| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* refactor claws-mail as whitelist profile
* refactor sylpheed as whitelist profile
* Create email-common.profile
* safeguard ${DOCUMENTS}
* Add disable-xdg to email-common.profile
Thanks @rusty-snake for the review.
|
| |
|
|
|
|
| |
…les with 'x11 none'
|
|
|
|
| |
…les with 'blacklist /tmp/.X11-unix'
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* harden devilspie
* harden devilspie2
* harden curl
* harden wget
* harden curl
* harden dig
* harden claws-mail
* harden dnscrypt-proxy
* harden dnscrypt-proxy
* harden dnscrypt-proxy
* harden exfalso
* refactor easystroke as whitelist profile
* refactor enchant as whitelist profile
* safeguard ${DOCUMENTS}
Thanks @rusty-snake for the suggestion.
* drop x11-none
Thanks @rusty-snake for catching this.
* drop x11 none
Thanks @rusty-snake for saving the bacon...
* drop x11 none
Thanks @rusty-snake for catching this.
* drop x11 none
Thanks @rusty-snake for preventing breakage!
* drop ipc-namespace
Better safe than sorry...
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This is continuation of fixes needed after recent ffmpeg change in
Arch Linux. See https://github.com/netblue30/firejail/issues/3147
|
|
|
|
| |
Reported at: https://bugs.debian.org/948993
|
| |
|
|
|
|
| |
[1]: https://github.com/netblue30/firejail/issues/2946#issuecomment-574861226
|
|
|
|
| |
closes #3147
|
| |
|
|
|
| |
@rusty-snake For now I've fixed the sorting to let it pass CI. Do you think sort.py should put java-{8,9}-openjdk before java-10-openjdk?
|
| |
|
|
|
|
|
|
| |
* Support XDG_CONFIG_HOME for aria2c
* Fix aria2c.profile
|
| |
|
|
|
|
|
| |
…mon.profile to firefox.profile.
See https://github.com/netblue30/firejail/commit/c8f78d7b536ec2dce4cc74de2653ae6c8c99b553#commitcomment-36763119
|
|
|
|
|
| |
directory is used for system-wide installed webext-addons.
Reported at: https://bugs.debian.org/948558
|
| |
|
|\
| |
| | |
allow chroot syscall where apps depend on QtWebengine
|
| |
| |
| |
| | |
derived from QtWebengine reverse dependencies
|
| | |
|
| | |
|
| |
| |
| |
| | |
da44ecb removed nosound, but machine-id breaks pulseaudio
|
|/
|
| |
Hexchat can play sounds for notifications or other events. It makes sense to allow it to play them.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The start-tor-browser script tries to run /usr/bin/id to check that
it isn't root before starting the browser. See
https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/RelativeLink/start-tor-browser?id=41fd236bbb7d3d75a27473f927be31f7dd8fdc99#n94
If id is not in the private-bin directory, the test still works by
accident, but prints these error messages:
./Browser/start-tor-browser: line 94: id: command not found
./Browser/start-tor-browser: line 94: [: : integer expression expected
Add id to the private-bin directory to make it run as intended.
|
|
|
| |
Thanks @rusty-snake for the suggestion (see #3122).
|
| |
|
| |
|
|
|
| |
Fixes #3121.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add barrier.profile
* Add newline before special options
* Modify description
* Add disable mount to barrier.profile
* Address feedback from rusty-snake
* Remove stray carriage return
* Add noexec for /home/user and /tmp
* Don't blacklist openssl
* Remove redundant rules
|
|
|
|
|
|
|
|
| |
* fix private-etc on gentoo
* Fix private-etc on gentoo
* Fix evince on gentoo
|
|
|
|
| |
see #3112
|
|
|
| |
More background info in #3112.
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
Partly fixes #3107.
|
|
|
| |
Arch puts files under /usr/share/perl-image-exiftool, whitelist that path for wusc.
|
|
|
| |
Partly fixes #3107 (the weechat part).
|