aboutsummaryrefslogtreecommitdiffstats
path: root/etc/profile-m-z
Commit message (Collapse)AuthorAge
...
* re-order private-etc in telegram.profileLibravatar glitsj162020-12-10
|
* fix private-etc in telegram.profileLibravatar glitsj162020-12-10
| | | Fixes #3805.
* minor hardenings and commentsLibravatar glitsj162020-12-10
|
* Update yelp.profile (#3803)Libravatar glitsj162020-12-09
|
* harden sysprof (#3802)Libravatar glitsj162020-12-09
|
* fixesLibravatar rusty-snake2020-12-09
| | | | | | - hopefully fix #3795 finally - fix README.md codeblock - blacklist ${HOME}/.texlive20*
* fix #3795 -- teams chrootLibravatar rusty-snake2020-12-07
|
* profile fixes from issuesLibravatar rusty-snake2020-12-07
| | | | closes #3786; closes #3776
* xfce4-screenshooter: comment mdweLibravatar rusty-snake2020-12-06
|
* Small fixesLibravatar Tad2020-11-29
| | | | | | | | | - gimp: allow mbind syscall. no start on Fedora 33 without - minetest: disable private-cache. without persistent cache connecting to servers can take many minutes - supertuxkart: allow bluetooth protocol. stk can directly connect/pair to WiiMote controllers - supertuxkart: comment private-dev to allow controller use - profiles: unify controller support comments - firecfg: comment evolution with a note, and add a note to epiphany #3647 + #2995
* fixes; close #3775Libravatar rusty-snake2020-11-26
|
* make ${HOME}/.local/lib read-onlyLibravatar rusty-snake2020-11-24
|
* disable dbus in QMediathekView (#3771)Libravatar glitsj162020-11-24
|
* Add a profile for LutrisLibravatar Tad2020-11-23
| | | | | | | | - Lutris isn't added to firecfg just yet, needs more testing - aria2c profile has a comment regarding Lutris/Winetricks, but it shouldn't matter since it can't be nested - Add commented wusc to wine.profile - Add vulkan and zenity to wusc.inc
* disable mdweLibravatar glitsj162020-11-23
|
* harden xfce4-mixer.profileLibravatar glitsj162020-11-23
|
* Fix typo in thunderbird.profileLibravatar Kristóf Marussy2020-11-22
| | | | | We must ignore include `whitelist-runuser-common.profile`, because it breaks Enigmail (TB 68) and GnuPG smartcard (TB 78) support.
* minetest: Enable rm (#3764)Libravatar Liorst42020-11-21
| | | rm is needed to uninstall mods and delete game saves (worlds).
* various profilesLibravatar rusty-snake2020-11-20
| | | | | | - disable-common: read-only ${HOME}/.zfunc - fix #3761 -- w3m with w3m-img installed does not display images when on virtual console/framebuffer - yelp can be used to display manpages
* Add profile for straw-viewer (#3742)Libravatar kortewegdevries2020-11-18
| | | | | * Add profile for straw-viewer * Remove blacklist, fixes
* from my overridesLibravatar rusty-snake2020-11-16
| | | | | | | | - add seccomp.block-secondary to a lot profiles - add wruc to firefox-common and ignore it in TB and firefox-common-addons - harden dia, gnome-keyring, libreoffice, megaglest, pngquant, ghostwriter, rhythmbox, sqlitebrowser
* fix dbusLibravatar glitsj162020-11-12
| | | At least on Ubuntu 16.04 LTS we need an additional own.
* minetest.profile: whitelist /usr/share/games/minetest (#3740)Libravatar Davide Beatrici2020-11-11
| | | It's the path to the game's data in the official Debian package.
* add alsa/group to private-etcLibravatar glitsj162020-11-10
| | | fix for #3737.
* fixes, closes, enhances, improvements, and so onLibravatar rusty-snake2020-11-09
| | | | | | | | | | | | | | | | | | | - .github/ISSUE_TEMPLATE/bug_report.md: get ride off spanish, french, ... error messages - etc/inc/firefox-common-addons.inc: support ff2mpv - etc/profile-a-l/gimp.profile: note about xsane - etc/profile-m-z/min.profile: prettify - etc/profile-m-z/mpsyt.profile: fix, add lua - etc/profile-m-z/qbittorrent.profile: add note for tray-icons; this will get a better note once I investigated and audited all the D-Bus tray stuff. - etc/profile-m-z/transmission-daemon.profile: fix, add protocol packet close #3686 - mps-youtube needs lua close #3701 - Firefox native messaging regression in 0.9.62.4 -> 0.9.64rc1 close #3636 - transmission-daemon fills log with error close #3640 - Gimp - add note how to enable scanning (xsane) close #3707 - qBittorrent tray icon missing from notification panel when running it with firejail
* disable private-etc in zoom, close #3726Libravatar rusty-snake2020-11-09
|
* fix min.profileLibravatar glitsj162020-11-09
| | | As per https://github.com/netblue30/firejail/pull/3688#discussion_r511290714 min needs wusc. Runs fine with wruc too so let's fix min for users.
