| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* introduce whitelist-runuser-common.inc
* If an applications does not need a whitelist it can/should be
nowhitelisted. Example:
nowhitelist ${RUNUSER}/pulse
include whitelist-runuser-common.inc
* ${RUNUSER}/bus is inaccessible with nodbus regardless of the
whitelist. (as it should)
* strange wayland setups with an second wayland-compostior need to
whitelist ${RUNUSER}/wayland-1, ${RUNUSER}/wayland-2 and so on.
* some display-manager store there Xauthority file in ${RUNUSER}.
test results with fedora 31:
- ssdm: ~/.Xauthority is used
- lightdm: /run/lightdm/USER/Xauthority
- gdm: /run/user/UID/gdm/Xauthority
* IMPORTANT: ATM we can only enable this for non-graphical and GTK3
programs because mutter (GNOMEs window-manger) stores the Xauthority
file for Xwayland under /run/user/UID/.mutter-Xwaylandauth.XXXXXX
where XXXXXX is random. Until we have whitelist globbing we can't
whitelist this file. QT/KDE and other toolkits without full wayland
support won't be able to start.
* wru update 1
- add wru to more profiles.
- blacklist ${RUNUSER} works for the most cli programs too.
* add wruc to more profiles
* fixes
* fixes
* wruc: hide pulse pid
* update
* remove wruc from all the x11 profiles
* fixes
* fix ordering
* read-only
* revert read-only
* update
*
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* include wvc in aria2c.profile
* include wvc in clawsker.profile
* include wvc in conky.profile
* include wvc in dconf.profile
* include wvc in dconf-editor.profile
* include wvc in exiftool.profile
* include wvc in font-manager.profile
* include wvc in gconf.profile
* include wvc in git.profile
* include wvc in gjs.profile
* include wvc in gpg.profile
* include wvc in img2txt.profile
* include wvc in mediainfo.profile
* include wvc in mpd.profile
* include wvc in nitroshare.profile
* include wvc in ocenaudio.profile
* include wvc to ping.profile
* include wvc in simple-scan.profile
* include wvc in simplescreenrecorder.profile
* include wvc in sysprof.profile
* include wvc in tshark.profile
* include wvc in uget-gtk.profile
* include wvc in viewnior.profile
* include wvc in weechat.profile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Work on whitelist-usr-share-common
* sorting; add Modules + QT/KDE stuff
* add wusc.inc to more profiles [needs testing]
* update
* gitg, firefox, evince
* /usr/share/{p11-kit,pixmaps,pki,qt5,tcl8.6,terminfo}
* more profiles
* remove wusc.inc from feedreader
Even with 'whitelist /usr/share/*', feedreader trys to dereference a
NULL pointer.
* more profiles
* whitelist /usr/share breaks wget
even with whitelist /usr/share/*
* extend wusc.inc
* update
* Add alsa,crypto-policies and zoneinfo
* readd wusc.inc to wget and feedreader
* update
* testing results: Debian Buster with KDE
* more KDE stuff
* fix tb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- add novideo to a lot of profiles
(there are still more profiles where novideo can be added)
- remove commente mdwe from some gnome applications
- add descriptions to some profiles
- blacklist ${HOME}/.cargo/credentials
- move ${HOME}/.git-credentials and ${HOME}/.git-credential-cache to
'top secret' in disable-common.inc
- some ordering in disable-programs.inc
- merge tor browser blacklists to ${HOME}/.tor-browser*
- qupzilla.profile redirect to falkon.profile
- blacklist gnome-builder paths
- fix transmission profiles inlude
- much more
|
| |
|
|
|
|
|
|
| |
* Fix dconf-editor access to glib schemas
* Fix dconf access to glib schemas
|
|
|
|
|
|
| |
* add disable-exec.inc to all profiles with apparmor - #2385 #2505
* drop disable-exec.inc from generic electron.profile
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Update atril.profile
Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
* Revert machine-id comment
|
| |
|
|
|