aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* build(deps): bump step-security/harden-runner from 2.5.1 to 2.6.0Libravatar dependabot[bot]2023-10-09
| | | | | | | | | | | | | | Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.5.1 to 2.6.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/8ca2b8b2ece13480cda6dacd3511b49857a23c09...1b05615854632b887b69ae1be8cbefe72d3ae423) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* tshark: CLI hardening (#6040)Libravatar glitsj162023-10-07
|
* New profile: termshark (#6039)Libravatar glitsj162023-10-07
| | | | | | | * Create termshark.profile * firecfg.config: add termshark support * termshark: CLI hardening
* wireshark: fix access to dumpcap (#6038)Libravatar glitsj162023-10-07
|
* nicotine: allow sound notifications (#6037)Libravatar glitsj162023-10-07
|
* nicotine: support Fcitx and dconf via dbus-user filter (#6036)Libravatar glu87162023-10-07
| | | | | * Update nicotine.profile * dbus.user set to filter
* Merge pull request #6009 from jtrv/tidal-hifiLibravatar netblue302023-10-05
|\ | | | | New profile: tidal-hifi
| * New profile: tidal-hifi (#6008)Libravatar jtrv2023-09-25
| | | | | | | | | | | | | | | | | | | | | | modified src/firecfg/firecfg.config to add tidal-hifi created etc/profile-m-z/tidal-hifi.profile closes: #6008 Apply suggestions from code review Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* | Merge pull request #6026 from kmk3/ci-allow-manual-runLibravatar netblue302023-10-05
|\ \ | | | | | | ci: allow running workflows manually
| * | ci: allow running workflows manuallyLibravatar Kelvin M. Klann2023-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add `on.workflow_dispatch`. See: * https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatch * https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
* | | Merge pull request #6030 from glitsj16/np-floorpLibravatar netblue302023-10-05
|\ \ \ | | | | | | | | New profile: floorp
| * | | disable-programs.inc: fix sortingLibravatar glitsj162023-10-02
| | | |
| * | | Create floorp.profileLibravatar glitsj162023-10-02
| | | |
| * | | disable-programs.inc: add floorp supportLibravatar glitsj162023-10-02
| | | |
* | | | Create brz.profile and bzr.profile (#6028)Libravatar glitsj162023-10-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From Breezy's documentation[1] [2]: > Breezy is a friendly fork of the Bazaar (bzr) project, hosted on > http://bazaar.canonical.com/. It is backwards compatibility with > Bazaar's disk format and protocols. One of the key differences with > Bazaar is that Breezy runs on Python 3, rather than on Python 2. breezy is also the drop-in replacement for bazaar on Arch Linux since pacman 6.0.2-8[3]. > By default, Breezy provides support for both the Bazaar and Git file > formats. Note: The profile is implemented as a git redirect. [1] https://github.com/breezy-team/breezy [2] https://www.breezy-vcs.org/ [3] https://gitlab.archlinux.org/archlinux/packaging/packages/pacman/-/commit/c68a4e6602e3488fa093a18d35202c76a730faf6
* | | | New profile: lettura (#6027)Libravatar glitsj162023-10-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * disable-programs.inc: add lettura support * Create lettura.profile * firecfg.config: add lettura
* | | | build(deps): bump github/codeql-action from 2.21.8 to 2.21.9Libravatar dependabot[bot]2023-10-02
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.8 to 2.21.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/6a28655e3dcb49cb0840ea372fd6d17733edd8a4...ddccb873888234080b77e9bc2d4764d5ccaaccf9) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* / / disable-common.inc: add foot to 'bad terminals' section (#6025)Libravatar glitsj162023-09-28
|/ /
* | youtubemusic-nativefier: fix include .local name (#6020)Libravatar glitsj162023-09-26
| |
* | profiles: dpkg fix (#6019)Libravatar glitsj162023-09-26
|/
* build(deps): bump github/codeql-action from 2.21.7 to 2.21.8Libravatar dependabot[bot]2023-09-25
| | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.7 to 2.21.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/04daf014b50eaf774287bf3f0f1869d4b4c4b913...6a28655e3dcb49cb0840ea372fd6d17733edd8a4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump actions/checkout from 4.0.0 to 4.1.0Libravatar dependabot[bot]2023-09-25
| | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/3df4ab11eba7bda6032a0b82a6bb43b11571feac...8ade135a41bc03ea155e62e844d188df1ea18608) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* profiles: fix path of system-log-common.profileLibravatar Kelvin M. Klann2023-09-23
| | | | | | | | | | | | | This amends commit dd5539012 ("profiles: refactor log viewers (#5996)", 2023-09-23). Commands used: git mv \ etc/profile-m-z/profile-m-z/profile-m-z/system-log-common.profile \ etc/profile-m-z/system-log-common.profile rmdir etc/profile-m-z/profile-m-z/profile-m-z/ rmdir etc/profile-m-z/profile-m-z/
* create fluffychat.profile (#6007)Libravatar pirate4867431862023-09-23
| | | Co-authored-by: pirate486743186 <>
* mocp: hardening (#6017)Libravatar glitsj162023-09-23
|
* mocp: fix networking (#6016)Libravatar glitsj162023-09-23
|
* profiles: refactor log viewers (#5996)Libravatar glitsj162023-09-23
| | | | | | | | * profiles: refactor log viewers Introduces system-log-common.profile as a common profile for existing GUI log viewer applications. * system-log-common: enable no3d
* Merge pull request #5993 from kmk3/modif-keep-pipewire-groupLibravatar Kelvin M. Klann2023-09-20
|\ | | | | modif: keep pipewire group unless nosound is used
| * modif: keep pipewire group unless nosound is usedLibravatar Kelvin M. Klann2023-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This group is apparently used on Gentoo[1]. Currently only the "audio" supplementary group is kept. Fixes #5992. See also commit f32938669 ("Keep vglusers group unless no3d is used (virtualgl)", 2022-01-07) / PR #4851. [1] https://wiki.gentoo.org/wiki/PipeWire Reported-by: @amano-kenji
* | steam.profile: Allow Factorio (#6012)Libravatar archaon6162023-09-19
| | | | | | | | Add directories to config so Factorio runs correctly.
* | Add blender-3.6 redirect (#6013)Libravatar Frostbyte46642023-09-18
| |
* | gwenview: add Trash support (#6001)Libravatar glitsj162023-09-18
| |
* | telegram.profile: allow ~/.local/share/telegram-desktop (#5994)Libravatar Denis Subbotin2023-09-18
| | | | | | New TelegramWebApps uses another directory for saving local storage.
* | build(deps): bump github/codeql-action from 2.21.5 to 2.21.7Libravatar dependabot[bot]2023-09-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.5 to 2.21.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/00e563ead9f72a8461b24876bee2d0c2e8bd2ee8...04daf014b50eaf774287bf3f0f1869d4b4c4b913) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | speed up blacklistsLibravatar netblue302023-09-12
| |
* | build(deps): bump actions/checkout from 3.6.0 to 4.0.0Libravatar dependabot[bot]2023-09-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/f43a0e5ff2bd294095638e18286ca9a3d1956744...3df4ab11eba7bda6032a0b82a6bb43b11571feac) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #5987 from kmk3/profiles-fix-eol-commentsLibravatar Kelvin M. Klann2023-09-08
|\ \ | | | | | | profiles: fix commented code and eol comments
| * | profiles: fix commented code and eol commentsLibravatar Kelvin M. Klann2023-09-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Main changes: * Remove the space after `#` for commented code lines to distinguish them from normal comments * Use `#` instead of `-` for comments at the end of the line so that commented code lines work after being uncommented Commands used to search and replace: arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list | LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')" arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list | LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')" git ls-files -z -- etc/inc etc/profile* | xargs -0 -I '{}' \ sh -c "printf '%s\n' \"\$(sed -E \ -e 's/^# ($arg0)( [#-]-? .*)?\$/#\\1\\2/' \ -e 's/^# ($arg1)( [^ ]*)?( [#-]-? .*)?\$/#\\1\\2\\3/' \ -e 's/^# (whitelist \\$)/#\\1/' \ -e 's/^(#[^ ].+) --? /\\1 # /' \ '{}')\" >'{}'" Commands used to check for leftover entries: arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list | LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')" arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list | LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')" git grep -E "^# ($arg0|$arg1)( +|$)" -- etc/inc etc/profile* See also commit 30f9ad908 ("build: improve comments in firecfg.config", 2023-08-05) / PR #5942.
