| Commit message (Collapse) | Author | Age |
|\
| |
| | |
rework exitcodes
|
| |
| |
| |
| |
| |
| |
| | |
* add 128 to exitcode if child receives a fatal signal
(this is similar to what bash and other shells do)
* unify exitcodes across firejail: treat join'ed processes
the same as processes in the primary process tree
|
|\ \
| | |
| | | |
Revert "allow/deny help and man pages"
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit a11707ea273e5665047f8a7d9387ba07f08d72f6.
The man pages currently direct users to use the aliases instead of the
commands, which some users of firejail-git may end up doing. Example:
https://github.com/netblue30/firejail/discussions/4496
So revert the man page changes as well to avoid confusion.
Note: This is not a full revert. The commit in question also contains
some string formatting fixes on src/firejail/usage.c (related to dbus
and netmask), which are left intact.
Relates to #4410.
|
| | | |
|
|\ \ \
| | | |
| | | | |
Blacklist Exodus wallet
|
| |/ / |
|
| | |
| | |
| | |
| | |
| | | |
Enable evince to display archived images (.cbz) file with plugin
installed.
|
| | | |
|
|\ \ \
| | | |
| | | | |
Rework issue templates
|
| | | |
| | | |
| | | |
| | | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | | |
| | | |
| | | |
| | | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | | | |
|
| | | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
fix duplicate globals
|
| | |/ /
| |/| | |
|
| | | | |
|
| |/ /
|/| | |
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- closes #4483 -- mpv requires whitelisting /usr/share/pipewire
- wruc: whitelist pipewire-?, pipewire is becoming more popular and was
developed with isolation (container/sandbox) in mind.
- wruc: whitelist wayland-? instead of only -0 and -1
- wusc: whitelist /usr/share/pipewire
- remove these wruc/wusc lines from other profiles
- firefox-common-addons: Make ignore wruc work again (#4512)
- firefox: org.freedesktop.portal.Desktop should be enough
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- disable-programs.inc: blacklist ${HOME}/.local/state/pipewire
If you did not yet noticed, on 08th May 2021 the XDG Base Directory
Specification 0.8 was resleased (the first update since 2010). New are
$XDG_STATE_HOME and $HOME/.local/bin.
- keepassxc: mkdirs are necessary
- gnote: harden
- pngquant: harden
|
| | |
|
| |
| |
| | |
This is a quick fix of #4482 for distributions that link /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf (Arch Linux is one of them).
|
| |
| |
| |
| | |
Freetube from AUR uses a wrapper script
|
| | |
|
|/
|
|
|
|
| |
- whitelist /run/resolvconf/resolv.conf -- Fixes #4482
- Drop whitelist for /run/systemd/resolve/stub-resolv.conf,
/run/systemd/resolve/resolv.conf is the right path AIUI.
|
| |
|
|\
| |
| | |
.git-blame-ignore-revs: add revert of allow/deny move
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add commit f43382f1e ("Revert "move whitelist/blacklist to allow/deny"")
from PR #4410.
As mentioned on commit b023b9a6f ("Exclude allow/deny move in profile
from git blame") / PR #4390, commit fe0f975f4 ("move whitelist/blacklist
to allow/deny") "is just a huge rename", and so is the revert of it.
Note that there is a follow-up to f43382f1e: commit 2e4d52ec6 ("Revert
allow/deny additional files") (sort of related to #4421). It renames a
bit too much, which is later fixed by commit 3836131f3 ("Fix zim and
rednotebook"). Since these are small changes and since they involve
regressions, neither commit is added.
|
|\ \
| | |
| | | |
README.md: add artix linux to distro list
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Home page: https://artixlinux.org
A few months ago, running `pacman -S firejail` would install it from
Arch's "community" repository by default. But currently, Artix has its
own firejail package, in the "galaxy" repository:
* https://gitea.artixlinux.org/packagesF/firejail
* https://repology.org/project/firejail/versions
See also the following article from 2021-06-09:
https://artixlinux.org/news.php#Arch_repositories_made_optional
> Arch repositories made optional
>
> Artix has reached the stage where it can operate without the help of
> the Arch repositories, including the preparation of its installation
> media. As such, all new weekly ISO images will ship without [extra],
> [community] and [multilib] enabled in pacman.conf. Existing setups
> will not be affected, but new users may want to enable them and
> benefit from the additional packages. Instructions are provided in
> our wiki[1].
>
> TL;DR:
>
> # pacman -Syu artix-archlinux-support
For reference, the distro list was added on commit ee03888ab
("prioritize installing via OS (#3442)") / PR #3442.
[1] https://wiki.artixlinux.org/Main/Repositories#Arch_repositories
|
|\ \
| | |
| | | |
Issue template improvements
|
| | |
| | |
| | |
| | | |
Currently, the log portion seems to be part of the Checklist section.
|
| | |
| | |
| | |
| | |
| | | |
And put the code block inside of an HTML paragraph, so that it's not
just free floating after the `<summary>`.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This properly separates the document into sections and makes the titles
stand out more. It is also more consistent with what is generated by
GitHub issue forms (YAML).
See also the following discussion:
https://github.com/netblue30/firejail/discussions/4468
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Isolate each section title and each list from other elements, to make
them more visually distinguishable. This should also make it easier to
find and edit only the parts that are meant to be edited.
See also the following discussion:
https://github.com/netblue30/firejail/discussions/4468
|
|\ \
| | |
| | | |
multimc5: fix exec of LWJGL libraries
|
| |/ |
|
|\ \
| | |
| | | |
telegram.profile: whitelist /usr/share/TelegramDesktop
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Telegram loads packed resources dynamically since 443eef3202ee43c2e820cc550fbcc70a7609f452.
In the official Debian package, the relevant file can be found at /usr/share/TelegramDesktop/tresources.rcc.
If the file cannot be loaded, the program fails to launch and prints "Packed resources not found".
|
|\ \
| | |
| | | |
create yt-dlp.profile
|
| |/ |
|
|\ \
| | |
| | | |
creating gallery-dl.profile
|
| |/ |
|
|\ \
| | |
| | | |
Fix hanging arp_check
|
| |/
| |
| |
| |
| |
| |
| | |
arp_check relied on select(2) decreasing the timeout. This doesn't seem
to be the case on Linux anymore, thus arp_check tends to hang when the
interface sees a lot of traffic. Calculating the timeout explicitly
solves the problem.
|
|/ |
|