| Commit message (Collapse) | Author | Age |
... | |
| | |
| | |
| | |
| | | |
Add a profile for the Qt5-GUI of Avidemux.
|
| | |
| | |
| | |
| | | |
Add the information that file contents will be overwritten on updates.
|
| | |
| | |
| | |
| | |
| | | |
* qbittorrent: add support for Qt6
* wusc: add support for Qt6
|
|/ /
| |
| | |
Overlooked [this comment](https://github.com/netblue30/firejail/pull/5389#discussion_r992471940) that pointed out a mistake I made.
|
| |
| |
| |
| |
| |
| |
| | |
* clipit hardening
* clipit: fix hardening
* clipit: add xdotool lib to private-lib
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add firecfg support for tesseract
* Add tesseract to 'New profiles' section in README.md
* Create tesseract.profile
* tesseract: fix private-etc
* tesseract: fix XDG black/whitelisting
* tesseract: use 'seccomp socket' instead of 'protocol unix'
As kindly suggested by @rusty-snake.
* tesseract: add 'restrict-namespaces'
As kindly suggested by @rusty-snake.
* tesseract: use full seccomp filtering
The tesseract application works fine without 'protocol' or 'seccomp socket'.
|
|\ \
| | |
| | | |
spotify.profile: allow spotify-adblock paths
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As suggested by @glitsj16[1].
Project homepage: https://github.com/abba23/spotify-adblock
Configuration paths:
* /etc/spotify-adblock/config.toml
* ~/.config/spotify-adblock/config.toml
Fixes #5494.
[1] https://github.com/netblue30/firejail/discussions/5494#discussioncomment-4280887
Reported-by: @Rewig95
|
|\ \ \
| |/ /
|/| | |
kcalc.profile: fix mkfile without mkdir & comment legacy paths
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Leave them commented.
With this commit, there are no more profiles creating paths in ~/.kde
nor in ~/.kde4:
$ git grep -e '^mkdir .*\.kde' -e '^mkfile .*\.kde' -- etc
$
See also commit 3ef030257 ("ktorrent.profile: stop creating legacy KDE
paths", 2022-10-11) / PR #5415.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
firejail may fail to create the following files:
* ~/.kde/share/config/kcalcrc
* ~/.kde4/share/config/kcalcrc
Because it does not create the preceding directories beforehand:
* ~/.kde/share/config
* ~/.kde4/share/config
See also commit 7f1906dba ("ktorrent.profile: fix mkfile without mkdir",
2022-10-11) / PR #5415.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* fix whitelisting in ${RUNUSER}
See discussions https://github.com/netblue30/firejail/discussions/5495 for context.
* Prevent whitelisting ${RUNUSER} comment
|
|/ /
| |
| |
| |
| | |
* AppArmor: add more examples to firejail-local
* comments fixes
|
| | |
|
|\ \
| | |
| | | |
ktorrent.profile: fix mkfile without mkdir & comment legacy paths
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Package-provided binaries:
$ pacman -Q ktorrent
ktorrent 22.08.3-1.2
$ pacman -Qlq ktorrent | grep bin/.
/usr/bin/ktmagnetdownloader
/usr/bin/ktorrent
/usr/bin/ktupnptest
Environment: Artix Linux
|
| | |
| | |
| | |
| | | |
Leave them commented.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
firejail fails to create the following files:
* ~/.kde/share/config/ktorrentrc
* ~/.kde4/share/config/ktorrentrc
Because it does not create the preceding directories beforehand:
* ~/.kde/share/config
* ~/.kde4/share/config
Relates to #5414.
|
|\ \ \
| | | |
| | | | |
fix: PyCharm profiles
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
Do not use `private-cache`, because PyCharm places in cache
directories stuff like spelling dictionary (i. e. if you download
spelling dictionary with `private-cache`, on restart PyCharm you need
to download spelling dictionary again).
|
| | | |
|
|\ \ \
| | | |
| | | | |
lutris.profile: fix running League of Legends
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
@Latrolage on Oct 20, 2022[1]:
> When I open the game the only error line which appears is this
> `modify_ldt: Operation not permitted`
So as suggested by @Latrolage[1] and @rusty-snake[2], allow the
`modify_ldt` syscall in seccomp.
Fixes #5430.
[1] https://github.com/netblue30/firejail/discussions/5430#discussion-4488996
[2] https://github.com/netblue30/firejail/discussions/5430#discussioncomment-3924098
Reported-by: @Latrolage
|
|\ \ \ \
| | | | |
| | | | | |
Profile fixes
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |/ / / |
|
| | | |
| | | |
| | | | |
Co-authored-by: pirate486743186 <>
|
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | | |
* Add python3 support to nicotine
* Revert private-bin changes
Adding shell and python3 support to private-bin kept breaking nicotine for the user who reported it on IRC. Let's revert it as suggested by @rusty-snake.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Create cinelerra-gg
* add cinelerra-gg to `New profiles` section
* Add cinelerra-gg to firecfg.config
|
| | |
| | |
| | | |
Fixes #5463 by adding netlink to the list of allowed protocols
|
|/ /
| |
| |
| |
| | |
* Create godot3.profile
* Add godot3 redirect to firecfg.config
|
| |
| |
| |
| | |
Closes #5437
|
|/ |
|
|\
| |
| | |
Harden qutebrowser profile
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
electron-mail.profile refactoring
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes:
- redirect to electron.profile
- fix program name
- update program description
- allow /bin/sh
- allow opening links in Firefox
- remove no3d, nonewprivs, noroot, protocol, seccomp
- add machine-id, nosound
- remove private-bin, disable-mnt
- harden private-etc
- allow D-Bus notifications, secrets
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenDoas is an alternative to sudo. It is an unofficial port of
OpenBSD's doas. Details:
$ LC_ALL=C pacman -Si galaxy/opendoas |
grep -e '^Version' -e '^Description' -e '^URL'
Version : 6.8.2-1
Description : Run commands as super user or another user
URL : https://github.com/Duncaen/OpenDoas
Environment: Artix Linux.
Also, add /etc/doas.conf to etc/ids.config.
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 393c5beff2686d7732221dadb6730917f24835a0.
Which broke mpv:
$ mpv --version
Cannot start application: No such file or directory
Probably because mpv itself uses many libraries and it has plugins that
may depend on files in /usr/lib as well:
$ pacman -Qlq mpv | grep /lib/ | grep -v '/$'
/usr/lib/libmpv.so
/usr/lib/libmpv.so.1
/usr/lib/libmpv.so.1.109.0
/usr/lib/pkgconfig/mpv.pc
$ strings /usr/bin/mpv | grep '^lib.*\.so' | sort -u | wc -l
53
$ pacman -Qlq yt-dlp | grep /lib/ | grep -v '/$' |
cut -f -4 -d / | sort -u
/usr/lib/python3.10
$ pacman -Q mpv yt-dlp
mpv 1:0.34.1-5
yt-dlp 2022.09.01-1
Environment: Artix Linux.
Also, private-lib is disabled by default in firejail.config (see #5190)
and mpv.profile does not use private-lib, so there should be no need to
whitelist anything in /usr/lib in the default profile.
|
| |
| |
| |
| |
| | |
This is an mpv plugin for MPRIS integration.
See: https://github.com/hoyon/mpv-mpris
|
|\ \
| | |
| | | |
Streamline Firefoxes D-Bus filtering
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|