aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
* fixesLibravatar rusty-snake2020-03-22
|
* new profiles: agenda, gnome-pomodoro, gnome-todoLibravatar rusty-snake2020-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | rules for xdg-dbus-proxy: dbus-user filter dbus-user.own org.gnome.Pomodoro dbus-user.talk ca.desrt.dconf dbus-user.talk org.gnome.Shell dbus-system none dbus-user filter dbus-user.own org.gnome.Todo dbus-user.talk ca.desrt.dconf dbus-user.talk org.gnome.evolution.dataserver.AddressBook9 dbus-user.talk org.gnome.evolution.dataserver.Calendar8 dbus-user.talk org.gnome.evolution.dataserver.Sources5 dbus-user.talk org.gnome.evolution.dataserver.Subprocess.Backend.* dbus-user.talk org.gnome.OnlineAccounts dbus-user.talk org.gnome.SettingsDaemon.Color dbus-system filter dbus-system.talk org.freedesktop.login1 dbus-user filter dbus.own com.github.dahenson.agenda dbus.talk ca.desrt.dconf dbus-system block
* iagno profileLibravatar netblue302020-03-21
|
* Merge branch 'master' of https://github.com/netblue30/firejailLibravatar netblue302020-03-19
|\
| * extend default.profileLibravatar rusty-snake2020-03-19
| |
| * harden baobab and gitgLibravatar rusty-snake2020-03-19
| |
* | new profiles: ripperx, sound-juicerLibravatar netblue302020-03-19
|/
* various profile fixesLibravatar netblue302020-03-19
|
* apparmor support for bind, nslookup, hostLibravatar netblue302020-03-19
|
* misc fixesLibravatar rusty-snake2020-03-19
| | | | | | | | | remove netfilter from profiles with net none allow Viber to use dig, dig is in its private-bin, so I assume that it need it. blacklist resolvectl which can also be used for dns lookups
* fix nslookup.profile headerLibravatar glitsj162020-03-19
|
* fix host.profile headerLibravatar glitsj162020-03-19
|
* nslookup, host profilesLibravatar netblue302020-03-18
|
* profile fixesLibravatar netblue302020-03-18
|
* fix mplayer profileLibravatar netblue302020-03-17
|
* profile fixesLibravatar netblue302020-03-16
|
* some profile hardeningLibravatar netblue302020-03-15
|
* fix freeofficeLibravatar netblue302020-03-15
|
* steam fixes; #841, #3267Libravatar rusty-snake2020-03-15
|
* add gnome-screenshot.profileLibravatar rusty-snake2020-03-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patch for xdg-dbus-proxy ``` --- a/etc/gnome-screenshot.profile +++ b/etc/gnome-screenshot.profile @@ -45,3 +45,8 @@ private-bin gnome-screenshot private-dev private-etc dconf,fonts,gtk-3.0,localtime,machine-id private-tmp + +dbus-user filter +dbus-user.own org.gnome.Screenshot +dbus-user.talk org.gnome.Shell.Screenshot +dbus-system block ``` patch for whitelist-runuser-common.inc ``` --- a/etc/gnome-screenshot.profile +++ b/etc/gnome-screenshot.profile @@ -17,11 +17,8 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc -whitelist ${RUNUSER}/bus -whitelist ${RUNUSER}/pulse -whitelist ${RUNUSER}/gdm/Xauthority -whitelist ${RUNUSER}/wayland-0 include whitelist-usr-share-common.inc +include whitelist-runuser-common.inc include whitelist-var-common.inc apparmor ```
* Update file.profileLibravatar rusty-snake2020-03-15
| | | | | | | | * fix private-lib, closes #3233 * make private-etc and private-lib opt-in see https://github.com/netblue30/firejail/issues/3233#issuecomment-589871765 disable-devel.inc: remove duplicated line
* allow ro access to .local/share/flatpak/exportsLibravatar rusty-snake2020-03-15
| | | | | | | | | | | | $PATH and $XDG_DATA_DIRS can contain subdirs of flatpak/exports, some applications crash if they cann't access these files. Layout on my system: ~/.local/share/flatpak/exports |-bin |-share |-applications |-icons
* Fix "Extraction not performed" on Debian 10Libravatar Fred Barclay2020-03-13
| | | | | | file-roller fails to extract archives without access to bash Noticed on LMDE 4 (Debian 10 base) with Cinnamon desktop
* discord 0.10 | fix #3247 (#3259)Libravatar rusty-snake2020-03-13
| | | | | | | * discord 0.10 | fix #3247 * revert private-bin move & use disable-exec * fix slack, see https://github.com/netblue30/firejail/issues/2946#issuecomment-598612520
* zoom.profile: fix zoom SSO workflowLibravatar Peter Sanford2020-03-10
| | | | | | | The zoom SSO workflow launches an embedded sandboxed browser (QtWebEngineProcess) which requires chroot and netlink to work. Fixes #3272
* profiles: firefox-esr has default configs somewhere elseLibravatar Reiner Herrmann2020-03-08
|
* profiles: whitelist firefox/thunderbird default directories (#3271)Libravatar Reiner Herrmann2020-03-08
| | | See also: https://bugs.debian.org/948656
* Update conky.profileLibravatar curiosityseeker2020-02-29
| | | Place `include allow-lua.inc` above the other includes
* Update conky.profileLibravatar curiosityseeker2020-02-29
| | | Replace `noblacklist /usr/lib/liblua*` by including `allow-lua.inc`
* conky needs lua Libravatar curiosityseeker2020-02-28
| | | See issue #3250
* add xournal.profileLibravatar Hans-Christoph Steiner2020-02-27
|
* revive 'net none' in openshot.profileLibravatar glitsj162020-02-27
| | | Fixes #3221.
