| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/ec3a7ce113134d7a93b817d10a8272cb61118579...a12a3943b4bdde767164f792f33f40b04645d846)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |\ |
|
| | |\
| | |
| | | |
drop redundant ignore in chromium-based browsers
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ / |
|
| |\ \
| | |
| | | |
whitelist restructuring
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Check mountids while creating path of a new mount target.
If the mountid differs from the top level directory (tmpfs)
mountid, this proves an earlier whitelist command.
It is important to note though that this check is not exhaustive,
as besides nested whitelist commands there are also nested
top level directories. So a user could run:
firejail --whitelist=/a/b --whitelist=/a/b/c where both
a and b are (whitelist) top level directories. Such a command
may result in b and c sharing the filesystem and hence mountid.
In this case the nested nature of the whitelist commands
will go unnoticed.
A more rigorous version will probably need to apply some
sorting to the whitelist command, possibly by means of
glob(3).
|
| | | |
| | |
| | |
| | | |
some cleanup, simplify extending the code (for example adding additional members to the TopDir struct)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
as functions operate on a file descriptor
it should be safe to remove them; this
sets the stage for improvements to the
whitelist code
|
| |\ \ \
| |_|/
|/| | |
Add ability to disable user profiles at compile time.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* add opera-developer to firecfg
* add opera-developer
* fix typo
* add configs for opera-developer
* Create opera-developer.profile
* fixes for opera-developer
* fix for opera-developer
|
| | | |
| | |
| | |
| | |
| | | |
* harden opera-beta
* harden opera
|
| | | |
| | |
| | |
| | |
| | | |
* geary fixes
* comment ipc-namespace
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/d39d5d5c9707b926d517b1b292905ef4c03aa777...75f07e7ab2ee63cba88752d8c696324e4df67466)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
* Add support for changing appearance of the Qt6 apps with qt6ct
* Remove qt5ct artifact from zeal.profile
* Remove qt5ct artifact from bibletime.profile
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.0 to 1.1.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/474bbf07f9247ffe1856c6a0f94aeeb10e7afee6...d39d5d5c9707b926d517b1b292905ef4c03aa777)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |\ \ |
|
| | |\ \
| | | |
| | | | |
qbittorrent.profile: fix data directory location
|
| | | | | |
|
| | | | | |
|
| | |\ \ \
| | | | |
| | | | | |
wireshark.profile: Add dac_read_search to caps.keep
|
| | | |/ /
| | | |
| | | |
| | | |
| | | | |
On gentoo linux, /usr/bin/dumpcap requires dac_read_search
instead of dac_override.
|
| | |\ \ \
| | | | |
| | | | | |
firejail.config: add warning about allow-tray
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
According to #4053, there is currently no safe (in the sense of not
allowing to escape the sandbox) implementation of
`org.kde.StatusNotifierWatcher`, but it is required by multiple programs
for tray functionality. Users may not be aware of this (for example,
see #4508), so add a warning about it.
Note: allow-tray was added on commit c86cae2d0 ("Add new condition
ALLOW_TRAY", 2021-09-04) / PR #4510.
|
| |/ / / / |
|
| | | | | |
|
smitsohu
dependabot[bot]
netblue30
glitsj16
Dmitry Chestnykh
avallach2000
crocket
Kelvin M. Klann