| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
| |
mpv v0.36.0 uses ~/.cache/mpv[1] [2]:
Relates to #2838 #5936.
[1] https://github.com/mpv-player/mpv/releases/tag/v0.36.0
[2] https://github.com/mpv-player/mpv/pull/10838
|
|
|
|
|
|
|
| |
The new version of mpv changed the path of the watch_later folder to
~/.local/state/mpv/watch_later.
See https://github.com/mpv-player/mpv/pull/10838
|
|
|
|
|
| |
* disable-programs.inc: add new gramps dir
* gramps: add new config dir
|
|
|
|
|
|
|
| |
* disable-programs.inc: add sniffnet support
* Create sniffnet.profile
* firecfg.config: add sniffnet support
|
| |
|
|
|
| |
Co-authored-by: pirate486743186 <>
|
|
|
|
|
|
|
|
|
| |
Homepage: https://mullvad.net/en/download/browser/linux
mullvad-browser: don't use restrict-namespaces
mullvad-browser: cover both installation paths
Suggested in review by @kmk3.
|
|
|
|
|
| |
* disable-programs.inc: add remote sqlitebrowser support
* sqlitebrowser: add support for remote functionality
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commands used to find the relevant paths in /etc:
$ pacman -Qo /etc/* 2>/dev/null | grep sudo | LC_ALL=C sort
/etc/pam.d/ is owned by sudo 1.9.14.p1-1
/etc/sudo.conf is owned by sudo 1.9.14.p1-1
/etc/sudo_logsrvd.conf is owned by sudo 1.9.14.p1-1
/etc/sudoers is owned by sudo 1.9.14.p1-1
/etc/sudoers.d/ is owned by sudo 1.9.14.p1-1
Environment: Artix Linux.
Also, add missing paths sudo/doas to etc/ids.config and jailcheck.
See also commit dbebd71db ("disable-common.inc: blacklist doas binary",
2022-10-05).
Relates to #5385.
Reported-by: Dieter Plaetinck <dieter@plaetinck.be>
|
|\
| |
| | |
New profile: rssguard
|
| |
| |
| | |
Grrrr
|
| |
| |
| | |
Apparently a path containing whitespace and ending with a single digit breaks CI: https://github.com/netblue30/firejail/actions/runs/5448790502.
|
| | |
|
|/ |
|
| |
|
|
|
| |
Co-authored-by: pirate486743186 <>
|
|\
| |
| | |
profiles: allow lxqt config dir
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As suggested by @glitsj16:
https://github.com/netblue30/firejail/discussions/5754#discussioncomment-5428651
Fixes #5754 (font size/dpi issues).
Reported-by: @hotcapy
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Command used to search for entries:
$ git grep '^read-only ${HOME}/' -- 'etc/profile*'
Note for gpg: ~/.gnupg/gpg.conf is apparently only managed by gpgconf(1)
rather than through gpg(1) itself, in which case it does not need to be
made read-write in gpg.profile.
|
| |
| |
| |
| |
| |
| |
| |
| | |
This is an AUR helper and disable-common.inc has entries for pacman and
other system package managers.
Added on commit 6c10737f0 ("archaudit-report and cower for Arch
platforms, #1642", 2017-11-15).
|
| |
| |
| |
| |
| |
| |
| | |
Instead of duplicating them on every profile that tries to allow opening
links in Firefox.
And make that path read-write on firefox.profile.
|
| |
| |
| |
| |
| |
| |
| | |
Note: mpv itself does not modify anything in ~/.config/mpv as far as I
know, in which case it does not need a read-write entry.
Relates to #5706 #5707 #5710.
|
|/
|
|
|
|
|
| |
They are already present on etc/inc/disable-common.inc.
First added on commit 695b67f43 ("handle ~/.config/user-dirs.dirs",
2015-11-17).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* microsoft-edge*: fix spacing
* Create microsoft-edge-stable.profile
Relates to #5696.
* firecfg.config: add support for microsoft-edge-stable redirect
* disable-common.inc: blacklist msedge SUID executables
* microsoft-edge: add private-opt and allow internal sandbox access
|
| |
|
|\
| |
| | |
email-common.profile: allow bsfilter
|
| |
| |
| |
| |
| | |
https://bsfilter.org/
Signed-off-by: Marek Küthe <m.k@mk16.de>
|
|\ \
| | |
| | | |
add ani-cli.profile
|
| |/
| |
| |
| | |
https://github.com/pystardust/ani-cli
|
|/
|
|
| |
https://github.com/justchokingaround/lobster
|
|\
| |
| | |
New profile: parsecd
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Arch Linux got systemd v253:
https://github.com/archlinux/svntogit-packages/commit/05d0aedb2b83a2e1ba07cab47205772f82cb4814
It adds a few new files we should blacklist in `disable-common.inc`:
- /etc/credstore
- /etc/credstore.encrypted
- /run/credentials/systemd-sysctl.service
- /run/credentials/systemd-sysusers.service
- /run/credentials/systemd-tmpfiles-setup.service
- /run/credentials/systemd-tmpfiles-setup-dev.service
|
| | |
|
|\ \
| | |
| | | |
disable-programs.inc: blacklist sendgmail config
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
sendgmail is a cli tool by Google that "uses Gmail in order to mimic
sendmail for git send-email" as per its own description. In other words it
is a basic sendmail replacement with OAuth2 support to send emails from
Gmail accounts.
https://github.com/google/gmail-oauth2-tools/tree/master/go/sendgmail
Config files location depends on "xdg" build tag. Without the tag it would
be "~/.sendgmail.*". With the tag it is either under
"$XDG_CONFIG_HOME/sendgmail" if set or "~/.config/sendgmail" otherwise.
|
|/ |
|
|\
| |
| | |
disable-common.inc: add more ro editor/browser paths
|
| |
| |
| |
| |
| |
| | |
Similarly to the existing ~/.nanorc entry.
Taken from nano.profile.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move some paths from mutt.profile and neomutt.profile.
Added on commit 6b9bfad37 ("Fix python; add read-only to editors/cli
browsers;re-add cache directory", 2020-12-29) / PR #3849.
Misc: This is a follow-up to #5626.
|
|\| |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is already blocked by the first entry:
blacklist-nolog ${HOME}/.*_history
Added on commit 1d56e466c ("three new blacklist in disable-common.inc",
2019-06-18).
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
From the manual of mutt 2.2.9:
> 3.125. history_file
>
> Type: path
> Default: "~/.mutthistory"
>
> The file in which Mutt will save its history.
|
|/ |
|
|
|
|
| |
Closes #5601
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* zoom.profile: whitelist ~/.config/zoom.conf
With Zoom version 5.12.6, Zoom changed how they handle encrypting the local
database. This change resulted in the new file zoom.conf being used. As it is
not allowed by the current profile, this could lead to users losing their chat
history if they cannot be retrieved from the cloud (e.g. when e2e encryption is
used).
* zoom.profile: noblacklist ~/.config/zoom.conf
Additional blacklisting for other programs to the configuration file.
|
|\ |
|