| Commit message (Collapse) | Author | Age |
| |
|
| |
|
|
|
|
| |
configuration. (#3490)
|
|
|
|
|
|
| |
(#3490)
Without this, konversation doesn't remember the settings for
notifications.
|
|
|
| |
Blender autosaves to /tmp.
|
|
|
| |
This should clarify how to configure for reading local mail after https://github.com/netblue30/firejail/commit/dfaf7a7660689c055ba45a935e42b1b548669c57.
|
|
|
|
|
|
|
| |
* clarify writing to /var/mail and /var/spool/mail in apparmor
Thunderbird seems to be our only mail client profile that enables the `apparmor` option. Users need this when they follow instructions on how to allow reading local mail.
* fix mail clients rule in firejail-default
|
|
|
|
|
|
|
| |
2345cc4 broke environment variable passing for seccomp error action
for fseccomp.
Closes #3488.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
* fix comment in email-common
* add writable-var to evolution.profile
* add writable-var to mutt.profile
* remove newline above writable-var in evolution.profile
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
Totem saves screenshots of video to ${PICTURES}. Also adding tracelog to slightly harden things a bit.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Backporting fixes for Atom 1.48 to firejail 0.9.52, 0.9.58, and 0.9.60
Summary:
- remove nonewprivs, noroot, protocol, and seccomp
- update caps filter to keep sys_admin and sys_chroot
Without these changes Atom 1.48 breaks and refuses to start (due to
Electron sandboxing)
|
|
|
|
|
|
|
| |
Atom 1.48 requires a looser sandbox and no longer works with
noroot, nonewprivs, protocol, and seccomp
caps filter needed adjusting to keep sys_admin and sys_chroot
|
|
|
|
|
|
|
| |
* enable apparmor support by default in update_deb.sh
* Add fix for Debian bug 916920
This should bring the script in sync with packages installed from PPA.
|
|
|
|
| |
https://github.com/hannob/mmapfail
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add strawberry profile
* Fix comment
* Add to disable-programs.inc & firecfg.config
* Add /home/amin/.local/share/strawberry to profile and disable-programs
* Various hardening for strawberry profile
Signed-off-by: Amin Vakil <info@aminvakil.com>
* Change nodbus to dbus-system none in strawberry profile
* Add dbus-user none to strawberry profile
* Add whitelist-var-common, sort private-etc
* Sort, Add wruc, Add netlink to protocol in strawberry profile
* Remove dbus-user none to allow using gnome functions for various usage in strawberry profile
|
|
|
| |
Applications using Qt5 need this to be whitelisted if the user is using a qt5ct colour scheme (such as "darker") or custom QSS.
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
Fixes #3454
|
|/
|
|
| |
solves #3454
|
|
|
| |
See https://github.com/netblue30/firejail/issues/3219#issuecomment-638823377
|
|
|
|
|
|
|
| |
* prioritize installing via OS
* Update README.md
Bring in changes discussed in #3442.
|
|
|
|
|
|
|
|
|
| |
* Man pages: link to .profile resolution, urls
* Man pages: firejail-profile add link to wiki profile creation
* Man pages: line break, slash in path
* Man pages remove space before dots
|
|
|
|
|
|
|
|
| |
Add verbiage to the man pages clarifying that the files/directories in
the lists given to options such as --private-bin must be relative to
the directory that is being limited (e.g., --private-opt requires a
list of files/directories that are relative to /opt).
Signed-off-by: Jeff Squyres <jeff@squyres.com>
|
|
|
|
|
| |
* firecfg: Only use fix_desktop_files when --fix is specified
* firecfg: Only use fix_desktop_files automatically when run through sudo
|
|
|
|
|
|
|
|
|
|
|
|
| |
* disable-shell.inc
* add disable-shell.inc to all profiles with a …
… private-bin line without bash/sh except profiles with redirect
profiles.
* add it to some more profiles
* exclude aria2c.profile
|
|
|
|
| |
revert long-line split and fix bash-completion
|
|
|
|
|
|
| |
- remove -c, the manpage says it is ignored
- $(DESTDIR)/$(bindir)/. -> $(DESTDIR)$(bindir) and so on
- install contrib by file glob (*.py, *.sh)
- split long lines
|
|
|
|
|
| |
w3m is a text-based web browser as well as a pager like `more' or `less'. With w3m you can browse web pages through a terminal emulator window (xterm, rxvt or something like that).
As it outputs I suppose setting quiet in its profile is appropriate.
|
| |
|
|\
| |
| | |
DBus filtering enhancements
|
| | |
|