| Commit message (Collapse) | Author | Age |
|
|
|
| |
It's a collection of many tools, that might not be allowed individually.
When it's needed, it can easily be allowed again.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Allow google-chrome access to the custom flags files in ~/.config.
* Added noblacklist for the custom flag files for google-chrome-stable.
* Allow read access to the custom flag files for both google-chrome-beta and google-chrome-unstable.
* Added the custom flag files for google-chrome stable, beta and unstable to the disable-programs.inc list.
|
| |
|
| |
|
|
|
|
|
| |
Configure Debian package with AA and SELinux options if they are
enabled.
|
|
|
|
|
|
|
|
|
|
|
| |
Also fixed a typo for new profiles: nicontine --> nicotine
* add plv to firecfg
* add plv to disable-programs.inc
* Create plv.profile
* Update plv.profile
|
|\
| |
| | |
Add several games to steam and disable-programs
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Add Faster Than Light, Into the Breach, Paradox Interactive, and mbwarband
to disable-programs.inc.
Also, add Faster Than Light and Into the Breach into steam.profile. This
fixes saved games being lost when steam is closed, and also lets Steam
cloud sync work properly.
Lastly, remove a duplicate whitelist ${HOME}/.steampid from
steam.profile.
|
|
|
| |
We seem to have forgotten 3 scripts from contrib. Let's add those too.
|
|
|
|
|
|
| |
Don't build all filters many times over but instead let them be built
in parallel.
Closes #3393
|
|
|
|
|
|
|
|
|
|
|
| |
* use the new dbus format in chromium-common.profile
* use new dbus format in firejail.config
Now that #3326 landed I think it might be less confusing to keep using the --nodbus wording. Couldn't come up with a better alternative (yet), so this might need future improvements.
* block dbus system bus
Blocking the system bus shouldn't affect password functionality etc, as that uses the session bus.
|
|\
| |
| | |
bug_template: more specific information
|
|/
|
|
| |
existence, lookup for installed profiles and user investigation on related problems
|
|
|
|
|
|
| |
- create vim directorys (#3396)
- fix #3400 (Eye of GNOME won't open)
- fix feedreader, it is broken without org.freedesktop.secrets access
|
| |
|
| |
|
|\
| |
| | |
Disable browser drm by default.
|
| |
| |
| |
| | |
Done to match whats stated in etc/firejail/firejail.config
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
* dbus filter (1)
* dbus-filter: firefox
* drop org.gtk.vfs and com.canonical.AppMenu.Registrar
|
|/ |
|
|
|
| |
Preliminary fixes tested/confirmed on Arch regarding #3389 (in-progress).
|
| |
|
|
|
|
|
|
| |
Some applications like Byobu, tmux and screen like to use environment
and then 100 environment variables may be too few.
Closes: #3350
|
|
|
| |
Fix for #3385.
|
|\
| |
| | |
Add steam-runtime alias
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
32bit ARM syscall table
|
| | |
|
|\ \
| | |
| | | |
update --build
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The profile generated by --build are quite outdated. There are still a
lot of things left to do.
- fix #2150 (whitelist-common.inc is still opened from /etc/firejail)
- include wusc and wvc (todo: remove whitelists in wusc/wvc from the
generated profile.)
- fix parsing wc / use ${HOME} macro instead of ~
- update profile headers
- include all disable includes (mustly commented) in the output
- reorder the filesystem section
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refactor caja.profile
* refactor dolphin.profile
* Create file-manager-common.profile
* refactor nautilus.profile
* refactor nemo.profile
* refactor pcmanfm.profile
* refactor ranger.profile
* refactor Thunar.profile
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
More liberal use of an already existing fall back path in pulseaudio.c
removes issues caused by symlinks in ~/.config/pulse (issue #3351 and
some others)
Don't die, but print warnings during /home directory masking,
so that users with a symbolic link in their home directory path can
at least make it to a shell prompt (only in combination with pulseaudio fix).
|
| | |
|
| | |
|
| | |
|