aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* New profile for homebank (#3525)Libravatar kortewegdevries2020-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add files via upload New profile for homebank * Update etc/profile-a-l/homebank.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> * Update etc/profile-a-l/homebank.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> * Update homebank.profile * Update firecfg.config homebank added * Update disable-programs.inc Added blacklist. * Update homebank.profile Added disable-shell,removed whitelisted docs * Update disable-programs.inc Changed sorting * Update homebank.profile Changed sorting * Added cawbird profile Initial * Revert "Added cawbird profile" This reverts commit 6b045976adf62a91882236600c55926af34b6a52. Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* fix #3404 (#3511)Libravatar rusty-snake2020-07-20
| | | | | * fix #3404 * Update teams.profile
* Update discord-common.profileLibravatar rusty-snake2020-07-20
| | | | | fixes #3528 Are there any reasons why discord has no shell none?
* fixupsLibravatar rusty-snake2020-07-19
|
* remoce pandoc from firecfgLibravatar rusty-snake2020-07-19
| | | | | | | | | I too saw some breaktages with programs using it. It can still be used like this: firejail pandoc -t foo bar.tex closes #3524
* Fix gnome-pomodoroLibravatar rusty-snake2020-07-19
|
* fix make distcleanLibravatar rusty-snake2020-07-19
|
* Harden gnome-calculatorLibravatar rusty-snake2020-07-19
|
* Merge pull request #3519 from onovy/signal-profileLibravatar rusty-snake2020-07-18
|\ | | | | Hardend Signal desktop profile
| * Hardend Signal desktop profileLibravatar Ondřej Nový2020-07-17
| |
* | fix typosLibravatar glitsj162020-07-17
|/
* Merge pull request #3516 from smitsohu/busyboxLibravatar smitsohu2020-07-17
|\ | | | | fixing busybox workaround
| * fixing busybox workaroundLibravatar smitsohu2020-07-16
| |
* | add element-desktop redirect profile (#3517)Libravatar glitsj162020-07-16
|/ | | | | | | | | * Create element-desktop.profile * add element-desktop dirs to disable-programs.inc * add element-desktop to firecfg.config * Update RELNOTES
* fix #3501Libravatar rusty-snake2020-07-16
|
* Blacklist .local/share/kxmlgui5 and allow access only for applications which ↵Libravatar Kishore96in2020-07-16
| | | | | | | | | | | | | | | | | | | | use it. (#3493) * blacklist .local/share/kxmlgui5 KDE programs use this to store their toolbar config. * noblacklist .local/share/kxmlgui5 in the relevant KDE applications. * Whitelist kxmlgui file for okular. * Use a glob to blacklist subfolders instead of the parent folder. noblacklisting individual subdirectories works only if we do it this way (tested by launching bash in the kate profile). * Make directory, not file. * noblacklist relevant subdirs for more KDE applications
* fix keepassxcLibravatar rusty-snake2020-07-14
|
* update and alphabetize busybox workaroundLibravatar smitsohu2020-07-13
|
* hardening some profiles (#3505)Libravatar rusty-snake2020-07-09
| | | | | | | | | | | | | * hardening some profiles - harden and fix flameshot - wruc: frogatto, ghostwriter - harden gnome-latex - add whitelist opt-in note to keepassxc - add comment to minetest - harden openarena, tremulous, xonotic - add profile for xonotic-sdl-wrapper * followup
* Update disable-common.inc (#3499)Libravatar rusty-snake2020-07-09
| | | | | | | * Update disable-common.inc * Update disable-common.inc [skip ci]
* Okular profile fixes (#3489)Libravatar Kishore96in2020-07-07
| | | | | | | | | | | | | | | | | * Whitelist some config files used by Okular. These files are used to store the toolbar configurations. * Whitelist files required for okular in firefox-common-addons.inc Without this, okular does not follow the user configuration for toolbars and keyboard shortcuts when launched inside the firefox sandbox (for eg., while opening a downloaded PDF). * Alphabetical sort * Remove noblacklist for files which are not actually blacklisted. I have blacklisted them in a separate pull request.