* Update allow-lua.incLibravatar glitsj162020-02-24
| | | See discussion in https://github.com/netblue30/firejail/commit/56b60dfd0ec5227318f21409093eca965baf136a.
* Fix Lua in disable-interpreters.incLibravatar glitsj162020-02-24
| | | Thanks to @rusty-snake in https://github.com/netblue30/firejail/commit/56b60dfd0ec5227318f21409093eca965baf136a#r37460831.
* additional Lua blacklisting (#3246)Libravatar glitsj162020-02-24
| | | | | | | | | | * more lua blacklisting in disable-interpreters.inc * add some paths to allow-lua.inc * Revert blacklisting /usr/include/lauxlib.h in disable-interpreters.inc /usr/include/lauxlib.h is handled in disable-devel.inc. Thanks to @rusty-snake for pointing that out.
* add lua support for mpv (#3243)Libravatar glitsj162020-02-24
| | | | | | | | * allow lua in mpv.profile * fix allow-lua.inc for mpv * extra lua blacklisting for mpv
* misc thingsLibravatar rusty-snake2020-02-22
| | | | | | - spelling suggestion from @glitsj16 on fda62527 - drop python2 from openshot it never has a python2 version - #3126 note in manpage: cannot combine --private with --private=
* Add profile for offical Linux Teams application (#3152)Libravatar Andreas Hunkeler2020-02-22
| | | | | | | | | | | | | | | | | | | | | | | | * Add profile for offical Linux Teams application * fix: add mkdir suggestions in Teams profile * Merge suggestions for Teams profile * Add suggestion to Teams profile * Add Teams to firecfg.config * Add paths from Teams profile to disable-programs * Remove the duplicated whitelist for downloads in Teams profile Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com> * Cleanup teams profile after testing * Add comment to Teams profile Co-authored-by: rusty-snake <print_hello_world+GitHub@protonmail.com>
* Allow exec from /usr/libexec & co. with AppArmorLibravatar Quentin Minster2020-02-22
|
* Whitelist more /usr/share for okular and othersLibravatar Antonio Russo2020-02-17
| | | | | | | | | Some distributions include fonts in the texmf and texlive subdirectories of /usr/share. This makes those fonts accessible, addressing buggy behavior in okular where some text fails to render. This also whitelists /usr/share/config.kcfg which contains default settings that should be available to many applications.
* apparmor: minor enhancementsLibravatar Vincent432020-02-15
| | | Allow writing some proc paths used by browsers but restrict it to their owner.
* allow networking in openshot.profileLibravatar glitsj162020-02-13
| | | Openshot 2.5.0 needs networking. This fixes #3221.
* added by included profileLibravatar rusty-snake2020-02-10
|
* harden subdownloaderLibravatar rusty-snake2020-02-10
|
* firecfg notes in profilesLibravatar rusty-snake2020-02-10
|
* Add a lot of profilesLibravatar rusty-snake2020-02-10
|
* improve baloo hardening suggestionLibravatar smitsohu2020-02-09
|
* harden wineLibravatar smitsohu2020-02-09
|
* simplescreenrecorder.profileLibravatar rusty-snake2020-02-09
| | | | | - mdwe broken - ${HOME}/.ssr
* include wvc to more profiles (#3209)Libravatar glitsj162020-02-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * include wvc in aria2c.profile * include wvc in clawsker.profile * include wvc in conky.profile * include wvc in dconf.profile * include wvc in dconf-editor.profile * include wvc in exiftool.profile * include wvc in font-manager.profile * include wvc in gconf.profile * include wvc in git.profile * include wvc in gjs.profile * include wvc in gpg.profile * include wvc in img2txt.profile * include wvc in mediainfo.profile * include wvc in mpd.profile * include wvc in nitroshare.profile * include wvc in ocenaudio.profile * include wvc to ping.profile * include wvc in simple-scan.profile * include wvc in simplescreenrecorder.profile * include wvc in sysprof.profile * include wvc in tshark.profile * include wvc in uget-gtk.profile * include wvc in viewnior.profile * include wvc in weechat.profile
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-21 00:07:37 +0000