| Commit message (Collapse) | Author | Age |
| |
|
| |
|
|\ |
|
| | |
|
|/
|
|
|
|
|
|
|
| |
containing:
- files forgotten in 4beaf8f9
- workarounds for #903
- commented useless private-etc lines removed
- remove commented seccomp.keep lines
- much more
|
|
|
|
| |
in addition to 019fa047, c7d34b5e, 0a9beba3, cbdbb0f0.
|
| |
|
|
|
|
| |
only unknown-horizons was affected
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Sort seccomp.drop in unbound.profile
* Sort caps.keep in tor.profile
* Sort seccomp.drop in qgjs.profile
* Sort seccomp.drop in dnscrypt-proxy.profile
* Sort caps.keep in chromium-common.profile
|
|\ |
|
| |\
| | |
| | | |
chromium: disable nodbus
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Unfortunately nodbus prevents access to site passwords if they are stored in GNOME Keyring[1]. According to docs chromium can store password in 3 different ways:
GNOME Keyring
KWallet 4
plain text
As KWallet storage may be broken in a same way, using nodbus will force chromium to store passwords in plain text which isn't best option for security and for firejail default.
[1] https://wiki.gnome.org/Projects/GnomeKeyring
[2] https://chromium.googlesource.com/chromium/src.git/+/master/docs/linux_password_storage.md
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Sort private-etc
This .inc file got missed by https://github.com/netblue30/firejail/pull/2766.
* Sort private-etc
|
|/
|
|
|
|
|
|
|
|
|
|
| |
* Sort private-lib
* Sort private-lib
* Sort private-lib
Don't know why there was a reference to /usr/bin/gedit in private-lib...
* Sort private-lib
|
|\
| |
| | |
automatically fixed all private-{bin,etc} lines
|
| | |
|
| | |
|
| |
| |
| | |
Thanks to @rusty-snake for pointing this out.
|
| |
| |
| | |
remove 'noblacklist ${HOME}/.local/share/tridactyl', it will never blacklisted (see #2746)
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Fix youtube video in totem
lua is required for youtube (online?) videos
* Fix youtube video in totem with allow-lua.inc
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Refactor artha as whitelist profile
* Refactor clipit as whitelist profile
* Refactor devilspie as whitelist profile
* Refactor devilspie2 as whitelist profile
* Refactor exfalso as whitelist profile
* Refactor pavucontrol as whitelist profile
* Refactor pdftotext as whitelist profile
* Refactor redshift as whitelist profile
* Refactor soundconverter as whitelist profile
|
| |
| |
| | |
Fixes #2772
|
| |
| |
| | |
Leaving alphabetical ordering of private-bin up to https://github.com/netblue30/firejail/pull/2766.
|
| | |
|
| |
| |
| | |
Leaving alphabetical ordering of private-bin up to https://github.com/netblue30/firejail/pull/2766.
|
| |
| |
| | |
Leaving the alphabetical ordering up to https://github.com/netblue30/firejail/pull/2766.
|
| | |
|
| |
| |
| |
| |
| |
| | |
* Create syscalls file
A little script to determine the necessary syscalls for a program.
|
| | |
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Streamline mdwe comment for authenticator
* Streamline mdwe comment for autokey-common
* Streamline mdwe comment for baobab
* Streamline mwde comment for bitwarden
* Streamline mdwe comment for clawsker
* Streamline mdwe comment for devhelp
* Streamline mdwe comment for d-feet
* Streamline mdwe comment for enpass
* Streamline mdwe comment for eo-common
* Streamline mdwe comment for exfalso
* Streamline mdwe comment for font-manager
* Streamline mdwe comment for geekbench
* Streamline mdwe comment for mpDris2
* Streamline mdwe comment for ocenaudio
* Streamline mdwe comment for QMediathekView
* Streamline mdwe comment for subdownloader
* Streamline mdwe comment for viewnior
* Streamline mdwe comment for youtube-dl
|
|/ / |
|
| | |
|
| |
| |
| | |
Fixes #2767 - thanks to @grizzlyuser for reporting this.
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
The files holds credentials to WebDAV servers in plaintext
hence it's probably a good idea to limit access to them.
|
|
|
|
| |
This replaces the outdated templates from #1734
with new templates from the program used in #2093
|
| |
|
|\
| |
| | |
Make it possible for cheese app to save pictures too
|
|/ |
|
| |
|
| |
|
| |
|