| Commit message (Collapse) | Author | Age |
|---|
| |
|
| |
Co-authored-by: pirate486743186 <>
|
| |\
| |
| | |
profiles: allow lxqt config dir
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
As suggested by @glitsj16:
https://github.com/netblue30/firejail/discussions/5754#discussioncomment-5428651
Fixes #5754 (font size/dpi issues).
Reported-by: @hotcapy
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Command used to search for entries:
$ git grep '^read-only ${HOME}/' -- 'etc/profile*'
Note for gpg: ~/.gnupg/gpg.conf is apparently only managed by gpgconf(1)
rather than through gpg(1) itself, in which case it does not need to be
made read-write in gpg.profile.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This is an AUR helper and disable-common.inc has entries for pacman and
other system package managers.
Added on commit 6c10737f0 ("archaudit-report and cower for Arch
platforms, #1642", 2017-11-15).
|
| | |
| |
| |
| |
| |
| |
| | |
Instead of duplicating them on every profile that tries to allow opening
links in Firefox.
And make that path read-write on firefox.profile.
|
| | |
| |
| |
| |
| |
| |
| | |
Note: mpv itself does not modify anything in ~/.config/mpv as far as I
know, in which case it does not need a read-write entry.
Relates to #5706 #5707 #5710.
|
| |/
|
|
|
|
|
| |
They are already present on etc/inc/disable-common.inc.
First added on commit 695b67f43 ("handle ~/.config/user-dirs.dirs",
2015-11-17).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* microsoft-edge*: fix spacing
* Create microsoft-edge-stable.profile
Relates to #5696.
* firecfg.config: add support for microsoft-edge-stable redirect
* disable-common.inc: blacklist msedge SUID executables
* microsoft-edge: add private-opt and allow internal sandbox access
|
| | |
|
| |\
| |
| | |
email-common.profile: allow bsfilter
|
| | |
| |
| |
| |
| | |
https://bsfilter.org/
Signed-off-by: Marek Küthe <m.k@mk16.de>
|
| |\ \
| | |
| | | |
add ani-cli.profile
|
| | |/
| |
| |
| | |
https://github.com/pystardust/ani-cli
|
| |/
|
|
| |
https://github.com/justchokingaround/lobster
|
| |\
| |
| | |
New profile: parsecd
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Arch Linux got systemd v253:
https://github.com/archlinux/svntogit-packages/commit/05d0aedb2b83a2e1ba07cab47205772f82cb4814
It adds a few new files we should blacklist in `disable-common.inc`:
- /etc/credstore
- /etc/credstore.encrypted
- /run/credentials/systemd-sysctl.service
- /run/credentials/systemd-sysusers.service
- /run/credentials/systemd-tmpfiles-setup.service
- /run/credentials/systemd-tmpfiles-setup-dev.service
|
| | | |
|
| |\ \
| | |
| | | |
disable-programs.inc: blacklist sendgmail config
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
sendgmail is a cli tool by Google that "uses Gmail in order to mimic
sendmail for git send-email" as per its own description. In other words it
is a basic sendmail replacement with OAuth2 support to send emails from
Gmail accounts.
https://github.com/google/gmail-oauth2-tools/tree/master/go/sendgmail
Config files location depends on "xdg" build tag. Without the tag it would
be "~/.sendgmail.*". With the tag it is either under
"$XDG_CONFIG_HOME/sendgmail" if set or "~/.config/sendgmail" otherwise.
|
| |/ |
|
| |\
| |
| | |
disable-common.inc: add more ro editor/browser paths
|
| | |
| |
| |
| |
| |
| | |
Similarly to the existing ~/.nanorc entry.
Taken from nano.profile.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Move some paths from mutt.profile and neomutt.profile.
Added on commit 6b9bfad37 ("Fix python; add read-only to editors/cli
browsers;re-add cache directory", 2020-12-29) / PR #3849.
Misc: This is a follow-up to #5626.
|
| |\| |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This is already blocked by the first entry:
blacklist-nolog ${HOME}/.*_history
Added on commit 1d56e466c ("three new blacklist in disable-common.inc",
2019-06-18).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
From the manual of mutt 2.2.9:
> 3.125. history_file
>
> Type: path
> Default: "~/.mutthistory"
>
> The file in which Mutt will save its history.
|
| |/ |
|
| |
|
|
| |
Closes #5601
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* zoom.profile: whitelist ~/.config/zoom.conf
With Zoom version 5.12.6, Zoom changed how they handle encrypting the local
database. This change resulted in the new file zoom.conf being used. As it is
not allowed by the current profile, this could lead to users losing their chat
history if they cannot be retrieved from the cloud (e.g. when e2e encryption is
used).
* zoom.profile: noblacklist ~/.config/zoom.conf
Additional blacklisting for other programs to the configuration file.
|
| |\ |
|
| | |\
| | |
| | | |
Add profile for Chatterino
|
| | | | |
|
| | | | |
|
| | |/ |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
| |
* add comment on intentional duplication of blacklisted kernel configuration
* disable-proc.inc: update the duplication comment
* disable-common.inc: add duplication notice for kernel configuration
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* disable-programs.inc: add ssmtp support
* Create ssmtp.profile
* ssmtp: support Debian/Ubuntu
* README.md: add ssmtp to 'New profiles' section
* disable-common.inc: move ssmtp support to keep CI happy
* ssmtp: improve dead.letter comment
Suggested in [review](https://github.com/netblue30/firejail/pull/5544#pullrequestreview-1225322546).
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* audacity: support more config locations
* disable-programs.inc: add more audacity locations
* audacity: cover all XDG supported locations
* audacity: cover all XDG supported locations
* audacity: fix state dir entree in disable-programs.inc
* unbreak disable-programs.inc
Oh my, GitHub syntax highlighting support completely threw me off here. Thanks to @kmk3 for [saving the bacon](https://github.com/netblue30/firejail/pull/5538#pullrequestreview-1224604663)!
|
| |\
| |
| | |
Avidemux tools support
|
| | |
| |
| |
| |
| |
| | |
The Avidemux project stores configuration profile data in ~/.avidemux6,
while the package built by Packman-repositories for openSUSE patches it
to use ~/.avidemux3 at the moment (at least for Avidemux 2.8).
|
| |/
|
|
|
| |
* qbittorrent: add support for Qt6
* wusc: add support for Qt6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As suggested by @glitsj16[1].
Project homepage: https://github.com/abba23/spotify-adblock
Configuration paths:
* /etc/spotify-adblock/config.toml
* ~/.config/spotify-adblock/config.toml
Fixes #5494.
[1] https://github.com/netblue30/firejail/discussions/5494#discussioncomment-4280887
Reported-by: @Rewig95
|
| |
|
|
|
|
|
| |
Do not use `private-cache`, because PyCharm places in cache
directories stuff like spelling dictionary (i. e. if you download
spelling dictionary with `private-cache`, on restart PyCharm you need
to download spelling dictionary again).
|
pirate486743186
netblue30
Kelvin M. Klann
Kobaxidze256
glitsj16
Neotamandua
Marek Küthe
pirate486743186
NetSysFire
slowpeek
Netcarver
Alexandre Provencio
fkrone
Dpeta
slowpeek
rusty-snake
Hartmut Knaack
Bogdan Ruslanovich Drozd