| Commit message (Collapse) | Author | Age |
|
|
| |
Netfilter is fine but "net none" option breaks functionality of marketplace.
|
| |
|
|
|
| |
Fixes #2933
|
|
|
|
|
|
| |
* Add ar to firecfg
* Create ar.profile
|
|
|
| |
Fixes #2942.
|
|
|
| |
This fixes #2941.
|
| |
|
|
|
|
|
| |
- dconf database is read-only (fde6e04b) and accessed over dbus,
there are no reasons to keep it in the sandbox
|
|
|
| |
see previous commit, #2879
|
|\
| |
| | |
qpdfview: Fix issue when opening a file from file manager
|
| |
| |
| | |
I can confirm https://github.com/netblue30/firejail/pull/2837#issuecomment-511334363 when opening a file from `pcmanfm`, it doesn't open if qpdfview contains `nodbus`
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rules for redirecting profiles:
- add exceptions: just add 'seccomp !SYSCALL'
- remove exception:
```
seccomp
ignore seccomp
```
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- add novideo to a lot of profiles
(there are still more profiles where novideo can be added)
- remove commente mdwe from some gnome applications
- add descriptions to some profiles
- blacklist ${HOME}/.cargo/credentials
- move ${HOME}/.git-credentials and ${HOME}/.git-credential-cache to
'top secret' in disable-common.inc
- some ordering in disable-programs.inc
- merge tor browser blacklists to ${HOME}/.tor-browser*
- qupzilla.profile redirect to falkon.profile
- blacklist gnome-builder paths
- fix transmission profiles inlude
- much more
|
| | |
|
|\ \
| | |
| | | |
Introduce allow-common-devel.inc
|
| | | |
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- install contrib/syscalls.sh
- add GitLab-CI status to README.md
- read-only ${HOME}/.cargo/env
- move blacklist ${HOME}/.cargo/registry, ${HOME}/.cargo/config to
disable-programs
- typo in man firejail firejail-profiles firecfg
- better descriptions in man firejail-profiles
- fixes in man firejail
- template descriptions in firejail-profiles
|
| | |
|
| | |
|
| | |
|
| |
| |
| | |
Fixes #2901.
|
|\ \
| | |
| | | |
Profiles: add I2P
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Changed to default seccomp
Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
|
| | | |
|
|/ /
| |
| | |
Thanks @rusty-snake for catching this!
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Refactor transmission-cli
* Create transmission-common.profile
* Refactor transmission-create
* Refactor transmission-daemon
* Refactor transmission-edit
* Refactor transmission-gtk
* Refactor transmission-qt
* Refactor transmission-remote-cli
* Refactor transmission-remote-gtk
* Refactor transmission-remote
* Refactor transmission-show
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* beginn fixup
* continue
* continue
* continue
* continue
* continue
* continue
|
|\ \
| | |
| | | |
tighten private-bin and etc for torbrowser-launcher.profile
|
| | | |
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* nano: add quiet option
* ffmpegthumbnailer: fix quiet leakage
* ffplay: fix quiet leakage
* ffprobe: fix quiet leakage
* rnano: fix quiet leakage
* qt-faststart: fix quiet leakage
* scp: fix quiet leakage
* sftp: fix quiet leakage
* transmission-create: fix quiet leakage
* transmission-edit: fix quiet leakage
* transmission-remote-cli: fix quiet leakage
* transmission-remote-gtk: fix quiet leakage
* dnscrypt-proxy: add quiet option
* dnsmasq: add quiet option
* seahorse-daemon: add quiet option
* xpra: add quiet option
* Xephyr: add quiet option
* Xvfb: add quiet option
|
| | |
|
| |
| |
| | |
https://forums.whonix.org/t/automatically-firejailing-tor-browser/4767/29
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Fix potential leakage of quiet option in 7za
* Fix potential leakage in quiet option for 7zr
* Fix potential leakage in quiet option for p7zip
* Fix potential leakage in quiet option for acat
* Fix potential leakage in quiet option for adiff
* Fix potential leakage in quiet option for als
* Fix potential leakage in quiet option for apack
* Fix potential leakage in quiet option for arepack
* Fix potential leakage in quiet option for aunpack
* Fix potential leakage in quiet option for lrunzip
* Fix potential leakage in quiet option for lrz
* Fix potential leakage in quiet option for lrzcat
* Fix potential leakage in quiet option for lrzip
* Fix potential leakage in quiet option for lrztar
* Fix potential leakage in quiet option for lrzuntar
* Fix potential leakage in quiet option for zpaq
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
VirtualBox has several setuid binaries which need cap_sys_admin, cap_net_raw and cap_sys_nice to work properly.
Fixes https://github.com/netblue30/firejail/issues/2868
|