aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
...
* | unblock tor support in brave (#4200)Libravatar glitsj162021-04-18
| | | | | | | | | | | | | | | | | | | | | | * opt-in for brave's native tor support * fix brave's native tor support * warn about potential tor breakage when using apparmor * update comment for opting in to tor * move brave's tor apparmor fix in brave.profile
* | broaden support for pcre in private-libLibravatar glitsj162021-04-18
| | | | | | Follow-up for https://github.com/netblue30/firejail/commit/692311bcc6fe0744d7831459ad7ec0bc5811b9a9. Thanks to @rusty-snake for tracking this down in #4202.
* | broaden support for pcre in private-libLibravatar glitsj162021-04-17
| | | | | | Fixes #4202 until we have tooling to generate system-specific lists at install time, as suggested by @loveshack.
* | Add allow-bin-sh.inc to profile.templateLibravatar rusty-snake2021-04-17
| | | | | | | | [skip ci]
* | add passwd to private-etc (#4193)Libravatar glitsj162021-04-14
| |
* | Create tmux.profile (#4188)Libravatar rusty-snake2021-04-14
| | | | | | requested in #1139 by @vatonbero
* | New profile: Quodlibet (#3983)Libravatar Bundy012021-04-14
| | | | | | | | | | * New profile: Quodlibet * New profile: Quodlibet
* | Fix export in apostropheLibravatar rusty-snake2021-04-12
| |
* | profile fixesLibravatar rusty-snake2021-04-12
|/ | | | | | | | | | | | | | | | | | discord-canary.profile: fix #4175 flameshot.profile: - private-tmp break flameshot (wayland only?) - Screengrabbing (under wayland) is done via dbus, the following names must be allowed: - GNOME: org.gnome.Shell - KDE: org.kde.KWin - Sway: org.freedesktop.portal.Desktop - Allow notifications and tray too, because org.gnome.Shell (for example) is already totaly unsafe. mumble.profile: fix #4181
* Minor FixesLibravatar Neo000012021-04-09
|
* fix comment typoLibravatar glitsj162021-04-07
|
* Merge pull request #4170 from matthew-cline/steamLibravatar Reiner Herrmann2021-04-07
|\ | | | | steam: some more games added
| * steam: also added paths to disable-programs.incLibravatar Matthew Cline2021-04-05
| |
| * steam: some more games addedLibravatar Matthew Cline2021-04-05
| | | | | | | | | | | | | | | | | | | | | | | | Games added: * Don't Starve * Dungeons of Dredmor * Epic * Loop Hero * Pillars of Eternity I * Rogue Legacy I * Slay the Spire modding * Steam World Dig I & II
* | Fix #3783 -- Google Chrome (wayland ozone) is brokenLibravatar rusty-snake2021-04-06
| |
* | Merge pull request #4167 from tredondo/patch-7Libravatar rusty-snake2021-04-06
|\ \ | | | | | | WebStorm: allow Dolphin to access its config file
| * | WebStorm: allow Dolphin to access its config fileLibravatar Ted Robertson2021-04-05
| |/
* / Encourage making overrides in *.local files (#4165)Libravatar glitsj162021-04-06
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments
* drop some stuff based on discussion with @rusty-snakeLibravatar glitsj162021-04-04
|
* allow notifications + comment fixesLibravatar glitsj162021-04-04
|
* Add Librewolf Nightly profileLibravatar Vladislav Nepogodin2021-04-04
|
* dropbox: allow python3, fix for issue #4150Libravatar Matthew Cline2021-04-01
| | | | | | /usr/bin/dropbox needs access to python3, at least for dropbox command-line interface version 2020.03.04 as packaged by the RPM Fusion project. Fixes issue #4150
* Merge pull request #4148 from glitsj16/masterLibravatar glitsj162021-03-31
|\ | | | | Improve comments in apparmor files
| * Add examples to allow running programs from specific home dirLibravatar glitsj162021-03-30
| |
| * Recommend doing overrides in local apparmor dirLibravatar glitsj162021-03-30
| |
* | Add localtime to signal-desktop's profile.Libravatar Nolan Leake2021-03-30
|/ | | | Without it, all chat timestamps are in UTC.
