| Commit message (Collapse) | Author | Age |
|\
| |
| | |
man firejail: fix --dbus-{system,user}.log requirement
|
|/ |
|
| |
|
|\
| |
| | |
adding support for "play with..." extension
|
| |
| |
| |
| |
| |
| | |
adding support for "play with..." extension. It uses a clever hack, so it doesn't need an external application in order to launch mpv.
Also trimmed ff2mpv comment block.
and added .cache/youtube-dl
|
|\ \
| | |
| | | |
Fix "Could not create AF_NETLINK socket"
|
| | | |
|
|\ \ \
| | | |
| | | | |
Grammar
|
| | | | |
|
| |/ /
|/| | |
|
|\ \ \
| | | |
| | | | |
private-lib: mask /usr/local/lib[,64] directories, too
|
| | | | |
|
|\| | |
| | | |
| | | | |
private-lib hardening
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
ensure that libraries are loaded
from a default ld.so search path
it is reasonable for firejail to
expect that unprivileged users have
no write permission on these paths;
lax permissions there mean that the
system is probably screwed anyway
|
|\ \ \ \
| | | | |
| | | | | |
sandbox setup: postpone library preloading
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
for now avoids mixing of traces from sandbox helpers
into application traces
|
|\ \ \ \
| | | | |
| | | | | |
sandbox setup: postpone fslogger
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
postpone writing of log file in order to
catch filesystem modifications from x11
functions
|
|\ \ \ \
| | | | |
| | | | | |
Zsh completion improvements
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
I don't understand the current brace expansions, so let's use a easier
one:
--foo <> one-time; no argument
*--foo <> multi-time; no argument
--foo=- <> one-time; with argument (direct after the =)
*--foo=- <> multi-time; with argument (direct after the =)
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add new condition ?HAS_PRIVATE:
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | | |
Idea from @vinc17fr
https://github.com/netblue30/firejail/issues/4026#issuecomment-789178572
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
Create nextcloud-desktop.profile
|
| | | | |
| | | | |
| | | | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
This seems the only way to have a fully working profile
Are there some security issues?
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | | |
Added apparmor, dbus-system none
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | | |
… on Arch Linux
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
back in the days always the same default seccomp filter was loaded
for chroot/appimage/overlayfs sandboxes. Nowadays users can configure
their own filters, so allow postexecseccomp again.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
remove whitespaces in order to create
a uniform message layout. Compare with:
** Note: you can use --noprofile to disable default.profile **
when firejail loads the default profile.
|
| |/ / /
|/| | |
| | | |
| | | | |
fixes reversed /etc and /usr/etc timetraces
|
|\ \ \ \
| | | | |
| | | | | |
Improve error messages
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Better for portability and consistency. Currently strerror() is used
everywhere else, so use it here as well. printf's %m is a glibc
extension that is supported also by some other libc implementations.
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Move error message after debug logging and add cause message.
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
|
|\ \ \ \
| | | | |
| | | | | |
Create rtv-addons.inc
|
| | | | | |
|