| Commit message (Collapse) | Author | Age |
| |
|
|\
| |
| | |
elinks.profile: Fix missing access to liblua
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By including allow-lua.inc.
Error log:
$ firejail elinks
elinks: error while loading shared libraries: liblua.so.5.4: cannot open shared object file: Permission denied
Environment: firejail-git (a82c8e021) and elinks 0.14.3-2 on Artix
Linux.
Fixes #4707.
Reported-by: @jose1711
|
|\ \
| | |
| | | |
Skype profile tweaks
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Tested these settings and they work fine, including a test call. I can't
explain why, but if the `org.kde.StatusNotifierWatcher` entry is
removed, Skype will immediately log out the previous session when
started.
|
| |/
| |
| |
| | |
Without this, Skype's session isn't retained.
|
|\ \
| |/
|/| |
Add CachyBrowser profile
|
| | |
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Various .so's are needed to allow execution, /etc/ImageMagick-7/ is
needed for various policy XML files, and /usr/$(libdir)/ImageMagick-x.y.z/
is needed in order to have access to decoders.
Tested on Gentoo; I don't know if other distros put the relevant bits
in different paths.
Signed-off-by: Hank Leininger <hlein@korelogic.com>
|
| |
|
| |
|
|
|
| |
As suggested in https://github.com/netblue30/firejail/pull/4727#discussion_r759402234.
|
| |
|
| |
|
|\
| |
| | |
Keep some groups regardless of nogroups and restore nogroups on nvidia
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`nogroups` should not have been causing issues with rendering on nvidia
since commit 623e68216 ("temporary fix for nvidia/nogroups/noroot issue
(#3644, #841)", 2020-10-02) and commit cb460c32c ("more nvidia (#3644)",
2020-10-03), which had made it a no-op on nvidia. And the handling of
the "render" and "video" groups are independent to the handling of
`nogroups` now; see the previous 3 commits.
Commits which introduced the comments on each profile:
* kodi.profile: commit ce462b6b1 ("fix #3501", 2020-07-16)
* mpsyt.profile: commit e17b48fca ("new profile mpsyt.profile",
2018-11-28)
* mpv.profile: commit cc7c48983 ("Document #1945", 2018-07-25)
* steam.profile: commit d6f8169dd ("steam fixes; #841, #3267",
2020-03-15)
Commands used to find the comments:
git grep -i nvidia -- etc/profile-* | grep -v private-etc
Relates to #4632.
|
| | |
|
| | |
|
|/ |
|
|\
| |
| | |
Update firejail-local for Brave + ipfs
|
| | |
|
| | |
|
|\ \
| |/
|/| |
Added `quiet` to some CLI profiles
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
- Update RELNOTES and README.md
- disable-common.inc
- blacklist ${HOME}/.local/share/ibus-typing-booster
- blacklist /run/timeshift (closes #4660)
- fix audacity.profile (closes #4659)
|
|\ \
| | |
| | | |
deterministic-shutdown option
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add OpenStego profile
|
| | | | |
|
| | | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
update yt-dlp.profile
|
| |/ / /
| | | |
| | | | |
ffprobe used for embedding images in difficult cases.
|
|\ \ \ \
| | | | |
| | | | | |
disable-common.inc: fix paths of slock and physlock
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Added on commit f0adf06c3 ("disable-common.inc: more SUID", 2021-11-09).
Relates to #4668.
|
|/ / / |
|
| | |
| | |
| | | |
Suggested in https://github.com/netblue30/firejail/pull/4675#discussion_r746510840. Makes sense!
|
| | |
| | |
| | |
| | | |
Added Fedora path as per https://github.com/netblue30/firejail/pull/4675#pullrequestreview-802438767.
NOTE: there are several other profiles touching /usr/libexec, so untill someone on Fedora can shed some light on what files are installed under /usr/libexec, I only blacklisted ssh-keysign. I'll pick this up tomorrow, a bit pressed for time in the non-digital worlds...
|
| | |
| | |
| | | |
Added Fedora path as per https://github.com/netblue30/firejail/pull/4675#pullrequestreview-802438767.
|
| | |
| | |
| | | |
Counterpart fix for changes in allow-ssh.inc.
|
| | |
| | |
| | | |
After seeing https://github.com/netblue30/firejail/commit/9a81078ddbbb4215d06f7d1861481ece05ebda99 it dawned on me that Arch Linux doesn't have /usr/lib/openssh, but uses /usr/lib/ssh instead. That's a different path than what's referenced in our current {allow-ssh,disable-common}.inc files. Some very superficial checks revealed that OpenSSH seems to be packaged quite differently, at least on Debian/Ubuntu and Arch Linux. And then there's version differences on non-rolling distro's to consider. All in all IMO it makes more sense to (no)blacklist /usr/lib/openssh and /usr/lib/ssh instead of referencing all the possible individual files that live under those paths.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|