| Commit message (Collapse) | Author | Age |
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Work on whitelist-usr-share-common
* sorting; add Modules + QT/KDE stuff
* add wusc.inc to more profiles [needs testing]
* update
* gitg, firefox, evince
* /usr/share/{p11-kit,pixmaps,pki,qt5,tcl8.6,terminfo}
* more profiles
* remove wusc.inc from feedreader
Even with 'whitelist /usr/share/*', feedreader trys to dereference a
NULL pointer.
* more profiles
* whitelist /usr/share breaks wget
even with whitelist /usr/share/*
* extend wusc.inc
* update
* Add alsa,crypto-policies and zoneinfo
* readd wusc.inc to wget and feedreader
* update
* testing results: Debian Buster with KDE
* more KDE stuff
* fix tb
|
| |
|
|
|
|
|
| |
When clicking a link in an email in Thunderbird, Firefox profile is not loaded.
This fix add the commented parameters required to load the Firefox profile when the user clicked in an email.
|
| |
|
|
|
| |
in order to maintain enigmail support - #1951
|
|
|
| |
typo
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* fix keepassxc crash when providing GLX via update-alternatives
-- Fred Barclay note: "alternatives" was added to keepassx private-etc on master after this PR was opened but before it was merged. See 83ddb3e5b276613ad2be190cebf74401daebef03
Thus keepassxc profile is actually not changed by this commit, but I'm keeping this note for reference purposes
* prevent thunderbird conflicts when firefox is running
* add join-or-start to pluma to open multiple files in tabs
|
| |
|
| |
|
|
|
|
| |
search for the file.
|
| |
|
| |
|
|
|
|
| |
see #1653 #1572
|
|
|
|
| |
avoid clash with Thunderbird on Debian systems.
|
| |
|
|
|
|
|
| |
and move disable-mnt from thunderbird to firefox profile, in alignment with
recent commit from @Fred-Barclay
|
| |
|
| |
|
|
|
|
|
| |
This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
|
|
|
|
|
|
|
| |
* ~/.bash_history is already included in ~/.*_history, same file
* ~/.password-store is already included in disable-passwdmgr.inc (and not
whitelisted in browsers)
* ~/.local/share/applications is in whitelist-common.inc since recently
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add novideo
* add novideo
* add novideo
* put noexec last
* blacklist Clementine configuration and database
* blacklist Clementine configuration and database
* add novideo
* add novideo, permit access to ~/.java
* add novideo
* spoof machine-id
* mimeapps.list is already in whitelist-common.inc
* ~/.local/share/applications is already read-only
see disable-common.inc
* mimeapps.list is already in whitelist-common.inc
* ~/.local/share/applications is already read-only
see disable-common.inc
* drop machine-id option
private-etc hides it anyway
|
|
|
|
| |
There may actually be some other comments that were removed, but the bulk have been restored
|
| |
|
|
|
|
| |
Reported here: https://bugs.debian.org/864510
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In debian stretch icedove is renamed to thunderbird. This happens
as of icedove version 1:45.7.1-1, see debian bug #816679 for
details.
Thunderbird debian package, as of stretch, contains a migration
script for user profiles. Namely /usr/bin/thunderbird is a wrapper
script, thunderbird-wrapper.sh. This scripts symlinks ~/.icedove
(if exists) to ~/.thunderbird thus ensuring Thunderbird will be
able to read old user's profiles.
That symlink breaks thunderbird when run with firejail since
firejail thunderbird.profile does not allow access to ~/.icedove.
This commit modifies accordingly the thunderbird.profile.
|
|
|
|
| |
disabled by default - a tmpfs is mounted on top of it.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
--shell=none default in profile files
|