| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* zoom.profile: whitelist ~/.config/zoom.conf
With Zoom version 5.12.6, Zoom changed how they handle encrypting the local
database. This change resulted in the new file zoom.conf being used. As it is
not allowed by the current profile, this could lead to users losing their chat
history if they cannot be retrieved from the cloud (e.g. when e2e encryption is
used).
* zoom.profile: noblacklist ~/.config/zoom.conf
Additional blacklisting for other programs to the configuration file.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
email-common refactoring
|
| | |
|
|\ \
| | |
| | | |
New profiles: linuxqq/qq
|
| |\| |
|
| | | |
|
| | |
| | |
| | | |
As suggested in review.
|
| |/
|/| |
|
|\ \
| | |
| | | |
claws-mail and sylpheed D-Bus hardening
|
| |/ |
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* disable-programs.inc: add ssmtp support
* Create ssmtp.profile
* ssmtp: support Debian/Ubuntu
* README.md: add ssmtp to 'New profiles' section
* disable-common.inc: move ssmtp support to keep CI happy
* ssmtp: improve dead.letter comment
Suggested in [review](https://github.com/netblue30/firejail/pull/5544#pullrequestreview-1225322546).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* seahorse: fixes and hardening
* seahorse-daemon: hardening
* seahorse-tool: move private-etc items to seahorse
* seahorse: unbreak nautilus file encryption
As suggested [in review](https://github.com/netblue30/firejail/pull/5543#pullrequestreview-1225250520).
* seahorse-tool: move private-tmp to seahorse
* seahorse: add private-tmp
* seahorse: fix access to ssh-agent socket
|
| |
|
| |
|
|
|
|
|
| |
* qbittorrent: add support for Qt6
* wusc: add support for Qt6
|
|
|
| |
Overlooked [this comment](https://github.com/netblue30/firejail/pull/5389#discussion_r992471940) that pointed out a mistake I made.
|
|
|
|
|
|
|
|
|
| |
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add firecfg support for tesseract
* Add tesseract to 'New profiles' section in README.md
* Create tesseract.profile
* tesseract: fix private-etc
* tesseract: fix XDG black/whitelisting
* tesseract: use 'seccomp socket' instead of 'protocol unix'
As kindly suggested by @rusty-snake.
* tesseract: add 'restrict-namespaces'
As kindly suggested by @rusty-snake.
* tesseract: use full seccomp filtering
The tesseract application works fine without 'protocol' or 'seccomp socket'.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As suggested by @glitsj16[1].
Project homepage: https://github.com/abba23/spotify-adblock
Configuration paths:
* /etc/spotify-adblock/config.toml
* ~/.config/spotify-adblock/config.toml
Fixes #5494.
[1] https://github.com/netblue30/firejail/discussions/5494#discussioncomment-4280887
Reported-by: @Rewig95
|
|\
| |
| | |
fix: PyCharm profiles
|
| |
| |
| |
| |
| |
| |
| | |
Do not use `private-cache`, because PyCharm places in cache
directories stuff like spelling dictionary (i. e. if you download
spelling dictionary with `private-cache`, on restart PyCharm you need
to download spelling dictionary again).
|
|\ \
| | |
| | | |
Profile fixes
|
| |/ |
|
| |
| |
| | |
Co-authored-by: pirate486743186 <>
|
|/
|
|
|
|
|
| |
* Add python3 support to nicotine
* Revert private-bin changes
Adding shell and python3 support to private-bin kept breaking nicotine for the user who reported it on IRC. Let's revert it as suggested by @rusty-snake.
|
|\
| |
| | |
Harden qutebrowser profile
|
| | |
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 393c5beff2686d7732221dadb6730917f24835a0.
Which broke mpv:
$ mpv --version
Cannot start application: No such file or directory
Probably because mpv itself uses many libraries and it has plugins that
may depend on files in /usr/lib as well:
$ pacman -Qlq mpv | grep /lib/ | grep -v '/$'
/usr/lib/libmpv.so
/usr/lib/libmpv.so.1
/usr/lib/libmpv.so.1.109.0
/usr/lib/pkgconfig/mpv.pc
$ strings /usr/bin/mpv | grep '^lib.*\.so' | sort -u | wc -l
53
$ pacman -Qlq yt-dlp | grep /lib/ | grep -v '/$' |
cut -f -4 -d / | sort -u
/usr/lib/python3.10
$ pacman -Q mpv yt-dlp
mpv 1:0.34.1-5
yt-dlp 2022.09.01-1
Environment: Artix Linux.
Also, private-lib is disabled by default in firejail.config (see #5190)
and mpv.profile does not use private-lib, so there should be no need to
whitelist anything in /usr/lib in the default profile.
|
|
|
|
|
| |
This is an mpv plugin for MPRIS integration.
See: https://github.com/hoyon/mpv-mpris
|
|
|
| |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
|
|
| |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|