| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
This commit removes it from profile which have it.
/usr/share/perl* is still inaccessible for profiles with wusc and
disable-interpreters.inc w/o allow-perl.inc.
|
| |
|
|
|
|
|
|
|
| |
* add ~/.uim.d directory to whitelist-common.inc
uim is a multilingual input method framework (similar to ibus, which has its own entry in this file).
* add /var/lib/uim to whitelist-var-common.inc
When user installs an uim module (for example, an input method like anthy or mozc), it gets registered in a file in this directory.
|
| |
|
|
| |
/etc/apparmor.d/local/firejail.default - merge form 0.9.62.4
|
| |
|
|
|
| |
Signal is adding support for video calls on desktop, see
https://signal.org/blog/desktop-calling-beta/
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use whitelisting for video players
See https://github.com/netblue30/firejail/pull/3469
* Update media player whitelists
See reviews at https://github.com/netblue30/firejail/pull/3472
Block $DOCUMENTS
Make $DESKTOP read-only
* Review fixes: include read-only Desktop in whitelist
|
| |\
| |
| | |
Fix nomacs
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
```
Aug 11 16:32:32 korte audit[29004]: SECCOMP auid=1000 uid=1000 gid=1000
ses=2 subj==firejail-default (enforce) pid=29004 comm="nomacs"
exe="/usr/bin/nomacs" sig=31 arch=c000003e syscall=9 compat=0
ip=0x7fa2a1cc98c6 code=0x0
```
|
| |\ \
| | |
| | | |
seccomp: logging
|
| | |/
| |
| |
| |
| |
| |
| | |
Allow `log` as an alternative seccomp error action instead of killing
or returning an errno code.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| |/
|
|
|
| |
Initial,amend: wrong dir,delete gtk-*,added new files
Co-authored-by: kortewegdevries <k0rtic_dv@aol.com>
|
| |
|
|
|
|
|
| |
* Add profile for otter-browser
Initial
* private-bin,sorting
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Added git-cola profile
Initial
* Edit private-etc
Add alternatives,pki
* Add disable-xdg
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Added lyx profile
Initial
* Rmoved whitelists
Make home directory more accessible
|
| |
|
|
|
|
|
|
|
| |
* Added minitube profile
Initial
* Second
Removed no3d,added novideo
|
| |
|
| |
Initial
|
| |
|
|
|
|
|
|
|
| |
* Added mtpaint profile
Initial
* Second
Remove IPC-namespace,netfilter
|
| |
|
| |
Fixes for #3554.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Added minecraft-launcher-profile
Initial
* Changed minecraft-launcher profile
Added space,tracelog,nodvd
* Third
Fixed private-etc,added notes about path,java
* Sorting
|
| | |
|
| |\
| |
| | |
Added xfce4-screenshooter profile
|
| | |
| |
| |
| | |
Initial,removed common blaclist,add netfilter,private-etc
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Update virtualbox.profile
* Update virtualbox.profile
* Update virtualbox.profile
* Update virtualbox.profile
* Update virtualbox.profile
* Update virtualbox.profile
|
| |
|
|
| |
Add chroot
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Added freetube profile
Initial
* Added freetube profile
Second:drop ignore seccomp,add disable-shell
See https://github.com/netblue30/firejail/pull/3535
|
| |
|
|
|
|
| |
* Added cawbird profile
See https://github.com/netblue30/firejail/pull/3533
Squash commits for merging
|
| |\
| |
| | |
Hardend Zoom profile
|
| | | |
|
| |\ \
| | |
| | | |
Add Mattermost desktop profile
|
| | |/ |
|
| | |
| |
| |
| |
| |
| |
| | |
* Update telegram.profile
* Update telegram.profile
* Update telegram.profile
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add files via upload
New profile for homebank
* Update etc/profile-a-l/homebank.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* Update etc/profile-a-l/homebank.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* Update homebank.profile
* Update firecfg.config
homebank added
* Update disable-programs.inc
Added blacklist.
* Update homebank.profile
Added disable-shell,removed whitelisted docs
* Update disable-programs.inc
Changed sorting
* Update homebank.profile
Changed sorting
* Added cawbird profile
Initial
* Revert "Added cawbird profile"
This reverts commit 6b045976adf62a91882236600c55926af34b6a52.
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | |
| |
| |
| |
| | |
* fix #3404
* Update teams.profile
|
| | |
| |
| |
| |
| | |
fixes #3528
Are there any reasons why discord has no shell none?
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
| |
* Create element-desktop.profile
* add element-desktop dirs to disable-programs.inc
* add element-desktop to firecfg.config
* Update RELNOTES
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
use it. (#3493)
* blacklist .local/share/kxmlgui5
KDE programs use this to store their toolbar config.
* noblacklist .local/share/kxmlgui5 in the relevant KDE applications.
* Whitelist kxmlgui file for okular.
* Use a glob to blacklist subfolders instead of the parent folder.
noblacklisting individual subdirectories works only if we do it this way
(tested by launching bash in the kate profile).
* Make directory, not file.
* noblacklist relevant subdirs for more KDE applications
|
rusty-snake
Anton Shestakov
netblue30
Ondřej Nový
Fred Barclay
kortewegdevries
startx2017
Topi Miettinen
kortewegdevries
glitsj16
Neo00001
kortewegdevries
Emil Gedda
Kishore96in