| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
* ocenaudio: blacklist cache dir
* ocenaudio: hardenings
* ocenaudio: fix protocol comment
|
|
|
|
|
| |
* cmake: fix local override & wusc
* cmake: another wusc fix
|
|
|
|
|
|
|
|
|
| |
* pip: fix including local override
* pip: allow access to cache
The shared build-systems-common.profile (to which pip.profile redirects) blacklists ${HOME}/.cache/pip. Override that here.
* pip: add cache support in commented whitelist
|
|
|
|
|
|
|
|
| |
This amends commit f32cb8393 ("Blacklist scala devel stuff", 2022-03-05)
/ PR #5013.
See the following review:
https://github.com/netblue30/firejail/pull/5013#pullrequestreview-903794958
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/75f07e7ab2ee63cba88752d8c696324e4df67466...f5d822707ee6e8fb81b04a5c0040b736da22e587)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
| |
* opera fixes
* disable-common.inc: add blacklist /usr/lib/opera/opera_sandbox
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/netblue30/firejail/discussions/4993 (#5042)
* refactor mupdf
* refactor mupdf
* refactor mupdf
* refactor mupdf
* add mupdf-gl blacklist
* move history file back to mupdf-gl
* refactor mupdf-gl
* add no3d to mupdf.profile
* add suggestions from review
* drop unix from protocol [accumulates]
* fix protocol
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
* drop redundant noblacklist
noblacklist ${HOME}/.vscode-oss already exists in included code.profile
* remove newline
Nitpick for persistency with other profiles that have the comment about #2624.
|
|
|
|
|
|
|
| |
* hardening onionshare-gui.profile
* add another dbus-user filter to onionshare-gui.profile
* harden onionshare
|
| |
|
|
|
|
|
| |
tracelog is known to be incompatible with Chromium/Electron apps
keep it commented for the time being
|
| |
|
|
|
|
|
| |
This amends commit af8f681c0 ("steam.profile: allow "${HOME}/.prey"",
2022-03-11) / PR #5029.
|
| |
|
|\ |
|
| |\
| | |
| | | |
Blacklist scala devel stuff
|
| | | |
|
| |\ \
| | | |
| | | | |
Fix newest Steam client and Proton ≥ 5.13
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
After the Steam cleint update of the 04th March 2022
the steamwebhelper process now needs to be able to do chroot
syscalls to render anything. If not all content tabs in the client will
just appear black.
fixes: https://github.com/netblue30/firejail/issues/5014
|
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Starting with version 5.13 Proton internally uses bubblewrap to create a
container for the game. To make this work with firejail we need to allow
these 4 additional syscalls.
fixes: https://github.com/netblue30/firejail/issues/4366
fixes: https://github.com/netblue30/firejail/issues/4686
|
| |\ \
| | | |
| | | | |
gcov: fix gcov functions always declared as dummy
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently, the check to enable gcov relies on a non-existent macro due
to a typo, which looks like it would cause the dummy/empty versions of
the gcov functions to always be declared (even with --enable-gcov),
instead of the real ones from gcov.h. This commit fixes the typo
(HAS_GCOV -> HAVE_GCOV). See configure.ac for the macro declaration.
This amends commit 5106b2ec4 ("gcov: use no-op functions if not
enabled", 2021-06-20) / PR #4376.
Occurrences of each macro with this commit applied:
$ git grep -F HAVE_GCOV | wc -l
16
$ git grep -F HAS_GCOV | wc -l
0
|
| |\ \ \
| | | | |
| | | | | |
steam.profile: allow "${HOME}/.prey"
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The directory is used by the Linux binary for Prey (2006), available at https://icculus.org/prey.
Not whitelisting the directory results in the game failing to launch:
found DLL in pak file: /home/user/.steam/steamapps/common/Prey 2006/base/game01.pk4/gamex86.so
copy gamex86.so to /home/user/.prey/base/gamex86.so
dlopen '/home/user/.prey/base/gamex86.so' failed: /home/user/.prey/base/gamex86.so: failed to map segment from shared object
|
| | | | | |
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
as suggested by @rusty-snake
in addition blacklist/noblacklist/whitelist songrec application files
|
|\ \ \ \
| |/ / /
|/| | | |
Add songrec
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It is a Rust application using Cargo, so harden based on common supply
chain attacks seen.
https://github.com/marin-m/SongRec
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ /
|/| | |
|
| | |
| | |
| | |
| | | |
Relates to #4946.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Put it in a similar order to 0.9.68: features, modifs/reworks, bugfixes,
ci, docs, new profiles.
See commit 5fbc1cd50 ("RELNOTES: sort items by category", 2022-02-05).
Misc: The last paragraph of that commit message is wrong; just ignore
it.
|
| | |
| | |
| | |
| | |
| | |
| | | |
This amends commit 481321881 ("merges", 2022-03-05).
Relates to #4985 #4990 #5011.
|
|\ \ \
| | | |
| | | | |
Electron app fixes
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
follow-up to fdee4dc1326bb2d5ce90ef2a0410dccba56beb70
|
| | | | |
|
|/ / /
| | |
| | |
| | | |
remove all duplicate entries
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/ec3a7ce113134d7a93b817d10a8272cb61118579...a12a3943b4bdde767164f792f33f40b04645d846)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ |
|
| |\ \
| | | |
| | | | |
drop redundant ignore in chromium-based browsers
|