| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* mcomix
* Create mcomix.profile
* tightening
* fixes
* comment
|
|\
| |
| | |
Update weechat.profile
|
| |
| |
| |
| |
| | |
remove whitespace to comply with the profile template
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |
| |
| | |
weechat needs access to `/usr/share/weechat` if you have any global scripts installed. The directory is empty by default, so there is no additional risk here.
|
|\ \
| | |
| | | |
Update w3m.profile
|
| | |
| | |
| | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |/ |
|
|/ |
|
| |
|
|
|
|
|
| |
* tightening zathura profile
* sort
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create googler-common.profile
* Create googler.profile
* Create ddgr.profile
* Update firecfg.config
* sort fix
* space
* space
* tightening
* comment
* fix comment
* fix private-etc and ${DOWNLOADS}
* fix sort
* redundant ${DOWNLOADS}
|
| |
|
|\
| |
| | |
add firejail.config switch for private-{bin,etc,opt,srv}
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The header of profile.template define this order:
IGNORES
NOBLACKLISTS
ALLOW INCLUDES
BLACKLISTS
DISABLE INCLUDES
|
| |
| |
| |
| | |
closes #4324
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Create links-common.profile
* Update links.profile
* Create links2.profile
* Update links.profile
* Update links2.profile
* Update elinks.profile
* Update elinks.profile
* links2
* Update firecfg.config
* Update xlinks.profile
* .xlinks
* add dbus and whitelist-usr-share-common
* .xlinks doesn't exist
* revert
* Create xlinks2
* xlinks2
* Update xlinks2
* Update xlinks.profile
* no wayland
* no wayland
* doesn't use /tmp/.X11-unix
* doesn't use /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
|
|\ \
| | |
| | | |
Restrict /usr/libexec
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| | |
* ignore include disable-shell.inc
* allow-bin-sh.inc
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Create youtube-viewers-common.profile
* reorganising youtube viewers
* rm globals
* reorganise youtube viewers
* adding pipe-viewer
* adding gtk-pipe-viewer
* xterm and youtube-dl cache
* sort
* Update youtube-viewers-common.profile
* quiet
* quiet
* quiet
* Update firecfg.config
* rm vlc
* rm invalid binary
* noinput
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* whitelist-runuser-common.inc
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* add support for cargo toml/non-toml files
* add support for cargo toml/non-toml files
* use globbing to blacklist Rust files
See https://github.com/netblue30/firejail/pull/4286#issuecomment-845318446.
* use globbing to blacklist cargo/Rust files
See https://github.com/netblue30/firejail/pull/4286#issuecomment-845318446.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* fix blobby
* fix funnyboat
* fix librecad
* drop doubled netfilter entree in blobby
* drop unneeded include in funnyboat
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Fix Lutris profile
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add cargo.profile
|
| | | | |
|
| |/ / |
|
|\ \ \
| |_|/
|/| | |
Whitelist2
|
| | | |
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Summary: SDDM uses $XDG_RUNTIME_DIR/<UUID> as Xauthority.
In my tests (Fedora 32 KDE spin IIRC) it used /tmp/... so it was
irrelevant for wruc. So the Xauthority file created by SDDM sems to
depend on distro, version, config, ….
Future alternatives to this long, ugly line would be a ${XAUTHORITY}
macro or a private-run-user option.
|
| |
| |
| |
| | |
Make ${HOME}/.rustup read-only and blacklist ${HOME}/.cargo/credentials.toml
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* fix noroot comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630981737).
* fix dbus-user comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630982527).
* fix private-dev comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630980029).
* fix private-etc comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630979698).
* move writable-var comment cfr. profile.template
|
| |
| |
| |
| | |
Clarify some options that supersede others.
|
| |
| |
| |
| | |
Profiles with private-dev behind BROWSER_DISABLE_U2F were missed by 0cee0ba5.
|
| |
| |
| |
| | |
It now features audio/video calling.
|