aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
* fixup! refactor some profiles as electron redirects (#3188)Libravatar rusty-snake2020-01-27
| | | | | | - move ignores to top - add remove netlink protocol from whalebird - ignore caps.drop all in wire-desktop
* refactor some profiles as electron redirects (#3188)Libravatar glitsj162020-01-26
| | | | | | | | * refactor as electron redirect * refactor as electron redirect * refactor as electron redirect
* fix beaker.profileLibravatar glitsj162020-01-26
| | | whitelist ${DOWNLOADS} is already in the included electron.profile.
* Create allow-php.incLibravatar glitsj162020-01-25
| | | We have PHP items blacklisted in disable-interpreters.inc that never get noblacklisted. This PR fixes that.
* local customizations for allow-gjs.incLibravatar glitsj162020-01-25
|
* allow-*.local customizations (#3187)Libravatar glitsj162020-01-25
| | | | | | | | | | | | | | | | * local customizations for allow-common-devel.inc * local customizations for allow-java.inc * local customizations for allow-lua.inc * local customizations for allow-perl.inc * local customizations for allow-python2.inc * local customizations for allow-python3.inc * local customizations for allow-ruby.inc
* blacklist gjs in disable-interpreters (#3186)Libravatar rusty-snake2020-01-25
| | | | | | * blacklist gjs in disable-interpreters * Update
* new profile: gnome-passwordsafeLibravatar rusty-snake2020-01-25
|
* Allow request_key syscall for udiskie (#3177)Libravatar Carlo Abelli2020-01-25
| | | Fixes #3175.
* Allow mbind syscall for GIMP (#3178)Libravatar Carlo Abelli2020-01-25
| | | Fixes #2681.
* Add a profile for clipgrabLibravatar rusty-snake2020-01-25
| | | | Thanks @DurtyDev for testing (netblue30/firetools#47)
* disable-interpreters: blacklist /usr/lib64/python3*Libravatar rusty-snake2020-01-25
|
* Rework thunderbird.profile (#3091)Libravatar rusty-snake2020-01-22
| | | | | | | | | | | | | | * Rework thunderbird.profile (1) * Rework thunderbird.profile (2) * Rework thunderbird.profile (3) * Rework thunderbird.profile (4) * Rework thunderbird.profile (5) * Rework thunderbird.profile (6)
* Browsers: private-dev conditional with BROWSER_DISABLE_U2FLibravatar rusty-snake2020-01-21
| | | | see also #3170
* Add comment for python-based plugins in claws-mail.profileLibravatar glitsj162020-01-20
|
* Fix firefox (#3171)Libravatar Antz2020-01-20
|
* harden celluloid.profileLibravatar rusty-snake2020-01-19
|
* create rtv.profileLibravatar rusty-snake2020-01-19
|
* fixes for 'blacklist ${RUNUSER}/wayland-*' (#3166)Libravatar glitsj162020-01-18
| | | | | | | | | | | | | | | | | | | | * unbreak audio-recorder Support both X11 and Wayland by default. Users can add 'blacklist ${RUNUSER}/wayland-*' or 'x11 none' in their audio-recorder.local. * unbreak ddgtk Support both X11 and Wayland by default. Users can add 'blacklist ${RUNUSER}/wayland-*' or 'x11 none' in their ddgtk.local. * unbreak and harden gconf-editor Support both X11 and Wayland by default. Also whitelist /usr/share/gconf-editor for wusc. * unbreak seahorse Support both X11 and Wayland by default. * add blacklist ${RUNUSER}/wayland-* to dnscrypt-proxy
* add tvbrowser.profileLibravatar rusty-snake2020-01-18
| | | | Thanks @Micha-Btz for all the testing.
* make devilspie2 redircet to devilspie (#3163)Libravatar rusty-snake2020-01-18
|
* die python2 die !! #3164 (meld)Libravatar rusty-snake2020-01-18
| | | | https://github.com/netblue30/firejail/issues/3164#issuecomment-575892401
* harden baoba and transmission-commonLibravatar rusty-snake2020-01-18
|
* refactor claws-mail and sylpheed as whitelist profiles (#3162)Libravatar glitsj162020-01-18
| | | | | | | | | | | | | | * refactor claws-mail as whitelist profile * refactor sylpheed as whitelist profile * Create email-common.profile * safeguard ${DOCUMENTS} * Add disable-xdg to email-common.profile Thanks @rusty-snake for the review.
