| Commit message (Collapse) | Author | Age |
| |
|
|\
| |
| | |
build: sort.py: use case-sensitive sorting
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To match how things are sorted elsewhere, such as with `noblacklist` /
`whitelist` lines (vertically) in profiles and in
ci/check/profiles/sort-disable-programs.sh and src/etc-cleanup/main.c.
This makes the order in `private-etc` always be groups (`@group`), then
uppercase paths, then lowercase paths. Example from
etc/profile-m-z/softmaker-common.profile:
private-etc @tls-ca,SoftMaker,fstab
Note that this does not affect a significant amount of profiles; most
changes are in `private-bin` / `private-lib` lines and in `private-etc`
lines for newer profiles that do not use groups. This is partly due to
commit 5d0822c52 ("private-etc: big profile changes", 2023-02-05)
replacing `X11` with `@x11` in `private-etc` lines and then commit
0f996ea4d ("private-etc: groups modified", 2023-02-05) removing
`Trolltech.conf` from `private-etc` lines and using case-sensitive
sorting in them.
Relates to #5610.
|
|\ \
| | |
| | | |
steam.profile: allow process_vm_readv syscall
|
| | |
| | |
| | |
| | |
| | |
| | | |
EA Origin (game launcher) won't launch without this.
See https://github.com/netblue30/firejail/issues/5185#issuecomment-1776516159
|
| | |
| | |
| | |
| | | |
on Debian the data is in /usr/share/tesseract-ocr/
|
| |/
|/|
| |
| |
| |
| |
| | |
* disable-programs.inc: add support for tiny-rdm
* Create tiny-rdm.profile
* firecfg.config: add support for tiny-rdm
|
|/
|
|
|
|
|
|
|
| |
* nodejs-common: add pnpm support
* disable-programs.inc: add pnpm support
* Create pnpm.profile
* Create pnpx.profile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since version 1.8.6 msmtp supports per-user configuration at either
~/.msmtprc (already supported by firejail) or
`$XDG_CONFIG_HOME/msmtp/config`. System-wide support can be placed at
/etc/msmtprc.
This adds the missing paths to the relevant .inc and .profile files.
Note that `blacklist ${HOME}/.msmtprc` is present on both
disable-common.inc and disable-programs.inc, so the new paths are added
to both files.
References:
https://wiki.archlinux.org/title/Msmtp#Basic_setup
https://marlam.de/msmtp/msmtp.html#Configuration-files
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* profiles: drop private-opt (existing whitelist)
* profiles: replace private-opt with whitelist
In most profiles.
Kept private-opt for enpass (~85MB), mate-dictionary (<20MB),
minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't
check: xmr-stak.
* docs: note potential issues with private-opt
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
* Create termshark.profile
* firecfg.config: add termshark support
* termshark: CLI hardening
|
| |
|
| |
|
|
|
|
|
| |
* Update nicotine.profile
* dbus.user set to filter
|
|\
| |
| | |
New profile: tidal-hifi
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
modified src/firecfg/firecfg.config to add tidal-hifi
created etc/profile-m-z/tidal-hifi.profile
closes: #6008
Apply suggestions from code review
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This amends commit dd5539012 ("profiles: refactor log viewers (#5996)",
2023-09-23).
Commands used:
git mv \
etc/profile-m-z/profile-m-z/profile-m-z/system-log-common.profile \
etc/profile-m-z/system-log-common.profile
rmdir etc/profile-m-z/profile-m-z/profile-m-z/
rmdir etc/profile-m-z/profile-m-z/
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* profiles: refactor log viewers
Introduces system-log-common.profile as a common profile for existing
GUI log viewer applications.
* system-log-common: enable no3d
|
|
|
|
| |
Add directories to config so Factorio runs correctly.
|
|
|
| |
New TelegramWebApps uses another directory for saving local storage.
|
|\
| |
| | |
profiles: fix commented code and eol comments
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Main changes:
* Remove the space after `#` for commented code lines to distinguish
them from normal comments
* Use `#` instead of `-` for comments at the end of the line so that
commented code lines work after being uncommented
Commands used to search and replace:
arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
git ls-files -z -- etc/inc etc/profile* | xargs -0 -I '{}' \
sh -c "printf '%s\n' \"\$(sed -E \
-e 's/^# ($arg0)( [#-]-? .*)?\$/#\\1\\2/' \
-e 's/^# ($arg1)( [^ ]*)?( [#-]-? .*)?\$/#\\1\\2\\3/' \
-e 's/^# (whitelist \\$)/#\\1/' \
-e 's/^(#[^ ].+) --? /\\1 # /' \
'{}')\" >'{}'"
Commands used to check for leftover entries:
arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
git grep -E "^# ($arg0|$arg1)( +|$)" -- etc/inc etc/profile*
See also commit 30f9ad908 ("build: improve comments in firecfg.config",
2023-08-05) / PR #5942.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changes:
* Turn very long end-of-line comments into normal comments
* Turn multi-line end-of-line comments into normal comments
* Fix a comment being below instead of above the relevant entry
* Turn some comments that look like code into end-of-line comments
|
|/ |
|
|
|
|
| |
The latest Neochat package on Arch (23.08.0-2, with libquotient
0.8.1.1-1) crashes otherwise.
|
|
|
|
|
|
| |
Commit 3077b2d1f blacklists `${PATH}/patch` in disable-devel.inc[1]. We
need to noblacklist it in the profiles that need it.
[1] https://github.com/netblue30/firejail/commit/3077b2d1ff6c6e26a83487ae460985157b5c61fd
|
|\
| |
| | |
build: codespell improvements
|
| |
| |
| |
| |
| |
| | |
Found by simply running `codespell .`.
Environment: codespell 2.2.5-2 on Artix Linux.
|
|/
|
|
|
| |
mpDris2 brings MPRIS2 support to MPD:
https://github.com/eonpatapon/mpDris2
|
|
|
|
|
|
|
|
|
| |
Changes:
* comment `include whitelist-common.inc` when using `private`
* drop `private` on profiles that access files in `${HOME}`
* use `#` in comments
Relates to #903.
|
|
|
|
|
|
| |
On the profiles that allow ~/.config/mpv.
Relates to #5936.
|
|
|
|
|
| |
The programs in question do not create these files; they have to be
created manually.
|
|
|
|
|
|
|
|
|
| |
mpv v0.36.0 uses ~/.cache/mpv[1] [2]:
Relates to #2838 #5936.
[1] https://github.com/mpv-player/mpv/releases/tag/v0.36.0
[2] https://github.com/mpv-player/mpv/pull/10838
|
|
|
|
|
|
|
| |
The new version of mpv changed the path of the watch_later folder to
~/.local/state/mpv/watch_later.
See https://github.com/mpv-player/mpv/pull/10838
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create reader.profile
* firecfg.config: add reader support
* reader: integrate review suggestions
- blacklist whole ${RUNUSER}
- drop x11 none
* reader: fix 'x11 none'
|
| |
|
| |
|
|
|
|
|
|
|
| |
* disable-programs.inc: add sniffnet support
* Create sniffnet.profile
* firecfg.config: add sniffnet support
|
| |
|
| |
|
| |
|
|
|
| |
Co-authored-by: pirate486743186 <>
|
|
|
|
|
|
|
|
|
| |
Homepage: https://mullvad.net/en/download/browser/linux
mullvad-browser: don't use restrict-namespaces
mullvad-browser: cover both installation paths
Suggested in review by @kmk3.
|