| Commit message (Collapse) | Author | Age |
|\
| |
| | |
elinks.profile: Fix missing access to liblua
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By including allow-lua.inc.
Error log:
$ firejail elinks
elinks: error while loading shared libraries: liblua.so.5.4: cannot open shared object file: Permission denied
Environment: firejail-git (a82c8e021) and elinks 0.14.3-2 on Artix
Linux.
Fixes #4707.
Reported-by: @jose1711
|
|\ \
| |/
|/| |
Add CachyBrowser profile
|
| | |
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Various .so's are needed to allow execution, /etc/ImageMagick-7/ is
needed for various policy XML files, and /usr/$(libdir)/ImageMagick-x.y.z/
is needed in order to have access to decoders.
Tested on Gentoo; I don't know if other distros put the relevant bits
in different paths.
Signed-off-by: Hank Leininger <hlein@korelogic.com>
|
| |
|
| |
|
|
|
| |
As suggested in https://github.com/netblue30/firejail/pull/4727#discussion_r759402234.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`nogroups` should not have been causing issues with rendering on nvidia
since commit 623e68216 ("temporary fix for nvidia/nogroups/noroot issue
(#3644, #841)", 2020-10-02) and commit cb460c32c ("more nvidia (#3644)",
2020-10-03), which had made it a no-op on nvidia. And the handling of
the "render" and "video" groups are independent to the handling of
`nogroups` now; see the previous 3 commits.
Commits which introduced the comments on each profile:
* kodi.profile: commit ce462b6b1 ("fix #3501", 2020-07-16)
* mpsyt.profile: commit e17b48fca ("new profile mpsyt.profile",
2018-11-28)
* mpv.profile: commit cc7c48983 ("Document #1945", 2018-07-25)
* steam.profile: commit d6f8169dd ("steam fixes; #841, #3267",
2020-03-15)
Commands used to find the comments:
git grep -i nvidia -- etc/profile-* | grep -v private-etc
Relates to #4632.
|
|\
| |
| | |
Added `quiet` to some CLI profiles
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
- Update RELNOTES and README.md
- disable-common.inc
- blacklist ${HOME}/.local/share/ibus-typing-booster
- blacklist /run/timeshift (closes #4660)
- fix audacity.profile (closes #4659)
|
|\ \
| | |
| | | |
deterministic-shutdown option
|
| | | |
|
| | | |
|
| | | |
|
|/ /
| |
| |
| | |
Command is the same as in d8d97acb
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Add profiles for imv, retroarch, and torbrowser
|
| | |
| | |
| | |
| | |
| | | |
imv, retroarch, and torbrowser are also added to
firecfg.config
|
|\ \ \
| | | |
| | | | |
blobwars: add path to game assets compatible with Arch
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Drop noinput for games with joystick/gamepad support
|
| |/ / /
| | | |
| | | |
| | | | |
Fixes #4608
|
|/ / /
| | |
| | |
| | | |
Fixes #4611.
|
|\ \ \
| | | |
| | | | |
Use ?ALLOW_TRAY: (#4510) in profiles
|
| |/ / |
|
|/ / |
|
|\ \
| | |
| | | |
Fix vscodium
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Both base names are valid:
$ grep '^NAME' /etc/os-release
NAME="Artix Linux"
$ pacman -Q vscodium-bin
vscodium-bin 1.60.2-2
$ pacman -Qlq vscodium-bin | grep -v -e '/$' -e /resources/ |
grep /bin/
/usr/bin/codium
/usr/bin/vscodium
/usr/share/vscodium-bin/bin/codium
Note: The first two paths are symlinks to the third one.
Fixes #3871.
|
|\ \ \
| | | |
| | | | |
Add profiles for build-systems (/package-managers)
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Profiles: bunler, cargo (refactor), cmake (untested), make, meson, pip
All redirect to build-systems-common.profile
Other fixes:
- blacklist ${HOME}/.bundle
- blacklist ${HOME}/.cargo/* -> blacklist ${HOME}/.cargo
- blacklist /usr/lib64/ruby
|
|\ \ \ \
| |_|/ /
|/| | | |
Correct amule.profile for upnp
|
| | | |
| | | |
| | | |
| | | | |
In order UPnP to work netlink protocol must be enabled.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* cheese
- fix: dbus-user.own org.gnome.Cheese
- fix: whitelist /usr/share/gstreamer-1.0
- fix: include allow-python3.inc
- hardening: include disable-shell.inc
- hardening: include whitelist-run-common.inc and whitelist /run/udev/data
- hardening: whitelist /usr/libexec/gstreamer-1.0/gst-plugin-scanner
- hardening: noinput
- hardening: nosound
- hardening: seccomp.block-secondary
- hardening: private-dev
* geekbench (closes #4576)
- fix: noblacklist /sbin and noblacklist /usr/sbin
- fix: noblacklist, blacklist, mkdir, whitelist, read-write ${HOME}/.geekbench5
- fix: comment/remove private-bin, private-lib, private-opt
* inkscape
- add quiet for cli usage
* musixmatch (#4518)
- allow chroot
* pandoc
- fix: include allow-bin-sh.inc
- fix: drop private-bin
- hardening: include whitelist-runuser-common.inc
- hardening: seccomp.block-secondary
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Add ld.so.preload to all private-etc lines
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Command:
sed -i -E "s/^private-etc /private-etc ld.so.preload,/" \
$(grep -LE "^private-etc .*ld.so.preload" etc/profile-*/*) \
&& python3 contrib/sort.py etc/profile-*/*
|
|\ \ \ \
| | | | |
| | | | | |
Create goldendict.profile
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add missing final newlines
|