| Commit message (Collapse) | Author | Age |
| |
|
|\
| |
| | |
allow nodbus in thunderbird profile
|
| | |
|
| |
| |
| | |
in order to maintain enigmail support - #1951
|
| |
| |
| |
| |
| |
| |
| | |
... instead of just blacklisting the X11 socket.
Systematically added to all profiles with 'net none' and
'blacklist /tmp/.X11-unix', and a few more
|
| | |
|
| |
| |
| |
| | |
* add link to wiki
* now link to contrib/syscalls (#2754)
|
| |
| |
| | |
Move "I found a security bug" back to the Opening issues section.
|
| |
| |
| |
| |
| |
| | |
* ~/.viminfo
* ~/.lesshst
* ~/.python_history
|
| |
| |
| | |
Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
|
| | |
|
| |
| |
| |
| |
| | |
Nitpicks:
- it's common practice to refer to the python executable(s) in private-bin with `python*`, which covers both v2 and v3;
- now that @rusty-snake handed us all the needed tools to check/fix sorting multi-value options, put it to use.
|
|\ \ |
|
| |\ \
| | | |
| | | | |
Add profile for udiskie
|
| | | |
| | | |
| | | |
| | | | |
Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
|
| | | | |
|
|/ / /
| | |
| | |
| | | |
fixes #2782
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \ |
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
containing:
- files forgotten in 4beaf8f9
- workarounds for #903
- commented useless private-etc lines removed
- remove commented seccomp.keep lines
- much more
|
| | |
| | |
| | |
| | | |
in addition to 019fa047, c7d34b5e, 0a9beba3, cbdbb0f0.
|
| | | |
|
| | |
| | |
| | |
| | | |
only unknown-horizons was affected
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Sort seccomp.drop in unbound.profile
* Sort caps.keep in tor.profile
* Sort seccomp.drop in qgjs.profile
* Sort seccomp.drop in dnscrypt-proxy.profile
* Sort caps.keep in chromium-common.profile
|
|\ \ \ |
|
| |\ \ \
| | | | |
| | | | | |
chromium: disable nodbus
|
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Unfortunately nodbus prevents access to site passwords if they are stored in GNOME Keyring[1]. According to docs chromium can store password in 3 different ways:
GNOME Keyring
KWallet 4
plain text
As KWallet storage may be broken in a same way, using nodbus will force chromium to store passwords in plain text which isn't best option for security and for firejail default.
[1] https://wiki.gnome.org/Projects/GnomeKeyring
[2] https://chromium.googlesource.com/chromium/src.git/+/master/docs/linux_password_storage.md
|
|/ / / |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Sort private-etc
This .inc file got missed by https://github.com/netblue30/firejail/pull/2766.
* Sort private-etc
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Sort private-lib
* Sort private-lib
* Sort private-lib
Don't know why there was a reference to /usr/bin/gedit in private-lib...
* Sort private-lib
|
|\ \
| | |
| | | |
automatically fixed all private-{bin,etc} lines
|
| | | |
|
| | | |
|
| | |
| | |
| | | |
Thanks to @rusty-snake for pointing this out.
|
| | |
| | |
| | | |
remove 'noblacklist ${HOME}/.local/share/tridactyl', it will never blacklisted (see #2746)
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Fix youtube video in totem
lua is required for youtube (online?) videos
* Fix youtube video in totem with allow-lua.inc
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Refactor artha as whitelist profile
* Refactor clipit as whitelist profile
* Refactor devilspie as whitelist profile
* Refactor devilspie2 as whitelist profile
* Refactor exfalso as whitelist profile
* Refactor pavucontrol as whitelist profile
* Refactor pdftotext as whitelist profile
* Refactor redshift as whitelist profile
* Refactor soundconverter as whitelist profile
|
| | |
| | |
| | | |
Fixes #2772
|
| | |
| | |
| | | |
Leaving alphabetical ordering of private-bin up to https://github.com/netblue30/firejail/pull/2766.
|
| | | |
|
| | |
| | |
| | | |
Leaving alphabetical ordering of private-bin up to https://github.com/netblue30/firejail/pull/2766.
|