| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add more brave redirects to firecfg.config
These redirects are found on Debian/Ubuntu when enabling the official Brave repositories cfr. https://brave-browser.readthedocs.io/en/latest/installing-brave.html#linux
* Create brave-browser-beta.profile
* Create brave-browser-dev.profile
* Create brave-browser-nightly.profile
* Create brave-browser-stable.profile
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create gzexe.profile
* Create uncompress.profile
* Create zcat.profile
* Create zcmp.profile
* Create zdiff.profile
* Create zegrep.profile
* Create zfgrep.profile
* Create zforce.profile
* Create zgrep.profile
* Create zless.profile
* Create zmore.profile
* Create znew.profile
|
| |
|
|
|
|
|
|
|
|
| |
* Add 'quiet' to gpg.profile
* Add 'quiet' to gpg-agent.profile
* Create gpg2.profile
|
|
|
|
| |
It is better to comment wusc in ffmpeg?
|
| |
|
|\
| |
| | |
Minor profile tweaks.
|
| |
| |
| |
| | |
thunderbird-wayland profile did not include thunderbird-wayland.local
|
| | |
|
|/
|
| |
Fix broken libx265 encoding (needs the set_mempolicy syscall).
|
|
|
| |
Thanks to @rusty-snake for requesting this in https://github.com/netblue30/firejail/pull/3061.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create gist.profile
* Add gist config to disable-programs.inc
* Add gist to firecfg.config
* Update RELNOTES
* Update README.md
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AppArmor security relies on path based rules and rewriting paths
may allow to bypass them.
Those actions are priveliged so vast majority of apps shouldn't need
them anyway. If some app need those rules then it's better to
consider them as unsuitable for apparmor option rather than weaken
generic profile for all apps.
See related issue reported by apparmor usage in snap:
https://bugs.launchpad.net/snapd/+bug/1791711
|
| |
|
|
|
|
|
|
| |
* Create unf.profile
* Add unf to firecfg.config
|
|
|
|
|
|
|
|
| |
* Create gmpc.profile
* Add gmpc config to disable-programs.inc
* Add gmpc to firecfg.config
|
|
|
|
|
|
|
|
| |
* Create drawio.profile
* Add drawio config to disable-programs.inc
* Add drawio to firecfg.config
|
|
|
|
|
|
| |
* Create ddgtk.profile
* Add ddgtk to firecfg.config
|
|
|
|
|
|
| |
* Create cameramonitor.profile
* Add cameramonitor to firecfg.config
|
|
|
|
|
|
| |
* Create audio-recorder.profile
* Add audio-recorder to firecfg.config
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* Create electron-mail.profile
* Add electron-mail to disable-programs.inc
* Add electron-mail to firecfg.config
|
| |
|
|
|
|
|
|
|
|
| |
* Add babl/gegl caches for gimp
* Add gir-1.0 to wusc
* Add babl/gegl support to gimp.profile
|
|\
| |
| | |
RFC: profiles: allow nc in ssh profile by default
|
| | |
|
|\ \
| | |
| | | |
Resolve #3029: drop outdated Skype profile
|
| | | |
|
| | | |
|
| |/
|/| |
|
| |
| |
| |
| | |
second line of defense, as there is always a pid namespace, too
|
| |
| |
| |
| |
| |
| |
| |
| | |
writing in /run/firejail/profile has always been restricted to root user,
and in addition this folder is blacklisted since recently; @{profile_name}
is built-in and adds a bit of flexibility; apparmor cannot be used to
restrict directory search permission, so add more rules for sensitive
paths
|
|\ \ |
|
| | |
| | |
| | | |
Fixes #3038.
|
|/ / |
|