| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
| |
Similarly to steam.profile (see #4864).
Fixes #6106.
|
| |
|
|
|
|
|
| |
I accidentally removed the `!` when sorting the arguments in #6067.
This amends commit fbba03790 ("lutris.profile: allow more syscalls",
2023-10-24) / PR #6067.
|
| |\
| |
| | |
build: sort.py: use case-sensitive sorting
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To match how things are sorted elsewhere, such as with `noblacklist` /
`whitelist` lines (vertically) in profiles and in
ci/check/profiles/sort-disable-programs.sh and src/etc-cleanup/main.c.
This makes the order in `private-etc` always be groups (`@group`), then
uppercase paths, then lowercase paths. Example from
etc/profile-m-z/softmaker-common.profile:
private-etc @tls-ca,SoftMaker,fstab
Note that this does not affect a significant amount of profiles; most
changes are in `private-bin` / `private-lib` lines and in `private-etc`
lines for newer profiles that do not use groups. This is partly due to
commit 5d0822c52 ("private-etc: big profile changes", 2023-02-05)
replacing `X11` with `@x11` in `private-etc` lines and then commit
0f996ea4d ("private-etc: groups modified", 2023-02-05) removing
`Trolltech.conf` from `private-etc` lines and using case-sensitive
sorting in them.
Relates to #5610.
|
| |\ \
| | |
| | | |
lutris.profile: allow more syscalls
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
Need to whitelist `ptrace` and `clone3` for Ubisoft Connect to work.
journalctl did list `process_vm_readv` when a game was running, but it
didn't crash the game.
Fixes #6035.
|
| | | |
|
| | | |
|
| |/
|
|
|
|
|
| |
discord_arch_electron[1] stores its files in /usr/share/discord, rather than
the usual /opt/discord.
[1] https://aur.archlinux.org/packages/discord_arch_electron
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* profiles: drop private-opt (existing whitelist)
* profiles: replace private-opt with whitelist
In most profiles.
Kept private-opt for enpass (~85MB), mate-dictionary (<20MB),
minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't
check: xmr-stak.
* docs: note potential issues with private-opt
|
| |\
| |
| | |
New profile: floorp
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
From Breezy's documentation[1] [2]:
> Breezy is a friendly fork of the Bazaar (bzr) project, hosted on
> http://bazaar.canonical.com/. It is backwards compatibility with
> Bazaar's disk format and protocols. One of the key differences with
> Bazaar is that Breezy runs on Python 3, rather than on Python 2.
breezy is also the drop-in replacement for bazaar on Arch Linux since
pacman 6.0.2-8[3].
> By default, Breezy provides support for both the Bazaar and Git file
> formats.
Note: The profile is implemented as a git redirect.
[1] https://github.com/breezy-team/breezy
[2] https://www.breezy-vcs.org/
[3] https://gitlab.archlinux.org/archlinux/packaging/packages/pacman/-/commit/c68a4e6602e3488fa093a18d35202c76a730faf6
|
| |/
|
|
|
|
|
| |
* disable-programs.inc: add lettura support
* Create lettura.profile
* firecfg.config: add lettura
|
| | |
|
| |
|
| |
Co-authored-by: pirate486743186 <>
|
| |
|
|
|
|
|
|
| |
* profiles: refactor log viewers
Introduces system-log-common.profile as a common profile for existing
GUI log viewer applications.
* system-log-common: enable no3d
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Main changes:
* Remove the space after `#` for commented code lines to distinguish
them from normal comments
* Use `#` instead of `-` for comments at the end of the line so that
commented code lines work after being uncommented
Commands used to search and replace:
arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
git ls-files -z -- etc/inc etc/profile* | xargs -0 -I '{}' \
sh -c "printf '%s\n' \"\$(sed -E \
-e 's/^# ($arg0)( [#-]-? .*)?\$/#\\1\\2/' \
-e 's/^# ($arg1)( [^ ]*)?( [#-]-? .*)?\$/#\\1\\2\\3/' \
-e 's/^# (whitelist \\$)/#\\1/' \
-e 's/^(#[^ ].+) --? /\\1 # /' \
'{}')\" >'{}'"
Commands used to check for leftover entries:
arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
git grep -E "^# ($arg0|$arg1)( +|$)" -- etc/inc etc/profile*
See also commit 30f9ad908 ("build: improve comments in firecfg.config",
2023-08-05) / PR #5942.