* rework chromium (#3688)Libravatar rusty-snake2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * rework chromium + 516d0811 has removed fundamental security features. (remove caps.drop=all, nonewprivs, noroot, seccomp, protocol; add caps.keep) Though this is only necessary if running under a kernel which disallow unprivileged userns clones. Arch's linux-hardened and debian kernel are patched accordingly. Arch's linux and linux-lts kernels support this restriction via sysctk (kernel.unprivileged_userns_clone=0) as users opt-in. Other kernels such as mainline or fedora/redhat always support unprivileged userns clone and have no sysctl parameter to disable it. Debian and Arch users can enable it with 'sysctl kernel.unprivileged_userns_clone=1'. This commit adds a chromium-common-hardened.inc which can be included in chromium-common to enhance security of chromium-based programs. + chromium-common.profile: add private-cache + chromium-common.profile: add wruc and wusc, but disable it for the following profiles until tested. tests welcome. - [ ] bnox, dnox, enox, inox, snox - [ ] brave - [ ] flashpeak-slimjet - [ ] google-chrome, google-chrome-beta, google-chrome-unstable - [ ] iridium - [ ] min - [ ] opera, opera-beta + move vivaldi-snapshot paths from vivaldi-snapshot.profile to vivaldi. /usr/bin/vivaldi is a symlink to /etc/alternatives/vivaldi which can be vivaldi-stable, vivaldi-beta or vivaldi-snapshot. vivaldi-snapshot.profile missed also some features from vivaldi.profile, solve this by making it redirect to vivaldi.profile. TODO: exist new paths such as .local/lib/vivaldi also for vivaldi-snapshot? + create chromium-browser-privacy.profile (closes #3633) * update 1 + add missing 'ignore whitelist /usr/share/chromium' + revert 'Move drm-relaktions in vivaldi.profile behind BROWSER_ALLOW_DRM.'. This breaks not just DRM, it break things such as AAC too. In addition vivaldi shows a something is broken pop-up, we would have a lot of 'does not work with firejail' issues. * update 2 * update 3 fixes #3709
* profile fixesLibravatar rusty-snake2020-11-06
| | | | | | | | - update README.md and RELNOTES - add 'blacklist ${RUNUSER}/.flatpak-cache' to disable-common.inc - fix #3728, fonts in openSUSE KDE with wc / wusc - fix gnome-todo - fix xournalpp MathTeX whitelist
* Allow lua in minetest.profileLibravatar glitsj162020-11-03
| | | | | Closes #3723 Introduced in 388826683c3b90926e73c83ddb91d5c84a7fa1fa
* Add spectacle's profile (#3717)Libravatar Neo000012020-11-02
| | | | | | | * Update firecfg.config * Update disable-programs.inc * Create spectacle.profile
* Remove nou2f in ssh profileLibravatar David Hyrule2020-11-01
|
* Allow webcam access in zoom.profileLibravatar glitsj162020-10-31
| | | This fixes #3711.
* firefox d-bus (#2953) & fix xournalppLibravatar rusty-snake2020-10-29
|
* added bluetooth to the list of protocols allowed by seccompLibravatar netblue302020-10-28
|
* profile fixesLibravatar netblue302020-10-28
|
* Update okular.profile to support cbr files (#3704)Libravatar blockbandit2020-10-27
| | | | | | | * Update okular.profile okular has support for reading cbr (rar-compressed comic book). without unrar or unar in private-bin, okular fails to decompress the files for viewing. * Sorted private-bin
* Remove redundant read-only item (#3703)Libravatar glitsj162020-10-27
| | | | | | | | | | | | | * remove read-only item redundancy 'read-only ${HOME}/.config/mimeapps.list' is already part of disable-common.inc * remove read-only item redundancy 'read-only ${HOME}/.config/mimeapps.list' is already part of disable-common.inc, which is included in the redirect profile * remove read-only item redundancy 'read-only ${HOME}/.config/mimeapps.list' is already part of disable-common.inc, which is included in the redirect profile
* harden peek; update README.md; add gnome-sound-…Libravatar rusty-snake2020-10-23
| | | | …recorder to firecfg.config
* Fix vlc blu-ray playback with libaacsLibravatar Jan Sonntag2020-10-20
|
* Update virtualbox.profileLibravatar Bundy012020-10-19
|
* Update wire-desktop.profileLibravatar Neo000012020-10-13
|
* Update wire-desktop.profile (again)Libravatar Neo000012020-10-13
| | | On arch,wire-desktop is now depending on electron9. Using wildcard for this sorta packages would be better.
* Update vmware.profileLibravatar Neo000012020-10-06
| | | With private-etc enabled vmware-tools doesn't get installed. Existing VM with an installed vmware-tools works as usual. For the time being keep it commented.
* splitting up media players whitelists in whitelist-players.incLibravatar netblue302020-10-02
|
* new profile: xournalppLibravatar rusty-snake2020-09-25
|
* New profiles + fixes + hardeningLibravatar rusty-snake2020-09-14
| | | | | | | | - blacklist ~/.rustup in disable-devel.inc - add note to mpv (See #3628) - harden warsow - update relnotes - new profile qrencode, dbus-send, notify-send
* profstats: track dbus-system noneLibravatar netblue302020-09-08
|
* fix rhythmbox (2)Libravatar rusty-snake2020-09-05
|
* fix rhythmboxLibravatar rusty-snake2020-09-05
|
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 09:29:06 +0000