aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
* apparmor support for --overlay sandboxesLibravatar netblue302018-01-24
|
* Merge pull request #1745 from Vincent43/patch-1Libravatar smitsohu2018-01-23
|\ | | | | Apparmor: restrict access to writable files
| * Apparmor: Revert /proc changesLibravatar Vincent432018-01-23
| |
| * Apparmor: fix kodi pluginsLibravatar Vincent432018-01-22
| | | | | | | | Kodi plugins need /proc/@PID/net/dev access outside user processes: AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/28/net/dev" pid=2354 comm="kodi.bin" requested_mask="r" denied_mask="r"
| * Apparmor: restrict accessLibravatar Vincent432018-01-21
| | | | | | Access to writable files can be restricted to their owner only.
* | Partial revert of f2fdcf7361f99d4b62d6427d078445c2ea1dc6cb for geditLibravatar Tad2018-01-22
| | | | | | | | - This appears to be a general issue with private-lib, that might've already been fixed in master
* | Add another profile alias for idea.shLibravatar Tad2018-01-22
| |
* | Allow audio in Tor browser, and fix gedit not launchingLibravatar Tad2018-01-22
|/ | | | - Tor browser doesn't have nosound, so include pulse in private-etc
* Add whitelist-var-common to 4 profilesLibravatar Tad2018-01-21
|
* Merge pull request #1713 from Vincent43/patch-1Libravatar smitsohu2018-01-20
|\ | | | | Apparmor: fix broken file dialogs in kde plasma
| * Revert: Escape '#' character in pathLibravatar Vincent432018-01-17
| | | | | | | | | | Escaping this create warning and is dropped anyway: Warning from /etc/apparmor.d/firejail-default (/etc/apparmor.d/firejail-default line 163): Character # was quoted unnecessarily, dropped preceding quote ('\') character
| * Escape '#' character in pathLibravatar Vincent432018-01-05
| |
| * Apparmor: fix broken file dialogs in kde plasmaLibravatar Vincent432018-01-04
| | | | | | | | | | | | | | | | | | For some time apparmor started breaking file dialogs in kde plasma (gwenview, calibre, qbittorrent, etc). typical audit report below: AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/run/user/1000/#28520" pid=1997 comm="qbittorrent" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="link" profile="firejail-default" name="/run/user/1000/qBittorrentZcaeTi.1.slave-socket" pid=3679 comm="qbittorrent" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/run/user/1000/#79965" This commit fixes this issue. Tested on Archlinux (linux 4.14.11, kde 5.11.5)
* | Add a profile for Fritzing, and update READMELibravatar Tad2018-01-20
| |
* | moved QTWEBENGINE_DISABLE_SANDBOX=1 to viber profileLibravatar netblue302018-01-19
| |
* | removed mem-deny-execute from transmission-qt profile, #1736Libravatar netblue302018-01-19
| |
* | remove QML_DISABLE_DISK_CACHE from disable-common.incLibravatar smitsohu2018-01-18
| | | | | | hardcoded since 1e7045b55cc1e189dba6d9ed21c05c90663f3736
* | temporarely removed private-lib, GnomeShell problems: #1711Libravatar netblue302018-01-18
| |
* | Add pycharm-professional profileLibravatar Fred-Barclay2018-01-17
| |
* | Update pycharm-community profile after 4815e53842a85534638e037339ac61023da0a8b7Libravatar Fred-Barclay2018-01-17
| |
* | Experimental - blacklist snap folder in user home.Libravatar Fred-Barclay2018-01-17
| |
* | Blacklist pycharm config filesLibravatar Fred-Barclay2018-01-17
| |
* | Add pycharm-community profileLibravatar Fred-Barclay2018-01-17
| |
* | Merge pull request #1715 from viq/patch-1Libravatar Fred Barclay2018-01-16
|\ \ | | | | | | Create discord-canary.profile
| * | Create discord-canary.profileLibravatar viq2018-01-05
| | | | | | | | | Created by adding `whitelist ${HOME}/.config/discordcanary` to `electron.profile` and replacing references to electron. Seems to work for me with light usage.
* | | Add crypto-policies to private-etc in all profiles with private-etc *ssl*Libravatar Tad2018-01-15
| | | | | | | | | | | | | | | | | | Seems to be necessary under Fedora like pki This also fixes an issue with no audio in Lollypop on Fedora
* | | Fixup 68ccf1efee030470bf3f1666429e31374f2ae3a6Libravatar Tad2018-01-15
| | | | | | | | | | | | https://github.com/netblue30/firejail/commit/68ccf1efee030470bf3f1666429e31374f2ae3a6#r26873132
* | | Add pki to private-etc in all profiles with private-etc *ssl*Libravatar Tad2018-01-15
| | |
* | | Fix #1724, Tor browser not working on Ubuntu and FedoraLibravatar Tad2018-01-14
| | |
* | | Update firecfg.config and add a profile alias for idea.shLibravatar Tad2018-01-14
| | |
* | | Add a profile for OnionShareLibravatar Tad2018-01-14
| | |
* | | Add a profile for PitiviLibravatar Tad2018-01-12
| | |
* | | disable qml disk cache globallyLibravatar smitsohu2018-01-08
|/ /
* | Fixup b9846aed427487f5acc764eb21369b0c9cb2b41aLibravatar Tad2018-01-04
| |
* | Add a Firefox profile alias for Firefox Developer EditionLibravatar Tad2018-01-04
|/
* improve theming support (kvantum, qt5ct) - #1540Libravatar smitsohu2018-01-02
|
* Merge pull request #1701 from bn0785ac/masterLibravatar netblue302018-01-02
|\ | | | | tor flavours
| * TBB pt-br fixupLibravatar Tad2018-01-01
| |
| * Simplfy locale specific Tor Browser profilesLibravatar Tad2018-01-01
| |
| * tor flavoursLibravatar Your Name2017-12-30
| |
* | Merge pull request #1710 from bitfreak25/masterLibravatar SpotComms2018-01-01
|\ \ | | | | | | Add profile for "playonlinux"
| * | Add profile for "playonlinux"Libravatar bitfreak252018-01-01
| | | | | | | | | | | | | | | | | | | | | This profile have been successfully tested by starting a windows application through it. "wine.profile" has been used as template for this. Only "noblacklist ${PATH}/nc" has been added because playonlinux needs it to run. Please note that this is currently not tested due to security aspects, so it may need a rework later on. Because opening a unknown windows application through it could possibly be a security risk.
* | | Merge pull request #1708 from bitfreak25/masterLibravatar SpotComms2018-01-01
|\| | | | | | | | Fix #1702 - Couldn't start 'minetest' in Debian Testing
| * | Fixup fix for #1702Libravatar Tad2018-01-01
| | |
| * | Fix #1702 - Couldn't start 'minetest' in Debian TestingLibravatar bitfreak252018-01-01
| |/ | | | | This removes the "private-etc" line from the "minetest"-profile for a successfully start of the game.
* | Blacklist the Dash wallet directoryLibravatar Danil Semelenov2017-12-31
| |
* | Add "sylpheed" to profilesLibravatar bitfreak252017-12-30
|/ | | This profile have been successfully tested by sending and receiving an Email. "claws-mail.profile" has been used as template for this.
* inox edgy flavoursLibravatar Your Name2017-12-30
|
* Fix #1690 - qbittorrent doesn't launch on some Arch and Mint 17.3 systemsLibravatar Fred Barclay2017-12-28
|
* Add netlink and noblacklist openssl to teamspeak3 profile - potential fix ↵Libravatar Fred-Barclay2017-12-27
| | | | for #1695
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-03 07:44:05 +0000