| Commit message (Collapse) | Author | Age |
|\
| |
| | |
lutris.profile: allow more syscalls
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Need to whitelist `ptrace` and `clone3` for Ubisoft Connect to work.
journalctl did list `process_vm_readv` when a game was running, but it
didn't crash the game.
Fixes #6035.
|
|\ \
| | |
| | | |
steam.profile: allow process_vm_readv syscall
|
| |/
| |
| |
| |
| |
| | |
EA Origin (game launcher) won't launch without this.
See https://github.com/netblue30/firejail/issues/5185#issuecomment-1776516159
|
|\ \
| | |
| | | |
fcopy: Use lstat when copy directory.
|
| | |
| | |
| | |
| | | |
When copying directories use lstat when reading info about source files.
|
| | |
| | |
| | |
| | |
| | | |
The most generic way is to use `intmax_t`
because we dont't know what is the "parent" type of `off_t`.
This fixes https://github.com/netblue30/firejail/issues/5982 .
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/1b05615854632b887b69ae1be8cbefe72d3ae423...eb238b55efaa70779f274895e782ed17c84f2895)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.5 to 2.22.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/74483a38d39275f33fcff5f35b679b5ca4a26a99...66b90a5db151a8042fa97405c6cf843bbe433f7b)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| | |
| | |
| | | |
on Debian the data is in /usr/share/tesseract-ocr/
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* disable-programs.inc: add support for tiny-rdm
* Create tiny-rdm.profile
* firecfg.config: add support for tiny-rdm
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.4 to 2.22.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/49abf0ba24d0b7953cb586944e918a0b92074c80...74483a38d39275f33fcff5f35b679b5ca4a26a99)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It's the only workflow missing it.
See commit 339d395fb ("ci: print env-related settings in each job",
2023-04-22) / PR #5802.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
discord_arch_electron[1] stores its files in /usr/share/discord, rather than
the usual /opt/discord.
[1] https://aur.archlinux.org/packages/discord_arch_electron
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* nodejs-common: add pnpm support
* disable-programs.inc: add pnpm support
* Create pnpm.profile
* Create pnpx.profile
|
|\ \ \
| |_|/
|/| | |
disable-programs.inc: remove duplicated entries
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
They are already present in disable-common.inc.
Added in the following commits:
* 6bf6d5ed5 ("updated program files", 2016-12-02) / PR #951
* 49280197c ("various hardening (#3394)", 2020-05-02)
* 2e2c2327f ("profiles: support more msmtp configuration paths (#6060)",
2023-10-22)
Misc: This was noticed on PR #6060.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
They are currently spread over disable-common.inc and
disable-programs.inc.
Added on commit 6f7ab41e4 ("blacklist gnome-boxes user files
(VM-Images)", 2019-10-13) and commit 49280197c ("various hardening
(#3394)", 2020-05-02).
|
| | |
| | |
| | |
| | | |
to run these options
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.3 to 2.22.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/0116bc2df50751f9724a2e35ef1f24d22f90e4e1...49abf0ba24d0b7953cb586944e918a0b92074c80)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/8ade135a41bc03ea155e62e844d188df1ea18608...b4ffde65f46336ab88eb53be808477a3936bae11)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since version 1.8.6 msmtp supports per-user configuration at either
~/.msmtprc (already supported by firejail) or
`$XDG_CONFIG_HOME/msmtp/config`. System-wide support can be placed at
/etc/msmtprc.
This adds the missing paths to the relevant .inc and .profile files.
Note that `blacklist ${HOME}/.msmtprc` is present on both
disable-common.inc and disable-programs.inc, so the new paths are added
to both files.
References:
https://wiki.archlinux.org/title/Msmtp#Basic_setup
https://marlam.de/msmtp/msmtp.html#Configuration-files
|
| |
| |
| |
| |
| |
| |
| |
| | |
The `mimetypes` property contains the section `text/plain`. This causes
for example the Gnome Editor to recognize every simple text file as a
firejail profile file. See this issue:
https://gitlab.gnome.org/GNOME/gnome-text-editor/-/issues/612
Fixes #6057.
|
| |
| |
| |
| |
| |
| | |
For extra clarity.
Relates to #5987.
|
| |
| |
| |
| |
| |
| |
| |
| | |
These profile-related changes seem significant enough to warrant
entries, as #6021 adds some guidance on the use of private-opt and #5987
standardizes the format of commented code in all profiles.
Relates to #5987 #6021.
|
| |
| |
| |
| | |
Relates to #6026.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* profiles: drop private-opt (existing whitelist)
* profiles: replace private-opt with whitelist
In most profiles.
Kept private-opt for enpass (~85MB), mate-dictionary (<20MB),
minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't
check: xmr-stak.
* docs: note potential issues with private-opt
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.0 to 2.22.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/2cb752a87e96af96708ab57187ab6372ee1973ab...0116bc2df50751f9724a2e35ef1f24d22f90e4e1)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
| | |
|
|\ \
| | |
| | | |
disable-common.inc: add more suid programs
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Programs:
$ pacman -Qo fusermount3 groupmems mount.cifs wall write
/usr/bin/fusermount3 is owned by fuse3 3.16.1-1
/usr/bin/groupmems is owned by shadow 4.14.0-4
/usr/bin/mount.cifs is owned by cifs-utils 7.0-3
/usr/bin/wall is owned by util-linux 2.39.2-1
/usr/bin/write is owned by util-linux 2.39.2-1
|
|/ / |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.9 to 2.22.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/ddccb873888234080b77e9bc2d4764d5ccaaccf9...2cb752a87e96af96708ab57187ab6372ee1973ab)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/8ca2b8b2ece13480cda6dacd3511b49857a23c09...1b05615854632b887b69ae1be8cbefe72d3ae423)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
* Create termshark.profile
* firecfg.config: add termshark support
* termshark: CLI hardening
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
* Update nicotine.profile
* dbus.user set to filter
|
|\ \
| | |
| | | |
New profile: tidal-hifi
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
modified src/firecfg/firecfg.config to add tidal-hifi
created etc/profile-m-z/tidal-hifi.profile
closes: #6008
Apply suggestions from code review
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
|\ \ \
| | | |
| | | | |
ci: allow running workflows manually
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add `on.workflow_dispatch`.
See:
* https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatch
* https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
|
|\ \ \ \
| | | | |
| | | | | |
New profile: floorp
|