aboutsummaryrefslogtreecommitdiffstats
path: root/etc/profile-m-z
Commit message (Collapse)AuthorAge
* Merge pull request #5259 from smitsohu/nsLibravatar smitsohu2022-07-31
|\ | | | | introduce new option restrict-namespaces
| * introduce new option restrict-namespacesLibravatar smitsohu2022-07-23
| |
* | Deny Tor related profiles access to /sys/class/netLibravatar Tad2022-07-23
| | | | | | | | | | | | | | | | This directory contains the MAC address for connections available Tested working with torbrowser-launcher and onionshare Signed-off-by: Tad <tad@spotco.us>
* | viewnior.profile: allow accessing its /usr/share directory (#5270)Libravatar NetSysFire2022-07-23
|/
* remmina.profile: allow python3 (#5253)Libravatar NetSysFire2022-07-17
| | | | | | | | | * remmina.profile: allow python * Update etc/profile-m-z/remmina.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* add Colossal Order to steam.profileLibravatar 0x9fff002022-07-05
|
* add Paradox Launcher to Steam profileLibravatar Serphentas2022-06-26
|
* Transmission fixes: drop private-lib (#5213)Libravatar glitsj162022-06-22
| | | | | | | * drop private-lib * drop private-lib * drop private-lib
* Revert "xonotic.profile: fix audit denial spam"Libravatar Tad2022-06-20
| | | | | | | Logging is now default disabled in c7e4c8ed592fee7f1644152a23c3e1343b01b922 See https://github.com/netblue30/firejail/issues/5207 This reverts commit c0d314f945b405f1e90a1a43719059cd22f55de7.
* reverting previous seccomp log fix (#5207)Libravatar netblue302022-06-20
|
* Remove shell none from profilesLibravatar rusty-snake2022-06-19
| | | | | | | | | | | | | | | | | | | | | | | Command: sed -i "/^shell none/d" etc/*/* TODO: ``` etc/profile-a-l/beaker.profile:ignore shell none etc/profile-a-l/default.profile:# shell none etc/profile-a-l/fdns.profile:#shell none etc/profile-a-l/gnome-nettool.profile:#shell none etc/profile-a-l/jitsi-meet-desktop.profile:ignore shell none etc/profile-m-z/pidgin.profile:# shell none etc/profile-m-z/rocketchat.profile:ignore shell none etc/profile-m-z/server.profile:# shell none etc/templates/profile.template:# OPTIONS (caps*, net*, no*, protocol, seccomp*, shell none, tracelog) etc/templates/profile.template:#shell none ``` - manpage - RELNOTES - fbuilder
* fixing seccomp log (#5207)Libravatar netblue302022-06-17
|
* Add comment for enabling D-Bus desktop notifications to ↵Libravatar glitsj162022-06-05
| | | | | | | transmission-{gtk,qt} (#5175) * add comment for enabling desktop notifications * add comment for enabling desktop notifications
* seamonkey.profile: support enigmail/gpgLibravatar Hartmut Knaack2022-05-28
| | | | Changes inspired by Thunderbird profile.
* unbound: seccomp cleanupLibravatar smitsohu2022-05-21
|
* Merge pull request #5141 from kmk3/nvim-add-xdg-state-homeLibravatar netblue302022-05-20
|\ | | | | nvim: add XDG_STATE_HOME path
| * nvim: add XDG_STATE_HOME pathLibravatar Kelvin M. Klann2022-05-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Default paths as of neovim 0.7.0: * backupdir: $XDG_DATA_HOME/nvim/backup// * directory: $XDG_DATA_HOME/nvim/swap// * undodir: $XDG_DATA_HOME/nvim/undo// * viewdir: $XDG_DATA_HOME/nvim/view// * shada file: $XDG_DATA_HOME/nvim/shada/main.shada * log dir: $XDG_CACHE_HOME/nvim/log Default paths as of [1]: * backupdir: $XDG_STATE_HOME/nvim/backup// * directory: $XDG_STATE_HOME/nvim/swap// * undodir: $XDG_STATE_HOME/nvim/undo// * viewdir: $XDG_STATE_HOME/nvim/view// * shada file: $XDG_STATE_HOME/nvim/shada/main.shada * log dir: $XDG_STATE_HOME/nvim/log [1] https://github.com/neovim/neovim/pull/15583
* | updates for wget2 (#5152)Libravatar glitsj162022-05-20
| | | | | | | | | | * update for wget2 * allow ${HOME}/.local/share/wget
* | onionshare-gui.profile: fix breakageLibravatar Tad2022-05-20
