| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
| |
* Arch Linux specific addition to gzip.profile
* Arch Linux specifics for tar.profile
* Arch Linux specifics for gzip.profile
* Minor re-ordering and wording edits for makepkg.profile
* Spacing fix for cower.profile
|
|\
| |
| | |
mount new proc filesystem earlier
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* uncomment .local includes
* add options
* ##ignore noexec /tmp
* ##caps.keep CAPS
* ##hostname NAME
* ##writable-etc
* ##writable-run-user
* ##writable-var
* ##writable-var-log
* add disable x11
* x11 none
* blacklist /tmp/.X11-unix
* comment when which of the both option should be used
* sort private-etc template Common
* add comments
* machine-id: breaks sound and sometime dbus related functions
* private-bin: python should be added by 'python*'
* protocol: auxiliary comment for protocol line
* add 'packet' to protocol list
* Sections structure: OPTIONS: now has seccomp* instead of seccomp
|
| | |
|
| | |
|
|\ \
| | |
| | | |
allow nodbus in thunderbird profile
|
| | | |
|
| |/
| |
| | |
in order to maintain enigmail support - #1951
|
| |
| |
| |
| |
| |
| |
| | |
... instead of just blacklisting the X11 socket.
Systematically added to all profiles with 'net none' and
'blacklist /tmp/.X11-unix', and a few more
|
| | |
|
| |
| |
| |
| | |
* add link to wiki
* now link to contrib/syscalls (#2754)
|
| |
| |
| | |
Move "I found a security bug" back to the Opening issues section.
|
| |
| |
| |
| |
| |
| | |
* ~/.viminfo
* ~/.lesshst
* ~/.python_history
|
| |
| |
| | |
Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
|
| | |
|
| |
| |
| |
| |
| | |
Nitpicks:
- it's common practice to refer to the python executable(s) in private-bin with `python*`, which covers both v2 and v3;
- now that @rusty-snake handed us all the needed tools to check/fix sorting multi-value options, put it to use.
|
|\ \ |
|
| |\ \
| | | |
| | | | |
Add profile for udiskie
|
| | | |
| | | |
| | | |
| | | | |
Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
|
| | | | |
|
|/ / /
| | |
| | |
| | | |
fixes #2782
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \ |
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
containing:
- files forgotten in 4beaf8f9
- workarounds for #903
- commented useless private-etc lines removed
- remove commented seccomp.keep lines
- much more
|
| | |
| | |
| | |
| | | |
in addition to 019fa047, c7d34b5e, 0a9beba3, cbdbb0f0.
|
| | | |
|
| | |
| | |
| | |
| | | |
only unknown-horizons was affected
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Sort seccomp.drop in unbound.profile
* Sort caps.keep in tor.profile
* Sort seccomp.drop in qgjs.profile
* Sort seccomp.drop in dnscrypt-proxy.profile
* Sort caps.keep in chromium-common.profile
|
|\ \ \ |
|
| |\ \ \
| | | | |
| | | | | |
chromium: disable nodbus
|
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Unfortunately nodbus prevents access to site passwords if they are stored in GNOME Keyring[1]. According to docs chromium can store password in 3 different ways:
GNOME Keyring
KWallet 4
plain text
As KWallet storage may be broken in a same way, using nodbus will force chromium to store passwords in plain text which isn't best option for security and for firejail default.
[1] https://wiki.gnome.org/Projects/GnomeKeyring
[2] https://chromium.googlesource.com/chromium/src.git/+/master/docs/linux_password_storage.md
|
|/ / / |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Sort private-etc
This .inc file got missed by https://github.com/netblue30/firejail/pull/2766.
* Sort private-etc
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Sort private-lib
* Sort private-lib
* Sort private-lib
Don't know why there was a reference to /usr/bin/gedit in private-lib...
* Sort private-lib
|
|\ \
| | |
| | | |
automatically fixed all private-{bin,etc} lines
|
| | | |
|
| | | |
|
| | |
| | |
| | | |
Thanks to @rusty-snake for pointing this out.
|
| | |
| | |
| | | |
remove 'noblacklist ${HOME}/.local/share/tridactyl', it will never blacklisted (see #2746)
|
| | | |
|