| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add opera-developer to firecfg
* add opera-developer
* fix typo
* add configs for opera-developer
* Create opera-developer.profile
* fixes for opera-developer
* fix for opera-developer
|
|
|
|
|
| |
* harden opera-beta
* harden opera
|
|
|
|
|
| |
* geary fixes
* comment ipc-namespace
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/d39d5d5c9707b926d517b1b292905ef4c03aa777...75f07e7ab2ee63cba88752d8c696324e4df67466)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
* Add support for changing appearance of the Qt6 apps with qt6ct
* Remove qt5ct artifact from zeal.profile
* Remove qt5ct artifact from bibletime.profile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.0 to 1.1.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/474bbf07f9247ffe1856c6a0f94aeeb10e7afee6...d39d5d5c9707b926d517b1b292905ef4c03aa777)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ |
|
| |\
| | |
| | | |
qbittorrent.profile: fix data directory location
|
| | | |
|
| | | |
|
| |\ \
| | | |
| | | | |
wireshark.profile: Add dac_read_search to caps.keep
|
| | |/
| | |
| | |
| | |
| | | |
On gentoo linux, /usr/bin/dumpcap requires dac_read_search
instead of dac_override.
|
| |\ \
| | | |
| | | | |
firejail.config: add warning about allow-tray
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
According to #4053, there is currently no safe (in the sense of not
allowing to escape the sandbox) implementation of
`org.kde.StatusNotifierWatcher`, but it is required by multiple programs
for tray functionality. Users may not be aware of this (for example,
see #4508), so add a warning about it.
Note: allow-tray was added on commit c86cae2d0 ("Add new condition
ALLOW_TRAY", 2021-09-04) / PR #4510.
|
|/ / / |
|
| | | |
|
| |/
|/| |
|
|\ \
| | |
| | | |
Improve dino.profile.
|
| |/ |
|
| |
| |
| |
| |
| |
| |
| | |
* drop private-dev from wireshark.profile
* add comment about private-dev in wireshark.profile
Add a comment as suggested in https://github.com/netblue30/firejail/pull/4958#issuecomment-1044732769.
|
| |
| |
| |
| |
| |
| |
| | |
* Create onionshare.profile
* Create onionshare-cli.profile
* add onionshare redirects to firecfg.config
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Having `read-only /tmp` yields the following:
$ man ls
[...]
man: /usr/share/man/man1/ls.1.gz: SYSERR: mkstemp: /tmp/man.XXXXxxxxxx: Read-only file system
[...]
It also causes the pager (e.g.: less(1)) to not be called, which means
that the entire man page is just printed all at once on the terminal.
Environment: mandoc 1.14.6-1 on Artix Linux.
Fixes #4927.
Reported-by: @hyder365
|
|/
|
|
| |
Relates to #4912 #4916 #4930 #4933.
|
|\
| |
| | |
Disable/comment message about nogroups being ignored
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added on commit 7abce0b4c ("Fix keeping certain groups with nogroups",
2021-11-30) / PR #4732.
As reported by @rusty-snake on #4930, conflicting messages are printed
when using whitelist-run-common.inc with nogroups:
$ cat test.profile
include whitelist-run-common.inc
nogroups
$ firejail --profile=./test.profile groups
Reading profile ./test.profile
Reading profile /etc/firejail/whitelist-run-common.inc
Parent pid 1234, child pid 1235
Warning: logind not detected, nogroups command ignored <--- is a lie
Warning: cleaning all supplementary groups
Child process initialized in 30.00 ms
rusty-snake <---- running `groups` outside of the sandbox shows more so groups are actually cleaned
Parent is shutting down, bye...
This probably happens because wrc causes /run/systemd to be hidden in
the sandbox and because check_can_drop_all_groups is called multiple
times, seemingly both before and after the whitelisting goes into
effect. So disable the message about nogroups being ignored, but keep
the message about cleaning all supplementary groups (which is unlikely
to be printed unless it really happens).
Fixes #4930.
|
|\ \
| | |
| | | |
Update security policy for 0.9.68 release
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Additional fixes:
Ubuntu 16.04 ais EOL. This means that Firejail 0.9.38 is (to
reasonable knowledge) not supported by any mainstream distros.
Ubuntu 21.04 is also EOL.
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
netblue30/dependabot/github_actions/github/codeql-action-1.1.0
Bump github/codeql-action from 1.0.31 to 1.1.0
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.31 to 1.1.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/1a927e9307bc11970b2c679922ebc4d03a5bd980...474bbf07f9247ffe1856c6a0f94aeeb10e7afee6)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \
| |_|/
|/| | |
testing: fix expect matching of numbers
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The sandbox timestamp should not be available for matching
when output is already expected from the next command
(this is only a problem if numeric output if expected from the
first command in the sandbox).
A possible alternative would be to flush the expect output buffer
with 'expect "*"' after the sandbox is up.
|
|/ /
| |
| |
| |
| |
| | |
0319fbd enabled whitelisting in /usr/share for iridium but wusc
was still ignore causing iridium to crash.
Fixes #4917
|
|\ \
| |/
|/| |
keepassx: restore nou2f
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I could not find anything to confirm that keepassx supports hardware
keys. And as mentioned by @rusty-snake[1]:
> The yubikey support in kpxc seems to be based on
> https://github.com/kylemanna/keepassx /
> https://github.com/keepassx/keepassx/pull/52
> which was never merged. For me it looks like kpx never got official
> support for it.
>
> keepass seems to support hw keys (via plugin).
Also of note is the PR that added yubikey support to keepassxc:
https://github.com/keepassxreboot/keepassxc/pull/127
This partially reverts commit 09ac1a73e ("keepass*: remove nou2f",
2022-02-05) / PR #4903. See also commit 91b04172b ("keepass*: fix typo
in private-dev note", 2022-02-06).
Closes #4883.
[1] https://github.com/netblue30/firejail/issues/4883#issuecomment-1031172309
|
| | |
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | | |
* fix globalcfg help string
* fix --disable-globalcfg explanation
|
|/ / |
|