* Fixes (man: allow rustup; Books -> gnome-books)Libravatar rusty-snake2021-03-28
|
* fix hardening commentLibravatar rusty-snake2021-03-24
| | | | [skip ci]
* fix hardening commentLibravatar glitsj162021-03-24
|
* fix network access commentLibravatar glitsj162021-03-24
|
* Merge pull request #4126 from rusty-snake/better-renamesLibravatar netblue302021-03-24
|\ | | | | Rename chromium-common-hardened and feh-network …
| * Rename chromium-common-hardened and feh-network …Libravatar rusty-snake2021-03-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | …again I am still not really happy about the rename from #4028, #4029, #4030 and #4031. I've no problem with moving away .inc but I don't like the result. So here's a proposal to make this better: | NAME | DESCRIPTION | | ------------------------- | ------------------------------------------------------------ | | `*-addons.profile` | (include) Allow external addons | | `*-common.profile` | (include) Common parts across multiple profiles | | `*-hardened.inc.profile` | Further hardening which can not be made default | | `*-network.inc.profile` | Allow optional network access | | `*-whitelist.inc.profile` | Enabled whitelisting (which can not be made default) ¹ | | `*.inc.profile` | Other profile specific includes | | `*.profile` | A profile for a program | | `allow-*.inc` | Multiple `noblacklist`s that should always be used together | | `disable-*.inc` | `blacklist`ing | | `whitelist-*-common.inc` | common `whitelist`s | | `*.inc` | Other generic includes | | `globals.local` | User overrides for all profiles | | `*.local` | Per profile user overrides | ¹ can be used for programs like KeePassXC or editors.
* | Merge pull request #4116 from Neo00001/masterLibravatar netblue302021-03-24
|\ \ | | | | | | Update vmware.profile & dbus-policy for amarok
| * | Update amarok.profileLibravatar Neo000012021-03-21
| | |
| * | Update vmware.profileLibravatar Neo000012021-03-21
| | |
| * | Update vmware.profileLibravatar Neo000012021-03-19
| | |
| * | Update amarok.profileLibravatar Neo000012021-03-19
| | |
* | | Update k3b.profileLibravatar Neo000012021-03-23
| |/ |/| | | #2989
* | fixes for gnome-logsLibravatar glitsj162021-03-21
| |
* | Merge pull request #4119 from pirate486743186/patch-14Libravatar Reiner Herrmann2021-03-21
|\ \ | | | | | | [minor] .cache/youtube-viewer in disable-programs.inc
| * | forgoten whitelistLibravatar pirate4867431862021-03-20
| | |
| * | .cacheLibravatar pirate4867431862021-03-20
| | |
| * | adding .cache/youtube-viewerLibravatar pirate4867431862021-03-20
| | |
* | | fix private-libLibravatar glitsj162021-03-20
|/ /
* | Fix nheko (#4117)Libravatar rusty-snake2021-03-19
| | | | | | closes #4115
* | man.progile: readonly instead of whitelistLibravatar rusty-snake2021-03-19
| |
* | Merge pull request #4069 from rusty-snake/hasher-profilesLibravatar netblue302021-03-19
|\ \ | | | | | | Add profile for checksum tools
| * | Add profile for checksum toolsLibravatar rusty-snake2021-03-14
| | | | | | | | | | | | | | | | | | * Oops! Thanks for catching. * Add quiet
* | | Merge pull request #3984 from nidamanx/patch-1Libravatar netblue302021-03-19
|\ \ \ | | | | | | | | Fix for KeePassXC plugin
| * | | SortingLibravatar Nicola Davide Mannarelli2021-02-14
| | | | | | | | | | | | | | | | Moved in the right place as in template https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-20 04:53:52 +0000