firejail - Mirror of https://github.com/netblue30/firejail

	Commit message (Collapse)	Author	Age
*	Add comment for enabling D-Bus desktop notifications to ↵	glitsj16	2022-06-05
\| \| \| \| \| \| \|	transmission-{gtk,qt} (#5175) * add comment for enabling desktop notifications * add comment for enabling desktop notifications
*	seamonkey.profile: support enigmail/gpg	Hartmut Knaack	2022-05-28
\| \| \| \|	Changes inspired by Thunderbird profile.
*	unbound: seccomp cleanup	smitsohu	2022-05-21
\|
*	Merge pull request #5141 from kmk3/nvim-add-xdg-state-home	netblue30	2022-05-20
\|\ \| \| \| \|	nvim: add XDG_STATE_HOME path
\| *	nvim: add XDG_STATE_HOME path	Kelvin M. Klann	2022-05-12
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Default paths as of neovim 0.7.0: * backupdir: $XDG_DATA_HOME/nvim/backup// * directory: $XDG_DATA_HOME/nvim/swap// * undodir: $XDG_DATA_HOME/nvim/undo// * viewdir: $XDG_DATA_HOME/nvim/view// * shada file: $XDG_DATA_HOME/nvim/shada/main.shada * log dir: $XDG_CACHE_HOME/nvim/log Default paths as of [1]: * backupdir: $XDG_STATE_HOME/nvim/backup// * directory: $XDG_STATE_HOME/nvim/swap// * undodir: $XDG_STATE_HOME/nvim/undo// * viewdir: $XDG_STATE_HOME/nvim/view// * shada file: $XDG_STATE_HOME/nvim/shada/main.shada * log dir: $XDG_STATE_HOME/nvim/log [1] https://github.com/neovim/neovim/pull/15583
* \|	updates for wget2 (#5152)	glitsj16	2022-05-20
\| \| \| \| \| \| \| \| \| \|	* update for wget2 * allow ${HOME}/.local/share/wget
* \|	onionshare-gui.profile: fix breakage	Tad	2022-05-20
\|/ \| \| \| \| \| \|	Fails to start without this, eg: FileNotFoundError: [Errno 2] No such file or directory: '/usr/share/onionshare/images/favicon.ico' Signed-off-by: Tad <tad@spotco.us>
*	xonotic.profile: fix audit denial spam	Tad	2022-05-12
\| \| \| \| \| \|	After a3f00edb32aca7516d690db046dd1ed3eb186bdd Signed-off-by: Tad <tad@spotco.us>
*	ok	Łukasz Mariański	2022-04-23
\|
*	Fix glob pattern and update other profiles/includes	Łukasz Mariański	2022-04-23
\|
*	Fix chromium browsers in firejail 0.9.68	rusty-snake	2022-04-14
\| \| \| \|	closes #4965
*	fix --writable-etc	netblue30	2022-04-12
\|
*	small fixes	netblue30	2022-04-10
\|
*	Merge pull request #5092 from smitsohu/vlc	smitsohu	2022-04-10
\|\ \| \| \| \|	harden vlc
\| *	harden vlc	smitsohu	2022-04-10
\| \| \| \| \| \| \| \| \| \|	apparmor doesn't disable D-Bus anymore, so add it back remove memory-deny-write-execute comment, as this also breaks JIT compiled QtQuick nowadays
* \|	unbound: fixes, blacklist all of ${RUNUSER}	smitsohu	2022-04-10
\| \|
* \|	steam: add HotLine Miami (#5097)	Kelvin M. Klann	2022-04-08
\|/ \| \|	https://store.steampowered.com/app/219150/Hotline_Miami/
*	teams: drop doubled option (#5087)	glitsj16	2022-04-01
\|
*	megaglest.profile: Add allow-lua.inc (#5066)	NetSysFire	2022-03-25
\| \| \| \| \|	* megaglest.profile: Add allow-lua.inc * Move comment to line above
*	Merge pull request #5061 from glitsj16/ping-fixes	netblue30	2022-03-24
\|\ \| \| \| \|	ping: (extra) hardening
\| *	ping: fix hardening comment	glitsj16	2022-03-21
\| \|
\| *	Create ping-hardened.inc.profile	glitsj16	2022-03-21
\| \|
\| *	ping: extra hardening	glitsj16	2022-03-21
\| \|
* \|	nodejs-common: fix note	glitsj16	2022-03-21
\| \|
* \|	Create semver.profile	glitsj16	2022-03-20
\| \|
* \|	Create npx.profile	glitsj16	2022-03-20
\| \|
* \|	Create node-gyp.profile	glitsj16	2022-03-20
\| \|
* \|	nodejs-common: add comment & minor hardening	glitsj16	2022-03-20
\| \|
* \|	wget: add nvm support comment	glitsj16	2022-03-20
\| \|
* \|	webui-aria2: add nvm support	glitsj16	2022-03-20
\| \|
* \|	webstorm: fix ordering	glitsj16	2022-03-20
\| \|
* \|	tar: add nvm support comment	glitsj16	2022-03-20
\| \|
* \|	sha256sum: add nvm support comment	glitsj16	2022-03-20
\| \|
* \|	nvm: remove profile	glitsj16	2022-03-20
\|/ \| \|	[nvm](https://github.com/nvm-sh/nvm) is implemented as a sourced shell function, not an executable binary. Regular sandboxing doesn't work but we can add nvm support to the applications used by it internally (curl, sha256sum, tar & wget).
