| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
claws-mail and sylpheed D-Bus hardening
|
| | | |
|
| | |
| |
| | |
Relates to https://github.com/netblue30/firejail/issues/5477.
|
| |\ \
| | |
| | | |
electron hardening fixes
|
| | | | |
|
| | |/ |
|
| |\ \
| | |
| | | |
A temporary fix to the bug caused by apparmor profiles stacking.
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Add profile for Chatterino
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Remove waf from private-bin
- Move optional commands to the top
- Reorder allow lua/python
|
| | | | |
| | | |
| | | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
I'll try the rest manually soon
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
Blacklist google-drive-ocamlfuse config
|
| | | | | | |
|
| | |/ / / |
|
| | |_|/
|/| | |
|
| |\ \ \
| | | |
| | | | |
Update DBus wiki link
|
| | |/ / |
|
| |/ / |
|
| | | |
|
| | |
| |
| |
| |
| | |
* gpg-agent: sort private-bin (even though it's commented)
* gpg-agent: fix private-bin
|
| | |
| |
| |
| |
| |
| |
| | |
* add comment on intentional duplication of blacklisted kernel configuration
* disable-proc.inc: update the duplication comment
* disable-common.inc: add duplication notice for kernel configuration
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* disable-programs.inc: add ssmtp support
* Create ssmtp.profile
* ssmtp: support Debian/Ubuntu
* README.md: add ssmtp to 'New profiles' section
* disable-common.inc: move ssmtp support to keep CI happy
* ssmtp: improve dead.letter comment
Suggested in [review](https://github.com/netblue30/firejail/pull/5544#pullrequestreview-1225322546).
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* seahorse: fixes and hardening
* seahorse-daemon: hardening
* seahorse-tool: move private-etc items to seahorse
* seahorse: unbreak nautilus file encryption
As suggested [in review](https://github.com/netblue30/firejail/pull/5543#pullrequestreview-1225250520).
* seahorse-tool: move private-tmp to seahorse
* seahorse: add private-tmp
* seahorse: fix access to ssh-agent socket
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* audacity: networking updates
* audacity: fix allowing to run local server
* audacity: move comment so it's more visible
As suggested [in review](https://github.com/netblue30/firejail/pull/5540#pullrequestreview-1225225897).
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* audacity: support more config locations
* disable-programs.inc: add more audacity locations
* audacity: cover all XDG supported locations
* audacity: cover all XDG supported locations
* audacity: fix state dir entree in disable-programs.inc
* unbreak disable-programs.inc
Oh my, GitHub syntax highlighting support completely threw me off here. Thanks to @kmk3 for [saving the bacon](https://github.com/netblue30/firejail/pull/5538#pullrequestreview-1224604663)!
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
Avidemux tools support
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a profile for the Qt5 GUI to process Avidemux jobs.
Use a redirection to the avidemux3_qt5 profile to reuse translation
files. The application needs to create a network socket on localhost and
fails to run with protocol unix, so that entry in the default avidemux
profile needs to be extended.
|
| | | |
| | |
| | |
| | |
| | | |
Add a profile for the command-line interface of Avidemux, which
redirects to the existing avidemux profile.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The Avidemux project stores configuration profile data in ~/.avidemux6,
while the package built by Packman-repositories for openSUSE patches it
to use ~/.avidemux3 at the moment (at least for Avidemux 2.8).
|
| | | |
| | |
| | |
| | | |
Add a profile for the Qt5-GUI of Avidemux.
|
| | | |
| | |
| | |
| | | |
Add the information that file contents will be overwritten on updates.
|
| | | |
| | |
| | |
| | |
| | | |
* qbittorrent: add support for Qt6
* wusc: add support for Qt6
|
| |/ /
| |
| | |
Overlooked [this comment](https://github.com/netblue30/firejail/pull/5389#discussion_r992471940) that pointed out a mistake I made.
|
| | |
| |
| |
| |
| |
| |
| | |
* clipit hardening
* clipit: fix hardening
* clipit: add xdotool lib to private-lib
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add firecfg support for tesseract
* Add tesseract to 'New profiles' section in README.md
* Create tesseract.profile
* tesseract: fix private-etc
* tesseract: fix XDG black/whitelisting
* tesseract: use 'seccomp socket' instead of 'protocol unix'
As kindly suggested by @rusty-snake.
* tesseract: add 'restrict-namespaces'
As kindly suggested by @rusty-snake.
* tesseract: use full seccomp filtering
The tesseract application works fine without 'protocol' or 'seccomp socket'.
|
| |\ \
| | |
| | | |
spotify.profile: allow spotify-adblock paths
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As suggested by @glitsj16[1].
Project homepage: https://github.com/abba23/spotify-adblock
Configuration paths:
* /etc/spotify-adblock/config.toml
* ~/.config/spotify-adblock/config.toml
Fixes #5494.
[1] https://github.com/netblue30/firejail/discussions/5494#discussioncomment-4280887
Reported-by: @Rewig95
|
| |\ \ \
| |/ /
|/| | |
kcalc.profile: fix mkfile without mkdir & comment legacy paths
|
netblue30
glitsj16
KOLANICH
Dpeta
slowpeek
smitsohu
rusty-snake
Hartmut Knaack
Kelvin M. Klann