|/ | | | | | | Fails to start without this, eg: FileNotFoundError: [Errno 2] No such file or directory: '/usr/share/onionshare/images/favicon.ico' Signed-off-by: Tad <tad@spotco.us>
* xonotic.profile: fix audit denial spamLibravatar Tad2022-05-12
| | | | | | After a3f00edb32aca7516d690db046dd1ed3eb186bdd Signed-off-by: Tad <tad@spotco.us>
* okLibravatar Łukasz Mariański2022-04-23
|
* Fix glob pattern and update other profiles/includesLibravatar Łukasz Mariański2022-04-23
|
* Fix chromium browsers in firejail 0.9.68Libravatar rusty-snake2022-04-14
| | | | closes #4965
* fix --writable-etcLibravatar netblue302022-04-12
|
* small fixesLibravatar netblue302022-04-10
|
* Merge pull request #5092 from smitsohu/vlcLibravatar smitsohu2022-04-10
|\ | | | | harden vlc
| * harden vlcLibravatar smitsohu2022-04-10
| | | | | | | | | | apparmor doesn't disable D-Bus anymore, so add it back remove memory-deny-write-execute comment, as this also breaks JIT compiled QtQuick nowadays
* | unbound: fixes, blacklist all of ${RUNUSER}Libravatar smitsohu2022-04-10
| |
* | steam: add HotLine Miami (#5097)Libravatar Kelvin M. Klann2022-04-08
|/ | | https://store.steampowered.com/app/219150/Hotline_Miami/
* teams: drop doubled option (#5087)Libravatar glitsj162022-04-01
|
* megaglest.profile: Add allow-lua.inc (#5066)Libravatar NetSysFire2022-03-25
| | | | | * megaglest.profile: Add allow-lua.inc * Move comment to line above
* Merge pull request #5061 from glitsj16/ping-fixesLibravatar netblue302022-03-24
|\ | | | | ping: (extra) hardening
| * ping: fix hardening commentLibravatar glitsj162022-03-21
| |
| * Create ping-hardened.inc.profileLibravatar glitsj162022-03-21
| |
| * ping: extra hardeningLibravatar glitsj162022-03-21
| |
* | nodejs-common: fix noteLibravatar glitsj162022-03-21
| |
* | Create semver.profileLibravatar glitsj162022-03-20
| |
* | Create npx.profileLibravatar glitsj162022-03-20
| |
* | Create node-gyp.profileLibravatar glitsj162022-03-20
| |
* | nodejs-common: add comment & minor hardeningLibravatar glitsj162022-03-20
| |
* | wget: add nvm support commentLibravatar glitsj162022-03-20
| |
* | webui-aria2: add nvm supportLibravatar glitsj162022-03-20
| |
* | webstorm: fix orderingLibravatar glitsj162022-03-20
| |
* | tar: add nvm support commentLibravatar glitsj162022-03-20
| |
* | sha256sum: add nvm support commentLibravatar glitsj162022-03-20
| |
* | nvm: remove profileLibravatar glitsj162022-03-20
|/ | | [nvm](https://github.com/nvm-sh/nvm) is implemented as a sourced shell function, not an executable binary. Regular sandboxing doesn't work but we can add nvm support to the applications used by it internally (curl, sha256sum, tar & wget).
* ocenaudio hardening (#5056)Libravatar glitsj162022-03-18
| | | | | | | * ocenaudio: blacklist cache dir * ocenaudio: hardenings * ocenaudio: fix protocol comment
* pip: fixes (#5053)Libravatar glitsj162022-03-15
| | | | | | | | | * pip: fix including local override * pip: allow access to cache The shared build-systems-common.profile (to which pip.profile redirects) blacklists ${HOME}/.cache/pip. Override that here. * pip: add cache support in commented whitelist
* opera fixes (#5041)Libravatar glitsj162022-03-14
| | | | | * opera fixes * disable-common.inc: add blacklist /usr/lib/opera/opera_sandbox
* mupdf refactoring cfr. ↵Libravatar glitsj162022-03-14
| | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/netblue30/firejail/discussions/4993 (#5042) * refactor mupdf * refactor mupdf * refactor mupdf * refactor mupdf * add mupdf-gl blacklist * move history file back to mupdf-gl * refactor mupdf-gl * add no3d to mupdf.profile * add suggestions from review * drop unix from protocol [accumulates] * fix protocol
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-18 18:48:34 +0000