*	ocenaudio hardening (#5056)	glitsj16	2022-03-18
\| \| \| \| \| \| \|	* ocenaudio: blacklist cache dir * ocenaudio: hardenings * ocenaudio: fix protocol comment
*	pip: fixes (#5053)	glitsj16	2022-03-15
\| \| \| \| \| \| \| \| \|	* pip: fix including local override * pip: allow access to cache The shared build-systems-common.profile (to which pip.profile redirects) blacklists ${HOME}/.cache/pip. Override that here. * pip: add cache support in commented whitelist
*	opera fixes (#5041)	glitsj16	2022-03-14
\| \| \| \| \|	* opera fixes * disable-common.inc: add blacklist /usr/lib/opera/opera_sandbox
*	mupdf refactoring cfr. ↵	glitsj16	2022-03-14
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://github.com/netblue30/firejail/discussions/4993 (#5042) * refactor mupdf * refactor mupdf * refactor mupdf * refactor mupdf * add mupdf-gl blacklist * move history file back to mupdf-gl * refactor mupdf-gl * add no3d to mupdf.profile * add suggestions from review * drop unix from protocol [accumulates] * fix protocol
*	minor cleanups, no functional changes (#5040)	glitsj16	2022-03-13
\| \| \| \| \| \| \| \| \|	* drop redundant noblacklist noblacklist ${HOME}/.vscode-oss already exists in included code.profile * remove newline Nitpick for persistency with other profiles that have the comment about #2624.
*	hardening onionshare-gui.profile (#4959)	glitsj16	2022-03-13
\| \| \| \| \| \| \|	* hardening onionshare-gui.profile * add another dbus-user filter to onionshare-gui.profile * harden onionshare
*	Merge branch 'master' of https://github.com/netblue30/firejail	smitsohu	2022-03-11
\|\
\| *	Merge pull request #5017 from TheOneric/fix_steam+proton	netblue30	2022-03-11
\| \|\ \| \| \| \| \| \|	Fix newest Steam client and Proton ≥ 5.13
\| \| *	steam.profile: fix black window	Oneric	2022-03-06
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	After the Steam cleint update of the 04th March 2022 the steamwebhelper process now needs to be able to do chroot syscalls to render anything. If not all content tabs in the client will just appear black. fixes: https://github.com/netblue30/firejail/issues/5014
\| \| *	steam.profile: fix Proton 5.13+	Oneric	2022-03-06
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Starting with version 5.13 Proton internally uses bubblewrap to create a container for the game. To make this work with firejail we need to allow these 4 additional syscalls. fixes: https://github.com/netblue30/firejail/issues/4366 fixes: https://github.com/netblue30/firejail/issues/4686
\| * \|	Merge pull request #5029 from davidebeatrici/steam-prey-2006	netblue30	2022-03-11
\| \|\ \ \| \| \| \| \| \| \| \|	steam.profile: allow "${HOME}/.prey"
\| \| * \|	steam.profile: allow "${HOME}/.prey"	Davide Beatrici	2022-03-11
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The directory is used by the Linux binary for Prey (2006), available at https://icculus.org/prey. Not whitelisting the directory results in the game failing to launch: found DLL in pak file: /home/user/.steam/steamapps/common/Prey 2006/base/game01.pk4/gamex86.so copy gamex86.so to /home/user/.prey/base/gamex86.so dlopen '/home/user/.prey/base/gamex86.so' failed: /home/user/.prey/base/gamex86.so: failed to map segment from shared object
* \| \| \|	harden songrec	smitsohu	2022-03-11
\|/ / / \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	as suggested by @rusty-snake in addition blacklist/noblacklist/whitelist songrec application files
* \| \|	Merge pull request #4260 from sandsmark/martin/songrec	smitsohu	2022-03-11
\|\ \ \ \| \|/ / \|/\| \|	Add songrec
\| * \|	Add songrec	Martin T. H. Sandsmark	2021-05-08
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	It is a Rust application using Cargo, so harden based on common supply chain attacks seen. https://github.com/marin-m/SongRec
* \| \|	skypeforlinux cleanup	smitsohu	2022-03-09
\| \|/ \|/\|