| Commit message (Collapse) | Author | Age |
| |
|
| |
|
|\
| |
| | |
32bit ARM syscall table
|
| | |
|
|\ \
| | |
| | | |
update --build
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The profile generated by --build are quite outdated. There are still a
lot of things left to do.
- fix #2150 (whitelist-common.inc is still opened from /etc/firejail)
- include wusc and wvc (todo: remove whitelists in wusc/wvc from the
generated profile.)
- fix parsing wc / use ${HOME} macro instead of ~
- update profile headers
- include all disable includes (mustly commented) in the output
- reorder the filesystem section
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refactor caja.profile
* refactor dolphin.profile
* Create file-manager-common.profile
* refactor nautilus.profile
* refactor nemo.profile
* refactor pcmanfm.profile
* refactor ranger.profile
* refactor Thunar.profile
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
More liberal use of an already existing fall back path in pulseaudio.c
removes issues caused by symlinks in ~/.config/pulse (issue #3351 and
some others)
Don't die, but print warnings during /home directory masking,
so that users with a symbolic link in their home directory path can
at least make it to a shell prompt (only in combination with pulseaudio fix).
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Profile for Jitsi Meet desktop app (electron)
* Update description.
* Correctly include global definitions.
* Add jitsi-meet-desktop to firecfg.
* blacklist Jitsi-meet config directory in disable-programs.inc
* Disable more things.
disable-exec.inc not included, as the application shows some error if I
include it.
* Disable more stuff.
* No need to whitelist Downloads directory.
I don't think this application has any file sharing / downloading
feature.
* Use private-bin
I needed to allow the bash executable as well for this to work.
* Add some whitelist rules.
* Use private-cache option
* include disable-exec.inc
Apparently one needs to allow execution in /tmp for the program to work.
* Redirect to electron.profile.
* Use private-etc.
* Do not whitelist Downloads directory.
electron.profile does this, but I do not think this program needs it.
* Rearrange whitelisted files to alphabetical order.
* Move nonwhitelist to appropriate section.
* Newlines as section separators.
|
| |
| |
| | |
Fixes #3363.
|
|\ \
| |/
|/| |
Add new profile: nicotine
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
https://github.com/netblue30/firejail/commit/ca6eec7dcf388c3d0bf52f54c56f7c957b8b777b
As per discussion in #3333, thanks to @rusty-snake for coming up with an alternative.
|
| | |
|
| |
| |
| |
| | |
…g.config (#3333).
|
| |
| |
| |
| |
| |
| | |
- Makefile.in: loops are slow
- Makefile.in: firecfg.config wasn't installed
- allow-gjs.inc: gjs uses libmozjs, forgotten to commit
|
|/ |
|
|\
| |
| | |
Clarify that file globbing occurs only at start
|
| |
| |
| |
| |
| |
| | |
firejail can blacklist (and now also whitelist) files based on glob
pattern. This pattern is evaluated at firejail start, and not updated
at run time. This patch documents this behavior.
|
|/
|
| |
This fixes #3333.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- disable-interpreters: blacklist /usr/lib64/libmozjs-*
- fdns:
- fix .local name
- remove server.profile comment (do we need /sbin and /usr/sbin?)
- add wusc and wvc (commented because untested)
- minimize caps.keep (based on fdns.service)
- fix protocol position
- add private-etc (based on fdns.service)
|
|
|
|
|
|
|
| |
Move autoconfigured lines up in Makefile.in so that they are defined
before they are used .
Closes #3341 #3344.
|
|
|
|
| |
Delete two unused variables.
|
|
|
|
| |
Closes #3341.
|
| |
|
| |
|
|\
| |
| | |
Build improvements
|
| |
| |
| |
| |
| | |
Sometimes concurrent build could fail if the filter apps were not
made before attempting to make the filters.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Otherwise, fails with error
CreateDirectories: failed to mkdir /usr/share/games (mode 448)
file_system.cpp(158): Function call failed: return value was -110300 (Insufficient access rights to open file)
Function call failed: return value was -110300 (Insufficient access rights to open file)
Location: file_system.cpp:158 (CreateDirectories)
Observed on Debian 10, 0ad 0.0.23
|
|\ \
| | |
| | | |
early decision in bug report if using git version
|
| | | |
|
|\ \ \
| |_|/
|/| | |
Improvements for syscalls.sh contib file
|
|/ /
| |
| | |
Fixed the identation for copy/past problems and added a console character that returns the console to it's original colour after the SYSCALLS_OUTPUT_FILE param is printed.
|
|\|
| |
| | |
Request behavior change description in bug reports
|
|/
|
|
| |
program
|
| |
|
| |
|