aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
* Unify enox.profile under chromium-commonLibravatar Tad2018-02-14
|
* Merge pull request #1744 from soredake/keepassxcLibravatar netblue302018-02-14
|\ | | | | fixes for the keepassxc 2.2.5 version
| * fixes for the keepassxc 2.2.4 versionLibravatar soredake2018-01-21
| |
* | Merge pull request #1751 from bn0785ac/masterLibravatar netblue302018-02-14
|\ \ | | | | | | chromium canary (inox-family)
| * | canaryLibravatar Your Name2018-01-26
| | |
* | | Merge pull request #1766 from Vincent43/patch-1Libravatar netblue302018-02-14
|\ \ \ | | | | | | | | Apparmor: fix various denials
| * | | Apparmor: Be more restrictive for chromium needsLibravatar Vincent432018-02-08
| | | |
| * | | Apparmor: fix various denialsLibravatar Vincent432018-02-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes following erros: wine: AVC apparmor="DENIED" operation="unlink" profile="firejail-default" name="/run/firejail/profile/11526" pid=11533 comm="wine" requested_mask="d" denied_mask="d" fsuid=1000 ouid=0 AVC apparmor="DENIED" operation="unlink" profile="firejail-default" name="/run/firejail/profile/5807" pid=11533 comm="wine" requested_mask="d" denied_mask="d" fsuid=1000 ouid=0 AVC apparmor="DENIED" operation="unlink" profile="firejail-default" name="/run/firejail/profile/2017" pid=11533 comm="wine" requested_mask="d" cups: AVC apparmor="DENIED" operation="connect" profile="firejail-default" name="/run/cups/cups.sock" pid=11682 comm="lpr" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0 AVC apparmor="DENIED" operation="connect" profile="firejail-default" name="/run/cups/cups.sock" pid=11682 comm="lpr" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0 AVC apparmor="DENIED" operation="connect" profile="firejail-default" name="/run/cups/cups.sock" pid=11682 comm="lpr" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0 AVC apparmor="DENIED" operation="connect" profile="firejail-default" name="/run/cups/cups.sock" pid=11682 comm="lpr" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0 AVC apparmor="DENIED" operation="connect" profile="firejail-default" name="/run/cups/cups.sock" pid=11682 comm="lpr" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0 chromium: AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/8/mem" pid=7858 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/8/oom_score_adj" pid=7858 comm="chromium" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/11/mem" pid=7861 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/sys/kernel/yama/ptrace_scope" pid=7861 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 AVC apparmor="DENIED" operation="ptrace" profile="firejail-default" pid=7858 comm="chromium" requested_mask="trace" denied_mask="trace" peer="firejail-default" AVC apparmor="DENIED" operation="ptrace" profile="firejail-default" pid=7858 comm="chromium" requested_mask="tracedby" denied_mask="tracedby" peer="firejail-default" AVC apparmor="DENIED" operation="ptrace" profile="firejail-default" pid=7858 comm="TaskSchedulerBa" requested_mask="trace" denied_mask="trace" peer="firejail-default" AVC apparmor="DENIED" operation="ptrace" profile="firejail-default" pid=7858 comm="TaskSchedulerBa" requested_mask="tracedby" denied_mask="tracedby" peer="firejail-default" AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/46/mem" pid=7897 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/46/oom_score_adj" pid=7897 comm="chromium" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/sys/kernel/yama/ptrace_scope" pid=7897 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/58/oom_score_adj" pid=7910 comm="chrome-sandbox" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/58/oom_adj" pid=7910 comm="chrome-sandbox" requested_mask="w"
* | | | Merge pull request #1762 from soredake/qtoxLibravatar netblue302018-02-14
|\ \ \ \ | | | | | | | | | | add localtime to private-etc to make qtox show correct time
| * | | | add localtime to private-etc to make qtox show correct timeLibravatar soredake2018-02-06
| | | | |
* | | | | blacklist ksslcertificatemanagerLibravatar smitsohu2018-02-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While it is believed that blacklisting these files is a safe default, it has the effect that untrusted certificates have to be acknowledged every time they are encountered (with whitelisting it is possible to accept them for the duration of an application session). Where this causes usability issues, it will be necessary to noblacklist these paths.
