| Commit message (Collapse) | Author | Age |
|
|
|
|
|
| |
When starting Kate, a blacklist violation from accessing the kwinrc config file is reported. As a KDE application, it should be fine for Kate to access it.
blacklist violation - sandbox 13410, name kate, exe kate, syscall access, path /home/user/.config/kwinrc
|
|
|
|
|
|
|
|
| |
A side effect of including disable-common.inc is loosing access to /etc/profile.d, where Bash completion is located.
Explicitly enable access to console scripts in /etc/profile.d, so that Kate's built-in Konsole instance can be used without limitations.
Minor side effect: the spawned Bash tries to access /etc/init.d
blacklist violation - sandbox 17317, name kate, exe bash, syscall stat, path /etc/init.d
|
|
|
|
|
|
| |
Kate has grown support for software development, making it a light IDE. Some version control modules exist, and when using the Git module, a blacklist violation is reported:
blacklist violation - sandbox 13902, name kate, exe git, syscall access, path /home/user/.gitconfig
Including support for common development file access mitigates this violation issue.
|
|
|
|
|
|
|
|
|
|
|
| |
Without whitelist-usr-share-common, /usr/share becomes empty.
Adding whitelist-runuser-common didn't break google chrome.
Whitelisting /usr/share/mozilla/extensions and
/usr/share/webext shouldn't break google chrome, either.
I tested google-chrome.profile only, but
I think later versions should not be different.
|
| |
|
| |
|
| |
|
|
|
| |
Add electron-flags.conf for all versions of electron
|
|
|
|
| |
closes #4965
|
|
|
|
|
|
|
| |
following up ce6f792efd0af09b95050864b71f79c46359fa49
/var/lib/libvirt is blacklisted in disable-common.inc
so merely whitelisting the directory is not enough
|
|
|
|
|
| |
private option implies private-cache,
so it is safe to remove
|
| |
|
|
|
| |
Fixes #5068.
|
| |
|
|
|
|
|
| |
* cmake: fix local override & wusc
* cmake: another wusc fix
|
|
|
|
|
|
|
|
|
| |
* drop redundant noblacklist
noblacklist ${HOME}/.vscode-oss already exists in included code.profile
* remove newline
Nitpick for persistency with other profiles that have the comment about #2624.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
* geary fixes
* comment ipc-namespace
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
* Add support for changing appearance of the Qt6 apps with qt6ct
* Remove qt5ct artifact from zeal.profile
* Remove qt5ct artifact from bibletime.profile
|
| |
|
|
|
|
|
|
| |
0319fbd enabled whitelisting in /usr/share for iridium but wusc
was still ignore causing iridium to crash.
Fixes #4917
|
|\
| |
| | |
keepassx: restore nou2f
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I could not find anything to confirm that keepassx supports hardware
keys. And as mentioned by @rusty-snake[1]:
> The yubikey support in kpxc seems to be based on
> https://github.com/kylemanna/keepassx /
> https://github.com/keepassx/keepassx/pull/52
> which was never merged. For me it looks like kpx never got official
> support for it.
>
> keepass seems to support hw keys (via plugin).
Also of note is the PR that added yubikey support to keepassxc:
https://github.com/keepassxreboot/keepassxc/pull/127
This partially reverts commit 09ac1a73e ("keepass*: remove nou2f",
2022-02-05) / PR #4903. See also commit 91b04172b ("keepass*: fix typo
in private-dev note", 2022-02-06).
Closes #4883.
[1] https://github.com/netblue30/firejail/issues/4883#issuecomment-1031172309
|
|/ |
|
|
|
|
|
|
|
| |
s/nou2f/private-dev/
This amends commit 8a718ff4a ("keepass*: note that private-dev blocks
access to new hardware keys", 2022-02-05).
|
|
|
|
|
|
| |
Which may be surprising to some users (see #4883).
Fixes #4883.
|
|
|
|
|
|
|
| |
At least keepassxc supports U2F and password managers seem like they
would be a common use case for it.
See the discussion on #4883.
|
| |
|
|\
| |
| | |
Update librewolf.profile: use new d-bus message bus
|
| |
| |
| | |
Starting Librewolf 96.0, Librewolf switched from using d-bus org.mozilla.librewolf.* to io.gitlab.librewolf.*
|
| | |
|
|/ |
|
|\
| |
| | |
{lutris,wine}.profile: allow ~/.cache/wine
|
| |
| |
| | |
~/.cache/wine is a directory where wine stores .msi files for wine-gecko and wine-mono that it may download (with user's permission) and reuse every time a new prefix is created.
|
|\ \
| | |
| | | |
add a profile for cointop
|
| |/ |
|
| | |
|
|/ |
|
| |
|