| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Harden qutebrowser profile
|
| | |
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 393c5beff2686d7732221dadb6730917f24835a0.
Which broke mpv:
$ mpv --version
Cannot start application: No such file or directory
Probably because mpv itself uses many libraries and it has plugins that
may depend on files in /usr/lib as well:
$ pacman -Qlq mpv | grep /lib/ | grep -v '/$'
/usr/lib/libmpv.so
/usr/lib/libmpv.so.1
/usr/lib/libmpv.so.1.109.0
/usr/lib/pkgconfig/mpv.pc
$ strings /usr/bin/mpv | grep '^lib.*\.so' | sort -u | wc -l
53
$ pacman -Qlq yt-dlp | grep /lib/ | grep -v '/$' |
cut -f -4 -d / | sort -u
/usr/lib/python3.10
$ pacman -Q mpv yt-dlp
mpv 1:0.34.1-5
yt-dlp 2022.09.01-1
Environment: Artix Linux.
Also, private-lib is disabled by default in firejail.config (see #5190)
and mpv.profile does not use private-lib, so there should be no need to
whitelist anything in /usr/lib in the default profile.
|
|
|
|
|
| |
This is an mpv plugin for MPRIS integration.
See: https://github.com/hoyon/mpv-mpris
|
|
|
| |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
|
|
| |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
|
|
| |
Co-authored-by: pirate486743186 <>
|
|
|
|
|
| |
This amends commit e2631b40d ("steam.profile: fix breakage with newer
Proton-GE (process_vm_readv)", 2022-08-20).
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported by @rsramkis on #5185, upgrading from Proton-7.2-GE-2[1]
(released on 2022-02-14) to GE-Proton7-18[2] (released on 2022-05-19)
breaks logging in on World of Tanks Blitz unless the `process_vm_ready`
32-bit syscall is allowed[3], so allow it.
Fixes #5185.
[1] https://github.com/GloriousEggroll/proton-ge-custom/releases/tag/7.2-GE-2
[2] https://github.com/GloriousEggroll/proton-ge-custom/releases/tag/GE-Proton7-18
[3] https://github.com/netblue30/firejail/issues/5185#issuecomment-1152350336
|
| |
|
|\
| |
| | |
makedeb profile creation
|
| | |
|
|\ \
| | |
| | | |
microsoft-edge.profile rewritten for stable channel and moved microsoft-edge{,-beta,-dev} from private-opt to whitelist
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
* replaced private-opt by whitelist #5307
* added stable channel config dirs to disable-programs.inc
|
|\ \ \
| | | |
| | | | |
vmware.profile: snapshot requires /etc/mtab
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
This patch avoid the following error:
Error: One of the parameters supplied is invalid
Tested with VMware Workstation 16.2.4
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
neomutt won't write to these locations. Processes it spawns might read
to some of them, but creating an empty file doesn't help. This just
pollutes user's $HOME with empty files and directories.
I've kept a few paths that MAY be written to by neomutt; it's not ideal,
but I want to minimise the risk of potential data loss, even if it is
corener cases.
See: https://github.com/netblue30/firejail/discussions/5276
|
|/ |
|
|\
| |
| | |
introduce new option restrict-namespaces
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
This directory contains the MAC address for connections available
Tested working with torbrowser-launcher and onionshare
Signed-off-by: Tad <tad@spotco.us>
|
|/ |
|
|
|
|
|
|
|
|
|
| |
* remmina.profile: allow python
* Update etc/profile-m-z/remmina.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |
|
| |
|
|
|
|
|
|
|
| |
* drop private-lib
* drop private-lib
* drop private-lib
|
|
|
|
|
|
|
| |
Logging is now default disabled in c7e4c8ed592fee7f1644152a23c3e1343b01b922
See https://github.com/netblue30/firejail/issues/5207
This reverts commit c0d314f945b405f1e90a1a43719059cd22f55de7.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Command: sed -i "/^shell none/d" etc/*/*
TODO:
```
etc/profile-a-l/beaker.profile:ignore shell none
etc/profile-a-l/default.profile:# shell none
etc/profile-a-l/fdns.profile:#shell none
etc/profile-a-l/gnome-nettool.profile:#shell none
etc/profile-a-l/jitsi-meet-desktop.profile:ignore shell none
etc/profile-m-z/pidgin.profile:# shell none
etc/profile-m-z/rocketchat.profile:ignore shell none
etc/profile-m-z/server.profile:# shell none
etc/templates/profile.template:# OPTIONS (caps*, net*, no*, protocol, seccomp*, shell none, tracelog)
etc/templates/profile.template:#shell none
```
- manpage
- RELNOTES
- fbuilder
|
| |
|
|
|
|
|
|
|
| |
transmission-{gtk,qt} (#5175)
* add comment for enabling desktop notifications
* add comment for enabling desktop notifications
|
|
|
|
| |
Changes inspired by Thunderbird profile.
|
| |
|
|\
| |
| | |
nvim: add XDG_STATE_HOME path
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Default paths as of neovim 0.7.0:
* backupdir: $XDG_DATA_HOME/nvim/backup//
* directory: $XDG_DATA_HOME/nvim/swap//
* undodir: $XDG_DATA_HOME/nvim/undo//
* viewdir: $XDG_DATA_HOME/nvim/view//
* shada file: $XDG_DATA_HOME/nvim/shada/main.shada
* log dir: $XDG_CACHE_HOME/nvim/log
Default paths as of [1]:
* backupdir: $XDG_STATE_HOME/nvim/backup//
* directory: $XDG_STATE_HOME/nvim/swap//
* undodir: $XDG_STATE_HOME/nvim/undo//
* viewdir: $XDG_STATE_HOME/nvim/view//
* shada file: $XDG_STATE_HOME/nvim/shada/main.shada
* log dir: $XDG_STATE_HOME/nvim/log
[1] https://github.com/neovim/neovim/pull/15583
|
| |
| |
| |
| |
| | |
* update for wget2
* allow ${HOME}/.local/share/wget
|
|/
|
|
|
|
|
| |
Fails to start without this, eg:
FileNotFoundError: [Errno 2] No such file or directory: '/usr/share/onionshare/images/favicon.ico'
Signed-off-by: Tad <tad@spotco.us>
|
|
|
|
|
|
| |
After a3f00edb32aca7516d690db046dd1ed3eb186bdd
Signed-off-by: Tad <tad@spotco.us>
|
| |
|
| |
|
|
|
|
| |
closes #4965
|
| |
|
| |
|
|\
| |
| | |
harden vlc
|
| |
| |
| |
| |
| | |
apparmor doesn't disable D-Bus anymore, so add it back
remove memory-deny-write-execute comment, as this also breaks JIT compiled QtQuick nowadays
|
| | |
|