| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |\
| |
| | |
Some minor changes
|
| | | |
|
| |\ \
| |/
|/| |
Delete *.profie
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added on commit 41f69f7a7 ("Commons of opengl-game-wrapper.sh") /
PR #4071.
Each one is a duplicate of a .profile file that was added on the same
commit.
Commands used to search and replace (which is what causes their
deletion):
$ git ls-files -z -- '*.profie' | xargs -0 -I '{}' sh -c
"git mv -f '{}' \"\`printf '%s\n' '{}' | sed 's/.[^.]*$//'\`.profile\""
|
| |/ |
|
| |\
| |
| | |
Commons of opengl-game-wrapper.sh
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[skip ci]
- Add allow-opengl-game.inc
- Add profiles for alienarena-wrapper, ballbuster-wrapper,
colorful-wrapper, etr-wrapper, gl-117-wrapper, glaxium-wrapper,
neverball-wrapper, neverputt-wrapper, pinball-wrapper,
supertuxkart-wrapper
- Use allow-opengl-game.inc in xonotic.profile and the profiles above
- xonotic.profile: simplify private-bin by using xonotic*
|
| | |
| |
| |
| |
| |
| |
| | |
…, gl-117, glaxium, pinball
alienarena is missing in firecfg.config by intention, I didn't tested
any online multiplayer.
|
| |\ \
| | |
| | | |
Add examples how to allow browser access to Gnome extensions connector
|
| | | |
| | |
| | |
| | | |
Fixes #4177.
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add firedragon profile
* Point private-etc to firefox-common.local
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* Add to firecfg.config
* Add firedragon to disable-programs.inc
* Correct dir
* Remove private-etc
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
as pointed out by @glitsj16 in 51e67fd4.
> FYI, a quick check shows atool,bsdtar,xzdec,unzstd are still missing
> from private-bin. Not sure if we actually need to bring those in too.
They add virtually no new permissions fr has already a long private-bin
with dozens of archivers. Before we break anything I add them.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
README.md/RELNOTES:
- Add new profiles
etr.profile:
- adding passwd to private-etc makes it work for me
file-roller.profile
- add netfilter
- add zstd to private-bin
- add cp,mv,rm to private-bin which seems to be necessary in some
cases.
#4113 is likely fixed with this but wait for OP.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add Sway profile
* Fix issue
Not working then including firefox-common-addons.profile
* Allow sway's fallback config
* So I agree with @glitsj16 and @BL4CKH47H4CK3R
so..
`No its not needed as it reveals lots of important /usr/share folders like /usr/share/fonts which can used for font fingerprinting and OS detection. Like the site or attacker will know that which font you are using. Linux and windows common font are not same so its a problem. Besides there are so many other important folders as I see. Librewolf can launch and work perfectly without this options`
* well..
Revert `include whitelist-usr-share-common.inc`
Sync with Firefox profile
* 😄 What just hapened
* 🔄 Sync with upstream
* Merge tested from PR
* 🔄 Sync with upstream
* Merge tested from PR
* Revert changes
* Add Sway profile
* Fix issue
Not working then including firefox-common-addons.profile
* Allow sway's fallback config
* So I agree with @glitsj16 and @BL4CKH47H4CK3R
so..
`No its not needed as it reveals lots of important /usr/share folders like /usr/share/fonts which can used for font fingerprinting and OS detection. Like the site or attacker will know that which font you are using. Linux and windows common font are not same so its a problem. Besides there are so many other important folders as I see. Librewolf can launch and work perfectly without this options`
* 🔄 Rebase
* 😄 What just hapened
* Merge tested from PR
* 🔄 Sync with upstream
* Merge tested from PR
* Revert changes
* Update
* Update librewolf.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* opt-in for brave's native tor support
* fix brave's native tor support
* warn about potential tor breakage when using apparmor
* update comment for opting in to tor
* move brave's tor apparmor fix in brave.profile
|
| | |
| |
| | |
Fixes #4202 until we have tooling to generate system-specific lists at install time, as suggested by @loveshack.
|
| | |
| |
| |
| |
| | |
* New profile: Quodlibet
* New profile: Quodlibet
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
discord-canary.profile:
fix #4175
flameshot.profile:
- private-tmp break flameshot (wayland only?)
- Screengrabbing (under wayland) is done via dbus, the following names
must be allowed:
- GNOME: org.gnome.Shell
- KDE: org.kde.KWin
- Sway: org.freedesktop.portal.Desktop
- Allow notifications and tray too, because org.gnome.Shell (for
example) is already totaly unsafe.
mumble.profile:
fix #4181
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
|
| | |
|
| |
|
|
|
|
| |
/usr/bin/dropbox needs access to python3, at least for dropbox
command-line interface version 2020.03.04 as packaged by the RPM Fusion
project. Fixes issue #4150
|
| | |
|
| |
|
|
| |
[skip ci]
|
| | |
|
| | |
|
| |\
| |
| | |
Rename chromium-common-hardened and feh-network …
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
…again
I am still not really happy about the rename from #4028, #4029, #4030
and #4031. I've no problem with moving away .inc but I don't like the
result. So here's a proposal to make this better:
| NAME | DESCRIPTION |
| ------------------------- | ------------------------------------------------------------ |
| `*-addons.profile` | (include) Allow external addons |
| `*-common.profile` | (include) Common parts across multiple profiles |
| `*-hardened.inc.profile` | Further hardening which can not be made default |
| `*-network.inc.profile` | Allow optional network access |
| `*-whitelist.inc.profile` | Enabled whitelisting (which can not be made default) ¹ |
| `*.inc.profile` | Other profile specific includes |
| `*.profile` | A profile for a program |
| `allow-*.inc` | Multiple `noblacklist`s that should always be used together |
| `disable-*.inc` | `blacklist`ing |
| `whitelist-*-common.inc` | common `whitelist`s |
| `*.inc` | Other generic includes |
| `globals.local` | User overrides for all profiles |
| `*.local` | Per profile user overrides |
¹ can be used for programs like KeePassXC or editors.
|
| |\ \
| | |
| | | |
Update vmware.profile & dbus-policy for amarok
|
| | | | |
|
| | | | |
|
| | |/
|/|
| | |
#2989
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
Add profile for checksum tools
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* Oops! Thanks for catching.
* Add quiet
|
| |\ \ \
| | | |
| | | | |
Fix for KeePassXC plugin
|
| | | | |
| | | |
| | | |
| | | | |
Moved in the right place as in template
https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template
|
| | | | |
| | | |
| | | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
KeePassXC changed the socket name.
https://github.com/keepassxreboot/keepassxc/commit/a145bf91191f0a4630a7e31654aff8a8dfd09bf0
Keep also old socket name in whitelist for back compatibility
|
| |\ \ \ \
| | | | |
| | | | | |
fixing dbus filtering for engrampa
|
| | | |_|/
| |/| | |
|
| |\ \ \ \
| |/ / /
|/| | | |
Create bcompare.profile
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
rusty-snake
Neo00001
Kelvin M. Klann
Jose Riha
Nico
Vladislav Nepogodin
glitsj16
Bundy01
Matthew Cline
netblue30
Nicola Davide Mannarelli
pirate486743186
Ted Robertson