| Commit message (Collapse) | Author | Age |
|
|
| |
The included firefox.profile has wusc now. We need to whitelist /usr/share/geary to avoid breakage.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add wusc to eom
* Fix wusc in firefox
Without access to /usr/share/ca-certificates all HTTPS traffic gets the FF dialog 'Warning: Potential Security Risk Ahead'. Probably needed in thunderbird profile too (untested).
* Fix wusc ordering in meld
Just an alphabetical ordering nitpick.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Work on whitelist-usr-share-common
* sorting; add Modules + QT/KDE stuff
* add wusc.inc to more profiles [needs testing]
* update
* gitg, firefox, evince
* /usr/share/{p11-kit,pixmaps,pki,qt5,tcl8.6,terminfo}
* more profiles
* remove wusc.inc from feedreader
Even with 'whitelist /usr/share/*', feedreader trys to dereference a
NULL pointer.
* more profiles
* whitelist /usr/share breaks wget
even with whitelist /usr/share/*
* extend wusc.inc
* update
* Add alsa,crypto-policies and zoneinfo
* readd wusc.inc to wget and feedreader
* update
* testing results: Debian Buster with KDE
* more KDE stuff
* fix tb
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
private-lib:
- Add note about possible two-page-view breaktage
- add libgraphite2.so.*
remove mdwe
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
$ firejail ffprobe VIDEO
execvp: No such file or directory
$ firejail --noprofile --private-bin=ffprobe ffprobe VIDEO
execvp: No such file or directory
$ firejail --ignore=private-bin ffprobe VIDEO
Works
ffprobe is the only file in PATH that is touched (see --build).
|
| |
|
| |
|
|
|
|
| |
https://bugs.debian.org/941241
|
| |
|
|
|
| |
close #2967
|
| |
|
|
|
|
| |
… it breaks feedreader and potential also other programs
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
* Removed disable-interpreters.inc from w3m.profile
* disable-interpreters + allow-perl
|
| |
|
| |
|
|
|
| |
Netfilter is fine but "net none" option breaks functionality of marketplace.
|
| |
|
|
|
| |
Fixes #2933
|
|
|
|
|
|
| |
* Add ar to firecfg
* Create ar.profile
|
|
|
| |
Fixes #2942.
|
|
|
| |
This fixes #2941.
|
| |
|
|
|
|
|
| |
- dconf database is read-only (fde6e04b) and accessed over dbus,
there are no reasons to keep it in the sandbox
|
|
|
| |
see previous commit, #2879
|
|\
| |
| | |
qpdfview: Fix issue when opening a file from file manager
|
| |
| |
| | |
I can confirm https://github.com/netblue30/firejail/pull/2837#issuecomment-511334363 when opening a file from `pcmanfm`, it doesn't open if qpdfview contains `nodbus`
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rules for redirecting profiles:
- add exceptions: just add 'seccomp !SYSCALL'
- remove exception:
```
seccomp
ignore seccomp
```
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- add novideo to a lot of profiles
(there are still more profiles where novideo can be added)
- remove commente mdwe from some gnome applications
- add descriptions to some profiles
- blacklist ${HOME}/.cargo/credentials
- move ${HOME}/.git-credentials and ${HOME}/.git-credential-cache to
'top secret' in disable-common.inc
- some ordering in disable-programs.inc
- merge tor browser blacklists to ${HOME}/.tor-browser*
- qupzilla.profile redirect to falkon.profile
- blacklist gnome-builder paths
- fix transmission profiles inlude
- much more
|
| | |
|
|\ \
| | |
| | | |
Introduce allow-common-devel.inc
|