* Fixed Blender profile being unable to import numpy (#3497)Libravatar neirenoir2020-07-06
| | | Co-authored-by: noir <noir@neire.dev>
* Whitelist /usr/share/hplip for simple-scan (#3496)Libravatar Carlo Abelli2020-07-05
| | | hplip is required for scanning using HP printer/scanners.
* typoLibravatar rusty-snake2020-07-05
|
* fix com.github.dahenson.agenda.profileLibravatar rusty-snake2020-07-05
|
* fixup! Don't blacklist file used to save konversation notifications ↵Libravatar rusty-snake2020-07-04
| | | | configuration. (#3490)
* Don't blacklist file used to save konversation notifications configuration. ↵Libravatar Kishore96in2020-07-04
| | | | | | (#3490) Without this, konversation doesn't remember the settings for notifications.
* drop private-tmp from blender.profileLibravatar glitsj162020-07-04
| | | Blender autosaves to /tmp.
* update comment for apparmor in thunderbird.profileLibravatar glitsj162020-07-04
| | | This should clarify how to configure for reading local mail after https://github.com/netblue30/firejail/commit/dfaf7a7660689c055ba45a935e42b1b548669c57.
* clarify writing to /var/mail and /var/spool/mail in apparmor (#3487)Libravatar glitsj162020-07-04
| | | | | | | * clarify writing to /var/mail and /var/spool/mail in apparmor Thunderbird seems to be our only mail client profile that enables the `apparmor` option. Users need this when they follow instructions on how to allow reading local mail. * fix mail clients rule in firejail-default
* Fix seccomp error actionLibravatar Topi Miettinen2020-07-04
| | | | | | | 2345cc4 broke environment variable passing for seccomp error action for fseccomp. Closes #3488.
* allow running kernel config check in zgrep.profileLibravatar glitsj162020-07-03
|
* allow running kernel config check in zcat.profileLibravatar glitsj162020-07-03
|
* new profile: gapplicationLibravatar rusty-snake2020-07-03
|
* fixes for /var/mail in mail clients (#3486)Libravatar glitsj162020-07-03
| | | | | | | | | * fix comment in email-common * add writable-var to evolution.profile * add writable-var to mutt.profile * remove newline above writable-var in evolution.profile
* minor makefile fixesLibravatar netblue302020-06-29
|
* Fix #3481 - pandoc needs access to /etc/texmfLibravatar Fred Barclay2020-06-28
|
* akonadi: update seccomp blacklistLibravatar smitsohu2020-06-26
|
* harden gradio.profileLibravatar rusty-snake2020-06-25
|
* new profilesLibravatar rusty-snake2020-06-25
|
* fix apostropheLibravatar rusty-snake2020-06-21
|
* add ${HOME}/.config/user-dirs.locale to whitelist-common.incLibravatar glitsj162020-06-19
|
* ignore .DS_StoreLibravatar Fred Barclay2020-06-19
|
* harden totem.profileLibravatar glitsj162020-06-18
| | | Totem saves screenshots of video to ${PICTURES}. Also adding tracelog to slightly harden things a bit.
* clean private-bin in gummi.profileLibravatar glitsj162020-06-18
|
* Allow python3 in totem profile (#3470)Libravatar Christian Pinedo2020-06-18
|
* Add strawberry profile to README{,.md} & RELNOTES (#3467)Libravatar Amin Vakil2020-06-15
|
* More fixes for #3464Libravatar Fred Barclay2020-06-13
| | | | | | | | | | | Backporting fixes for Atom 1.48 to firejail 0.9.52, 0.9.58, and 0.9.60 Summary: - remove nonewprivs, noroot, protocol, and seccomp - update caps filter to keep sys_admin and sys_chroot Without these changes Atom 1.48 breaks and refuses to start (due to Electron sandboxing)
* Fix #3464Libravatar Fred Barclay2020-06-12
| | | | | | | Atom 1.48 requires a looser sandbox and no longer works with noroot, nonewprivs, protocol, and seccomp caps filter needed adjusting to keep sys_admin and sys_chroot
* enable apparmor support by default in update_deb.sh (#3450)Libravatar glitsj162020-06-12
| | | | | | | * enable apparmor support by default in update_deb.sh * Add fix for Debian bug 916920 This should bring the script in sync with packages installed from PPA.
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-08-31 06:04:06 +0000