aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* steam.profile: allow process_vm_readv syscallLibravatar duevo2023-10-31
| | | | | | EA Origin (game launcher) won't launch without this. See https://github.com/netblue30/firejail/issues/5185#issuecomment-1776516159
* enabled nettraces by default in the main build - you would need to be root ↵landlock-splitLibravatar netblue302023-10-24
| | | | to run these options
* build(deps): bump github/codeql-action from 2.22.3 to 2.22.4Libravatar dependabot[bot]2023-10-23
| | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.3 to 2.22.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/0116bc2df50751f9724a2e35ef1f24d22f90e4e1...49abf0ba24d0b7953cb586944e918a0b92074c80) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump actions/checkout from 4.1.0 to 4.1.1Libravatar dependabot[bot]2023-10-23
| | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8ade135a41bc03ea155e62e844d188df1ea18608...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* profiles: support more msmtp configuration paths (#6060)Libravatar glitsj162023-10-22
| | | | | | | | | | | | | | | | | Since version 1.8.6 msmtp supports per-user configuration at either ~/.msmtprc (already supported by firejail) or `$XDG_CONFIG_HOME/msmtp/config`. System-wide support can be placed at /etc/msmtprc. This adds the missing paths to the relevant .inc and .profile files. Note that `blacklist ${HOME}/.msmtprc` is present on both disable-common.inc and disable-programs.inc, so the new paths are added to both files. References: https://wiki.archlinux.org/title/Msmtp#Basic_setup https://marlam.de/msmtp/msmtp.html#Configuration-files
* contrib/syntax: remove 'text/plain' from firejail-profile.lang.in (#6059)Libravatar mammo02023-10-22
| | | | | | | | The `mimetypes` property contains the section `text/plain`. This causes for example the Gnome Editor to recognize every simple text file as a firejail profile file. See this issue: https://gitlab.gnome.org/GNOME/gnome-text-editor/-/issues/612 Fixes #6057.
* RELNOTES: reword profiles itemLibravatar Kelvin M. Klann2023-10-22
| | | | | | For extra clarity. Relates to #5987.
* RELNOTES: add profile itemsLibravatar Kelvin M. Klann2023-10-18
| | | | | | | | These profile-related changes seem significant enough to warrant entries, as #6021 adds some guidance on the use of private-opt and #5987 standardizes the format of commented code in all profiles. Relates to #5987 #6021.
* RELNOTES: add ci itemLibravatar Kelvin M. Klann2023-10-18
| | | | Relates to #6026.
* profiles: exchange private-opt with a whitelist (#6021)Libravatar glitsj162023-10-18
| | | | | | | | | | | | | * profiles: drop private-opt (existing whitelist) * profiles: replace private-opt with whitelist In most profiles. Kept private-opt for enpass (~85MB), mate-dictionary (<20MB), minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't check: xmr-stak. * docs: note potential issues with private-opt
* steam.profile: Allow Baba Is You (#6054)Libravatar Frostbyte46642023-10-16
|
* build(deps): bump github/codeql-action from 2.22.0 to 2.22.3Libravatar dependabot[bot]2023-10-16
| | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.0 to 2.22.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2cb752a87e96af96708ab57187ab6372ee1973ab...0116bc2df50751f9724a2e35ef1f24d22f90e4e1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* ssmtp: allow (SUID) binary (#6052)Libravatar glitsj162023-10-15
|
* disable-common.inc: more SUID binaries (#6051)Libravatar glitsj162023-10-15
|
* Merge pull request #6049 from kmk3/dc-add-more-suidLibravatar Kelvin M. Klann2023-10-15
|\ | | | | disable-common.inc: add more suid programs
| * disable-common.inc: add more suid programsLibravatar Kelvin M. Klann2023-10-11
| | | | | | | | | | | | | | | | | | | | | | Programs: $ pacman -Qo fusermount3 groupmems mount.cifs wall write /usr/bin/fusermount3 is owned by fuse3 3.16.1-1 /usr/bin/groupmems is owned by shadow 4.14.0-4 /usr/bin/mount.cifs is owned by cifs-utils 7.0-3 /usr/bin/wall is owned by util-linux 2.39.2-1 /usr/bin/write is owned by util-linux 2.39.2-1
| * disable-common.inc: sort suid sectionLibravatar Kelvin M. Klann2023-10-11
|/
* pavucontrol-qt: fix broken whitelisting in ${HOME} (#6045)Libravatar glitsj162023-10-09
|
* build(deps): bump github/codeql-action from 2.21.9 to 2.22.0Libravatar dependabot[bot]2023-10-09
| | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.9 to 2.22.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ddccb873888234080b77e9bc2d4764d5ccaaccf9...2cb752a87e96af96708ab57187ab6372ee1973ab) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump step-security/harden-runner from 2.5.1 to 2.6.0Libravatar dependabot[bot]2023-10-09
| | | | | | | | | | | | | | Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.5.1 to 2.6.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/8ca2b8b2ece13480cda6dacd3511b49857a23c09...1b05615854632b887b69ae1be8cbefe72d3ae423) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* tshark: CLI hardening (#6040)Libravatar glitsj162023-10-07
|
* New profile: termshark (#6039)Libravatar glitsj162023-10-07
| | | | | | | * Create termshark.profile * firecfg.config: add termshark support * termshark: CLI hardening
* wireshark: fix access to dumpcap (#6038)Libravatar glitsj162023-10-07
|
* nicotine: allow sound notifications (#6037)Libravatar glitsj162023-10-07
|