| * | profiles: fix some commentsLibravatar Kelvin M. Klann2023-09-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: * Turn very long end-of-line comments into normal comments * Turn multi-line end-of-line comments into normal comments * Fix a comment being below instead of above the relevant entry * Turn some comments that look like code into end-of-line comments
* | | transgui: hardening (#5989)Libravatar glitsj162023-09-07
| |/ |/|
* | VSCodium: Fix developing Arduino (#5991)Libravatar Marek Küthe2023-09-06
|/ | | | | | | | Closes https://github.com/netblue30/firejail/issues/5990 Arduino IDE: https://github.com/arduino/arduino-ide PlatformIO: https://github.com/platformio Signed-off-by: Marek Küthe <m.k@mk16.de>
* build: add missing dbus/x11 commands to arg1 listLibravatar Kelvin M. Klann2023-09-06
| | | | | | Fix the list generation and run `make syntax`. Relates to #5627.
* neochat: Allow netlink (#5986)Libravatar DefaultUser2023-09-06
| | | | The latest Neochat package on Arch (23.08.0-2, with libquotient 0.8.1.1-1) crashes otherwise.
* wusc: add /usr/share/locale-langpack (LC_MESSAGES) (#5981)Libravatar kzsa2023-09-06
| | | Fixes #5974.
* discord-common.profile: harden & allow notifications (#5978)Libravatar haarp2023-09-06
| | | | | | | | | | | | | | | | | | | | | | | What works: - Basic functionality - Receiving notifications - Voice communication - Watching streams What wasn't tested: - Casting streams - Opening links - Tracking/displaying "current activity" as status message - Apparmor Notes: - Discord tries to access system dbus (`[ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied`). I don't know what business it has with the system dbus, and didn't notice any problems due to that. - I had one crash after 2h of watching a stream. Probably unrelated. Fixes #5971.
* RELNOTES: add bugfix and ci itemsLibravatar Kelvin M. Klann2023-08-30
| | | | Relates to #5965 #5976 #5984.
* Merge pull request #5984 from kmk3/ci-fix-dependabot-dupLibravatar Kelvin M. Klann2023-08-30
|\ | | | | ci: fix dependabot duplicated workflow runs
| * ci: fix dependabot duplicated workflow runsLibravatar Kelvin M. Klann2023-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Every workflow is being executed twice for dependabot: Once when its branch is pushed to this repository and again when a PR is opened for it. For example, see the checks in #5979 ("29 checks passed"). This happens because both `on.push` and `on.pull_request` are specified in the workflow files. There does not seem to be a simple and generic way to avoid such duplicated runs directly in GitHub Actions (such as preventing the same check from running for the same exact commit)[1], so just ignore the dependabot branches on push for now. See also and commit 5871b08a4 ("ci: run for every branch instead of just master", 2023-04-23) / PR #5815. [1] https://github.com/orgs/community/discussions/26276
* | Merge pull request #5976 from topimiettinen/fix-5965Libravatar Kelvin M. Klann2023-08-30
|\ \ | |/ |/| Fix wrong syscall names for s390_pci_mmio_{read,write}
| * Fix wrong syscall names for s390_pci_mmio_{read,write}Libravatar Topi Miettinen2023-08-26
| | | | | | | | Closes #5965
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-30 14:10:55 +0000