| Commit message (Collapse) | Author | Age |
|
|
|
| |
Added Fedora path as per https://github.com/netblue30/firejail/pull/4675#pullrequestreview-802438767.
NOTE: there are several other profiles touching /usr/libexec, so untill someone on Fedora can shed some light on what files are installed under /usr/libexec, I only blacklisted ssh-keysign. I'll pick this up tomorrow, a bit pressed for time in the non-digital worlds...
|
|
|
| |
Added Fedora path as per https://github.com/netblue30/firejail/pull/4675#pullrequestreview-802438767.
|
|
|
| |
Counterpart fix for changes in allow-ssh.inc.
|
|
|
| |
After seeing https://github.com/netblue30/firejail/commit/9a81078ddbbb4215d06f7d1861481ece05ebda99 it dawned on me that Arch Linux doesn't have /usr/lib/openssh, but uses /usr/lib/ssh instead. That's a different path than what's referenced in our current {allow-ssh,disable-common}.inc files. Some very superficial checks revealed that OpenSSH seems to be packaged quite differently, at least on Debian/Ubuntu and Arch Linux. And then there's version differences on non-rolling distro's to consider. All in all IMO it makes more sense to (no)blacklist /usr/lib/openssh and /usr/lib/ssh instead of referencing all the possible individual files that live under those paths.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
As the upstream AppArmor base abstraction does not
contain references to paths in /run/firejail/mnt/oroot
there is not much point to have them in our drop-in
|
| |
|
| |
|
|\
| |
| | |
Profile Checks
|
| | |
|
| |
| |
| |
| | |
Command is the same as in d8d97acb
|
|/
|
| |
add yt-dlp in private-bin
|
| |
|
| |
|
|
|
|
| |
fixes --tracelog among other things
|
| |
|
| |
|
| |
|
|\
| |
| | |
add basic Firejail support to AppArmor base abstraction (#3226)
|
| | |
|
|\ \
| | |
| | | |
Add profiles for imv, retroarch, and torbrowser
|
| | |
| | |
| | |
| | |
| | | |
imv, retroarch, and torbrowser are also added to
firecfg.config
|
|\ \ \
| | | |
| | | | |
blobwars: add path to game assets compatible with Arch
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Drop noinput for games with joystick/gamepad support
|
| |/ / /
| | | |
| | | |
| | | | |
Fixes #4608
|
|\ \ \ \
| | | | |
| | | | | |
Fix tremulous profile for Arch users
|
| | | | |
| | | | |
| | | | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | | | |
| | | | |
| | | | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | | | |
| | | | |
| | | | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |/ / / |
|
|\ \ \ \
| | | | |
| | | | | |
Fix jumpnbump for Arch users
|
| |/ / /
| | | |
| | | |
| | | | |
Fixes #4611.
|
|\ \ \ \
| | | | |
| | | | | |
Fix warsow profile for Arch users
|
| | | | |
| | | | |
| | | | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | | | |
| | | | |
| | | | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | | | |
| | | | |
| | | | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Warsow uses a shell wrapper hence requires some modifications. Netlink
was added to protocols as the game was segfaulting after changing
resolution and saving the setting.
|
|\ \ \ \
| |/ / /
|/| | | |
Create disable-proc.inc
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
found in Debian Bullseye.
/run/shm is a symbolic link to /dev/shm,
and whitelisting it will just recreate
the symbolic link.
|
|\ \ \ \
| | | | |
| | | | | |
Use ?ALLOW_TRAY: (#4510) in profiles
|
| | |/ /
| |/| | |
|