| Commit message (Collapse) | Author | Age |
... | |
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| |/ /
|/| | |
small man fixes
|
| | | |
|
|/ / |
|
|\ \
| | |
| | | |
Add a comment in some profiles to allow screen sharing
|
| | |
| | |
| | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | |
| | |
| | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This configuration is to be applied in order to get screen sharing
working under Wayland (via pipewire and a xdg-desktop-portal backend).
Note that {chrome|chromium} does not need the dbus filters (at least
as of today) because dbus filtering is not enabled (dbus-user not set
to none).
|
|\ \ \
| | | |
| | | | |
configure*: fix typo of HAVE_USERTMPFS
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added on commit 64a8d6a7f ("compile time option to disable
--private-cache and --tmpfs for regular user").
These are the only occurrences:
$ git ls-files -z | xargs -0 grep -Fin USERTMPS
configure:3542:HAVE_USERTMPS=""
configure.ac:80:HAVE_USERTMPS=""
|
|/ /
| |
| |
| |
| | |
GitHub added native support for it, no need for this anymore.
https://github.blog/changelog/2021-02-08-github-actions-skip-pull-request-and-push-workflows-with-skip-ci/
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 5df1f27c638c487dfd664ea3a0f756565e1e57bd.
That commit breaks things, as pointed out by @rusty-snake[1]:
> @kmk3 @glitsj16 The xdg macros are treated literally if they have sub
> components (#2359):
>
> ```
> Error: "${DOCUMENTS}/KeePassXC" is an invalid filename: rejected character: "{"
> ```
[1]: https://github.com/netblue30/firejail/commit/3fa2927c3c1c5cf583864746538ea791c1ba2dc4#commitcomment-46913219
|
| | |
|
|\ \
| | |
| | | |
Email part (2)
|
| | | |
|
| | |
| | |
| | |
| | | |
mutt,neomuut; some sorting
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
to both geary and evolution; add dbus permissions fromflatpak
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Filter environment variables
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Save all environment variables for later use in the application, clear
environment and re-apply only whitelisted variables for the main
firejail process. The whitelisted environment is only used by C
library. Sandboxed tools will get further variables used
internally (FIREJAIL_*).
All variables will be reapplied for the firejailed application.
This also lifts the length restriction for environment variables,
except for the variables used by Firejail itself or the sandboxed
tools.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Just `find . -not \( -name .git -prune -o -name *.AppImage -prune \) -type f -print0 | xargs -0 perl -pi -e 's/ +$//'`
and filter to avoid unwanted changes (especially .md files)
|
|\ \ \ \
| | | | |
| | | | | |
etc: use ${DOCUMENTS} macro where appropriate
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently, some paths are hard-coded:
$ grep -Fnr '${HOME}/Documents' etc etc-fixes
etc/profile-m-z/Mathematica.profile:19:mkdir ${HOME}/Documents/Wolfram Mathematica
etc/profile-m-z/Mathematica.profile:22:whitelist ${HOME}/Documents/Wolfram Mathematica
etc/profile-a-l/keepassxc.profile:34:# If you do so, you MUST store your database under ${HOME}/Documents/KeePassXC/foo.kdbx
etc/profile-a-l/keepassxc.profile:35:#mkdir ${HOME}/Documents/KeePassXC
etc/profile-a-l/keepassxc.profile:36:#whitelist ${HOME}/Documents/KeePassXC
Commands used to search and replace:
$ find etc etc-fixes/ -type f -exec \
sed -i.bak -e 's|\${HOME}/Documents|${DOCUMENTS}|' '{}' +
Related to that, the (lack of) usage of ${DOWNLOADS} has been recently
fixed on commit deae31301 ("use ${DOWNLOADS} in lutris.profile
(#3955)").
With the above change, all macros other than ${DOCUMENTS} seem to be
already used appropriately:
$ grep -Fnr '${HOME}/Desktop' etc etc-fixes
$ grep -Fnr '${HOME}/Downloads' etc etc-fixes
$ grep -Fnr '${HOME}/Music' etc etc-fixes
$ grep -Fnr '${HOME}/Pictures' etc etc-fixes
$ grep -Fnr '${HOME}/Videos' etc etc-fixes
See src/firejail/macros.c for details.
|
|/ / / / |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
And mark it as a redirect profile.
This is done so when including other *-common.inc profiles, such as
firefox-common.profile.
|
| | | | |
|
|/ / / |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Update disable-programs.inc
* Create calligragemini.profile
* Update calligra.profile
* Update calligra.profile
* Update firecfg.config
|
|\ \ \
| | | |
| | | | |
disable-interpreters.inc: blacklist the other libmozjs
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
And sort the paths on allow-gjs.inc.
$ pacman -Q js78
js78 78.6.0-1
$ pacman -Qlq js78 | grep -v /usr/include/
/usr/
/usr/bin/
/usr/bin/js78
/usr/bin/js78-config
/usr/lib/
/usr/lib/libmozjs-78.so
/usr/lib/pkgconfig/
/usr/lib/pkgconfig/mozjs-78.pc
This appears to be the only counterpart path missing when looking at the
current lib64 entries with:
$ grep -Fnr lib64 etc
|
| | | | |
|
|/ / / |
|
| | |
| | |
| | | |
uim is a multilingual input method framework, so any program that takes user input potentially needs it to work.
|
| | |
| | |
| | |
| | | |
damn, forgotten to add
|