* nicotine: support Fcitx and dconf via dbus-user filter (#6036)Libravatar glu87162023-10-07
| | | | | * Update nicotine.profile * dbus.user set to filter
* Merge pull request #6009 from jtrv/tidal-hifiLibravatar netblue302023-10-05
|\ | | | | New profile: tidal-hifi
| * New profile: tidal-hifi (#6008)Libravatar jtrv2023-09-25
| | | | | | | | | | | | | | | | | | | | | | modified src/firecfg/firecfg.config to add tidal-hifi created etc/profile-m-z/tidal-hifi.profile closes: #6008 Apply suggestions from code review Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* | Merge pull request #6026 from kmk3/ci-allow-manual-runLibravatar netblue302023-10-05
|\ \ | | | | | | ci: allow running workflows manually
| * | ci: allow running workflows manuallyLibravatar Kelvin M. Klann2023-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add `on.workflow_dispatch`. See: * https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatch * https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
* | | Merge pull request #6030 from glitsj16/np-floorpLibravatar netblue302023-10-05
|\ \ \ | | | | | | | | New profile: floorp
| * | | disable-programs.inc: fix sortingLibravatar glitsj162023-10-02
| | | |
| * | | Create floorp.profileLibravatar glitsj162023-10-02
| | | |
| * | | disable-programs.inc: add floorp supportLibravatar glitsj162023-10-02
| | | |
* | | | Create brz.profile and bzr.profile (#6028)Libravatar glitsj162023-10-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From Breezy's documentation[1] [2]: > Breezy is a friendly fork of the Bazaar (bzr) project, hosted on > http://bazaar.canonical.com/. It is backwards compatibility with > Bazaar's disk format and protocols. One of the key differences with > Bazaar is that Breezy runs on Python 3, rather than on Python 2. breezy is also the drop-in replacement for bazaar on Arch Linux since pacman 6.0.2-8[3]. > By default, Breezy provides support for both the Bazaar and Git file > formats. Note: The profile is implemented as a git redirect. [1] https://github.com/breezy-team/breezy [2] https://www.breezy-vcs.org/ [3] https://gitlab.archlinux.org/archlinux/packaging/packages/pacman/-/commit/c68a4e6602e3488fa093a18d35202c76a730faf6
* | | | New profile: lettura (#6027)Libravatar glitsj162023-10-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * disable-programs.inc: add lettura support * Create lettura.profile * firecfg.config: add lettura
* | | | build(deps): bump github/codeql-action from 2.21.8 to 2.21.9Libravatar dependabot[bot]2023-10-02
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.8 to 2.21.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/6a28655e3dcb49cb0840ea372fd6d17733edd8a4...ddccb873888234080b77e9bc2d4764d5ccaaccf9) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* / / disable-common.inc: add foot to 'bad terminals' section (#6025)Libravatar glitsj162023-09-28
|/ /
* | youtubemusic-nativefier: fix include .local name (#6020)Libravatar glitsj162023-09-26
| |
* | profiles: dpkg fix (#6019)Libravatar glitsj162023-09-26
|/
* build(deps): bump github/codeql-action from 2.21.7 to 2.21.8Libravatar dependabot[bot]2023-09-25
| | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.7 to 2.21.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/04daf014b50eaf774287bf3f0f1869d4b4c4b913...6a28655e3dcb49cb0840ea372fd6d17733edd8a4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump actions/checkout from 4.0.0 to 4.1.0Libravatar dependabot[bot]2023-09-25
| | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/3df4ab11eba7bda6032a0b82a6bb43b11571feac...8ade135a41bc03ea155e62e844d188df1ea18608) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* profiles: fix path of system-log-common.profileLibravatar Kelvin M. Klann2023-09-23
| | | | | | | | | | | | | This amends commit dd5539012 ("profiles: refactor log viewers (#5996)", 2023-09-23). Commands used: git mv \ etc/profile-m-z/profile-m-z/profile-m-z/system-log-common.profile \ etc/profile-m-z/system-log-common.profile rmdir etc/profile-m-z/profile-m-z/profile-m-z/ rmdir etc/profile-m-z/profile-m-z/
* create fluffychat.profile (#6007)Libravatar pirate4867431862023-09-23
| | | Co-authored-by: pirate486743186 <>
* mocp: hardening (#6017)Libravatar glitsj162023-09-23
|
* mocp: fix networking (#6016)Libravatar glitsj162023-09-23
|
* profiles: refactor log viewers (#5996)Libravatar glitsj162023-09-23
| | | | | | | | * profiles: refactor log viewers Introduces system-log-common.profile as a common profile for existing GUI log viewer applications. * system-log-common: enable no3d
* Merge pull request #5993 from kmk3/modif-keep-pipewire-groupLibravatar Kelvin M. Klann2023-09-20
|\ | | | | modif: keep pipewire group unless nosound is used
| * modif: keep pipewire group unless nosound is usedLibravatar Kelvin M. Klann2023-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This group is apparently used on Gentoo[1]. Currently only the "audio" supplementary group is kept. Fixes #5992. See also commit f32938669 ("Keep vglusers group unless no3d is used (virtualgl)", 2022-01-07) / PR #4851. [1] https://wiki.gentoo.org/wiki/PipeWire Reported-by: @amano-kenji
* | steam.profile: Allow Factorio (#6012)Libravatar archaon6162023-09-19
| | | | | | | | Add directories to config so Factorio runs correctly.
* | Add blender-3.6 redirect (#6013)Libravatar Frostbyte46642023-09-18
| |
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-14 21:25:44 +0000