| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
| |
* tightening zathura profile
* sort
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create googler-common.profile
* Create googler.profile
* Create ddgr.profile
* Update firecfg.config
* sort fix
* space
* space
* tightening
* comment
* fix comment
* fix private-etc and ${DOWNLOADS}
* fix sort
* redundant ${DOWNLOADS}
|
| | |
|
| |\
| |
| | |
add firejail.config switch for private-{bin,etc,opt,srv}
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The header of profile.template define this order:
IGNORES
NOBLACKLISTS
ALLOW INCLUDES
BLACKLISTS
DISABLE INCLUDES
|
| | |
| |
| |
| | |
closes #4324
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Create links-common.profile
* Update links.profile
* Create links2.profile
* Update links.profile
* Update links2.profile
* Update elinks.profile
* Update elinks.profile
* links2
* Update firecfg.config
* Update xlinks.profile
* .xlinks
* add dbus and whitelist-usr-share-common
* .xlinks doesn't exist
* revert
* Create xlinks2
* xlinks2
* Update xlinks2
* Update xlinks.profile
* no wayland
* no wayland
* doesn't use /tmp/.X11-unix
* doesn't use /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
|
| |\ \
| | |
| | | |
Restrict /usr/libexec
|
| | | | |
|
| | | | |
|
| |/ /
| |
| |
| |
| | |
* ignore include disable-shell.inc
* allow-bin-sh.inc
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Create youtube-viewers-common.profile
* reorganising youtube viewers
* rm globals
* reorganise youtube viewers
* adding pipe-viewer
* adding gtk-pipe-viewer
* xterm and youtube-dl cache
* sort
* Update youtube-viewers-common.profile
* quiet
* quiet
* quiet
* Update firecfg.config
* rm vlc
* rm invalid binary
* noinput
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* whitelist-runuser-common.inc
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* add support for cargo toml/non-toml files
* add support for cargo toml/non-toml files
* use globbing to blacklist Rust files
See https://github.com/netblue30/firejail/pull/4286#issuecomment-845318446.
* use globbing to blacklist cargo/Rust files
See https://github.com/netblue30/firejail/pull/4286#issuecomment-845318446.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* fix blobby
* fix funnyboat
* fix librecad
* drop doubled netfilter entree in blobby
* drop unneeded include in funnyboat
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
Fix Lutris profile
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Add cargo.profile
|
| | | | | |
|
| | |/ / |
|
| |\ \ \
| |_|/
|/| | |
Whitelist2
|
| | | | |
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Summary: SDDM uses $XDG_RUNTIME_DIR/<UUID> as Xauthority.
In my tests (Fedora 32 KDE spin IIRC) it used /tmp/... so it was
irrelevant for wruc. So the Xauthority file created by SDDM sems to
depend on distro, version, config, ….
Future alternatives to this long, ugly line would be a ${XAUTHORITY}
macro or a private-run-user option.
|
| | |
| |
| |
| | |
Make ${HOME}/.rustup read-only and blacklist ${HOME}/.cargo/credentials.toml
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* fix noroot comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630981737).
* fix dbus-user comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630982527).
* fix private-dev comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630980029).
* fix private-etc comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630979698).
* move writable-var comment cfr. profile.template
|
| | |
| |
| |
| | |
Clarify some options that supersede others.
|
| | |
| |
| |
| | |
Profiles with private-dev behind BROWSER_DISABLE_U2F were missed by 0cee0ba5.
|
| | |
| |
| |
| | |
It now features audio/video calling.
|
| | |
| |
| | |
It's a workaround option, not to be used in any profile by default. Thanks to @rusty-snake for pointing that out.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
bijiben crashes without access to /usr/share/tracker3 in Fedora 34 with:
** (bijiben:14): WARNING **: 21:48:08.394: Unable to connect to Tracker: 'file:///usr/share/tracker3/ontologies/nepomuk' is not a ontology location
** (bijiben:14): WARNING **: 21:48:08.394: Cannot initialize BijiManager: 'file:///usr/share/tracker3/ontologies/nepomuk' is not a ontology location
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Create node.profile
* Create node-gyp.profile
* refactor npm as redirect
* Create npx.profile
* Create nvm.profile
* Create semver.profile
* refactor yarn as redirect
* collect node.js stack configuration in common profile
* add ~/.nvm to node section
* account for node-gyp python dependency
* read-only ~/.nvm for node.js stack
* blacklist ~/.nvm for node.js stack
* move env var comment cfr. profile.template
* Delete node-gyp.profile
node-gyp is a shell script with a node shebang. We've got that covered via node.profile.
* Delete npx.profile
npx is a shell script with a node shebang. We've got that covered via node.profile.
* Delete semver.profile
semver is a shell script that calls node. We've got that covered via node.profile.
* add node and nvm to new profiles section
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* revert comment changes from #4257
* revert comment changes from #4257
* revert comment changes from #4257
* revert comment changes from #4257
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* [comment] use 'read-write' instead of 'ignore read-only'
* [comment] use 'read-write' instead of 'ignore read-only'
* [comment] use 'read-write' instead of 'ignore read-only'
* [comment] use 'read-write' instead of 'ignore read-only'
|
| |\ \
| | |
| | | |
whitelist /var/lib/aspell in whitelist-var-common.inc
|
| | | | |
|
| |/ / |
|
| | |
| |
| |
| |
| | |
* restrict D-Bus access in wireshark
* add private-cache to wireshark
|
smitsohu
pirate486743186
netblue30
rusty-snake
Ivan Reshetnikov
glitsj16
RandomVoid
sak96
Tad