| Commit message (Collapse) | Author | Age |
|\ |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Remove obsolete snap support from disable-programs.inc
* Remove obsolete snap support from pycharm-community.profile
* Update RELNOTES to reflect non-existing/dropped flatpak/snap support
* Update firejail.txt to reflect flatpak/snap packages are not supported
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Refactor seahorse into a whitelist profile
* Refactor seahorse-tool as a whitelist profile
* Create seahorse-daemon.profile
* Add seahorse-daemon to firecfg
* Drop blacklist /tmp/.X11-unix from seahorse.profile
Thanks to @rusty-snake for pointing out blacklisting /tmp/.X11-unix is ridiculous for GUI's.
* Add non-GUI option to seahorse-daemon
|
|/
|
|
|
|
|
|
|
|
| |
when nesting containers and sandboxes, it is possible setuid() fails
silently to reset the saved uid, which is then cleared only by
the next execve. This is solved by replacing setuid() with more
robust setresuid() function calls.
Also add code to drop privileges when entering the run_no_sandbox()
function (along with some minor tidy up).
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
ffmpeg.profile
|
|\
| |
| | |
fixes for aria2c not resolving domain names
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Harden atool
* Harden cpio
* Fix ordering in private-* options
* Harden gzip
* Harden tar
* Harden bsdtar
* Harden+ tar
* Harden+ gzip
* Harden+ cpio
* Create bzip2.profile
* Description for bunzip2
* Add bzip2/bunzip2 to firecfg
|
|
|
|
|
|
| |
* Fix seahorse GUI
* Fix seahorse-tool GUI
|
|
|
|
|
|
| |
* exiftool needs access to the /usr/bin/vendor_perl directory in archlinux
* add comments provided by glitsj16
|
|\
| |
| | |
Fix incorrect parsing of --keep-var-tmp command
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The command was only recognized if it was passed as the first argument.
Passing it on any other position on the command line caused the following
error:
Error: invalid --keep-var-tmp command line option
Supplying it as the first argument also resulted in other commands that are
parsed after it to be silently ignored.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix 'allow python' in xpra
* Fix 'allow python' in xplayer
* Fix 'allow python' in xed
* Fix 'allow python' in uzbl-browser
* Fix 'allow python' in transmission-remote-cli
* Fix 'allow python' in torbrowser-launcher
* fix 'allow python' in subdownloader
* Fix 'allow python' in steam
* Fix 'allow python' in soundconverter
* Fix 'allow python' in sdat2img
* Fix 'allow python' in scribus
* Fix 'allow python' in ranger
* Fix 'allow python' in qutebrowser
* Fix 'allow python' in qbittorrent
* Fix 'allow python' in pybitmessage
* Fix 'allow python' in playonlinux
* Fix 'allow python' in pitivi
* Fix 'allow python' in pithos
* Fix 'allow python' in picard
* Fix 'allow python' in openshot
* Fix 'allow python' in onionshare-gui
* Fix 'allow python' in obs
* Fix 'allow python' in nitroshare
* Fix 'allow python' in nemo
* Fix 'allow python' in nautilus
* Fix 'allow python' in natron
* Fix 'allow python' in ms-office
* Fix 'allow python' in mpDris2
* Fix 'allow python' in mendeleydesktop
* Fix 'allow python' in macrofusion
* Fix 'allow python' in lollypop
* Fix 'allow python' in liferea
* Fix 'allow python' in krita
* Fix 'allow python' in kodi
* Fix 'allow python' in inkscape
* Fix 'allow python' in hexchat
* Fix 'allow python' in gnome-schedule
* Fix 'allow python' in gnome-music
* Fix 'allow python' in gconf
* Fix 'allow python' in gajim
* Fix 'allow python' in font-manager
* Fix 'allow python' in fontforge
* Fix 'allow python' in flowblade
* Fix 'allow python' in filezilla
* Fix 'allow python' in exfalso
* Fix 'allow python' in electrum
* Fix 'allow python' in display
* Fix 'allow python' in d-feet
* Fix 'allow python' in deluge
* Fix 'allow python' in cherrytree
* Fix 'allow python' in catfish
* Fix 'allow python' in caja
* Fix 'allow python' in blender
* Fix 'allow python' in bleachbit
* Fix 'allow python' in authenticator
* Fix 'allow python' in arm
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update aunpack.profile
* Update acat.profile
* Update adiff.profile
* Update als.profile
* Update apack.profile
* Update arepack.profile
* Update gzip.profile
* Update bunzip2.profile
* Update gunzip.profile
|
| |
|
|
|
|
|
|
|
|
| |
* Harden youtube-dl.profile
* Add dis-exec to ytdl
* Comment mdwe in ytdl
|
|\
| |
| | |
Harden qtox
|
| | |
|
| | |
|
|\ \
| |/
|/| |
Harden Minetest
|
|/ |
|
| |
|
|
|
|
|
|
| |
* add disable-exec.inc to all profiles with apparmor - #2385 #2505
* drop disable-exec.inc from generic electron.profile
|
|
|
|
|
|
|
|
| |
* Harden meld.profile
* Fix meld.profile
* Update meld.profile
|
| |
|
| |
|
|
|
|
|
|
| |
* Create nomacs.profile
* Fix nomacs.profile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create lrunzip.profile
* Create lrz.profile
* Create lrzcat.profile
* Create lrzip.profile
* Create lrztar.profile
* Create lrzuntar.profile
* Create zpaq.profile
* Add lrzip and friends to firecfg
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
* Fixes and comment for eog
* Fixes and comment for eom
|
| |
|
| |
|
| |
|
| |
|
| |
|