME: org.gnome.Shell
- KDE: org.kde.KWin
- Sway: org.freedesktop.portal.Desktop
- Allow notifications and tray too, because org.gnome.Shell (for
example) is already totaly unsafe.
mumble.profile:
fix #4181
|
|\
| |
| | |
Fix typo (adivsory -> advisory)
|
|/ |
|
| |
|
|\
| |
| | |
Minor Fixes
|
|/ |
|
| |
|
|\
| |
| | |
steam: some more games added
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Games added:
* Don't Starve
* Dungeons of Dredmor
* Epic
* Loop Hero
* Pillars of Eternity I
* Rogue Legacy I
* Slay the Spire modding
* Steam World Dig I & II
|
| | |
|
|\ \
| | |
| | | |
WebStorm: allow Dolphin to access its config file
|
| |/ |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
|
|\
| |
| | |
allow notifications + comment fixes
|
| | |
|
|/ |
|
|\
| |
| | |
New profile: Librewolf Nightly
|
|/ |
|
|\
| |
| | |
dropbox: allow python3, fix for issue #4150
|
|/
|
|
|
|
| |
/usr/bin/dropbox needs access to python3, at least for dropbox
command-line interface version 2020.03.04 as packaged by the RPM Fusion
project. Fixes issue #4150
|
|\
| |
| | |
Improve comments in apparmor files
|
| | |
|
| | |
|
|\ \
| |/
|/| |
Add localtime to signal-desktop's profile.
|
|/
|
|
| |
Without it, all chat timestamps are in UTC.
|
| |
|
|
|
|
| |
- Avoid confusing on "What changed calling the program by path"
- Checklist: Questions should be asked in discussions
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently pathological endings like in
/foo/bar/./. are mapped to RUN_LIB_DIR,
with the effect that the mount is skipped
because this directory always exists at
this point in time.
Even though it's harmless, it is wrong
behaviour, so handle trailing slashes and
dots before doing the mounts. Also avoids
running into an assertion if there is a trailing
slash.
Plus few small cosmetic changes to make
things more explicit.
|
|
|
|
| |
[skip ci]
|
|\
| |
| | |
Follow up for #4126
|
| | |
|