aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
* Rework thunderbird.profile (#3091)Libravatar rusty-snake2020-01-22
| | | | | | | | | | | | | | * Rework thunderbird.profile (1) * Rework thunderbird.profile (2) * Rework thunderbird.profile (3) * Rework thunderbird.profile (4) * Rework thunderbird.profile (5) * Rework thunderbird.profile (6)
* Browsers: private-dev conditional with BROWSER_DISABLE_U2FLibravatar rusty-snake2020-01-21
| | | | see also #3170
* Add comment for python-based plugins in claws-mail.profileLibravatar glitsj162020-01-20
|
* Fix firefox (#3171)Libravatar Antz2020-01-20
|
* harden celluloid.profileLibravatar rusty-snake2020-01-19
|
* create rtv.profileLibravatar rusty-snake2020-01-19
|
* fixes for 'blacklist ${RUNUSER}/wayland-*' (#3166)Libravatar glitsj162020-01-18
| | | | | | | | | | | | | | | | | | | | * unbreak audio-recorder Support both X11 and Wayland by default. Users can add 'blacklist ${RUNUSER}/wayland-*' or 'x11 none' in their audio-recorder.local. * unbreak ddgtk Support both X11 and Wayland by default. Users can add 'blacklist ${RUNUSER}/wayland-*' or 'x11 none' in their ddgtk.local. * unbreak and harden gconf-editor Support both X11 and Wayland by default. Also whitelist /usr/share/gconf-editor for wusc. * unbreak seahorse Support both X11 and Wayland by default. * add blacklist ${RUNUSER}/wayland-* to dnscrypt-proxy
* add tvbrowser.profileLibravatar rusty-snake2020-01-18
| | | | Thanks @Micha-Btz for all the testing.
* make devilspie2 redircet to devilspie (#3163)Libravatar rusty-snake2020-01-18
|
* die python2 die !! #3164 (meld)Libravatar rusty-snake2020-01-18
| | | | https://github.com/netblue30/firejail/issues/3164#issuecomment-575892401
* harden baoba and transmission-commonLibravatar rusty-snake2020-01-18
|
* refactor claws-mail and sylpheed as whitelist profiles (#3162)Libravatar glitsj162020-01-18
| | | | | | | | | | | | | | * refactor claws-mail as whitelist profile * refactor sylpheed as whitelist profile * Create email-common.profile * safeguard ${DOCUMENTS} * Add disable-xdg to email-common.profile Thanks @rusty-snake for the review.
* add RUNUSER and Disable Wayland to the templateLibravatar rusty-snake2020-01-18
|
* add 'blacklist ${RUNUSER}/wayland-*' to all profi…Libravatar rusty-snake2020-01-18
| | | | …les with 'x11 none'
* add 'blacklist ${RUNUSER}/wayland-*' to all profi…Libravatar rusty-snake2020-01-18
| | | | …les with 'blacklist /tmp/.X11-unix'
* 'blacklist /tmp/.X11-unix' is implied by x11 noneLibravatar rusty-snake2020-01-18
|
* fix x11 none in devilspie2Libravatar glitsj162020-01-17
|
* Fix x11 none in devilspieLibravatar glitsj162020-01-17
|
* hardenings for various profiles (#3160)Libravatar glitsj162020-01-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * harden devilspie * harden devilspie2 * harden curl * harden wget * harden curl * harden dig * harden claws-mail * harden dnscrypt-proxy * harden dnscrypt-proxy * harden dnscrypt-proxy * harden exfalso * refactor easystroke as whitelist profile * refactor enchant as whitelist profile * safeguard ${DOCUMENTS} Thanks @rusty-snake for the suggestion. * drop x11-none Thanks @rusty-snake for catching this. * drop x11 none Thanks @rusty-snake for saving the bacon... * drop x11 none Thanks @rusty-snake for catching this. * drop x11 none Thanks @rusty-snake for preventing breakage! * drop ipc-namespace Better safe than sorry...