* | | | | fix KDE notificationsLibravatar smitsohu2018-02-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | while it is essential to deny manipulation of these files, the information contained therein should be only of secondary value by changing blacklist to read-only, notification functionality is restored
* | | | | update more application blacklistsLibravatar smitsohu2018-02-13
| | | | |
* | | | | Further unify private-etc in Firefox-based browsersLibravatar Tad2018-02-11
| | | | |
* | | | | whitelist gpg in brave profileLibravatar smitsohu2018-02-12
| | | | |
* | | | | Breakout noblacklists/whitelsits for common addons/plugins/programs from ↵Libravatar Tad2018-02-11
| | | | | | | | | | | | | | | | | | | | firefox-common
* | | | | Unify all Chromium and Firefox based browser profiles as part of #1773Libravatar Tad2018-02-11
| | | | |
* | | | | update various application blacklistsLibravatar smitsohu2018-02-11
| | | | |
* | | | | Merge pull request #1764 from jelford/remmina_seccompLibravatar smitsohu2018-02-11
|\ \ \ \ \ | | | | | | | | | | | | Add seccomp filters for remmina, from an strace session connecting via RDP
| * | | | | keep remmina seccomp whitelist opt-inLibravatar smitsohu2018-02-11
| | | | | |
| * | | | | Add seccomp filters for remmina, from an strace session connecting via RDPLibravatar James Elford2018-02-07
| | | | | |
* | | | | | Fix soundconverter not launching and audacity error popupLibravatar Tad2018-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | quick test of ~50 profiles on Fedora 27 audacity - "An error occured while loading or saving configuration information" soundconverter - fix crash on start by removing explicit dbus blacklist added in 55938d07a58d29ceb893e4554a4ddf3c41810fc9 many issues were found that were unfixed evolution - cannot access ~/.evolution on first run, doesn't seem to ever be used/accessed again gedit - many plugins (spell check) are broken by private-lib gnome-contacts - "warning: wayland-egl: could not open /dev/dri/card0" due to no3d, don't know why it thinks it needs that
* | | | | | Oops - didn't include actual tilp profile.Libravatar Fred-Barclay2018-02-09
| | | | | |
* | | | | | Add tilp profileLibravatar Fred-Barclay2018-02-09
| | | | | |
* | | | | | Fix error messages when opening multiple documents in LibreOfficeLibravatar Tad2018-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes "LibreOffice will attempt to recover the state of the files you were working on before it crashed." messages when you go to open a second document. We should see if there are any other profile where we can use join-or-start to fix similar issues.
* | | | | | restrict kssl (missing paths)Libravatar smitsohu2018-02-08
| | | | | |
* | | | | | restrict ksslLibravatar smitsohu2018-02-08
| |_|/ / / |/| | | |
* | | | | keep menu definitions read-onlyLibravatar smitsohu2018-02-07
| | | | |
* | | | | Update remmina.profileLibravatar Chris Kuethe2018-02-06
|/ / / / | | | | | | | | my profiles happened to be in ~/.remmina
* | | | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar smitsohu2018-02-06
|\| | |
| * | | Allow Spotify to run ZenityLibravatar Rafael Cavalcanti2018-02-05
| | | |
| * | | Fix Tor Browser Launcher dirs not getting created on first launchLibravatar Tad2018-02-04
| | | |
* | | | pdfchain profileLibravatar smitsohu2018-02-06
| | | |
* | | | further harden KDELibravatar smitsohu2018-02-06
| | | | | | | | | | | | | | | | | | | | and whitelist some kio settings, because we don't know if slave processes will run inside or outside the sandbox. also prevents weird bugs that depend on sequence in which applications were started.
* | | | enable private-etc for gwenviewLibravatar smitsohu2018-02-06
|/ / /
* | | Apparmor: minor fixesLibravatar Vincent432018-02-03
| | | | | | | | | | | | | | | 1. Allow for seven digit PID same as upstream do https://gitlab.com/apparmor/apparmor/commit/630cb2a981cdc731847e8fdaafc45bcd337fe747 2. Fixed dbus functionality. Disabled by default.
* | | enable email encryption for thunderbird, kmailLibravatar smitsohu2018-02-03
| | | | | | | | | | | | see #1653 #1572
* | | blacklist klipperLibravatar smitsohu2018-02-02
| | | | | | | | | | | | further to 8aec7694cb4c7c0d07b333b689ab19faacb519f9
* | | KDE related enhancementsLibravatar smitsohu2018-02-01
| | |
* | | unbound fix (part 2) - whitelist /var/runLibravatar smitsohu2018-02-01
| | |
* | | unbound fix (writable-var) - #1731Libravatar smitsohu2018-01-31
| | |
* | | fix cd/dvd for dragonLibravatar smitsohu2018-01-31
| | |
* | | consistent directory nomenclature for kaffeineLibravatar smitsohu2018-01-30
| | |
* | | kaffeine profileLibravatar smitsohu2018-01-30
| | |
* | | harden KDELibravatar smitsohu2018-01-30
| | |
* | | Merge branch 'master' of https://github.com/netblue30/firejailLibravatar Fred-Barclay2018-01-28
|\| |
| * | Add a profile for Red EclipseLibravatar Tad2018-01-26
| | |
| * | Replace xmr-stak-cpu profile with unified xmr-stak profileLibravatar Tad2018-01-25
| | |
* | | noblacklist /usr/share/perl in hexchat - potential fix for #1754Libravatar Fred-Barclay2018-01-28
|/ /
* | apparmor support for --overlay sandboxesLibravatar netblue302018-01-24
| |
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-21 23:58:56 +0000