aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
* update i2prouter profile, and remove from firecfg (#3123)Libravatar corecontingency2020-01-13
|
* aria2c fixes (#3143)Libravatar glitsj162020-01-13
| | | | | | * Support XDG_CONFIG_HOME for aria2c * Fix aria2c.profile
* fix #3141Libravatar rusty-snake2020-01-12
|
* move whitelist /usr/share/webext from firefox-com…Libravatar rusty-snake2020-01-12
| | | | | …mon.profile to firefox.profile. See https://github.com/netblue30/firejail/commit/c8f78d7b536ec2dce4cc74de2653ae6c8c99b553#commitcomment-36763119
* profiles: whitelist /usr/share/webext in firefox-commonLibravatar Reiner Herrmann2020-01-12
| | | | | directory is used for system-wide installed webext-addons. Reported at: https://bugs.debian.org/948558
* freecad: allow access to pythonLibravatar smitsohu2020-01-10
|
* Merge pull request #3131 from smitsohu/webengineLibravatar netblue302020-01-09
|\ | | | | allow chroot syscall where apps depend on QtWebengine
| * allow chroot syscall where apps depend on QtWebengineLibravatar smitsohu2020-01-08
| | | | | | | | derived from QtWebengine reverse dependencies
* | cmus: allow access to resolv.confLibravatar Florian Preinstorfer2020-01-08
| |
* | misc profile fixups and hardeningLibravatar rusty-snake2020-01-08
| |
* | hexchat: comment machine-idLibravatar rusty-snake2020-01-06
| | | | | | | | da44ecb removed nosound, but machine-id breaks pulseaudio
* | Allow sound for hexchatLibravatar haarp2020-01-06
|/ | | Hexchat can play sounds for notifications or other events. It makes sense to allow it to play them.
* Add comment to sylpheed.profile for supporting non-default storage pathLibravatar glitsj162020-01-05
|
* Add support for default storage path in claws-mail.profileLibravatar glitsj162020-01-05
|
* Allow Tor Browser to run /usr/bin/id (#3114)Libravatar creideiki2020-01-05
| | | | | | | | | | | | | The start-tor-browser script tries to run /usr/bin/id to check that it isn't root before starting the browser. See https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/RelativeLink/start-tor-browser?id=41fd236bbb7d3d75a27473f927be31f7dd8fdc99#n94 If id is not in the private-bin directory, the test still works by accident, but prints these error messages: ./Browser/start-tor-browser: line 94: id: command not found ./Browser/start-tor-browser: line 94: [: : integer expression expected Add id to the private-bin directory to make it run as intended.
* Use nowhitelist in sylpheed.profileLibravatar glitsj162020-01-05
| | | Thanks @rusty-snake for the suggestion (see #3122).
* Turn sylpheed.profile into a (claws-mail) redirectLibravatar glitsj162020-01-04
|
* Tighten wusc in claws-mail.profileLibravatar glitsj162020-01-04
|
* Fix private-lib for gentoo in evince.profileLibravatar glitsj162020-01-04
| | | Fixes #3121.
* Fix neverputt profileLibravatar Tad2020-01-04
|
* sylpheed: noblacklist ${HOME}/Mail (see #3122)Libravatar rusty-snake2020-01-04
|
* Add barrier profile (#3115)Libravatar Adrian L. Shaw2020-01-04
| | | | | | | | | | | | | | | | | | | | * Add barrier.profile * Add newline before special options * Modify description * Add disable mount to barrier.profile * Address feedback from rusty-snake * Remove stray carriage return * Add noexec for /home/user and /tmp * Don't blacklist openssl * Remove redundant rules
* Gentoo fixes (#3120)Libravatar glitsj162020-01-04
| | | | | | | | * fix private-etc on gentoo * Fix private-etc on gentoo * Fix evince on gentoo
* update pavucontrolLibravatar rusty-snake2020-01-03
| | | | see #3112
* ${HOME} whitelisting breaks settings in arthaLibravatar glitsj162020-01-03
| | | More background info in #3112.
* typo (wget) & fix (baobab) [skip ci]Libravatar rusty-snake2020-01-03
|
* fix #3110Libravatar rusty-snake2020-01-03
|
* Get rid of #2302 (#3111)Libravatar rusty-snake2020-01-03
|
* fixup! Extra hardening for wgetLibravatar rusty-snake2020-01-03
|
* Fix wusc in mpv (#3108)Libravatar Daniel M. Capella2020-01-03
| | | Partly fixes #3107.
* Fix wusc in exiftoolLibravatar glitsj162020-01-03
| | | Arch puts files under /usr/share/perl-image-exiftool, whitelist that path for wusc.
* Fix wusc in weechatLibravatar glitsj162020-01-03
| | | Partly fixes #3107 (the weechat part).
* Add artha log to disable-programs.incLibravatar glitsj162020-01-02
|
* Fix arthaLibravatar glitsj162020-01-02
| | | I intentionally wanted to have this as a 'whitelist' profile. The only snag is that artha seems to generate ${HOME}/.config/artha.config.XXXXXX that I cannot whitelist upfront. Added notes to highlight this behaviour.
* Extra hardening for wgetLibravatar glitsj162020-01-02
|
* Additional hardening for whoisLibravatar glitsj162020-01-02
|
* Harden artha.profileLibravatar glitsj162020-01-02
|
* Harden aria2c.profileLibravatar glitsj162020-01-02
|
* Future-proof private-lib in gedit.profileLibravatar glitsj162020-01-02
| | | Better fix for #3104 .
* Fix #3105 -- add allow-ruby.incLibravatar rusty-snake2020-01-02
|
* fix gnome-mapsLibravatar rusty-snake2020-01-02
|
* fix celluloidLibravatar rusty-snake2020-01-02
|
* harden whois.profileLibravatar rusty-snake2020-01-02
|
* Harden openshotLibravatar rusty-snake2020-01-02
|
* gnome-builder: fix build cacheLibravatar rusty-snake2020-01-02
|
* Harden wget.profileLibravatar rusty-snake2020-01-02
|
* Fix private-lib in gedit.profileLibravatar glitsj162020-01-01
| | | Fixes #3104.
* Make ${HOME}/.config/environment.d read-onlyLibravatar rusty-snake2019-12-30
|
* Harden file-rollerLibravatar rusty-snake2019-12-29
|
* disable-devel: blacklist source-codeLibravatar rusty-snake2019-12-29
|
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-08 21:30:52 +0000