* fix join timeout if sleep interval is not a multipleLibravatar smitsohu2020-01-17
|
* Fix gfeedsLibravatar rusty-snake2020-01-17
|
* Harden feedreaderLibravatar rusty-snake2020-01-17
|
* More fixes for ffmpeg support in Arch LinuxLibravatar Vincent432020-01-17
| | | | | This is continuation of fixes needed after recent ffmpeg change in Arch Linux. See https://github.com/netblue30/firejail/issues/3147
* profiles: whitelist transmission-daemon config directoryLibravatar Reiner Herrmann2020-01-17
| | | | Reported at: https://bugs.debian.org/948993
* Fix missing lib libmfx.so.1 (standardnotes-desktop) (#3151)Libravatar Florian Begusch2020-01-16
|
* fix wire-desktop [1]Libravatar rusty-snake2020-01-16
| | | | [1]: https://github.com/netblue30/firejail/issues/2946#issuecomment-574861226
* fix ffmpeg privat-etcLibravatar rusty-snake2020-01-15
| | | | closes #3147
* Update RELNOTES, README.md|Add firefox-x11.profileLibravatar rusty-snake2020-01-13
|
* Fix sorting private-etc in i2prouter.profileLibravatar glitsj162020-01-13
| | | @rusty-snake For now I've fixed the sorting to let it pass CI. Do you think sort.py should put java-{8,9}-openjdk before java-10-openjdk?
* update i2prouter profile, and remove from firecfg (#3123)Libravatar corecontingency2020-01-13
|
* aria2c fixes (#3143)Libravatar glitsj162020-01-13
| | | | | | * Support XDG_CONFIG_HOME for aria2c * Fix aria2c.profile
* fix #3141Libravatar rusty-snake2020-01-12
|
* move whitelist /usr/share/webext from firefox-com…Libravatar rusty-snake2020-01-12
| | | | | …mon.profile to firefox.profile. See https://github.com/netblue30/firejail/commit/c8f78d7b536ec2dce4cc74de2653ae6c8c99b553#commitcomment-36763119
* profiles: whitelist /usr/share/webext in firefox-commonLibravatar Reiner Herrmann2020-01-12
| | | | | directory is used for system-wide installed webext-addons. Reported at: https://bugs.debian.org/948558
* freecad: allow access to pythonLibravatar smitsohu2020-01-10
|
* Merge pull request #3131 from smitsohu/webengineLibravatar netblue302020-01-09
|\ | | | | allow chroot syscall where apps depend on QtWebengine
| * allow chroot syscall where apps depend on QtWebengineLibravatar smitsohu2020-01-08
| | | | | | | | derived from QtWebengine reverse dependencies
* | cmus: allow access to resolv.confLibravatar Florian Preinstorfer2020-01-08
| |
* | misc profile fixups and hardeningLibravatar rusty-snake2020-01-08
| |
* | hexchat: comment machine-idLibravatar rusty-snake2020-01-06
| | | | | | | | da44ecb removed nosound, but machine-id breaks pulseaudio
* | Allow sound for hexchatLibravatar haarp2020-01-06
|/ | | Hexchat can play sounds for notifications or other events. It makes sense to allow it to play them.
* Add comment to sylpheed.profile for supporting non-default storage pathLibravatar glitsj162020-01-05
|
* Add support for default storage path in claws-mail.profileLibravatar glitsj162020-01-05
|
* Allow Tor Browser to run /usr/bin/id (#3114)Libravatar creideiki2020-01-05
| | | | | | | | | | | | | The start-tor-browser script tries to run /usr/bin/id to check that it isn't root before starting the browser. See https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/RelativeLink/start-tor-browser?id=41fd236bbb7d3d75a27473f927be31f7dd8fdc99#n94 If id is not in the private-bin directory, the test still works by accident, but prints these error messages: ./Browser/start-tor-browser: line 94: id: command not found ./Browser/start-tor-browser: line 94: [: : integer expression expected Add id to the private-bin directory to make it run as intended.
* Use nowhitelist in sylpheed.profileLibravatar glitsj162020-01-05
| | | Thanks @rusty-snake for the suggestion (see #3122).
* Turn sylpheed.profile into a (claws-mail) redirectLibravatar glitsj162020-01-04
|
* Tighten wusc in claws-mail.profileLibravatar glitsj162020-01-04
|
* Fix private-lib for gentoo in evince.profileLibravatar glitsj162020-01-04
| | | Fixes #3121.
* Fix neverputt profileLibravatar Tad2020-01-04
|
* sylpheed: noblacklist ${HOME}/Mail (see #3122)Libravatar rusty-snake2020-01-04
|
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 12:55:22 +0000