| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
This directory contains the MAC address for connections available
Tested working with torbrowser-launcher and onionshare
Signed-off-by: Tad <tad@spotco.us>
|
| |
|
|
|
|
|
|
|
|
|
| |
* remmina.profile: allow python
* Update etc/profile-m-z/remmina.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |
|
| |
|
|
|
|
|
|
|
| |
* drop private-lib
* drop private-lib
* drop private-lib
|
|
|
|
|
|
|
| |
Logging is now default disabled in c7e4c8ed592fee7f1644152a23c3e1343b01b922
See https://github.com/netblue30/firejail/issues/5207
This reverts commit c0d314f945b405f1e90a1a43719059cd22f55de7.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Command: sed -i "/^shell none/d" etc/*/*
TODO:
```
etc/profile-a-l/beaker.profile:ignore shell none
etc/profile-a-l/default.profile:# shell none
etc/profile-a-l/fdns.profile:#shell none
etc/profile-a-l/gnome-nettool.profile:#shell none
etc/profile-a-l/jitsi-meet-desktop.profile:ignore shell none
etc/profile-m-z/pidgin.profile:# shell none
etc/profile-m-z/rocketchat.profile:ignore shell none
etc/profile-m-z/server.profile:# shell none
etc/templates/profile.template:# OPTIONS (caps*, net*, no*, protocol, seccomp*, shell none, tracelog)
etc/templates/profile.template:#shell none
```
- manpage
- RELNOTES
- fbuilder
|
| |
|
|
|
|
|
|
|
| |
transmission-{gtk,qt} (#5175)
* add comment for enabling desktop notifications
* add comment for enabling desktop notifications
|
|
|
|
| |
Changes inspired by Thunderbird profile.
|
| |
|
|\
| |
| | |
nvim: add XDG_STATE_HOME path
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Default paths as of neovim 0.7.0:
* backupdir: $XDG_DATA_HOME/nvim/backup//
* directory: $XDG_DATA_HOME/nvim/swap//
* undodir: $XDG_DATA_HOME/nvim/undo//
* viewdir: $XDG_DATA_HOME/nvim/view//
* shada file: $XDG_DATA_HOME/nvim/shada/main.shada
* log dir: $XDG_CACHE_HOME/nvim/log
Default paths as of [1]:
* backupdir: $XDG_STATE_HOME/nvim/backup//
* directory: $XDG_STATE_HOME/nvim/swap//
* undodir: $XDG_STATE_HOME/nvim/undo//
* viewdir: $XDG_STATE_HOME/nvim/view//
* shada file: $XDG_STATE_HOME/nvim/shada/main.shada
* log dir: $XDG_STATE_HOME/nvim/log
[1] https://github.com/neovim/neovim/pull/15583
|
| |
| |
| |
| |
| | |
* update for wget2
* allow ${HOME}/.local/share/wget
|
|/
|
|
|
|
|
| |
Fails to start without this, eg:
FileNotFoundError: [Errno 2] No such file or directory: '/usr/share/onionshare/images/favicon.ico'
Signed-off-by: Tad <tad@spotco.us>
|
|
|
|
|
|
| |
After a3f00edb32aca7516d690db046dd1ed3eb186bdd
Signed-off-by: Tad <tad@spotco.us>
|
| |
|
| |
|
|
|
|
| |
closes #4965
|
| |
|
| |
|
|\
| |
| | |
harden vlc
|
| |
| |
| |
| |
| | |
apparmor doesn't disable D-Bus anymore, so add it back
remove memory-deny-write-execute comment, as this also breaks JIT compiled QtQuick nowadays
|
| | |
|
|/
|
| |
https://store.steampowered.com/app/219150/Hotline_Miami/
|
| |
|
|
|
|
|
| |
* megaglest.profile: Add allow-lua.inc
* Move comment to line above
|
|\
| |
| | |
ping: (extra) hardening
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/
|
| |
[nvm](https://github.com/nvm-sh/nvm) is implemented as a sourced shell function, not an executable binary. Regular sandboxing doesn't work but we can add nvm support to the applications used by it internally (curl, sha256sum, tar & wget).
|
|
|
|
|
|
|
| |
* ocenaudio: blacklist cache dir
* ocenaudio: hardenings
* ocenaudio: fix protocol comment
|
|
|
|
|
|
|
|
|
| |
* pip: fix including local override
* pip: allow access to cache
The shared build-systems-common.profile (to which pip.profile redirects) blacklists ${HOME}/.cache/pip. Override that here.
* pip: add cache support in commented whitelist
|
|
|
|
|
| |
* opera fixes
* disable-common.inc: add blacklist /usr/lib/opera/opera_sandbox
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/netblue30/firejail/discussions/4993 (#5042)
* refactor mupdf
* refactor mupdf
* refactor mupdf
* refactor mupdf
* add mupdf-gl blacklist
* move history file back to mupdf-gl
* refactor mupdf-gl
* add no3d to mupdf.profile
* add suggestions from review
* drop unix from protocol [accumulates]
* fix protocol
|
|
|
|
|
|
|
|
|
| |
* drop redundant noblacklist
noblacklist ${HOME}/.vscode-oss already exists in included code.profile
* remove newline
Nitpick for persistency with other profiles that have the comment about #2624.
|
|
|
|
|
|
|
| |
* hardening onionshare-gui.profile
* add another dbus-user filter to onionshare-gui.profile
* harden onionshare
|