|
| |
|
|
|
|
|
|
|
| |
Changes:
* Turn very long end-of-line comments into normal comments
* Turn multi-line end-of-line comments into normal comments
* Fix a comment being below instead of above the relevant entry
* Turn some comments that look like code into end-of-line comments
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
What works:
- Basic functionality
- Receiving notifications
- Voice communication
- Watching streams
What wasn't tested:
- Casting streams
- Opening links
- Tracking/displaying "current activity" as status message
- Apparmor
Notes:
- Discord tries to access system dbus (`[ERROR:bus.cc(399)] Failed to
connect to the bus: Failed to connect to socket
/run/firejail/mnt/dbus/system: Permission denied`). I don't know what
business it has with the system dbus, and didn't notice any problems
due to that.
- I had one crash after 2h of watching a stream. Probably unrelated.
Fixes #5971.
|
| |
|
|
|
|
| |
Commit 3077b2d1f blacklists `${PATH}/patch` in disable-devel.inc[1]. We
need to noblacklist it in the profiles that need it.
[1] https://github.com/netblue30/firejail/commit/3077b2d1ff6c6e26a83487ae460985157b5c61fd
|
| | |
|
| |\
| |
| | |
build: codespell improvements
|
| | |
| |
| |
| |
| |
| | |
Found by simply running `codespell .`.
Environment: codespell 2.2.5-2 on Artix Linux.
|
| |/
|
|
|
| |
mpDris2 brings MPRIS2 support to MPD:
https://github.com/eonpatapon/mpDris2
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Changes:
* comment `include whitelist-common.inc` when using `private`
* drop `private` on profiles that access files in `${HOME}`
* use `#` in comments
Relates to #903.
|
| |
|
|
|
|
|
| |
This fixes 0ad not opening on OpenSUSE Tumbleweed due to a "Permission
denied" error when trying to open "libmozjs-78.so.0".
See this issue that describes it all:
https://github.com/netblue30/firejail/issues/5938#issue-1833607321
|
| |
|
|
|
| |
* firecfg.config: add support for clac
* Create clac.profile
|
| | |
|
| |
|
|
|
|
| |
On the profiles that allow ~/.config/mpv.
Relates to #5936.
|
| |
|
|
|
| |
* firecfg.config: add daisy support
* Create daisy.profile
|
| |
|
|
|
| |
* disable-programs.inc: add new gramps dir
* gramps: add new config dir
|
| |
|
|
|
| |
* audacious: D-Bus hardening
* audacious: add noprinters
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Multiple profiles include firefox-common.profile, but not all of them
include whitelist-usr-share-common.inc.
Suggested by @glitsj16[1].
This amends commit 094892dfd ("profiles: remove /usr/share/vulkan
already whitelisted by wusc (#5910)", 2023-07-20).
[1] https://github.com/netblue30/firejail/pull/5910/files#r1269397348
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The `shell` option has been removed. Remove stale references.
This does NOT remove `shell none`-related code comments in:
- src/firejail/fs_lib.c (L433-L441)
- src/firejail/join.c (L415-L417)
Relates to #5196.
Suggested by #5891.
|
| |
|
|
|
|
|
| |
Bleachbit is used to permanently delete files by overwriting the memory.
So the most popular feature of Bleachbit is emptying the Trash.
Relates to #5337.
|
| | |
|
| |
|
| |
Co-authored-by: pirate486743186 <>
|
| | |
|
| | |
|
| |\
| |
| | |
update lobster profile
|
| | | |
|
| |/ |
|
Kelvin M. Klann
netblue30
duevo
glitsj16
veloute
pirate486743186
Frostbyte4664
haarp
leukimi
ydididodat
pirate486743186
netblue