| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
etc/profile-a-l/firefox-common-addons.profile
|
| | |
|
| |\
| |
| | |
fix protocol list
|
| | | |
|
| | |
| |
| | |
Due to https://github.com/netblue30/firejail/commit/5d88ee8957dc38a52c36f71b91c786dbec9d4ec9 we should provide an override option here IMO.
|
| | |
| |
| | |
Now that https://github.com/netblue30/firejail/commit/5d88ee8957dc38a52c36f71b91c786dbec9d4ec9 introduces new protocol list behaviour, we need to add an ignore here due to the redirect to transmission-common.profile. See https://github.com/netblue30/firejail/issues/4017 for clarification.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
- RELNOTS: protocol now accumulates
- fix #3978 -- Android Studio: cannot create the directory
Unresolved:
> google-earth.profile has a 'noblacklist ${HOME}/.config/Google' too,
> so we should consider to add additional blacklists for ~/.config/Google/*.
- marker.profile: allow ${DOCUMENTS}
- profile.template: add bluetooth protocol
- profile.template: add DBus portal note
- firejail-profile.txt: revert 17fe4b9e -- fix private=directory in man firejail-profile
see https://github.com/netblue30/firejail/pull/3970#discussion_r574411745
|
| | |
|
| |
|
| |
Thx to @rusty-snake for spotting this.
|
| | |
|
| | |
|
| |\
| |
| | |
signal-desktop.profile: fix typo of disable-xdg.profile
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added on commit f4f676745 ("Refactor electron.profile and electron based
programs (#3807)").
This appears to be the only instance of that:
$ grep -Fnr 'include-xdg' etc
etc/profile-m-z/signal-desktop.profile:9:ignore include-xdg.inc
Simply fixing the typo would enable xdg dirs for the first time since
the aforementioned commit. But, as talked with @rusty-snake[1], since
there has been no negative feedback, and since it's a whitelisting
profile, just remove the affected line instead.
Credits go to syntax highlighting on vim.
[1]: https://github.com/netblue30/firejail/pull/4001
|
| |\ \
| | |
| | | |
Minor fixes for vmware
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
ipcalc: misc fixes
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
And add missing allow include comment.
See etc/templates/profile.template.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
And add missing redirect comment.
See etc/templates/redirect_alias-profile.template.
|
| | | | | |
|
| | |/ /
|/| | |
|
| |\ \ \ |
|
| | |/ / |
|
| |/ / |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
* Fix patch-util not having access to libdl.so
* Update etc/profile-m-z/patch.profile
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
fixes for profile.template
|
| | |
| |
| | |
See https://github.com/netblue30/firejail/pull/3993/files/660bc3435b43e32d156d9bb5bee2dbad2f84cf36#r577366805.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| | |
See https://github.com/netblue30/firejail/pull/3990#discussion_r576404417.
|
| | |
| |
| | |
The final profile in the include chain - torbrowser-launcher.profile - already includes globals.local. Unless there's some kind of potential race condition that needs to be avoided by changing this 'logic' we should avoid doubled includes.
|
| | |
| |
| | |
The final profile in the include chain - torbrowser-launcher.profile - already includes globals.local. Unless there's some kind of potential race condition that needs to be avoided by changing this 'logic' we should avoid doubled includes.
|
| |/
|
| |
Follow up for https://github.com/netblue30/firejail/pull/3988. We need to allow access to torbrowser-launcher executables installed under ${HOME}. Thanks @rusty-snake and @Vincent43 for motivational input.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit bd1819a8641e0eeae016846b28a41e625bcc215b, reversing
changes made to 807af3dce05786f10747cc0938cc98af484c8e97.
The hole PR looks like a single crap, it is not even syntactically
correct. Has anyone at least started kmail with this profile before it
was merged? See #3979, thanks @creideiki for reporting.
> First, there are syntax errors. Several mkdir lines have file names containing asterisks.
> This gives the following error:
>
> Error: "${HOME}/.cache/akonadi*" is an invalid filename: rejected character: "*"
>
> I am not sure what they intend to do, but whatever it is it's not working.
> Especially confusing is the line
>
> mkdir /tmp/akonadi-*
>
> Yes, Akonadi creates a directory in /tmp, but its name is random and seems to have been created
> using mkstemp(3) or similar. I'm not sure how Firejail is supposed to be able to pre-create it.
>
> Removing the asterisks makes Firejail at least accept the profile syntactically and try to run
> the program.
It is rejected by syntax. Has anyone tested?
> At startup, Firejail now prints the following warning:
>
> ***
> *** Warning: cannot whitelist ${DOCUMENTS} directory
> *** Any file saved in this directory will be lost when the sandbox is closed.
> ***
Why was 'include disable-xdg.inc' added together with 'whitelist ${DOCUMENTS}', but
no 'nobalcklist ${DOCUMENTS}'? It can not work.
> The actual error is that PostgreSQL needs access to /usr/lib64/postgresql-13/ in order to run.
> Adding the following line to kmail.profile fixes that:
>
> whitelist /usr/share/postgresql*
Again, has anyone thested this?
> The next problem is this message on the console:
>
> kf.config.core: Couldn't write "/home/creideiki/.config/kmail2rc" . Disk full?
>
> Which may have something to do with the profile creating a directory with that name:
>
> mkdir ${HOME}/.config/kmail2rc
>
> when it's supposed to be a file:
>
> $ stat ~/.config/kmail2rc
> File: /home/creideiki/.config/kmail2rc
> Size: 24660 Blocks: 56 IO Block: 4096 regular file
Has anyone tested this or is this just a blind copy of the noblacklist
from above with noblacklist replaced by mkdir?
> However, the error message
>
> kf.config.core: Couldn't write "/home/creideiki/.config/kmail2rc" . Disk full?
>
> still appears.
Looks like #1793. HAS ANYONE TESTED THIS PROFILE??!
> Finally, when exiting KMail, it crashes with a SIGSEGV:
>
> *** KMail got signal 11 (Exiting)
> *** Dead letters dumped.
> KCrash: crashing... crashRecursionCounter = 2
> KCrash: Application Name = kmail path = /usr/bin pid = 20
> KCrash: Arguments: /usr/bin/kmail
Has any...
> I tried restoring an older kmail.profile, from commit 319f2dc, and it has none of the above problems.
... I give up asking if anyone tested this.
> Given the multitude of problems with commit 5532fbd, I'd suggest reverting it until it can be fixed.
Yes, definitely.
|
| | |
|
| | |
|
| |
|
| |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
glitsj16
rusty-snake
netblue30
Tad
Kelvin M. Klann
Neo00001
zupatisc
Reiner Herrmann
smitsohu
Albin Kauffmann