aboutsummaryrefslogtreecommitdiffstats
path: root/etc/inc
Commit message (Collapse)AuthorAge
* disable all ssh utilities in disable-common.incLibravatar netblue302023-08-20
|
* New profile: journal-viewer (#5943)Libravatar glitsj162023-08-10
|
* mpv.profile: add new XDG_CACHE_HOME pathLibravatar Kelvin M. Klann2023-08-03
| | | | | | | | | mpv v0.36.0 uses ~/.cache/mpv[1] [2]: Relates to #2838 #5936. [1] https://github.com/mpv-player/mpv/releases/tag/v0.36.0 [2] https://github.com/mpv-player/mpv/pull/10838
* mpv.profile: add new XDG_STATE_HOME pathLibravatar CodeWithMa2023-08-03
| | | | | | | The new version of mpv changed the path of the watch_later folder to ~/.local/state/mpv/watch_later. See https://github.com/mpv-player/mpv/pull/10838
* gramps: bring in new config directory (#5933)Libravatar glitsj162023-07-31
| | | | | * disable-programs.inc: add new gramps dir * gramps: add new config dir
* New profile: sniffnet (#5920)Libravatar glitsj162023-07-25
| | | | | | | * disable-programs.inc: add sniffnet support * Create sniffnet.profile * firecfg.config: add sniffnet support
* profiles: Miscellaneous cleanups (#5918)Libravatar glitsj162023-07-25
|
* update mov-cli (#5924)Libravatar pirate4867431862023-07-25
| | | Co-authored-by: pirate486743186 <>
* Create mullvad-browser.profile (#5887)Libravatar glitsj162023-07-22
| | | | | | | | | Homepage: https://mullvad.net/en/download/browser/linux mullvad-browser: don't use restrict-namespaces mullvad-browser: cover both installation paths Suggested in review by @kmk3.
* sqlitebrowser remote support (#5909)Libravatar glitsj162023-07-20
| | | | | * disable-programs.inc: add remote sqlitebrowser support * sqlitebrowser: add support for remote functionality
* disable-common.inc: blacklist sudo/doas paths in /etcLibravatar Kelvin M. Klann2023-07-14
| | | | | | | | | | | | | | | | | | | | | | Commands used to find the relevant paths in /etc: $ pacman -Qo /etc/* 2>/dev/null | grep sudo | LC_ALL=C sort /etc/pam.d/ is owned by sudo 1.9.14.p1-1 /etc/sudo.conf is owned by sudo 1.9.14.p1-1 /etc/sudo_logsrvd.conf is owned by sudo 1.9.14.p1-1 /etc/sudoers is owned by sudo 1.9.14.p1-1 /etc/sudoers.d/ is owned by sudo 1.9.14.p1-1 Environment: Artix Linux. Also, add missing paths sudo/doas to etc/ids.config and jailcheck. See also commit dbebd71db ("disable-common.inc: blacklist doas binary", 2022-10-05). Relates to #5385. Reported-by: Dieter Plaetinck <dieter@plaetinck.be>
* Merge pull request #5881 from glitsj16/rssguardLibravatar netblue302023-07-13
|\ | | | | New profile: rssguard
| * disable-programs.inc: fix ordering rssguard entreeLibravatar glitsj162023-07-03
| | | | | | Grrrr
| * disable-programs.inc: fix rssguard entreeLibravatar glitsj162023-07-03
| | | | | | Apparently a path containing whitespace and ending with a single digit breaks CI: https://github.com/netblue30/firejail/actions/runs/5448790502.
| * disable-programs.inc: add support for rssguardLibravatar glitsj162023-07-03
| |
* | refresh feh.profileLibravatar pirate4867431862023-07-12
|/
* update lobster profileLibravatar pirate4867431862023-06-14
|
* block local python (#5826)Libravatar pirate4867431862023-05-11
| | | Co-authored-by: pirate486743186 <>
* Merge pull request #5755 from kmk3/profiles-allow-lxqtLibravatar netblue302023-04-06
|\ | | | | profiles: allow lxqt config dir
| * profiles: allow lxqt config dirLibravatar Kelvin M. Klann2023-03-26
| | | | | | | | | | | | | | | | | | As suggested by @glitsj16: https://github.com/netblue30/firejail/discussions/5754#discussioncomment-5428651 Fixes #5754 (font size/dpi issues). Reported-by: @hotcapy
* | profiles: move read-only config entries to dcLibravatar Kelvin M. Klann2023-03-28
| | | | | | | | | | | | | | | | | | | | Command used to search for entries: $ git grep '^read-only ${HOME}/' -- 'etc/profile*' Note for gpg: ~/.gnupg/gpg.conf is apparently only managed by gpgconf(1) rather than through gpg(1) itself, in which case it does not need to be made read-write in gpg.profile.
* | cower: move blacklist from disable-programs to dcLibravatar Kelvin M. Klann2023-03-28
| | | | | | | | | | | | | | | | This is an AUR helper and disable-common.inc has entries for pacman and other system package managers. Added on commit 6c10737f0 ("archaudit-report and cower for Arch platforms, #1642", 2017-11-15).
* | firefox: move read-only entries to disable-common.incLibravatar Kelvin M. Klann2023-03-28
| | | | | | | | | | | | | | Instead of duplicating them on every profile that tries to allow opening links in Firefox. And make that path read-write on firefox.profile.
* | mpv: move read-only entries to disable-common.incLibravatar Kelvin M. Klann2023-03-27
| | | | | | | | | | | | | | Note: mpv itself does not modify anything in ~/.config/mpv as far as I know, in which case it does not need a read-write entry. Relates to #5706 #5707 #5710.
