aboutsummaryrefslogtreecommitdiffstats
path: root/etc/celluloid.profile
Commit message (Collapse)AuthorAge
* Replace `nodbus` with dbus-* filtersLibravatar Fred Barclay2020-04-07
| | | | | | | | | | | | | See - 07fac581f6b9b5ed068f4c54a9521b51826375c5 for new dbus filters - https://github.com/netblue30/firejail/pull/3326#issuecomment-610423183 Except for ocenaudio, access/restrictions on dbus options should be unchanged Ocenaudio profile: dbus filters were sandboxed (initially `nodbus` was enabled) since comments indicated blocking dbus meant preferences were broken
* Whitelist runuser common (#3286)Libravatar rusty-snake2020-03-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * introduce whitelist-runuser-common.inc * If an applications does not need a whitelist it can/should be nowhitelisted. Example: nowhitelist ${RUNUSER}/pulse include whitelist-runuser-common.inc * ${RUNUSER}/bus is inaccessible with nodbus regardless of the whitelist. (as it should) * strange wayland setups with an second wayland-compostior need to whitelist ${RUNUSER}/wayland-1, ${RUNUSER}/wayland-2 and so on. * some display-manager store there Xauthority file in ${RUNUSER}. test results with fedora 31: - ssdm: ~/.Xauthority is used - lightdm: /run/lightdm/USER/Xauthority - gdm: /run/user/UID/gdm/Xauthority * IMPORTANT: ATM we can only enable this for non-graphical and GTK3 programs because mutter (GNOMEs window-manger) stores the Xauthority file for Xwayland under /run/user/UID/.mutter-Xwaylandauth.XXXXXX where XXXXXX is random. Until we have whitelist globbing we can't whitelist this file. QT/KDE and other toolkits without full wayland support won't be able to start. * wru update 1 - add wru to more profiles. - blacklist ${RUNUSER} works for the most cli programs too. * add wruc to more profiles * fixes * fixes * wruc: hide pulse pid * update * remove wruc from all the x11 profiles * fixes * fix ordering * read-only * revert read-only * update *
* harden celluloid.profileLibravatar rusty-snake2020-01-19
|
* misc profile fixups and hardeningLibravatar rusty-snake2020-01-08
|
* Gentoo fixes (#3120)Libravatar glitsj162020-01-04
| | | | | | | | * fix private-etc on gentoo * Fix private-etc on gentoo * Fix evince on gentoo
* fix celluloidLibravatar rusty-snake2020-01-02
|
* Add youtube-dl config handling (#2836)Libravatar glitsj162019-07-06
| | | | | | | | | | | | | | * Add youtube-dl config to disable-programs.inc * Add config handling to youtube-dl * Add youtube-dl config handling to celluloid.profile * Add youtube-dl config handling to mpv.profile * Add youtube-dl config handling to smplayer.profile * Add youtube-dl config handling to mpsyt.profile
* automatically fixed all private-{bin,etc} linesLibravatar rusty-snake2019-06-13
|
* Create allow-INTERPETER.inc (#2736)Libravatar rusty-snake2019-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | * Create allow-INTERPETER.inc * allow-lua.inc * allow-perl.inc * allow-python2.inc * allow-python3.inc * Create allow-java.inc * Update profiles to use new allow-INTERPRETER.inc includes * Update profiles to use new allow-INTERPRETER.inc includes 2/x * Fix order of allow-INTERPRETER.inc includes * Update profiles to use new allow-INTERPRETER.inc includes 3/x * Fixup comment about allow-java.inc https://github.com/netblue30/firejail/pull/2736#discussion_r289597997 * Add Arch Linux specific paths to allow-perl.inc
* add disable-exec.inc to all profiles with apparmor (#2576)Libravatar smitsohu2019-03-12
| | | | | | * add disable-exec.inc to all profiles with apparmor - #2385 #2505 * drop disable-exec.inc from generic electron.profile
* celluloid.profile: add private-etcLibravatar rusty-snake2019-02-27
|
* gnome-mpv -> celluloidLibravatar rusty-snake2019-02-26
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-08-21 16:42:03 +0000