| Commit message (Collapse) | Author | Age |
|
|
|
| |
In order UPnP to work netlink protocol must be enabled.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* firecfg.config alpine
* Create alpinef.profile
* Create alpine.profile
* disable-programs.inc alpine
* workaround in comment
* Update etc/profile-a-l/alpine.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* deactivating whitelists in ${HOME}
* comment
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create googler-common.profile
* Create googler.profile
* Create ddgr.profile
* Update firecfg.config
* sort fix
* space
* space
* tightening
* comment
* fix comment
* fix private-etc and ${DOWNLOADS}
* fix sort
* redundant ${DOWNLOADS}
|
|
|
|
| |
closes #4324
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create links-common.profile
* Update links.profile
* Create links2.profile
* Update links.profile
* Update links2.profile
* Update elinks.profile
* Update elinks.profile
* links2
* Update firecfg.config
* Update xlinks.profile
* .xlinks
* add dbus and whitelist-usr-share-common
* .xlinks doesn't exist
* revert
* Create xlinks2
* xlinks2
* Update xlinks2
* Update xlinks.profile
* no wayland
* no wayland
* doesn't use /tmp/.X11-unix
* doesn't use /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
|
|\
| |
| | |
Restrict /usr/libexec
|
| | |
|
| | |
|
|/
|
|
|
| |
* ignore include disable-shell.inc
* allow-bin-sh.inc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create youtube-viewers-common.profile
* reorganising youtube viewers
* rm globals
* reorganise youtube viewers
* adding pipe-viewer
* adding gtk-pipe-viewer
* xterm and youtube-dl cache
* sort
* Update youtube-viewers-common.profile
* quiet
* quiet
* quiet
* Update firecfg.config
* rm vlc
* rm invalid binary
* noinput
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* whitelist-runuser-common.inc
|
|
|
|
|
|
|
|
|
|
|
| |
* fix blobby
* fix funnyboat
* fix librecad
* drop doubled netfilter entree in blobby
* drop unneeded include in funnyboat
|
| |
|
|\
| |
| | |
Fix Lutris profile
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* fix noroot comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630981737).
* fix dbus-user comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630982527).
* fix private-dev comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630980029).
* fix private-etc comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630979698).
* move writable-var comment cfr. profile.template
|
|
|
|
| |
Profiles with private-dev behind BROWSER_DISABLE_U2F were missed by 0cee0ba5.
|
|
|
|
| |
It now features audio/video calling.
|
|
|
| |
It's a workaround option, not to be used in any profile by default. Thanks to @rusty-snake for pointing that out.
|
|
|
|
|
|
|
|
| |
bijiben crashes without access to /usr/share/tracker3 in Fedora 34 with:
** (bijiben:14): WARNING **: 21:48:08.394: Unable to connect to Tracker: 'file:///usr/share/tracker3/ontologies/nepomuk' is not a ontology location
** (bijiben:14): WARNING **: 21:48:08.394: Cannot initialize BijiManager: 'file:///usr/share/tracker3/ontologies/nepomuk' is not a ontology location
|
|
|
|
|
|
|
|
|
| |
* revert comment changes from #4257
* revert comment changes from #4257
* revert comment changes from #4257
* revert comment changes from #4257
|
|
|
|
|
|
|
|
|
| |
* [comment] use 'read-write' instead of 'ignore read-only'
* [comment] use 'read-write' instead of 'ignore read-only'
* [comment] use 'read-write' instead of 'ignore read-only'
* [comment] use 'read-write' instead of 'ignore read-only'
|
| |
|
| |
|
|
|
|
|
|
| |
closes #4236
[skip ci]
|
| |
|
| |
|
| |
|
|\
| |
| | |
Some minor changes
|
| | |
|
|\ \
| |/
|/| |
Delete *.profie
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added on commit 41f69f7a7 ("Commons of opengl-game-wrapper.sh") /
PR #4071.
Each one is a duplicate of a .profile file that was added on the same
commit.
Commands used to search and replace (which is what causes their
deletion):
$ git ls-files -z -- '*.profie' | xargs -0 -I '{}' sh -c
"git mv -f '{}' \"\`printf '%s\n' '{}' | sed 's/.[^.]*$//'\`.profile\""
|
|/ |
|
|\
| |
| | |
Commons of opengl-game-wrapper.sh
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[skip ci]
- Add allow-opengl-game.inc
- Add profiles for alienarena-wrapper, ballbuster-wrapper,
colorful-wrapper, etr-wrapper, gl-117-wrapper, glaxium-wrapper,
neverball-wrapper, neverputt-wrapper, pinball-wrapper,
supertuxkart-wrapper
- Use allow-opengl-game.inc in xonotic.profile and the profiles above
- xonotic.profile: simplify private-bin by using xonotic*
|
| |
| |
| |
| |
| |
| |
| | |
β¦, gl-117, glaxium, pinball
alienarena is missing in firecfg.config by intention, I didn't tested
any online multiplayer.
|
|\ \
| | |
| | | |
Add examples how to allow browser access to Gnome extensions connector
|
| | |
| | |
| | |
| | | |
Fixes #4177.
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add firedragon profile
* Point private-etc to firefox-common.local
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* Add to firecfg.config
* Add firedragon to disable-programs.inc
* Correct dir
* Remove private-etc
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
as pointed out by @glitsj16 in 51e67fd4.
> FYI, a quick check shows atool,bsdtar,xzdec,unzstd are still missing
> from private-bin. Not sure if we actually need to bring those in too.
They add virtually no new permissions fr has already a long private-bin
with dozens of archivers. Before we break anything I add them.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
README.md/RELNOTES:
- Add new profiles
etr.profile:
- adding passwd to private-etc makes it work for me
file-roller.profile
- add netfilter
- add zstd to private-bin
- add cp,mv,rm to private-bin which seems to be necessary in some
cases.
#4113 is likely fixed with this but wait for OP.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add Sway profile
* Fix issue
Not working then including firefox-common-addons.profile
* Allow sway's fallback config
* So I agree with @glitsj16 and @BL4CKH47H4CK3R
so..
`No its not needed as it reveals lots of important /usr/share folders like /usr/share/fonts which can used for font fingerprinting and OS detection. Like the site or attacker will know that which font you are using. Linux and windows common font are not same so its a problem. Besides there are so many other important folders as I see. Librewolf can launch and work perfectly without this options`
* well..
Revert `include whitelist-usr-share-common.inc`
Sync with Firefox profile
* π What just hapened
* π Sync with upstream
* Merge tested from PR
* π Sync with upstream
* Merge tested from PR
* Revert changes
* Add Sway profile
* Fix issue
Not working then including firefox-common-addons.profile
* Allow sway's fallback config
* So I agree with @glitsj16 and @BL4CKH47H4CK3R
so..
`No its not needed as it reveals lots of important /usr/share folders like /usr/share/fonts which can used for font fingerprinting and OS detection. Like the site or attacker will know that which font you are using. Linux and windows common font are not same so its a problem. Besides there are so many other important folders as I see. Librewolf can launch and work perfectly without this options`
* π Rebase
* π What just hapened
* Merge tested from PR
* π Sync with upstream
* Merge tested from PR
* Revert changes
* Update
* Update librewolf.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* opt-in for brave's native tor support
* fix brave's native tor support
* warn about potential tor breakage when using apparmor
* update comment for opting in to tor
* move brave's tor apparmor fix in brave.profile
|
| |
| |
| | |
Fixes #4202 until we have tooling to generate system-specific lists at install time, as suggested by @loveshack.
|