| Commit message (Collapse) | Author | Age |
|
|
| |
see previous commit, #2879
|
|\
| |
| | |
qpdfview: Fix issue when opening a file from file manager
|
| |
| |
| | |
I can confirm https://github.com/netblue30/firejail/pull/2837#issuecomment-511334363 when opening a file from `pcmanfm`, it doesn't open if qpdfview contains `nodbus`
|
| | |
|
| |
| |
| |
| |
| | |
Reconstruct @default by not relying on the changed system call groups
@privileged and @resources.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rules for redirecting profiles:
- add exceptions: just add 'seccomp !SYSCALL'
- remove exception:
```
seccomp
ignore seccomp
```
|
| | |
|
| | |
|
|\ \ |
|
| |\ \
| | | |
| | | | |
Add further seccomp groups
|
| | | |
| | | |
| | | |
| | | | |
Get further seccomp group definitions from systemd.
|
|/ / / |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Allow exceptions to seccomp lists
|
| |\ \ \
| |/ / /
|/| | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
seccomp fix: allow numeric syscalls
|
|/ / / /
| | | |
| | | |
| | | | |
as per man page, numeric syscall is indicated by the dollar sign '$'
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- fix for #2038
- update RELNOTES
- fix #2925
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- add novideo to a lot of profiles
(there are still more profiles where novideo can be added)
- remove commente mdwe from some gnome applications
- add descriptions to some profiles
- blacklist ${HOME}/.cargo/credentials
- move ${HOME}/.git-credentials and ${HOME}/.git-credential-cache to
'top secret' in disable-common.inc
- some ordering in disable-programs.inc
- merge tor browser blacklists to ${HOME}/.tor-browser*
- qupzilla.profile redirect to falkon.profile
- blacklist gnome-builder paths
- fix transmission profiles inlude
- much more
|
| | | | |
|
| | | | |
|
| |/ /
|/| | |
|
|/ /
| |
| |
| |
| |
| |
| | |
Prefix ! can be used to make exceptions to system call blacklists and
whitelists used by seccomp, seccomp.drop and seccomp.keep.
Closes #1366
|
|\ \
| | |
| | | |
Introduce allow-common-devel.inc
|
| | | |
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- install contrib/syscalls.sh
- add GitLab-CI status to README.md
- read-only ${HOME}/.cargo/env
- move blacklist ${HOME}/.cargo/registry, ${HOME}/.cargo/config to
disable-programs
- typo in man firejail firejail-profiles firecfg
- better descriptions in man firejail-profiles
- fixes in man firejail
- template descriptions in firejail-profiles
|
| | |
|
| | |
|
| | |
|
| |
| |
| | |
Fixes #2901.
|
|\ \
| | |
| | | |
Profiles: add I2P
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Changed to default seccomp
Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
|
| | | |
|
|/ /
| |
| | |
Thanks @rusty-snake for catching this!
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Refactor transmission-cli
* Create transmission-common.profile
* Refactor transmission-create
* Refactor transmission-daemon
* Refactor transmission-edit
* Refactor transmission-gtk
* Refactor transmission-qt
* Refactor transmission-remote-cli
* Refactor transmission-remote-gtk
* Refactor transmission-remote
* Refactor transmission-show
|
| |
| |
| |
| | |
because libtrace hooked libc calls were being executed before the libtrace library was initialized. This was due to other loaded libraries being initialized first.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* beginn fixup
* continue
* continue
* continue
* continue
* continue
* continue
|
| | |
|