| Commit message (Collapse) | Author | Age |
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Leaving it limited to only ssh, ssh-agent and seahorse by default seems
unnecessarily restrictive.
From ssh(1):
> The most convenient way to use public key or certificate
> authentication may be with an authentication agent. See ssh-agent(1)
> and (optionally) the AddKeysToAgent directive in ssh_config(5) for
> more information.
$ pacman -Q openssh
openssh 8.4p1-2
With ssh-agent(1) running in the background (and with the private key(s)
loaded through ssh-add(1)), ssh(1) doesn't need direct access to the
actual key pair(s), so you could probably get away with this on
allow-ssh.local:
ignore noblacklist ${HOME}/.ssh
noblacklist ${HOME}/.ssh/config
noblacklist ${HOME}/.ssh/config.d
noblacklist ${HOME}/.ssh/known_hosts
And then this on the profiles of ssh key pair managers, such as
seahorse.local:
noblacklist ${HOME}/.ssh
|
|
|
|
|
|
|
|
|
|
|
| |
And move the scattered `noblacklist ${HOME}/.ssh` entries into it.
Command used to find the relevant files:
$ grep -Fnr 'noblacklist ${HOME}/.ssh' etc
Also, add it to profile.template, as reminded by @rusty-snake at
https://github.com/netblue30/firejail/pull/3885#pullrequestreview-567527031
|
|
|
| |
At least on Ubuntu 16.04 LTS we need an additional own.
|
|
|
|
|
|
|
| |
* dbus filter (1)
* dbus-filter: firefox
* drop org.gtk.vfs and com.canonical.AppMenu.Registrar
|
|
|