| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
| |
This fixes Fractal 5 not opening on Void Linux due to it failing to
access "/usr/share/fractal/resources.gresource".
Fixes #6119.
Reported-by: @mhmdana
Suggested-by: @rusty-snake
|
| |
|
|
|
|
| |
Similarly to steam.profile (see #4864).
Fixes #6106.
|
| |
|
|
|
|
|
| |
I accidentally removed the `!` when sorting the arguments in #6067.
This amends commit fbba03790 ("lutris.profile: allow more syscalls",
2023-10-24) / PR #6067.
|
| |\
| |
| | |
build: sort.py: use case-sensitive sorting
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To match how things are sorted elsewhere, such as with `noblacklist` /
`whitelist` lines (vertically) in profiles and in
ci/check/profiles/sort-disable-programs.sh and src/etc-cleanup/main.c.
This makes the order in `private-etc` always be groups (`@group`), then
uppercase paths, then lowercase paths. Example from
etc/profile-m-z/softmaker-common.profile:
private-etc @tls-ca,SoftMaker,fstab
Note that this does not affect a significant amount of profiles; most
changes are in `private-bin` / `private-lib` lines and in `private-etc`
lines for newer profiles that do not use groups. This is partly due to
commit 5d0822c52 ("private-etc: big profile changes", 2023-02-05)
replacing `X11` with `@x11` in `private-etc` lines and then commit
0f996ea4d ("private-etc: groups modified", 2023-02-05) removing
`Trolltech.conf` from `private-etc` lines and using case-sensitive
sorting in them.
Relates to #5610.
|
| |\ \
| | |
| | | |
lutris.profile: allow more syscalls
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Need to whitelist `ptrace` and `clone3` for Ubisoft Connect to work.
journalctl did list `process_vm_readv` when a game was running, but it
didn't crash the game.
Fixes #6035.
|
| |\ \ \
| | | |
| | | | |
steam.profile: allow process_vm_readv syscall
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
EA Origin (game launcher) won't launch without this.
See https://github.com/netblue30/firejail/issues/5185#issuecomment-1776516159
|
| | | |
| | |
| | |
| | | |
on Debian the data is in /usr/share/tesseract-ocr/
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* disable-programs.inc: add support for tiny-rdm
* Create tiny-rdm.profile
* firecfg.config: add support for tiny-rdm
|
| | | | |
|
| | | | |
|
| | |/
|/|
| |
| |
| |
| |
| | |
discord_arch_electron[1] stores its files in /usr/share/discord, rather than
the usual /opt/discord.
[1] https://aur.archlinux.org/packages/discord_arch_electron
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* nodejs-common: add pnpm support
* disable-programs.inc: add pnpm support
* Create pnpm.profile
* Create pnpx.profile
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
They are already present in disable-common.inc.
Added in the following commits:
* 6bf6d5ed5 ("updated program files", 2016-12-02) / PR #951
* 49280197c ("various hardening (#3394)", 2020-05-02)
* 2e2c2327f ("profiles: support more msmtp configuration paths (#6060)",
2023-10-22)
Misc: This was noticed on PR #6060.
|
| |/
|
|
|
|
|
|
|
| |
They are currently spread over disable-common.inc and
disable-programs.inc.
Added on commit 6f7ab41e4 ("blacklist gnome-boxes user files
(VM-Images)", 2019-10-13) and commit 49280197c ("various hardening
(#3394)", 2020-05-02).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since version 1.8.6 msmtp supports per-user configuration at either
~/.msmtprc (already supported by firejail) or
`$XDG_CONFIG_HOME/msmtp/config`. System-wide support can be placed at
/etc/msmtprc.
This adds the missing paths to the relevant .inc and .profile files.
Note that `blacklist ${HOME}/.msmtprc` is present on both
disable-common.inc and disable-programs.inc, so the new paths are added
to both files.
References:
https://wiki.archlinux.org/title/Msmtp#Basic_setup
https://marlam.de/msmtp/msmtp.html#Configuration-files
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* profiles: drop private-opt (existing whitelist)
* profiles: replace private-opt with whitelist
In most profiles.
Kept private-opt for enpass (~85MB), mate-dictionary (<20MB),
minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't
check: xmr-stak.
* docs: note potential issues with private-opt
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Programs:
$ pacman -Qo fusermount3 groupmems mount.cifs wall write
/usr/bin/fusermount3 is owned by fuse3 3.16.1-1
/usr/bin/groupmems is owned by shadow 4.14.0-4
/usr/bin/mount.cifs is owned by cifs-utils 7.0-3
/usr/bin/wall is owned by util-linux 2.39.2-1
/usr/bin/write is owned by util-linux 2.39.2-1
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* Create termshark.profile
* firecfg.config: add termshark support
* termshark: CLI hardening
|
| | |
|
| | |
|
| |
|
|
|
| |
* Update nicotine.profile
* dbus.user set to filter
|
| |\
| |
| | |
New profile: tidal-hifi
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
modified src/firecfg/firecfg.config to add tidal-hifi
created etc/profile-m-z/tidal-hifi.profile
closes: #6008
Apply suggestions from code review
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |\ \
| | |
| | | |
New profile: floorp
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
From Breezy's documentation[1] [2]:
> Breezy is a friendly fork of the Bazaar (bzr) project, hosted on
> http://bazaar.canonical.com/. It is backwards compatibility with
> Bazaar's disk format and protocols. One of the key differences with
> Bazaar is that Breezy runs on Python 3, rather than on Python 2.
breezy is also the drop-in replacement for bazaar on Arch Linux since
pacman 6.0.2-8[3].
> By default, Breezy provides support for both the Bazaar and Git file
> formats.
Note: The profile is implemented as a git redirect.
[1] https://github.com/breezy-team/breezy
[2] https://www.breezy-vcs.org/
[3] https://gitlab.archlinux.org/archlinux/packaging/packages/pacman/-/commit/c68a4e6602e3488fa093a18d35202c76a730faf6
|
| |/ /
| |
| |
| |
| |
| |
| | |
* disable-programs.inc: add lettura support
* Create lettura.profile
* firecfg.config: add lettura
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This amends commit dd5539012 ("profiles: refactor log viewers (#5996)",
2023-09-23).
Commands used:
git mv \
etc/profile-m-z/profile-m-z/profile-m-z/system-log-common.profile \
etc/profile-m-z/system-log-common.profile
rmdir etc/profile-m-z/profile-m-z/profile-m-z/
rmdir etc/profile-m-z/profile-m-z/
|
| |
|
| |
Co-authored-by: pirate486743186 <>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* profiles: refactor log viewers
Introduces system-log-common.profile as a common profile for existing
GUI log viewer applications.
* system-log-common: enable no3d
|
| |
|
|
| |
Add directories to config so Factorio runs correctly.
|
| | |
|
| | |
|
| |
|
| |
New TelegramWebApps uses another directory for saving local storage.
|
Kelvin M. Klann
netblue30
duevo
Reiner Herrmann
glitsj16
veloute
Frostbyte4664
glu8716
jtrv
pirate486743186
archaon616
Denis Subbotin