aboutsummaryrefslogtreecommitdiffstats
path: root/etc/profile-m-z/min.profile
Commit message (Collapse)AuthorAge
* move whlist /usr/share/chromium from chomium-comm…Libravatar rusty-snake2020-12-21
| | | | | | | | …on to chromium, remove the nowhlist from min and its whlist from riot-web. TODO: remove the 'ignore whitelist /usr/share/chomium' from the most profiles with it.
* fixes, closes, enhances, improvements, and so onLibravatar rusty-snake2020-11-09
| | | | | | | | | | | | | | | | | | | - .github/ISSUE_TEMPLATE/bug_report.md: get ride off spanish, french, ... error messages - etc/inc/firefox-common-addons.inc: support ff2mpv - etc/profile-a-l/gimp.profile: note about xsane - etc/profile-m-z/min.profile: prettify - etc/profile-m-z/mpsyt.profile: fix, add lua - etc/profile-m-z/qbittorrent.profile: add note for tray-icons; this will get a better note once I investigated and audited all the D-Bus tray stuff. - etc/profile-m-z/transmission-daemon.profile: fix, add protocol packet close #3686 - mps-youtube needs lua close #3701 - Firefox native messaging regression in 0.9.62.4 -> 0.9.64rc1 close #3636 - transmission-daemon fills log with error close #3640 - Gimp - add note how to enable scanning (xsane) close #3707 - qBittorrent tray icon missing from notification panel when running it with firejail
* fix min.profileLibravatar glitsj162020-11-09
| | | As per https://github.com/netblue30/firejail/pull/3688#discussion_r511290714 min needs wusc. Runs fine with wruc too so let's fix min for users.
* rework chromium (#3688)Libravatar rusty-snake2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * rework chromium + 516d0811 has removed fundamental security features. (remove caps.drop=all, nonewprivs, noroot, seccomp, protocol; add caps.keep) Though this is only necessary if running under a kernel which disallow unprivileged userns clones. Arch's linux-hardened and debian kernel are patched accordingly. Arch's linux and linux-lts kernels support this restriction via sysctk (kernel.unprivileged_userns_clone=0) as users opt-in. Other kernels such as mainline or fedora/redhat always support unprivileged userns clone and have no sysctl parameter to disable it. Debian and Arch users can enable it with 'sysctl kernel.unprivileged_userns_clone=1'. This commit adds a chromium-common-hardened.inc which can be included in chromium-common to enhance security of chromium-based programs. + chromium-common.profile: add private-cache + chromium-common.profile: add wruc and wusc, but disable it for the following profiles until tested. tests welcome. - [ ] bnox, dnox, enox, inox, snox - [ ] brave - [ ] flashpeak-slimjet - [ ] google-chrome, google-chrome-beta, google-chrome-unstable - [ ] iridium - [ ] min - [ ] opera, opera-beta + move vivaldi-snapshot paths from vivaldi-snapshot.profile to vivaldi. /usr/bin/vivaldi is a symlink to /etc/alternatives/vivaldi which can be vivaldi-stable, vivaldi-beta or vivaldi-snapshot. vivaldi-snapshot.profile missed also some features from vivaldi.profile, solve this by making it redirect to vivaldi.profile. TODO: exist new paths such as .local/lib/vivaldi also for vivaldi-snapshot? + create chromium-browser-privacy.profile (closes #3633) * update 1 + add missing 'ignore whitelist /usr/share/chromium' + revert 'Move drm-relaktions in vivaldi.profile behind BROWSER_ALLOW_DRM.'. This breaks not just DRM, it break things such as AAC too. In addition vivaldi shows a something is broken pop-up, we would have a lot of 'does not work with firejail' issues. * update 2 * update 3 fixes #3709
* reorganize github etc directoryLibravatar netblue302020-04-21
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-16 14:38:02 +0000