* add RUNUSER and Disable Wayland to the templateLibravatar rusty-snake2020-01-18
|
* add 'blacklist ${RUNUSER}/wayland-*' to all profi…Libravatar rusty-snake2020-01-18
| | | | …les with 'x11 none'
* add 'blacklist ${RUNUSER}/wayland-*' to all profi…Libravatar rusty-snake2020-01-18
| | | | …les with 'blacklist /tmp/.X11-unix'
* 'blacklist /tmp/.X11-unix' is implied by x11 noneLibravatar rusty-snake2020-01-18
|
* fix x11 none in devilspie2Libravatar glitsj162020-01-17
|
* Fix x11 none in devilspieLibravatar glitsj162020-01-17
|
* hardenings for various profiles (#3160)Libravatar glitsj162020-01-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * harden devilspie * harden devilspie2 * harden curl * harden wget * harden curl * harden dig * harden claws-mail * harden dnscrypt-proxy * harden dnscrypt-proxy * harden dnscrypt-proxy * harden exfalso * refactor easystroke as whitelist profile * refactor enchant as whitelist profile * safeguard ${DOCUMENTS} Thanks @rusty-snake for the suggestion. * drop x11-none Thanks @rusty-snake for catching this. * drop x11 none Thanks @rusty-snake for saving the bacon... * drop x11 none Thanks @rusty-snake for catching this. * drop x11 none Thanks @rusty-snake for preventing breakage! * drop ipc-namespace Better safe than sorry...
* fix join timeout if sleep interval is not a multipleLibravatar smitsohu2020-01-17
|
* Fix gfeedsLibravatar rusty-snake2020-01-17
|
* Harden feedreaderLibravatar rusty-snake2020-01-17
|
* More fixes for ffmpeg support in Arch LinuxLibravatar Vincent432020-01-17
| | | | | This is continuation of fixes needed after recent ffmpeg change in Arch Linux. See https://github.com/netblue30/firejail/issues/3147
* profiles: whitelist transmission-daemon config directoryLibravatar Reiner Herrmann2020-01-17
| | | | Reported at: https://bugs.debian.org/948993
* Fix missing lib libmfx.so.1 (standardnotes-desktop) (#3151)Libravatar Florian Begusch2020-01-16
|
* fix wire-desktop [1]Libravatar rusty-snake2020-01-16
| | | | [1]: https://github.com/netblue30/firejail/issues/2946#issuecomment-574861226
* fix ffmpeg privat-etcLibravatar rusty-snake2020-01-15
| | | | closes #3147
* Update RELNOTES, README.md|Add firefox-x11.profileLibravatar rusty-snake2020-01-13
|
* Fix sorting private-etc in i2prouter.profileLibravatar glitsj162020-01-13
| | | @rusty-snake For now I've fixed the sorting to let it pass CI. Do you think sort.py should put java-{8,9}-openjdk before java-10-openjdk?
* update i2prouter profile, and remove from firecfg (#3123)Libravatar corecontingency2020-01-13
|
* aria2c fixes (#3143)Libravatar glitsj162020-01-13
| | | | | | * Support XDG_CONFIG_HOME for aria2c * Fix aria2c.profile
* fix #3141Libravatar rusty-snake2020-01-12
|
* move whitelist /usr/share/webext from firefox-com…Libravatar rusty-snake2020-01-12
| | | | | …mon.profile to firefox.profile. See https://github.com/netblue30/firejail/commit/c8f78d7b536ec2dce4cc74de2653ae6c8c99b553#commitcomment-36763119
* profiles: whitelist /usr/share/webext in firefox-commonLibravatar Reiner Herrmann2020-01-12
| | | | | directory is used for system-wide installed webext-addons. Reported at: https://bugs.debian.org/948558
* freecad: allow access to pythonLibravatar smitsohu2020-01-10
|
* Merge pull request #3131 from smitsohu/webengineLibravatar netblue302020-01-09
|\ | | | | allow chroot syscall where apps depend on QtWebengine
| * allow chroot syscall where apps depend on QtWebengineLibravatar smitsohu2020-01-08
| | | | | | | | derived from QtWebengine reverse dependencies
* | cmus: allow access to resolv.confLibravatar Florian Preinstorfer2020-01-08
| |
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-15 01:36:11 +0000