| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
email-common refactoring
|
| | |
|
|\ \
| | |
| | | |
New profiles: linuxqq/qq
|
| |\| |
|
| | | |
|
| | |
| | |
| | | |
As suggested in review.
|
| |/
|/| |
|
|\ \
| | |
| | | |
claws-mail and sylpheed D-Bus hardening
|
| |/ |
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* disable-programs.inc: add ssmtp support
* Create ssmtp.profile
* ssmtp: support Debian/Ubuntu
* README.md: add ssmtp to 'New profiles' section
* disable-common.inc: move ssmtp support to keep CI happy
* ssmtp: improve dead.letter comment
Suggested in [review](https://github.com/netblue30/firejail/pull/5544#pullrequestreview-1225322546).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* seahorse: fixes and hardening
* seahorse-daemon: hardening
* seahorse-tool: move private-etc items to seahorse
* seahorse: unbreak nautilus file encryption
As suggested [in review](https://github.com/netblue30/firejail/pull/5543#pullrequestreview-1225250520).
* seahorse-tool: move private-tmp to seahorse
* seahorse: add private-tmp
* seahorse: fix access to ssh-agent socket
|
| |
|
| |
|
|
|
|
|
| |
* qbittorrent: add support for Qt6
* wusc: add support for Qt6
|
|
|
| |
Overlooked [this comment](https://github.com/netblue30/firejail/pull/5389#discussion_r992471940) that pointed out a mistake I made.
|
|
|
|
|
|
|
|
|
| |
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add firecfg support for tesseract
* Add tesseract to 'New profiles' section in README.md
* Create tesseract.profile
* tesseract: fix private-etc
* tesseract: fix XDG black/whitelisting
* tesseract: use 'seccomp socket' instead of 'protocol unix'
As kindly suggested by @rusty-snake.
* tesseract: add 'restrict-namespaces'
As kindly suggested by @rusty-snake.
* tesseract: use full seccomp filtering
The tesseract application works fine without 'protocol' or 'seccomp socket'.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As suggested by @glitsj16[1].
Project homepage: https://github.com/abba23/spotify-adblock
Configuration paths:
* /etc/spotify-adblock/config.toml
* ~/.config/spotify-adblock/config.toml
Fixes #5494.
[1] https://github.com/netblue30/firejail/discussions/5494#discussioncomment-4280887
Reported-by: @Rewig95
|
|\
| |
| | |
fix: PyCharm profiles
|
| |
| |
| |
| |
| |
| |
| | |
Do not use `private-cache`, because PyCharm places in cache
directories stuff like spelling dictionary (i. e. if you download
spelling dictionary with `private-cache`, on restart PyCharm you need
to download spelling dictionary again).
|
|\ \
| | |
| | | |
Profile fixes
|
| |/ |
|
| |
| |
| | |
Co-authored-by: pirate486743186 <>
|
|/
|
|
|
|
|
| |
* Add python3 support to nicotine
* Revert private-bin changes
Adding shell and python3 support to private-bin kept breaking nicotine for the user who reported it on IRC. Let's revert it as suggested by @rusty-snake.
|
|\
| |
| | |
Harden qutebrowser profile
|
| | |
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 393c5beff2686d7732221dadb6730917f24835a0.
Which broke mpv:
$ mpv --version
Cannot start application: No such file or directory
Probably because mpv itself uses many libraries and it has plugins that
may depend on files in /usr/lib as well:
$ pacman -Qlq mpv | grep /lib/ | grep -v '/$'
/usr/lib/libmpv.so
/usr/lib/libmpv.so.1
/usr/lib/libmpv.so.1.109.0
/usr/lib/pkgconfig/mpv.pc
$ strings /usr/bin/mpv | grep '^lib.*\.so' | sort -u | wc -l
53
$ pacman -Qlq yt-dlp | grep /lib/ | grep -v '/$' |
cut -f -4 -d / | sort -u
/usr/lib/python3.10
$ pacman -Q mpv yt-dlp
mpv 1:0.34.1-5
yt-dlp 2022.09.01-1
Environment: Artix Linux.
Also, private-lib is disabled by default in firejail.config (see #5190)
and mpv.profile does not use private-lib, so there should be no need to
whitelist anything in /usr/lib in the default profile.
|
|
|
|
|
| |
This is an mpv plugin for MPRIS integration.
See: https://github.com/hoyon/mpv-mpris
|
|
|
| |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
|
|
| |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
|
|
| |
Co-authored-by: pirate486743186 <>
|
|
|
|
|
| |
This amends commit e2631b40d ("steam.profile: fix breakage with newer
Proton-GE (process_vm_readv)", 2022-08-20).
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported by @rsramkis on #5185, upgrading from Proton-7.2-GE-2[1]
(released on 2022-02-14) to GE-Proton7-18[2] (released on 2022-05-19)
breaks logging in on World of Tanks Blitz unless the `process_vm_ready`
32-bit syscall is allowed[3], so allow it.
Fixes #5185.
[1] https://github.com/GloriousEggroll/proton-ge-custom/releases/tag/7.2-GE-2
[2] https://github.com/GloriousEggroll/proton-ge-custom/releases/tag/GE-Proton7-18
[3] https://github.com/netblue30/firejail/issues/5185#issuecomment-1152350336
|
| |
|
|\
| |
| | |
makedeb profile creation
|
| | |
|
|\ \
| | |
| | | |
microsoft-edge.profile rewritten for stable channel and moved microsoft-edge{,-beta,-dev} from private-opt to whitelist
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
* replaced private-opt by whitelist #5307
* added stable channel config dirs to disable-programs.inc
|