aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
* profiles: fix librewolf (#4838)Libravatar Reiner Herrmann2022-01-07
|
* Add DBus filter rules specific to firefox-developer-edition (#4832)Libravatar Ammon Smith2022-01-07
| | | | | * Add firefoxdeveloperedition DBus path to profile. * Re-order rules.
* ordering fixesLibravatar glitsj162022-01-06
|
* profiles: allow extensions directories in chromium-common profileLibravatar Reiner Herrmann2022-01-06
|
* profiles: allow /usr/share/webext in chromium profileLibravatar Reiner Herrmann2022-01-06
| | | | Bug-Debian: https://bugs.debian.org/1003234
* add notable blacklistsLibravatar glitsj162022-01-05
|
* Create notable.profileLibravatar glitsj162022-01-05
|
* skypeforlinux: Whitelist downloads directoryLibravatar Hugo Osvaldo Barrera2021-12-30
| | | | It's used when saving files send in conversations.
* Merge pull request #4755 from kmk3/mpv-add-yt-dlpLibravatar netblue302021-12-28
|\ | | | | yt-dlp: add missing paths & mpv.profile: whitelist paths for yt-dlp
| * mpv.profile: whitelist paths for yt-dlpLibravatar Kelvin M. Klann2021-12-09
| | | | | | | | | | | | | | | | | | See etc/profile-m-z/yt-dlp.profile. Relates to commit d6ca41c19 ("update mpv.profile", 2021-10-24) / PR #4634. Fixes #4754.
| * mpv.profile: sort whitelistLibravatar Kelvin M. Klann2021-12-09
| |
| * mpv.profile: stop creating youtube-dl config dirLibravatar Kelvin M. Klann2021-12-09
| | | | | | | | | | | | | | | | If it does not already exist, mpv is unlikely to need or to create it, so just whitelist it if it exists. This amends commit 5d741795c ("Use whitelisting for video players (#3472)", 2020-08-15).
| * disable-programs.inc: blacklist missing yt-dlp pathsLibravatar Kelvin M. Klann2021-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This amends commit d6ca41c19 ("update mpv.profile", 2021-10-24) / PR #4634. These paths were taken from yt-dlp(1). They are used since yt-dlp commit e2e43aea2 ("Portable Configuration file (closes #19)", 2021-01-16)[1]. Environment: yt-dlp 2021.12.01-1 on Artix Linux. Relates to: https://github.com/yt-dlp/yt-dlp/issues/19 [1] https://github.com/yt-dlp/yt-dlp/commit/e2e43aea2159a235e151f56bd14383129a6b4355
* | Fix clipgrab profile (yt-dlp requires python)Libravatar Jose Riha2021-12-28
| |
* | updateLibravatar netblue302021-12-19
| |
* | Merge pull request #4759 from fenuks/tor-browser-update-fixLibravatar netblue302021-12-19
|\ \ | | | | | | Allow /opt/tor-browser for Tor Browser profile
| * | Allow /opt/tor-browser for Tor Browser profileLibravatar fenuks2021-12-09
| |/
* | Allow telegram to open hyperlinksLibravatar York Zhao2021-12-18
| |
* | Merge pull request #4782 from jose1711/nextcloud_usrshareLibravatar netblue302021-12-18
|\ \ | | | | | | Whitelist /usr/share/nextcloud to allow access to translation files.
| * | Whitelist /usr/share/nextcloud to allow access to translation files.Libravatar Jose Riha2021-12-17
| | |
* | | Merge pull request #4779 from seonwoolee/fix-teamsLibravatar netblue302021-12-18
|\ \ \ | | | | | | | | Fix teams ignoring input sources e.g. microphones
| * | | Move noinput outside of disabled until someone reported positive feedback blockLibravatar Seonwoo2021-12-14
| | | |
| * | | Fix teams ignoring input sources e.g. microphonesLibravatar Seonwoo2021-12-14
| |/ /
* | | Merge pull request #4781 from YorkZ/prLibravatar netblue302021-12-18
|\ \ \ | | | | | | | | Whitelist ${HOME}/.local/opt/tor-browser to make tor-browser work
| * | | Whitelist ${HOME}/.local/opt/tor-browser to make tor-browser workLibravatar York Zhao2021-12-17
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tor-browser 11.0.2-1 doesn't work without whitelisting this directory. The following was the message I got before whitelisting this directory. Reading profile /etc/firejail/tor-browser.profile Reading profile /etc/firejail/torbrowser-launcher.profile Reading profile /etc/firejail/allow-python2.inc Reading profile /etc/firejail/allow-python3.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Warning: Warning: NVIDIA card detected, nogroups command disabled Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid 12653, child pid 12654 104 programs installed in 153.32 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping asound.conf for private /etc Warning: skipping crypto-policies for private /etc Warning fcopy: skipping /etc/fonts/conf.d/11-lcdfilter-default.conf, cannot find inode Warning: skipping pki for private /etc Private /etc installed in 64.84 ms Private /usr/etc installed in 0.00 ms Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: cleaning all supplementary groups Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Warning: cleaning all supplementary groups Child process initialized in 325.75 ms /usr/bin/tor-browser: [Error] The tor-browser archive could not be extracted to your home directory. Check the permissions of ~/.local/opt/tor-browser/app. The error log can be found in ~/.local/opt/tor-browser/LOG. /usr/bin/tor-browser: line 218: ~/.local/opt/tor-browser/app/Browser/start-tor-browser: No such file or directory
