| Commit message (Collapse) | Author | Age |
|
|
|
| |
see #1653 #1572
|
|
|
|
| |
avoid clash with Thunderbird on Debian systems.
|
| |
|
|
|
|
|
| |
and move disable-mnt from thunderbird to firefox profile, in alignment with
recent commit from @Fred-Barclay
|
| |
|
| |
|
|
|
|
|
| |
This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
|
|
|
|
|
|
|
| |
* ~/.bash_history is already included in ~/.*_history, same file
* ~/.password-store is already included in disable-passwdmgr.inc (and not
whitelisted in browsers)
* ~/.local/share/applications is in whitelist-common.inc since recently
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add novideo
* add novideo
* add novideo
* put noexec last
* blacklist Clementine configuration and database
* blacklist Clementine configuration and database
* add novideo
* add novideo, permit access to ~/.java
* add novideo
* spoof machine-id
* mimeapps.list is already in whitelist-common.inc
* ~/.local/share/applications is already read-only
see disable-common.inc
* mimeapps.list is already in whitelist-common.inc
* ~/.local/share/applications is already read-only
see disable-common.inc
* drop machine-id option
private-etc hides it anyway
|
|
|
|
| |
There may actually be some other comments that were removed, but the bulk have been restored
|
| |
|
|
|
|
| |
Reported here: https://bugs.debian.org/864510
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In debian stretch icedove is renamed to thunderbird. This happens
as of icedove version 1:45.7.1-1, see debian bug #816679 for
details.
Thunderbird debian package, as of stretch, contains a migration
script for user profiles. Namely /usr/bin/thunderbird is a wrapper
script, thunderbird-wrapper.sh. This scripts symlinks ~/.icedove
(if exists) to ~/.thunderbird thus ensuring Thunderbird will be
able to read old user's profiles.
That symlink breaks thunderbird when run with firejail since
firejail thunderbird.profile does not allow access to ~/.icedove.
This commit modifies accordingly the thunderbird.profile.
|
|
|
|
| |
disabled by default - a tmpfs is mounted on top of it.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
--shell=none default in profile files
|
| |
|
| |
|
|
|