aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
...
| * | disable-programs.inc: blacklist missing yt-dlp pathsLibravatar Kelvin M. Klann2021-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This amends commit d6ca41c19 ("update mpv.profile", 2021-10-24) / PR #4634. These paths were taken from yt-dlp(1). They are used since yt-dlp commit e2e43aea2 ("Portable Configuration file (closes #19)", 2021-01-16)[1]. Environment: yt-dlp 2021.12.01-1 on Artix Linux. Relates to: https://github.com/yt-dlp/yt-dlp/issues/19 [1] https://github.com/yt-dlp/yt-dlp/commit/e2e43aea2159a235e151f56bd14383129a6b4355
* | | nettraceLibravatar netblue302021-12-28
| | |
* | | nettrace/netlockLibravatar netblue302021-12-28
| | |
* | | Merge pull request #4802 from jose1711/clipgrab_fixLibravatar glitsj162021-12-28
|\ \ \ | | | | | | | | Fix clipgrab profile (yt-dlp requires python)
| * | | Fix clipgrab profile (yt-dlp requires python)Libravatar Jose Riha2021-12-28
| | | |
* | | | Bump github/codeql-action from 1.0.24 to 1.0.26Libravatar dependabot[bot]2021-12-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.24 to 1.0.26. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e095058bfa09de8070f94e98f5dc059531bc6235...5f532563584d71fdef14ee64d17bafb34f751ce5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | CI: enable Dependabot for updating SHAsLibravatar Topi Miettinen2021-12-26
| | | | | | | | | | | | | | | | | | | | | | | | Update GitHub actions with Dependabot: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
* | | | CI: pin GitHub actions to SHAsLibravatar Topi Miettinen2021-12-26
|/ / / | | | | | | | | | | | | | | | Pinning actions to SHAs instead of versions improves the supply chain security: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
* | | Fix a typoLibravatar Tad2021-12-21
| | | | | | | | | | | | Signed-off-by: Tad <tad@spotco.us>
* | | firecfg fix (#4235)Libravatar netblue302021-12-21
| | |
* | | fix bug: firejail rejects empty arguments (#4395)Libravatar netblue302021-12-21
| | |
* | | updateLibravatar netblue302021-12-19
| | |
* | | updatesLibravatar netblue302021-12-19
| | |
* | | Merge pull request #4759 from fenuks/tor-browser-update-fixLibravatar netblue302021-12-19
|\ \ \ | | | | | | | | Allow /opt/tor-browser for Tor Browser profile
| * | | Allow /opt/tor-browser for Tor Browser profileLibravatar fenuks2021-12-09
| |/ /
* | | fix --private-cwd problemLibravatar netblue302021-12-19
| | |
* | | Merge branch 'master' of ssh://github.com/netblue30/firejailLibravatar netblue302021-12-19
|\ \ \
| * | | add credit for #4783Libravatar glitsj162021-12-19
| | | |
| * | | Merge pull request #4783 from YorkZ/prLibravatar glitsj162021-12-19
| |\ \ \ | | | | | | | | | | Allow telegram to open hyperlinks
| | * | | Allow telegram to open hyperlinksLibravatar York Zhao2021-12-18
| | | | |
* | | | | fix make test-filterLibravatar netblue302021-12-19
|/ / / /
* / / / testingLibravatar netblue302021-12-18
|/ / /
* | | Merge pull request #4782 from jose1711/nextcloud_usrshareLibravatar netblue302021-12-18
|\ \ \ | | | | | | | | Whitelist /usr/share/nextcloud to allow access to translation files.
| * | | Whitelist /usr/share/nextcloud to allow access to translation files.Libravatar Jose Riha2021-12-17
| | | |
* | | | Merge pull request #4779 from seonwoolee/fix-teamsLibravatar netblue302021-12-18
|\ \ \ \ | | | | | | | | | | Fix teams ignoring input sources e.g. microphones
| * | | | Move noinput outside of disabled until someone reported positive feedback blockLibravatar Seonwoo2021-12-14
| | | | |
| * | | | Fix teams ignoring input sources e.g. microphonesLibravatar Seonwoo2021-12-14
| |/ / /
* | | | Merge pull request #4781 from YorkZ/prLibravatar netblue302021-12-18
|\ \ \ \ | | | | | | | | | | Whitelist ${HOME}/.local/opt/tor-browser to make tor-browser work
| * | | | Whitelist ${HOME}/.local/opt/tor-browser to make tor-browser workLibravatar York Zhao2021-12-17
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tor-browser 11.0.2-1 doesn't work without whitelisting this directory. The following was the message I got before whitelisting this directory. Reading profile /etc/firejail/tor-browser.profile Reading profile /etc/firejail/torbrowser-launcher.profile Reading profile /etc/firejail/allow-python2.inc Reading profile /etc/firejail/allow-python3.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Warning: Warning: NVIDIA card detected, nogroups command disabled Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid 12653, child pid 12654 104 programs installed in 153.32 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping asound.conf for private /etc Warning: skipping crypto-policies for private /etc Warning fcopy: skipping /etc/fonts/conf.d/11-lcdfilter-default.conf, cannot find inode Warning: skipping pki for private /etc Private /etc installed in 64.84 ms Private /usr/etc installed in 0.00 ms Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: cleaning all supplementary groups Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Warning: cleaning all supplementary groups Child process initialized in 325.75 ms /usr/bin/tor-browser: [Error] The tor-browser archive could not be extracted to your home directory. Check the permissions of ~/.local/opt/tor-browser/app. The error log can be found in ~/.local/opt/tor-browser/LOG. /usr/bin/tor-browser: line 218: ~/.local/opt/tor-browser/app/Browser/start-tor-browser: No such file or directory
* | | | Merge pull request #4771 from kmk3/revert-allow-deny-leftoversLibravatar netblue302021-12-18
|\ \ \ \ | | | | | | | | | | Revert allow/deny leftovers
| * | | | Remove profcleaner.c and profcleaner.shLibravatar Kelvin M. Klann2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As of this commit, these are not of much use. Though later if a generic profile search/replace tool with built-in rules is to be added, the tools in question could be used as a starting point. src/tools/profcleaner.c was added on commit fe0f975f4 ("move whitelist/blacklist to allow/deny", 2021-07-05). src/tools/profcleaner.sh was added on commit ed02ab57b ("Create profcleaner.sh", 2021-07-07) / PR #4389. Relates to #4410.
