| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Command is the same as in d8d97acb
|
| | |
|
| | |
|
| |
|
|
| |
fixes --tracelog among other things
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
add basic Firejail support to AppArmor base abstraction (#3226)
|
| | | |
|
| |\ \
| | |
| | | |
Add profiles for imv, retroarch, and torbrowser
|
| | | |
| | |
| | |
| | |
| | | |
imv, retroarch, and torbrowser are also added to
firecfg.config
|
| |\ \ \
| | | |
| | | | |
blobwars: add path to game assets compatible with Arch
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
Drop noinput for games with joystick/gamepad support
|
| | |/ / /
| | | |
| | | |
| | | | |
Fixes #4608
|
| |\ \ \ \
| | | | |
| | | | | |
Fix tremulous profile for Arch users
|
| | | | | |
| | | | |
| | | | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | | | | |
| | | | |
| | | | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | | | | |
| | | | |
| | | | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | |/ / / |
|
| |\ \ \ \
| | | | |
| | | | | |
Fix jumpnbump for Arch users
|
| | |/ / /
| | | |
| | | |
| | | | |
Fixes #4611.
|
| |\ \ \ \
| | | | |
| | | | | |
Fix warsow profile for Arch users
|
| | | | | |
| | | | |
| | | | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | | | | |
| | | | |
| | | | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | | | | |
| | | | |
| | | | | |
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Warsow uses a shell wrapper hence requires some modifications. Netlink
was added to protocols as the game was segfaulting after changing
resolution and saving the setting.
|
| |\ \ \ \
| |/ / /
|/| | | |
Create disable-proc.inc
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
found in Debian Bullseye.
/run/shm is a symbolic link to /dev/shm,
and whitelisting it will just recreate
the symbolic link.
|
| |\ \ \ \
| | | | |
| | | | | |
Use ?ALLOW_TRAY: (#4510) in profiles
|
| | | |/ /
| |/| | |
|
| |/ / / |
|
| |\ \ \
| | | |
| | | | |
Fix vscodium
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Both base names are valid:
$ grep '^NAME' /etc/os-release
NAME="Artix Linux"
$ pacman -Q vscodium-bin
vscodium-bin 1.60.2-2
$ pacman -Qlq vscodium-bin | grep -v -e '/$' -e /resources/ |
grep /bin/
/usr/bin/codium
/usr/bin/vscodium
/usr/share/vscodium-bin/bin/codium
Note: The first two paths are symlinks to the third one.
Fixes #3871.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It creates the following directories on startup:
* ~/.config/VSCodium
* ~/.vscode-oss
Environment:
$ grep '^NAME' /etc/os-release
NAME="Artix Linux"
$ pacman -Q vscodium-bin
vscodium-bin 1.60.2-2
Note: The following entry is already on disable-programs.inc:
noblacklist ${HOME}/.vscode-oss
It was added on commit de90834a8 ("Update disable-programs.inc",
2019-03-02).
Relates to #3871.
|
| | | |/
| |/|
| | |
| | | |
Added on commit 4bb7dee49 ("small changes", 2019-02-07).
|
| |\ \ \
| | | |
| | | | |
Add new condition ALLOW_TRAY
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
Add profiles for build-systems (/package-managers)
|
| | | | | | |
|
| | | | | | |
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Profiles: bunler, cargo (refactor), cmake (untested), make, meson, pip
All redirect to build-systems-common.profile
Other fixes:
- blacklist ${HOME}/.bundle
- blacklist ${HOME}/.cargo/* -> blacklist ${HOME}/.cargo
- blacklist /usr/lib64/ruby
|
| |\ \ \ \
| |_|_|/
|/| | | |
Correct amule.profile for upnp
|
| | | | |
| | | |
| | | |
| | | | |
In order UPnP to work netlink protocol must be enabled.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* cheese
- fix: dbus-user.own org.gnome.Cheese
- fix: whitelist /usr/share/gstreamer-1.0
- fix: include allow-python3.inc
- hardening: include disable-shell.inc
- hardening: include whitelist-run-common.inc and whitelist /run/udev/data
- hardening: whitelist /usr/libexec/gstreamer-1.0/gst-plugin-scanner
- hardening: noinput
- hardening: nosound
- hardening: seccomp.block-secondary
- hardening: private-dev
* geekbench (closes #4576)
- fix: noblacklist /sbin and noblacklist /usr/sbin
- fix: noblacklist, blacklist, mkdir, whitelist, read-write ${HOME}/.geekbench5
- fix: comment/remove private-bin, private-lib, private-opt
* inkscape
- add quiet for cli usage
* musixmatch (#4518)
- allow chroot
* pandoc
- fix: include allow-bin-sh.inc
- fix: drop private-bin
- hardening: include whitelist-runuser-common.inc
- hardening: seccomp.block-secondary
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
- Allow org.freedesktop.secrets, fixes #4584
- Improve comments about notifications and systray
|
| | | | | |
|
rusty-snake
smitsohu
netblue30
crocket
Jose Riha
Kelvin M. Klann
Christian Pinedo
a1346054