| Commit message (Collapse) | Author | Age |
... | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
|
|\ \
| | |
| | | |
kcalc.profile: fix mkfile without mkdir & comment legacy paths
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Leave them commented.
With this commit, there are no more profiles creating paths in ~/.kde
nor in ~/.kde4:
$ git grep -e '^mkdir .*\.kde' -e '^mkfile .*\.kde' -- etc
$
See also commit 3ef030257 ("ktorrent.profile: stop creating legacy KDE
paths", 2022-10-11) / PR #5415.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
firejail may fail to create the following files:
* ~/.kde/share/config/kcalcrc
* ~/.kde4/share/config/kcalcrc
Because it does not create the preceding directories beforehand:
* ~/.kde/share/config
* ~/.kde4/share/config
See also commit 7f1906dba ("ktorrent.profile: fix mkfile without mkdir",
2022-10-11) / PR #5415.
|
|/ /
| |
| |
| |
| |
| |
| | |
* fix whitelisting in ${RUNUSER}
See discussions https://github.com/netblue30/firejail/discussions/5495 for context.
* Prevent whitelisting ${RUNUSER} comment
|
| | |
|
|\ \
| | |
| | | |
ktorrent.profile: fix mkfile without mkdir & comment legacy paths
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Package-provided binaries:
$ pacman -Q ktorrent
ktorrent 22.08.3-1.2
$ pacman -Qlq ktorrent | grep bin/.
/usr/bin/ktmagnetdownloader
/usr/bin/ktorrent
/usr/bin/ktupnptest
Environment: Artix Linux
|
| | |
| | |
| | |
| | | |
Leave them commented.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
firejail fails to create the following files:
* ~/.kde/share/config/ktorrentrc
* ~/.kde4/share/config/ktorrentrc
Because it does not create the preceding directories beforehand:
* ~/.kde/share/config
* ~/.kde4/share/config
Relates to #5414.
|
| | | |
|
|\ \ \
| | | |
| | | | |
lutris.profile: fix running League of Legends
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
@Latrolage on Oct 20, 2022[1]:
> When I open the game the only error line which appears is this
> `modify_ldt: Operation not permitted`
So as suggested by @Latrolage[1] and @rusty-snake[2], allow the
`modify_ldt` syscall in seccomp.
Fixes #5430.
[1] https://github.com/netblue30/firejail/discussions/5430#discussion-4488996
[2] https://github.com/netblue30/firejail/discussions/5430#discussioncomment-3924098
Reported-by: @Latrolage
|
|\ \ \ \
| |_|_|/
|/| | | |
Profile fixes
|
| | | | |
|
| | | | |
|
| |/ / |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Create cinelerra-gg
* add cinelerra-gg to `New profiles` section
* Add cinelerra-gg to firecfg.config
|
| | |
| | |
| | | |
Fixes #5463 by adding netlink to the list of allowed protocols
|
|/ /
| |
| |
| |
| | |
* Create godot3.profile
* Add godot3 redirect to firecfg.config
|
|/
|
|
| |
Closes #5437
|
|\
| |
| | |
electron-mail.profile refactoring
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changes:
- redirect to electron.profile
- fix program name
- update program description
- allow /bin/sh
- allow opening links in Firefox
- remove no3d, nonewprivs, noroot, protocol, seccomp
- add machine-id, nosound
- remove private-bin, disable-mnt
- harden private-etc
- allow D-Bus notifications, secrets
|
|\ \
| | |
| | | |
Streamline Firefoxes D-Bus filtering
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
profiles: allow perl/exiftool on the relevant profiles
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Programs that seem to support exiftool:
$ LC_ALL=C pacman -Sii perl-image-exiftool |
grep -e '^Version' -e '^Required' -e '^Optional For' | head -n 3
Version : 12.42-1
Required By : digikam geotag gitlab-workhorse mat2 rapid-photo-downloader
Optional For : darktable geeqie gpsprune hugin jpeg-archive ranger recoll shutter
Environment: Artix Linux.
Note for hugin.profile: Does not currently work with private-bin on
Arch/Artix; see the private-bin comment on
etc/profile-a-l/exiftool.profile.
Relates to #5365.
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As mentioned in its description, this profile is intended for an IDE, so
allow paths used for development and stop including the following
profiles:
* disable-devel.inc
* disable-exec.inc
* disable-interpreters.inc
Fixes #5292.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* use both capitalized and regular discord commands to private-bin
* use both capitalized and regular discord commands to private-bin
* add awk and which to private-bin for better xdg-open support
* use both capitalized and regular discord commands to private-bin
* use both capitalized and regular discord commands to private-bin
* refactor CamelCased discord profiles
* refactor CamelCased discord profiles
* fix private-{bin,opt} sorting
* fix private-{bin,opt} sorting
* unfuck private-{bin,opt} sorting
* unfuck private-{bin,opt} sorting
* fix sorting once more for CI
* fix sorting once again for CI
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Fix Firefox 'Profile not found' for psd (v6.45)
code change: `whitelist ${RUNUSER}/psd/*firefox*`
fixes: #4568
* Whitelist ${RUNUSER}/psd/*firefox*
* Fix workflow for github
|
| |
| |
| | |
Co-authored-by: Albert Kim <alkim@alkim.org>
|
| | |
|
|\ \
| | |
| | | |
lbry-viewer.profile create
|
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* fix(audacity): !5281 sharedlib bug on Arch/Fedora
removed `private-bin` line from audacity profile as it appears to block
access to shared libraries needed to start audacity on some
distributions.
Relates to github issue #5281
* fix(audacity): Disabling apparmor and reenabling private-bin
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add gdu to 'new profiles' section
* Create gdu.profile
* add gdu to firecfg
* harden gdu sandbox
* fix protocol
* simulate empty protocol in gdu
* more user-friendly gdu sandboxing
|