| * | | | Revert "allow/noallow/deny/nodeny aliases for ↵Libravatar Kelvin M. Klann2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | whitelist/nowhitelist/blacklist/noblacklist" This reverts commit 45f2ba544e9934b49e03b17c0a638dddc3a44734. Note: This is not a clean revert. Note2: This also reverts the changes to src/firejail/profile.c from commit fe0f975f4 ("move whitelist/blacklist to allow/deny", 2021-07-05). Relates to #4410.
| * | | | Revert "allow/deny in zsh completion"Libravatar Kelvin M. Klann2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 1021fb9e5d32a48698c0c8c913d44a048b12db7f. Relates to #4388 and #4410.
* | | | | disable curl and wget in browsers based on firefox and chromiumLibravatar netblue302021-12-18
| |/ / / |/| | |
* | | | RELNOTES: s/deprecated/removed/Libravatar Kelvin M. Klann2021-12-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As far as I know, to "deprecate" something usually means the following: * It should not be used anymore * It still works (even if it may not work 100%) * It may be removed in a future release But the features mentioned on RELNOTES were actually removed; see commit c08414fdb ("deprecated --disable-whitelist at compile time", 2021-07-03) and commit c32924b82 ("deprecated whitelist=yes/no in /etc/firejail/firejail.config", 2021-07-04). So to avoid confusion, just say that they were removed.
* | | | Merge pull request #4776 from glitsj16/highlightLibravatar glitsj162021-12-13
|\ \ \ \ | | | | | | | | | | allow lua in highlight.profile
| * | | | allow luaLibravatar glitsj162021-12-13
|/ / / /
* | | | RELNOTES: add more missing pr/issue referencesLibravatar Kelvin M. Klann2021-12-11
| | | | | | | | | | | | | | | | Relates to #4157 #4288 #4461 #4462.
* | | | RELNOTES: add missing pull request referencesLibravatar Kelvin M. Klann2021-12-11
| | | | | | | | | | | | | | | | Relates to #4510 #4533 #4599 #4635.
* | | | RELNOTES: add noprinters commandLibravatar Kelvin M. Klann2021-12-11
|/ / / | | | | | | | | | | | | | | | | | | As mentioned by @rusty-snake: https://github.com/netblue30/firejail/discussions/4770#discussioncomment-1784210 Relates to #4607.
* / / profstats fix (#4733)Libravatar netblue302021-12-10
|/ /
* | Merge pull request #4748 from kmk3/readme-clarify-ubuntuLibravatar netblue302021-12-08
|\ \ | | | | | | README.md: Mention security situation on Ubuntu and recommend PPA
| * | README.md: Mention security situation on Ubuntu and recommend PPALibravatar Kelvin M. Klann2021-12-07
| | | | | | | | | | | | | | | | | | | | | | | | Add the information posted by @reinerh on #4666 (related to CVE-2021-26910 and Ubuntu's security policy) and also the instructions from #4663 for installing from the PPA. See also https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767
* | | updatesLibravatar netblue302021-12-08
| | |
* | | Merge pull request #4752 from kmk3/elinks-fix-liblua-accessLibravatar netblue302021-12-08
|\ \ \ | | | | | | | | elinks.profile: Fix missing access to liblua
| * | | elinks.profile: Fix missing access to libluaLibravatar Kelvin M. Klann2021-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By including allow-lua.inc. Error log: $ firejail elinks elinks: error while loading shared libraries: liblua.so.5.4: cannot open shared object file: Permission denied Environment: firejail-git (a82c8e021) and elinks 0.14.3-2 on Artix Linux. Fixes #4707. Reported-by: @jose1711
* | | | Merge pull request #4747 from WhyNotHugo/skype-configLibravatar netblue302021-12-08
|\ \ \ \ | | | | | | | | | | Skype profile tweaks
| * | | | skype: Harden D-Bus profileLibravatar Hugo Osvaldo Barrera2021-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tested these settings and they work fine, including a test call. I can't explain why, but if the `org.kde.StatusNotifierWatcher` entry is removed, Skype will immediately log out the previous session when started.
| * | | | skype: Create and whitelist config dirLibravatar Hugo Osvaldo Barrera2021-12-06
| |/ / / | | | | | | | | | | | | Without this, Skype's session isn't retained.
* | | | Merge pull request #4743 from vnepogodin/masterLibravatar netblue302021-12-08
|\ \ \ \ | | | | | | | | | | Add CachyBrowser profile
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-06 22:44:51 +0000