* / / disable curl and wget in browsers based on firefox and chromiumLibravatar netblue302021-12-18
|/ /
* / allow luaLibravatar glitsj162021-12-13
|/
* Merge pull request #4752 from kmk3/elinks-fix-liblua-accessLibravatar netblue302021-12-08
|\ | | | | elinks.profile: Fix missing access to liblua
| * elinks.profile: Fix missing access to libluaLibravatar Kelvin M. Klann2021-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By including allow-lua.inc. Error log: $ firejail elinks elinks: error while loading shared libraries: liblua.so.5.4: cannot open shared object file: Permission denied Environment: firejail-git (a82c8e021) and elinks 0.14.3-2 on Artix Linux. Fixes #4707. Reported-by: @jose1711
* | Merge pull request #4747 from WhyNotHugo/skype-configLibravatar netblue302021-12-08
|\ \ | | | | | | Skype profile tweaks
| * | skype: Harden D-Bus profileLibravatar Hugo Osvaldo Barrera2021-12-07
| | | | | | | | | | | | | | | | | | | | | Tested these settings and they work fine, including a test call. I can't explain why, but if the `org.kde.StatusNotifierWatcher` entry is removed, Skype will immediately log out the previous session when started.
| * | skype: Create and whitelist config dirLibravatar Hugo Osvaldo Barrera2021-12-06
| |/ | | | | | | Without this, Skype's session isn't retained.
* | Merge pull request #4743 from vnepogodin/masterLibravatar netblue302021-12-08
|\ \ | |/ |/| Add CachyBrowser profile
| * keep in sync with librewolf.profile from master branchLibravatar Vladislav Nepogodin2021-12-06
| |
| * Add new cachy-browser profileLibravatar Vladislav Nepogodin2021-12-06
| |
* | dino.profile: netlink protocol is required for audio/video calls.Libravatar crocket2021-12-07
|/
* Add a profile for FlatsealLibravatar Hugo Osvaldo Barrera2021-12-03
|
* etc/profile-a-l/display.profile: additions needed on GentooLibravatar Hank Leininger2021-12-02
| | | | | | | | | | | Various .so's are needed to allow execution, /etc/ImageMagick-7/ is needed for various policy XML files, and /usr/$(libdir)/ImageMagick-x.y.z/ is needed in order to have access to decoders. Tested on Gentoo; I don't know if other distros put the relevant bits in different paths. Signed-off-by: Hank Leininger <hlein@korelogic.com>
* goldendict: whitelist path to documentation and localesLibravatar Jose Riha2021-12-01
|
* move whitelists down according to profile.templateLibravatar glitsj162021-11-30
|
* add noblacklists tooLibravatar glitsj162021-11-30
| | | As suggested in https://github.com/netblue30/firejail/pull/4727#discussion_r759402234.
* additional whitelist pathsLibravatar glitsj162021-11-30
|
* additional electron blacklistsLibravatar glitsj162021-11-30
|
* Merge pull request #4725 from kmk3/fix-groups-misc2Libravatar netblue302021-11-30
|\ | | | | Keep some groups regardless of nogroups and restore nogroups on nvidia
| * etc: Remove comments about nogroups and noroot on nvidiaLibravatar Kelvin M. Klann2021-11-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `nogroups` should not have been causing issues with rendering on nvidia since commit 623e68216 ("temporary fix for nvidia/nogroups/noroot issue (#3644, #841)", 2020-10-02) and commit cb460c32c ("more nvidia (#3644)", 2020-10-03), which had made it a no-op on nvidia. And the handling of the "render" and "video" groups are independent to the handling of `nogroups` now; see the previous 3 commits. Commits which introduced the comments on each profile: * kodi.profile: commit ce462b6b1 ("fix #3501", 2020-07-16) * mpsyt.profile: commit e17b48fca ("new profile mpsyt.profile", 2018-11-28) * mpv.profile: commit cc7c48983 ("Document #1945", 2018-07-25) * steam.profile: commit d6f8169dd ("steam fixes; #841, #3267", 2020-03-15) Commands used to find the comments: git grep -i nvidia -- etc/profile-* | grep -v private-etc Relates to #4632.
* | Blacklist ~/.config/monero-projectLibravatar Ted Robertson2021-11-30
| |
* | fix #4714Libravatar netblue302021-11-29
| |
* | disable by default several network toolsLibravatar netblue302021-11-24
|/
* Merge pull request #4688 from Bundy01/masterLibravatar netblue302021-11-23
|\ | | | | Update firejail-local for Brave + ipfs
| * Update firejail-local for Brave + ipfsLibravatar Bundy012021-11-14
| |
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 08:59:32 +0000