| Commit message (Collapse) | Author | Age |
|
|
| |
Cfr. https://github.com/netblue30/firejail/issues/6269#issuecomment-2002021790.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently Tor Browser 13.0.11 (based on Mozilla Firefox 115.8.0esr)
changed a few things. The former versions installed under
`${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser`
and now under
`${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser/Browser`.
All of our tor-browser-foo.profile profiles redirect to
torbrowser-launcher.profile and are covered by the fixes.
torbrowser.profile was not tested. It redirects to
firefox-common.profile and seems to be Gentoo-specific.
Fixes #6269.
|
|
|
|
|
|
|
|
|
| |
Homepage: https://mullvad.net/en/download/browser/linux
mullvad-browser: don't use restrict-namespaces
mullvad-browser: cover both installation paths
Suggested in review by @kmk3.
|
| |
|
|
|
|
|
| |
* AppArmor: add more examples to firejail-local
* comments fixes
|
| |
|
|
|
| |
Allow access to avahi-daemon socket in the apparmor profile.
|
| |
|
|
|
|
|
|
| |
As the upstream AppArmor base abstraction does not
contain references to paths in /run/firejail/mnt/oroot
there is not much point to have them in our drop-in
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* opt-in for brave's native tor support
* fix brave's native tor support
* warn about potential tor breakage when using apparmor
* update comment for opting in to tor
* move brave's tor apparmor fix in brave.profile
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
See https://github.com/netblue30/firejail/pull/3990#discussion_r576404417.
|
|
|
| |
Follow up for https://github.com/netblue30/firejail/pull/3988. We need to allow access to torbrowser-launcher executables installed under ${HOME}. Thanks @rusty-snake and @Vincent43 for motivational input.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
AppArmor introduces the @{run} variable, which is used in
<abstractions/dbus-strict> and <abstractions/dbus-session-strict> among
other places. Thus, we follow suit of the built-in profiles and #include
<tunables/global>, which includes <tunables/run> in AppArmor 3.0,
defining the variable.
As <tunables/global> exists in previous versions of AppArmor, too, this
patch does not introduce a backward-compatibility issue with Apparmor
2.x.
|
|
|
|
| |
/etc/apparmor.d/local/firejail.default - merge form 0.9.62.4
|
|
|
|
|
|
|
| |
* clarify writing to /var/mail and /var/spool/mail in apparmor
Thunderbird seems to be our only mail client profile that enables the `apparmor` option. Users need this when they follow instructions on how to allow reading local mail.
* fix mail clients rule in firejail-default
|
| |
|
| |
|
|
|