| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Main changes:
* Remove the space after `#` for commented code lines to distinguish
them from normal comments
* Use `#` instead of `-` for comments at the end of the line so that
commented code lines work after being uncommented
Commands used to search and replace:
arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
git ls-files -z -- etc/inc etc/profile* | xargs -0 -I '{}' \
sh -c "printf '%s\n' \"\$(sed -E \
-e 's/^# ($arg0)( [#-]-? .*)?\$/#\\1\\2/' \
-e 's/^# ($arg1)( [^ ]*)?( [#-]-? .*)?\$/#\\1\\2\\3/' \
-e 's/^# (whitelist \\$)/#\\1/' \
-e 's/^(#[^ ].+) --? /\\1 # /' \
'{}')\" >'{}'"
Commands used to check for leftover entries:
arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
git grep -E "^# ($arg0|$arg1)( +|$)" -- etc/inc etc/profile*
See also commit 30f9ad908 ("build: improve comments in firecfg.config",
2023-08-05) / PR #5942.
|
| |
|
|
|
|
|
|
|
| |
Changes:
* Turn very long end-of-line comments into normal comments
* Turn multi-line end-of-line comments into normal comments
* Fix a comment being below instead of above the relevant entry
* Turn some comments that look like code into end-of-line comments
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
What works:
- Basic functionality
- Receiving notifications
- Voice communication
- Watching streams
What wasn't tested:
- Casting streams
- Opening links
- Tracking/displaying "current activity" as status message
- Apparmor
Notes:
- Discord tries to access system dbus (`[ERROR:bus.cc(399)] Failed to
connect to the bus: Failed to connect to socket
/run/firejail/mnt/dbus/system: Permission denied`). I don't know what
business it has with the system dbus, and didn't notice any problems
due to that.
- I had one crash after 2h of watching a stream. Probably unrelated.
Fixes #5971.
|
| |
|
|
|
|
| |
Commit 3077b2d1f blacklists `${PATH}/patch` in disable-devel.inc[1]. We
need to noblacklist it in the profiles that need it.
[1] https://github.com/netblue30/firejail/commit/3077b2d1ff6c6e26a83487ae460985157b5c61fd
|
| | |
|
| |\
| |
| | |
build: codespell improvements
|
| | |
| |
| |
| |
| |
| | |
Found by simply running `codespell .`.
Environment: codespell 2.2.5-2 on Artix Linux.
|
| |/
|
|
|
| |
mpDris2 brings MPRIS2 support to MPD:
https://github.com/eonpatapon/mpDris2
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Changes:
* comment `include whitelist-common.inc` when using `private`
* drop `private` on profiles that access files in `${HOME}`
* use `#` in comments
Relates to #903.
|
| |
|
|
|
|
|
| |
This fixes 0ad not opening on OpenSUSE Tumbleweed due to a "Permission
denied" error when trying to open "libmozjs-78.so.0".
See this issue that describes it all:
https://github.com/netblue30/firejail/issues/5938#issue-1833607321
|
| |
|
|
|
| |
* firecfg.config: add support for clac
* Create clac.profile
|
| | |
|
| |
|
|
|
|
| |
On the profiles that allow ~/.config/mpv.
Relates to #5936.
|
| |
|
|
|
| |
* firecfg.config: add daisy support
* Create daisy.profile
|
| |
|
|
|
| |
* disable-programs.inc: add new gramps dir
* gramps: add new config dir
|
| |
|
|
|
| |
* audacious: D-Bus hardening
* audacious: add noprinters
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Multiple profiles include firefox-common.profile, but not all of them
include whitelist-usr-share-common.inc.
Suggested by @glitsj16[1].
This amends commit 094892dfd ("profiles: remove /usr/share/vulkan
already whitelisted by wusc (#5910)", 2023-07-20).
[1] https://github.com/netblue30/firejail/pull/5910/files#r1269397348
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The `shell` option has been removed. Remove stale references.
This does NOT remove `shell none`-related code comments in:
- src/firejail/fs_lib.c (L433-L441)
- src/firejail/join.c (L415-L417)
Relates to #5196.
Suggested by #5891.
|
| |
|
|
|
|
|
| |
Bleachbit is used to permanently delete files by overwriting the memory.
So the most popular feature of Bleachbit is emptying the Trash.
Relates to #5337.
|
| | |
|
| |
|
| |
Co-authored-by: pirate486743186 <>
|
| | |
|
| | |
|
| |\
| |
| | |
update lobster profile
|
| | | |
|
| |/ |
|
| | |
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| | |
I assume most people want this on, since it is a messenger application,
and you can control whether you turn it on or off in the app.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For consistency and to reduce confusion.
The toolkit has been renamed from "GTK+" to just "GTK" in 2019[1].
Note: This also fixes some adjacent typos.
Commands used to search and replace:
$ git grep -lz 'G[Tt][Kk]' -- etc | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(sed -E \
-e 's/G[Tt][Kk]\+?/GTK/g' \
-e 's/GTK-.\.0/GTK/g' \
-e 's/GTK base/GTK-base/g' \
-e 's/GTK-base /GTK-based /g' \
-e 's/Light weight/Lightweight/g' \
-e 's/client with GTK/client made with GTK/g' '{}')\" >'{}'"
Misc: I noticed this on #5722.
[1] https://mail.gnome.org/archives/gtk-devel-list/2019-February/msg00000.html
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Command used to search for entries:
$ git grep '^read-only ${HOME}/' -- 'etc/profile*'
Note for gpg: ~/.gnupg/gpg.conf is apparently only managed by gpgconf(1)
rather than through gpg(1) itself, in which case it does not need to be
made read-write in gpg.profile.
|
| | |
| |
| |
| |
| |
| |
| | |
Instead of duplicating them on every profile that tries to allow opening
links in Firefox.
And make that path read-write on firefox.profile.
|
| | |
| |
| |
| |
| |
| |
| | |
Note: mpv itself does not modify anything in ~/.config/mpv as far as I
know, in which case it does not need a read-write entry.
Relates to #5706 #5707 #5710.
|
| | |\
| | |
| | | |
create blink-common.profile
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
KeePassXC can offer a Secret Service to store secrets for other
programs.
See https://specifications.freedesktop.org/secret-service/latest/
|
| | | | |
|
| | | |
| | |
| | | |
Co-authored-by: pirate486743186 <>
|
| | | |
| | |
| | | |
Co-authored-by: pirate486743186 <>
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now that we have randomized UTS namespaces support[1] by default for
every sandbox, there's no longer a need to set hostname to a fixed
value. This commit removes such fixed hostname entries from all
profiles that have it.
[1] https://github.com/netblue30/firejail/discussions/5597#discussioncomment-4996357
|
| | | |
| | |
| | |
| | |
| | | |
No functional changes.
Relates to #639.
|
| | |\ \
| | | |
| | | | |
refactor yt-dlp
|
Kelvin M. Klann
haarp
glitsj16
netblue30
pirate486743186
leukimi
ydididodat
pirate486743186
netblue
Pedro Ribeiro
Thijs Raymakers
Kobaxidze256