| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
The header of profile.template define this order:
IGNORES
NOBLACKLISTS
ALLOW INCLUDES
BLACKLISTS
DISABLE INCLUDES
|
|
|
|
| |
closes #4324
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create links-common.profile
* Update links.profile
* Create links2.profile
* Update links.profile
* Update links2.profile
* Update elinks.profile
* Update elinks.profile
* links2
* Update firecfg.config
* Update xlinks.profile
* .xlinks
* add dbus and whitelist-usr-share-common
* .xlinks doesn't exist
* revert
* Create xlinks2
* xlinks2
* Update xlinks2
* Update xlinks.profile
* no wayland
* no wayland
* doesn't use /tmp/.X11-unix
* doesn't use /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
|
|\
| |
| | |
Restrict /usr/libexec
|
| | |
|
| | |
|
|/
|
|
|
| |
* ignore include disable-shell.inc
* allow-bin-sh.inc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create youtube-viewers-common.profile
* reorganising youtube viewers
* rm globals
* reorganise youtube viewers
* adding pipe-viewer
* adding gtk-pipe-viewer
* xterm and youtube-dl cache
* sort
* Update youtube-viewers-common.profile
* quiet
* quiet
* quiet
* Update firecfg.config
* rm vlc
* rm invalid binary
* noinput
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* whitelist-runuser-common.inc
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add support for cargo toml/non-toml files
* add support for cargo toml/non-toml files
* use globbing to blacklist Rust files
See https://github.com/netblue30/firejail/pull/4286#issuecomment-845318446.
* use globbing to blacklist cargo/Rust files
See https://github.com/netblue30/firejail/pull/4286#issuecomment-845318446.
|
|
|
|
|
|
|
|
|
|
|
| |
* fix blobby
* fix funnyboat
* fix librecad
* drop doubled netfilter entree in blobby
* drop unneeded include in funnyboat
|
| |
|
| |
|
|\
| |
| | |
Fix Lutris profile
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Add cargo.profile
|
| | | |
|
| |/ |
|
|\ \
| | |
| | | |
Whitelist2
|
| | | |
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Summary: SDDM uses $XDG_RUNTIME_DIR/<UUID> as Xauthority.
In my tests (Fedora 32 KDE spin IIRC) it used /tmp/... so it was
irrelevant for wruc. So the Xauthority file created by SDDM sems to
depend on distro, version, config, ….
Future alternatives to this long, ugly line would be a ${XAUTHORITY}
macro or a private-run-user option.
|
| |
| |
| |
| | |
Make ${HOME}/.rustup read-only and blacklist ${HOME}/.cargo/credentials.toml
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* fix noroot comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630981737).
* fix dbus-user comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630982527).
* fix private-dev comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630980029).
* fix private-etc comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630979698).
* move writable-var comment cfr. profile.template
|
| |
| |
| |
| | |
Clarify some options that supersede others.
|
| |
| |
| |
| | |
Profiles with private-dev behind BROWSER_DISABLE_U2F were missed by 0cee0ba5.
|
| |
| |
| |
| | |
It now features audio/video calling.
|
| |
| |
| | |
It's a workaround option, not to be used in any profile by default. Thanks to @rusty-snake for pointing that out.
|
| |
| |
| |
| |
| |
| |
| |
| | |
bijiben crashes without access to /usr/share/tracker3 in Fedora 34 with:
** (bijiben:14): WARNING **: 21:48:08.394: Unable to connect to Tracker: 'file:///usr/share/tracker3/ontologies/nepomuk' is not a ontology location
** (bijiben:14): WARNING **: 21:48:08.394: Cannot initialize BijiManager: 'file:///usr/share/tracker3/ontologies/nepomuk' is not a ontology location
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Create node.profile
* Create node-gyp.profile
* refactor npm as redirect
* Create npx.profile
* Create nvm.profile
* Create semver.profile
* refactor yarn as redirect
* collect node.js stack configuration in common profile
* add ~/.nvm to node section
* account for node-gyp python dependency
* read-only ~/.nvm for node.js stack
* blacklist ~/.nvm for node.js stack
* move env var comment cfr. profile.template
* Delete node-gyp.profile
node-gyp is a shell script with a node shebang. We've got that covered via node.profile.
* Delete npx.profile
npx is a shell script with a node shebang. We've got that covered via node.profile.
* Delete semver.profile
semver is a shell script that calls node. We've got that covered via node.profile.
* add node and nvm to new profiles section
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* revert comment changes from #4257
* revert comment changes from #4257
* revert comment changes from #4257
* revert comment changes from #4257
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* [comment] use 'read-write' instead of 'ignore read-only'
* [comment] use 'read-write' instead of 'ignore read-only'
* [comment] use 'read-write' instead of 'ignore read-only'
* [comment] use 'read-write' instead of 'ignore read-only'
|
|\ \
| | |
| | | |
whitelist /var/lib/aspell in whitelist-var-common.inc
|
| | | |
|
|/ / |
|
| |
| |
| |
| |
| | |
* restrict D-Bus access in wireshark
* add private-cache to wireshark
|
|\ \
| | |
| | | |
Disable seccomp in wireshark profile
|
| | | |
|
| | | |
|
| | | |
|
|/ / |
|