| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add support for cargo toml/non-toml files
* add support for cargo toml/non-toml files
* use globbing to blacklist Rust files
See https://github.com/netblue30/firejail/pull/4286#issuecomment-845318446.
* use globbing to blacklist cargo/Rust files
See https://github.com/netblue30/firejail/pull/4286#issuecomment-845318446.
|
|
|
|
|
|
|
|
|
|
|
| |
* fix blobby
* fix funnyboat
* fix librecad
* drop doubled netfilter entree in blobby
* drop unneeded include in funnyboat
|
| |
|
| |
|
|\
| |
| | |
Fix Lutris profile
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Add cargo.profile
|
| | | |
|
| |/ |
|
|\ \
| | |
| | | |
Whitelist2
|
| | | |
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Summary: SDDM uses $XDG_RUNTIME_DIR/<UUID> as Xauthority.
In my tests (Fedora 32 KDE spin IIRC) it used /tmp/... so it was
irrelevant for wruc. So the Xauthority file created by SDDM sems to
depend on distro, version, config, ….
Future alternatives to this long, ugly line would be a ${XAUTHORITY}
macro or a private-run-user option.
|
| |
| |
| |
| | |
Make ${HOME}/.rustup read-only and blacklist ${HOME}/.cargo/credentials.toml
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* fix noroot comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630981737).
* fix dbus-user comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630982527).
* fix private-dev comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630980029).
* fix private-etc comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630979698).
* move writable-var comment cfr. profile.template
|
| |
| |
| |
| | |
Clarify some options that supersede others.
|
| |
| |
| |
| | |
Profiles with private-dev behind BROWSER_DISABLE_U2F were missed by 0cee0ba5.
|
| |
| |
| |
| | |
It now features audio/video calling.
|
| |
| |
| | |
It's a workaround option, not to be used in any profile by default. Thanks to @rusty-snake for pointing that out.
|
| |
| |
| |
| |
| |
| |
| |
| | |
bijiben crashes without access to /usr/share/tracker3 in Fedora 34 with:
** (bijiben:14): WARNING **: 21:48:08.394: Unable to connect to Tracker: 'file:///usr/share/tracker3/ontologies/nepomuk' is not a ontology location
** (bijiben:14): WARNING **: 21:48:08.394: Cannot initialize BijiManager: 'file:///usr/share/tracker3/ontologies/nepomuk' is not a ontology location
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Create node.profile
* Create node-gyp.profile
* refactor npm as redirect
* Create npx.profile
* Create nvm.profile
* Create semver.profile
* refactor yarn as redirect
* collect node.js stack configuration in common profile
* add ~/.nvm to node section
* account for node-gyp python dependency
* read-only ~/.nvm for node.js stack
* blacklist ~/.nvm for node.js stack
* move env var comment cfr. profile.template
* Delete node-gyp.profile
node-gyp is a shell script with a node shebang. We've got that covered via node.profile.
* Delete npx.profile
npx is a shell script with a node shebang. We've got that covered via node.profile.
* Delete semver.profile
semver is a shell script that calls node. We've got that covered via node.profile.
* add node and nvm to new profiles section
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* revert comment changes from #4257
* revert comment changes from #4257
* revert comment changes from #4257
* revert comment changes from #4257
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* [comment] use 'read-write' instead of 'ignore read-only'
* [comment] use 'read-write' instead of 'ignore read-only'
* [comment] use 'read-write' instead of 'ignore read-only'
* [comment] use 'read-write' instead of 'ignore read-only'
|
|\ \
| | |
| | | |
whitelist /var/lib/aspell in whitelist-var-common.inc
|
| | | |
|
|/ / |
|
| |
| |
| |
| |
| | |
* restrict D-Bus access in wireshark
* add private-cache to wireshark
|
|\ \
| | |
| | | |
Disable seccomp in wireshark profile
|
| | | |
|
| | | |
|
| | | |
|
|/ / |
|
| | |
|
|\ \
| | |
| | | |
New profile for neochat
|
| | | |
|
| | |
| | |
| | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | |
| | |
| | |
| | |
| | | |
The dev did say it may be required on some platforms. He didn't sound
completely sure.
|
| | | |
|
| | |
| | |
| | |
| | | |
Seems to detect currently running instance even without that.
|
| | |
| | |
| | |
| | | |
Confirmed on neochat Matrix group that it is not required.
|
| | |
| | |
| | |
| | | |
Does not break dbus, despite the warning in the template.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Signing in and so on works without this, so I'm not sure why it was
enabled in the flatpak.
|
| | |
| | |
| | |
| | |
| | | |
I had copied this from the flatpak listing, but the application works
without this.
|
| | | |
|