| Commit message (Collapse) | Author | Age |
| |
|
| |
|
|
|
| |
Fixes #3135.
|
| |
|
| |
|
|\
| |
| | |
Fix typos in fs_bin.c
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* unbreak audio-recorder
Support both X11 and Wayland by default. Users can add 'blacklist ${RUNUSER}/wayland-*' or 'x11 none' in their audio-recorder.local.
* unbreak ddgtk
Support both X11 and Wayland by default. Users can add 'blacklist ${RUNUSER}/wayland-*' or 'x11 none' in their ddgtk.local.
* unbreak and harden gconf-editor
Support both X11 and Wayland by default. Also whitelist /usr/share/gconf-editor for wusc.
* unbreak seahorse
Support both X11 and Wayland by default.
* add blacklist ${RUNUSER}/wayland-* to dnscrypt-proxy
|
| |
|
|
|
|
| |
@reinerh is this still right?
> :white_check_mark: Debian 11 (testing/unstable), 10 **backports**; Ubuntu 19.10
|
|
|
|
| |
Thanks @Micha-Btz for all the testing.
|
| |
|
|
|
|
| |
https://github.com/netblue30/firejail/issues/3164#issuecomment-575892401
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* refactor claws-mail as whitelist profile
* refactor sylpheed as whitelist profile
* Create email-common.profile
* safeguard ${DOCUMENTS}
* Add disable-xdg to email-common.profile
Thanks @rusty-snake for the review.
|
|\
| |
| | |
blacklist ${RUNUSER}/wayland-* in every profile with blacklist /tmp/.X11-unix or x11 none
|
| | |
|
| |
| |
| |
| | |
…les with 'x11 none'
|
|/
|
|
| |
…les with 'blacklist /tmp/.X11-unix'
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* harden devilspie
* harden devilspie2
* harden curl
* harden wget
* harden curl
* harden dig
* harden claws-mail
* harden dnscrypt-proxy
* harden dnscrypt-proxy
* harden dnscrypt-proxy
* harden exfalso
* refactor easystroke as whitelist profile
* refactor enchant as whitelist profile
* safeguard ${DOCUMENTS}
Thanks @rusty-snake for the suggestion.
* drop x11-none
Thanks @rusty-snake for catching this.
* drop x11 none
Thanks @rusty-snake for saving the bacon...
* drop x11 none
Thanks @rusty-snake for catching this.
* drop x11 none
Thanks @rusty-snake for preventing breakage!
* drop ipc-namespace
Better safe than sorry...
|
|
|
|
| |
issue #3130
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This is continuation of fixes needed after recent ffmpeg change in
Arch Linux. See https://github.com/netblue30/firejail/issues/3147
|
|
|
|
| |
Reported at: https://bugs.debian.org/948993
|
| |
|
|
|
|
| |
[1]: https://github.com/netblue30/firejail/issues/2946#issuecomment-574861226
|
|
|
|
| |
closes #3147
|
| |
|
|
|
| |
@rusty-snake For now I've fixed the sorting to let it pass CI. Do you think sort.py should put java-{8,9}-openjdk before java-10-openjdk?
|
| |
|
|
|
|
|
|
| |
* Support XDG_CONFIG_HOME for aria2c
* Fix aria2c.profile
|
| |
|
|
|
|
|
| |
…mon.profile to firefox.profile.
See https://github.com/netblue30/firejail/commit/c8f78d7b536ec2dce4cc74de2653ae6c8c99b553#commitcomment-36763119
|
|
|
|
|
| |
directory is used for system-wide installed webext-addons.
Reported at: https://bugs.debian.org/948558
|
| |
|
| |
|
| |
|
|\
| |
| | |
allow chroot syscall where apps depend on QtWebengine
|
| |
| |
| |
| | |
derived from QtWebengine reverse dependencies
|
|\ \
| | |
| | | |
cmus: allow access to resolv.conf
|
|/ / |
|
| | |
|
|\ \
| | |
| | | |
DHCP client support
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
dhclient -6 fails if the interface to be configures has no link-local address.
This is especially problematic when only DHCPv6 is used
(e.g., --ip=none --ip6=dhcp), because the wait for a DHCPv4 lease is usually
ample time for the LL address to become available on the IPv6 link.
The LL address must not be tenative.
Therefore, this patch implements waiting for a non-tentative link-local
address in fnet for DHCPv6 configured interfaces.
The command fnet waitll <if> waits for an LL address on the interface <if>.
Currently, the maximum waiting time is 30 seconds,
and the kernel is polled through rtnetlink every 500 milliseconds.
These values seem sufficient for virtual bridged networks,
e.g., libvirt NAT networks.
|