| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
| |
Need to whitelist `ptrace` and `clone3` for Ubisoft Connect to work.
journalctl did list `process_vm_readv` when a game was running, but it
didn't crash the game.
Fixes #6035.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* profiles: drop private-opt (existing whitelist)
* profiles: replace private-opt with whitelist
In most profiles.
Kept private-opt for enpass (~85MB), mate-dictionary (<20MB),
minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't
check: xmr-stak.
* docs: note potential issues with private-opt
|
|\
| |
| | |
New profile: floorp
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
From Breezy's documentation[1] [2]:
> Breezy is a friendly fork of the Bazaar (bzr) project, hosted on
> http://bazaar.canonical.com/. It is backwards compatibility with
> Bazaar's disk format and protocols. One of the key differences with
> Bazaar is that Breezy runs on Python 3, rather than on Python 2.
breezy is also the drop-in replacement for bazaar on Arch Linux since
pacman 6.0.2-8[3].
> By default, Breezy provides support for both the Bazaar and Git file
> formats.
Note: The profile is implemented as a git redirect.
[1] https://github.com/breezy-team/breezy
[2] https://www.breezy-vcs.org/
[3] https://gitlab.archlinux.org/archlinux/packaging/packages/pacman/-/commit/c68a4e6602e3488fa093a18d35202c76a730faf6
|
|/
|
|
|
|
|
| |
* disable-programs.inc: add lettura support
* Create lettura.profile
* firecfg.config: add lettura
|
| |
|
|
|
| |
Co-authored-by: pirate486743186 <>
|
|
|
|
|
|
|
|
| |
* profiles: refactor log viewers
Introduces system-log-common.profile as a common profile for existing
GUI log viewer applications.
* system-log-common: enable no3d
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Main changes:
* Remove the space after `#` for commented code lines to distinguish
them from normal comments
* Use `#` instead of `-` for comments at the end of the line so that
commented code lines work after being uncommented
Commands used to search and replace:
arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
git ls-files -z -- etc/inc etc/profile* | xargs -0 -I '{}' \
sh -c "printf '%s\n' \"\$(sed -E \
-e 's/^# ($arg0)( [#-]-? .*)?\$/#\\1\\2/' \
-e 's/^# ($arg1)( [^ ]*)?( [#-]-? .*)?\$/#\\1\\2\\3/' \
-e 's/^# (whitelist \\$)/#\\1/' \
-e 's/^(#[^ ].+) --? /\\1 # /' \
'{}')\" >'{}'"
Commands used to check for leftover entries:
arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
git grep -E "^# ($arg0|$arg1)( +|$)" -- etc/inc etc/profile*
See also commit 30f9ad908 ("build: improve comments in firecfg.config",
2023-08-05) / PR #5942.
|
|
|
|
|
|
|
|
|
| |
Changes:
* Turn very long end-of-line comments into normal comments
* Turn multi-line end-of-line comments into normal comments
* Fix a comment being below instead of above the relevant entry
* Turn some comments that look like code into end-of-line comments
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
What works:
- Basic functionality
- Receiving notifications
- Voice communication
- Watching streams
What wasn't tested:
- Casting streams
- Opening links
- Tracking/displaying "current activity" as status message
- Apparmor
Notes:
- Discord tries to access system dbus (`[ERROR:bus.cc(399)] Failed to
connect to the bus: Failed to connect to socket
/run/firejail/mnt/dbus/system: Permission denied`). I don't know what
business it has with the system dbus, and didn't notice any problems
due to that.
- I had one crash after 2h of watching a stream. Probably unrelated.
Fixes #5971.
|
|
|
|
|
|
| |
Commit 3077b2d1f blacklists `${PATH}/patch` in disable-devel.inc[1]. We
need to noblacklist it in the profiles that need it.
[1] https://github.com/netblue30/firejail/commit/3077b2d1ff6c6e26a83487ae460985157b5c61fd
|
| |
|
|\
| |
| | |
build: codespell improvements
|
| |
| |
| |
| |
| |
| | |
Found by simply running `codespell .`.
Environment: codespell 2.2.5-2 on Artix Linux.
|
|/
|
|
|
| |
mpDris2 brings MPRIS2 support to MPD:
https://github.com/eonpatapon/mpDris2
|
| |
|
|
|
|
|
|
|
|
|
| |
Changes:
* comment `include whitelist-common.inc` when using `private`
* drop `private` on profiles that access files in `${HOME}`
* use `#` in comments
Relates to #903.
|
|
|
|
|
|
|
| |
This fixes 0ad not opening on OpenSUSE Tumbleweed due to a "Permission
denied" error when trying to open "libmozjs-78.so.0".
See this issue that describes it all:
https://github.com/netblue30/firejail/issues/5938#issue-1833607321
|
|
|
|
|
| |
* firecfg.config: add support for clac
* Create clac.profile
|
| |
|
|
|
|
|
|
| |
On the profiles that allow ~/.config/mpv.
Relates to #5936.
|
|
|
|
|
| |
* firecfg.config: add daisy support
* Create daisy.profile
|
|
|
|
|
| |
* disable-programs.inc: add new gramps dir
* gramps: add new config dir
|
|
|
|
|
| |
* audacious: D-Bus hardening
* audacious: add noprinters
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple profiles include firefox-common.profile, but not all of them
include whitelist-usr-share-common.inc.
Suggested by @glitsj16[1].
This amends commit 094892dfd ("profiles: remove /usr/share/vulkan
already whitelisted by wusc (#5910)", 2023-07-20).
[1] https://github.com/netblue30/firejail/pull/5910/files#r1269397348
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `shell` option has been removed. Remove stale references.
This does NOT remove `shell none`-related code comments in:
- src/firejail/fs_lib.c (L433-L441)
- src/firejail/join.c (L415-L417)
Relates to #5196.
Suggested by #5891.
|
|
|
|
|
|
|
| |
Bleachbit is used to permanently delete files by overwriting the memory.
So the most popular feature of Bleachbit is emptying the Trash.
Relates to #5337.
|
| |
|
|
|
| |
Co-authored-by: pirate486743186 <>
|
| |
|
| |
|
|\
| |
| | |
update lobster profile
|
| | |
|
|/ |
|
| |
|
|\ |
|
| | |
|
| |
| |
| |
| |
| | |
I assume most people want this on, since it is a messenger application,
and you can control whether you turn it on or off in the app.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For consistency and to reduce confusion.
The toolkit has been renamed from "GTK+" to just "GTK" in 2019[1].
Note: This also fixes some adjacent typos.
Commands used to search and replace:
$ git grep -lz 'G[Tt][Kk]' -- etc | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(sed -E \
-e 's/G[Tt][Kk]\+?/GTK/g' \
-e 's/GTK-.\.0/GTK/g' \
-e 's/GTK base/GTK-base/g' \
-e 's/GTK-base /GTK-based /g' \
-e 's/Light weight/Lightweight/g' \
-e 's/client with GTK/client made with GTK/g' '{}')\" >'{}'"
Misc: I noticed this on #5722.
[1] https://mail.gnome.org/archives/gtk-devel-list/2019-February/msg00000.html
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Command used to search for entries:
$ git grep '^read-only ${HOME}/' -- 'etc/profile*'
Note for gpg: ~/.gnupg/gpg.conf is apparently only managed by gpgconf(1)
rather than through gpg(1) itself, in which case it does not need to be
made read-write in gpg.profile.
|
| |
| |
| |
| |
| |
| |
| | |
Instead of duplicating them on every profile that tries to allow opening
links in Firefox.
And make that path read-write on firefox.profile.
|