* | whitelist-common.inc: remove read-only entriesLibravatar Kelvin M. Klann2023-03-27
|/ | | | | | | They are already present on etc/inc/disable-common.inc. First added on commit 695b67f43 ("handle ~/.config/user-dirs.dirs", 2015-11-17).
* Add profiles for jami and postman (#5691)Libravatar Kobaxidze2562023-03-15
|
* microsoft-edge fixes (#5697)Libravatar glitsj162023-03-14
| | | | | | | | | | | | | * microsoft-edge*: fix spacing * Create microsoft-edge-stable.profile Relates to #5696. * firecfg.config: add support for microsoft-edge-stable redirect * disable-common.inc: blacklist msedge SUID executables * microsoft-edge: add private-opt and allow internal sandbox access
* Add Discord PTB profileLibravatar Neotamandua2023-03-12
|
* Merge pull request #5718 from marek22k/masterLibravatar netblue302023-03-08
|\ | | | | email-common.profile: allow bsfilter
| * email-common.profile: allow bsfilterLibravatar Marek Küthe2023-03-08
| | | | | | | | | | https://bsfilter.org/ Signed-off-by: Marek Küthe <m.k@mk16.de>
* | Merge pull request #5707 from pirate486743186/ani-cliLibravatar netblue302023-03-08
|\ \ | | | | | | add ani-cli.profile
| * | add ani-cli.profileLibravatar pirate4867431862023-03-05
| |/ | | | | | | https://github.com/pystardust/ani-cli
* / add lobster.profileLibravatar pirate4867431862023-03-03
|/ | | | https://github.com/justchokingaround/lobster
* Merge pull request #5646 from NetSysFire/parsecdLibravatar netblue302023-02-24
|\ | | | | New profile: parsecd
| * New profile: parsecdLibravatar NetSysFire2023-02-18
| |
* | disable-common.inc: add systemd v253 blacklists (#5669)Libravatar glitsj162023-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Arch Linux got systemd v253: https://github.com/archlinux/svntogit-packages/commit/05d0aedb2b83a2e1ba07cab47205772f82cb4814 It adds a few new files we should blacklist in `disable-common.inc`: - /etc/credstore - /etc/credstore.encrypted - /run/credentials/systemd-sysctl.service - /run/credentials/systemd-sysusers.service - /run/credentials/systemd-tmpfiles-setup.service - /run/credentials/systemd-tmpfiles-setup-dev.service
* | wusc: allow hyphenation (#5666)Libravatar glitsj162023-02-15
| |
* | Merge pull request #5653 from slowpeek/masterLibravatar netblue302023-02-14
|\ \ | | | | | | disable-programs.inc: blacklist sendgmail config
| * | Blacklist sendgmail configLibravatar slowpeek2023-02-11
| |/ | | | | | | | | | | | | | | | | | | | | | | | | sendgmail is a cli tool by Google that "uses Gmail in order to mimic sendmail for git send-email" as per its own description. In other words it is a basic sendmail replacement with OAuth2 support to send emails from Gmail accounts. https://github.com/google/gmail-oauth2-tools/tree/master/go/sendgmail Config files location depends on "xdg" build tag. Without the tag it would be "~/.sendgmail.*". With the tag it is either under "$XDG_CONFIG_HOME/sendgmail" if set or "~/.config/sendgmail" otherwise.
* / Prevent access to LUKS keyfileLibravatar Netcarver2023-02-14
|/
* Merge pull request #5635 from kmk3/dc-add-ro-editor-browserLibravatar netblue302023-01-31
|\ | | | | disable-common.inc: add more ro editor/browser paths
| * disable-common.inc: make ~/.config/nano read-onlyLibravatar Kelvin M. Klann2023-01-30
| | | | | | | | | | | | Similarly to the existing ~/.nanorc entry. Taken from nano.profile.
| * disable-common.inc: add more ro editor/browser pathsLibravatar Kelvin M. Klann2023-01-30
| | | | | | | | | | | | | | | | | | Move some paths from mutt.profile and neomutt.profile. Added on commit 6b9bfad37 ("Fix python; add read-only to editors/cli browsers;re-add cache directory", 2020-12-29) / PR #3849. Misc: This is a follow-up to #5626.
* | Merge branch 'netblue30:master' into warzone2100Libravatar glitsj162023-01-31
|\|
| * disable-common.inc: sort history file pathsLibravatar Kelvin M. Klann2023-01-30
| |
| * disable-common.inc: remove redundant history entryLibravatar Kelvin M. Klann2023-01-30
| | | | | | | | | | | | | | | | | | This is already blocked by the first entry: blacklist-nolog ${HOME}/.*_history Added on commit 1d56e466c ("three new blacklist in disable-common.inc", 2019-06-18).
| * mutt.profile: add ~/.mutthistoryLibravatar Kelvin M. Klann2023-01-27
| | | | | | | | | | | | | | | | | | | | | | From the manual of mutt 2.2.9: > 3.125. history_file > > Type: path > Default: "~/.mutthistory" > > The file in which Mutt will save its history.
* | additional blacklisting for warzone2100 on Arch LinuxLibravatar glitsj162023-01-29
|/
* fix qutebrowser not opening tabs (#5618)Libravatar Alexandre Provencio2023-01-25
| | | | Closes #5601
* zoom.profile: whitelist ~/.config/zoom.conf (#5596)Libravatar fkrone2023-01-24
| | | | | | | | | | | | | * zoom.profile: whitelist ~/.config/zoom.conf With Zoom version 5.12.6, Zoom changed how they handle encrypting the local database. This change resulted in the new file zoom.conf being used. As it is not allowed by the current profile, this could lead to users losing their chat history if they cannot be retrieved from the cloud (e.g. when e2e encryption is used). * zoom.profile: noblacklist ~/.config/zoom.conf Additional blacklisting for other programs to the configuration file.
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-30 17:49:38 +0000