| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
* drop private-lib
* drop private-lib
* drop private-lib
|
| |
|
|
|
|
|
| |
Logging is now default disabled in c7e4c8ed592fee7f1644152a23c3e1343b01b922
See https://github.com/netblue30/firejail/issues/5207
This reverts commit c0d314f945b405f1e90a1a43719059cd22f55de7.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Command: sed -i "/^shell none/d" etc/*/*
TODO:
```
etc/profile-a-l/beaker.profile:ignore shell none
etc/profile-a-l/default.profile:# shell none
etc/profile-a-l/fdns.profile:#shell none
etc/profile-a-l/gnome-nettool.profile:#shell none
etc/profile-a-l/jitsi-meet-desktop.profile:ignore shell none
etc/profile-m-z/pidgin.profile:# shell none
etc/profile-m-z/rocketchat.profile:ignore shell none
etc/profile-m-z/server.profile:# shell none
etc/templates/profile.template:# OPTIONS (caps*, net*, no*, protocol, seccomp*, shell none, tracelog)
etc/templates/profile.template:#shell none
```
- manpage
- RELNOTES
- fbuilder
|
| | |
|
| |
|
|
|
|
|
| |
transmission-{gtk,qt} (#5175)
* add comment for enabling desktop notifications
* add comment for enabling desktop notifications
|
| |
|
|
| |
Changes inspired by Thunderbird profile.
|
| | |
|
| |\
| |
| | |
nvim: add XDG_STATE_HOME path
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Default paths as of neovim 0.7.0:
* backupdir: $XDG_DATA_HOME/nvim/backup//
* directory: $XDG_DATA_HOME/nvim/swap//
* undodir: $XDG_DATA_HOME/nvim/undo//
* viewdir: $XDG_DATA_HOME/nvim/view//
* shada file: $XDG_DATA_HOME/nvim/shada/main.shada
* log dir: $XDG_CACHE_HOME/nvim/log
Default paths as of [1]:
* backupdir: $XDG_STATE_HOME/nvim/backup//
* directory: $XDG_STATE_HOME/nvim/swap//
* undodir: $XDG_STATE_HOME/nvim/undo//
* viewdir: $XDG_STATE_HOME/nvim/view//
* shada file: $XDG_STATE_HOME/nvim/shada/main.shada
* log dir: $XDG_STATE_HOME/nvim/log
[1] https://github.com/neovim/neovim/pull/15583
|
| | |
| |
| |
| |
| | |
* update for wget2
* allow ${HOME}/.local/share/wget
|
| |/
|
|
|
|
|
| |
Fails to start without this, eg:
FileNotFoundError: [Errno 2] No such file or directory: '/usr/share/onionshare/images/favicon.ico'
Signed-off-by: Tad <tad@spotco.us>
|
| |
|
|
|
|
| |
After a3f00edb32aca7516d690db046dd1ed3eb186bdd
Signed-off-by: Tad <tad@spotco.us>
|
| | |
|
| | |
|
| |
|
|
| |
closes #4965
|
| | |
|
| | |
|
| |\
| |
| | |
harden vlc
|
| | |
| |
| |
| |
| | |
apparmor doesn't disable D-Bus anymore, so add it back
remove memory-deny-write-execute comment, as this also breaks JIT compiled QtQuick nowadays
|
| | | |
|
| |/
|
| |
https://store.steampowered.com/app/219150/Hotline_Miami/
|
| | |
|
| |
|
|
|
| |
* megaglest.profile: Add allow-lua.inc
* Move comment to line above
|
| |\
| |
| | |
ping: (extra) hardening
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/
|
| |
[nvm](https://github.com/nvm-sh/nvm) is implemented as a sourced shell function, not an executable binary. Regular sandboxing doesn't work but we can add nvm support to the applications used by it internally (curl, sha256sum, tar & wget).
|
| |
|
|
|
|
|
| |
* ocenaudio: blacklist cache dir
* ocenaudio: hardenings
* ocenaudio: fix protocol comment
|
| |
|
|
|
|
|
|
|
| |
* pip: fix including local override
* pip: allow access to cache
The shared build-systems-common.profile (to which pip.profile redirects) blacklists ${HOME}/.cache/pip. Override that here.
* pip: add cache support in commented whitelist
|
| |
|
|
|
| |
* opera fixes
* disable-common.inc: add blacklist /usr/lib/opera/opera_sandbox
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/netblue30/firejail/discussions/4993 (#5042)
* refactor mupdf
* refactor mupdf
* refactor mupdf
* refactor mupdf
* add mupdf-gl blacklist
* move history file back to mupdf-gl
* refactor mupdf-gl
* add no3d to mupdf.profile
* add suggestions from review
* drop unix from protocol [accumulates]
* fix protocol
|
| |
|
|
|
|
|
|
|
| |
* drop redundant noblacklist
noblacklist ${HOME}/.vscode-oss already exists in included code.profile
* remove newline
Nitpick for persistency with other profiles that have the comment about #2624.
|
| |
|
|
|
|
|
| |
* hardening onionshare-gui.profile
* add another dbus-user filter to onionshare-gui.profile
* harden onionshare
|
| |\ |
|
| | |\
| | |
| | | |
Fix newest Steam client and Proton ≥ 5.13
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
After the Steam cleint update of the 04th March 2022
the steamwebhelper process now needs to be able to do chroot
syscalls to render anything. If not all content tabs in the client will
just appear black.
fixes: https://github.com/netblue30/firejail/issues/5014
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Starting with version 5.13 Proton internally uses bubblewrap to create a
container for the game. To make this work with firejail we need to allow
these 4 additional syscalls.
fixes: https://github.com/netblue30/firejail/issues/4366
fixes: https://github.com/netblue30/firejail/issues/4686
|
| | |\ \
| | | |
| | | | |
steam.profile: allow "${HOME}/.prey"
|
glitsj16
Tad
netblue30
rusty-snake
Hartmut Knaack
smitsohu
Kelvin M. Klann
Łukasz Mariański
NetSysFire
Oneric