| Commit message (Collapse) | Author | Age |
... | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This profile have been successfully tested by starting a windows application through it.
"wine.profile" has been used as template for this. Only "noblacklist ${PATH}/nc" has been added because playonlinux needs it to run.
Please note that this is currently not tested due to security aspects, so it may need a rework later on. Because opening a unknown windows application through it could possibly be a security risk.
|
|\| |
| | |
| | | |
Fix #1702 - Couldn't start 'minetest' in Debian Testing
|
| | | |
|
| |/
| |
| | |
This removes the "private-etc" line from the "minetest"-profile for a successfully start of the game.
|
|\ \
| | |
| | | |
Blacklist the Dash Core wallet directory
|
|/ / |
|
|\ \
| |/
|/| |
Add "sylpheed" to profiles
|
|/
|
| |
This profile have been successfully tested by sending and receiving an Email. "claws-mail.profile" has been used as template for this.
|
| |
|
|\
| |
| | |
inox edgy flavours fix (doesnt work history and extensions)
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
for #1695
|
| |
|
|\ |
|
| |\
| | |
| | | |
Blacklist the monero wallets directory
|
| | |
| | |
| | | |
~/Monero/wallets is the default path suggested by the official wallet application, but it can be changed by user.
|
| |\ \
| | |/
| |/| |
Blacklist ~/.ethereum
|
| |/ |
|
|/ |
|
|\ |
|
| |
| |
| |
| | |
/home/fred/.icedove to avoid clash with Thunderbird on Debian systems.
|
|/
|
|
| |
avoid clash with Thunderbird on Debian systems.
|
|\
| |
| | |
Fix Deluge
|
| |
| |
| |
| |
| | |
Deluge needs access to more than the deluge binary if it runs as a daemon (or if
you want to access it via the web or command line)
|
| | |
|
|\ \
| | |
| | | |
Added environment variable QML_DISABLE_DISK_CACHE=1 to okular.profile.
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Without it, recent okular versions (here 17.12.0-1 on Arch Linux) crash with
mprotect failed in ExecutableAllocator::makeExecutable: Permission denied
due to the noexec constraints in the firejail profile.
|
| | |
|
|\ \
| |/
|/| |
disable-common.inc: read-only access to ~/.ssh/authorized_keys
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
disable-common.inc blacklists whole .ssh, but some profiles (e.g. idea.sh)
unblacklists it to allow git over ssh with public key auth.
But this creates security hole, since firejailed app could modify
~/.ssh/authorized_keys and allow arbitrary code execution on the host with sshd
installed (e.g. ssh localhost and run any program) or even open backdoor for
remote attacker.
This commits disallows write access to ~/.ssh/authorized_keys even if .ssh was
unblacklisted.
Signed-off-by: Alexander GQ Gerasiov <gq@cs.msu.su>
|
| |
|
| |
|
|
|
|
| |
look into why this is breaking
|
| |
|
|\
| |
| | |
Profiles updates
|
| |
| |
| |
| |
| | |
Latest versions of TelegramDesktop supports both old (~/.TelegramDesktop) and
new (~/.local/share/TelegramDesktop) location of sensitive data files.
|
|/
|
|
|
| |
homesick is dotfiles manager. It keeps dotfiles (e.g. .bashrc) in repository
under ~/.homesick and puts symlinks into home directory.
|
| |
|
|\ |
|
| |\
| | |
| | | |
libtrace/libtrace.c: add missing limits.h include
|
| |/
| |
| |
| | |
Fix build on Musl systems, tested on x86_64-musl Void Linux
|
|/ |
|
| |
|
| |
|
| |
|
| |
|