| Commit message (Collapse) | Author | Age |
... | |
| |
| |
| |
| | |
thunderbird-wayland profile did not include thunderbird-wayland.local
|
| | |
|
| |
| |
| |
| | |
apparently on x86 and on other platforms like aarch64 a 16 byte aligned stack is expected
todo: replace this with a generic check
|
| | |
|
| | |
|
| | |
|
| | |
|
|/
|
| |
Fix broken libx265 encoding (needs the set_mempolicy syscall).
|
|
|
| |
Thanks to @rusty-snake for requesting this in https://github.com/netblue30/firejail/pull/3061.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create gist.profile
* Add gist config to disable-programs.inc
* Add gist to firecfg.config
* Update RELNOTES
* Update README.md
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AppArmor security relies on path based rules and rewriting paths
may allow to bypass them.
Those actions are priveliged so vast majority of apps shouldn't need
them anyway. If some app need those rules then it's better to
consider them as unsuitable for apparmor option rather than weaken
generic profile for all apps.
See related issue reported by apparmor usage in snap:
https://bugs.launchpad.net/snapd/+bug/1791711
|
| |
|
|
|
|
|
|
| |
* Create unf.profile
* Add unf to firecfg.config
|
|
|
|
|
|
|
|
| |
* Create gmpc.profile
* Add gmpc config to disable-programs.inc
* Add gmpc to firecfg.config
|
|
|
|
|
|
|
|
| |
* Create drawio.profile
* Add drawio config to disable-programs.inc
* Add drawio to firecfg.config
|
|
|
|
|
|
| |
* Create ddgtk.profile
* Add ddgtk to firecfg.config
|
|
|
|
|
|
| |
* Create cameramonitor.profile
* Add cameramonitor to firecfg.config
|
|
|
|
|
|
| |
* Create audio-recorder.profile
* Add audio-recorder to firecfg.config
|
| |
|
|\
| |
| | |
Add profanity profile
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
|
|
| |
* Create electron-mail.profile
* Add electron-mail to disable-programs.inc
* Add electron-mail to firecfg.config
|
| |
|
|
|
|
|
|
|
|
| |
* Add babl/gegl caches for gimp
* Add gir-1.0 to wusc
* Add babl/gegl support to gimp.profile
|
| |
|
| |
|
| |
|
|
|
|
|
| |
get previous commit acbf707889ae241bfd476f5371df4599103b6606
in line with treatment of other directories in /run/firejail/mnt
|
|
|
|
|
| |
as far as possible avoid creating locations in the file system
that are both writable and executable
|
|
|
|
|
|
| |
allowing private and home directory to be owned by different users
if the home directory is inside /home was thought to add flexibility, but the scenario is
maybe a bit too exotic, and ignoring it paves the way for a simplification
|
| |
|
|\
| |
| | |
RFC: profiles: allow nc in ssh profile by default
|
| | |
|
|\ \
| | |
| | | |
Resolve #3029: drop outdated Skype profile
|
| | | |
|
| | | |
|
| |/
|/| |
|