aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
...
* fix #3736Libravatar glitsj162020-11-10
| | | Added ${HOME}/.alsaequal.bin to fix #3736
* fixes, closes, enhances, improvements, and so onLibravatar rusty-snake2020-11-09
| | | | | | | | | | | | | | | | | | | - .github/ISSUE_TEMPLATE/bug_report.md: get ride off spanish, french, ... error messages - etc/inc/firefox-common-addons.inc: support ff2mpv - etc/profile-a-l/gimp.profile: note about xsane - etc/profile-m-z/min.profile: prettify - etc/profile-m-z/mpsyt.profile: fix, add lua - etc/profile-m-z/qbittorrent.profile: add note for tray-icons; this will get a better note once I investigated and audited all the D-Bus tray stuff. - etc/profile-m-z/transmission-daemon.profile: fix, add protocol packet close #3686 - mps-youtube needs lua close #3701 - Firefox native messaging regression in 0.9.62.4 -> 0.9.64rc1 close #3636 - transmission-daemon fills log with error close #3640 - Gimp - add note how to enable scanning (xsane) close #3707 - qBittorrent tray icon missing from notification panel when running it with firejail
* disable private-etc in zoom, close #3726Libravatar rusty-snake2020-11-09
|
* fix min.profileLibravatar glitsj162020-11-09
| | | As per https://github.com/netblue30/firejail/pull/3688#discussion_r511290714 min needs wusc. Runs fine with wruc too so let's fix min for users.
* rework chromium (#3688)Libravatar rusty-snake2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * rework chromium + 516d0811 has removed fundamental security features. (remove caps.drop=all, nonewprivs, noroot, seccomp, protocol; add caps.keep) Though this is only necessary if running under a kernel which disallow unprivileged userns clones. Arch's linux-hardened and debian kernel are patched accordingly. Arch's linux and linux-lts kernels support this restriction via sysctk (kernel.unprivileged_userns_clone=0) as users opt-in. Other kernels such as mainline or fedora/redhat always support unprivileged userns clone and have no sysctl parameter to disable it. Debian and Arch users can enable it with 'sysctl kernel.unprivileged_userns_clone=1'. This commit adds a chromium-common-hardened.inc which can be included in chromium-common to enhance security of chromium-based programs. + chromium-common.profile: add private-cache + chromium-common.profile: add wruc and wusc, but disable it for the following profiles until tested. tests welcome. - [ ] bnox, dnox, enox, inox, snox - [ ] brave - [ ] flashpeak-slimjet - [ ] google-chrome, google-chrome-beta, google-chrome-unstable - [ ] iridium - [ ] min - [ ] opera, opera-beta + move vivaldi-snapshot paths from vivaldi-snapshot.profile to vivaldi. /usr/bin/vivaldi is a symlink to /etc/alternatives/vivaldi which can be vivaldi-stable, vivaldi-beta or vivaldi-snapshot. vivaldi-snapshot.profile missed also some features from vivaldi.profile, solve this by making it redirect to vivaldi.profile. TODO: exist new paths such as .local/lib/vivaldi also for vivaldi-snapshot? + create chromium-browser-privacy.profile (closes #3633) * update 1 + add missing 'ignore whitelist /usr/share/chromium' + revert 'Move drm-relaktions in vivaldi.profile behind BROWSER_ALLOW_DRM.'. This breaks not just DRM, it break things such as AAC too. In addition vivaldi shows a something is broken pop-up, we would have a lot of 'does not work with firejail' issues. * update 2 * update 3 fixes #3709
* Update linphone profile (#3734)Libravatar Dara Adib2020-11-08
| | | | linphone 4.0 changed the location of config and database files to respect freedesktop standards.
* second #3728 [skip ci]Libravatar rusty-snake2020-11-06
|
* profile fixesLibravatar rusty-snake2020-11-06
| | | | | | | | - update README.md and RELNOTES - add 'blacklist ${RUNUSER}/.flatpak-cache' to disable-common.inc - fix #3728, fonts in openSUSE KDE with wc / wusc - fix gnome-todo - fix xournalpp MathTeX whitelist
* Allow lua in minetest.profileLibravatar glitsj162020-11-03
| | | | | Closes #3723 Introduced in 388826683c3b90926e73c83ddb91d5c84a7fa1fa
* fix ${HOME}/.ssh access in filezilla.profileLibravatar glitsj162020-11-03
| | | This fixes #3722.
* Add spectacle's profile (#3717)Libravatar Neo000012020-11-02
| | | | | | | * Update firecfg.config * Update disable-programs.inc * Create spectacle.profile
* Remove nou2f in ssh profileLibravatar David Hyrule2020-11-01
|
* Allow webcam access in zoom.profileLibravatar glitsj162020-10-31
| | | This fixes #3711.
* keepassxc dbus, closes #3713 [skip ci]Libravatar rusty-snake2020-10-31
|
* firefox d-bus (#2953) & fix xournalppLibravatar rusty-snake2020-10-29
|
* added bluetooth to the list of protocols allowed by seccompLibravatar netblue302020-10-28
|
* profile fixesLibravatar netblue302020-10-28
|
* Update okular.profile to support cbr files (#3704)Libravatar blockbandit2020-10-27
| | | | | | | * Update okular.profile okular has support for reading cbr (rar-compressed comic book). without unrar or unar in private-bin, okular fails to decompress the files for viewing. * Sorted private-bin
* Remove redundant read-only item (#3703)Libravatar glitsj162020-10-27
| | | | | | | | | | | | | * remove read-only item redundancy 'read-only ${HOME}/.config/mimeapps.list' is already part of disable-common.inc * remove read-only item redundancy 'read-only ${HOME}/.config/mimeapps.list' is already part of disable-common.inc, which is included in the redirect profile * remove read-only item redundancy 'read-only ${HOME}/.config/mimeapps.list' is already part of disable-common.inc, which is included in the redirect profile
* fix assogiate.profileLibravatar glitsj162020-10-27
| | | The user mime database needs to be writable.
* add missing paths to disable-interpreters.incLibravatar rusty-snake2020-10-26
| | | | | | | and update allow-xxx.inc Fedora uses /usr/lib64 for arch specifiy files and /usr/lib for arch independent files. php, py2, ruby may have also paths there.
* Merge pull request #3700 from rusty-snake/fix-3699Libravatar rusty-snake2020-10-26
|\ | | | | fix #3699 -- Firefox can't inhibit screensavers/screen blanking
| * fix #3699Libravatar rusty-snake2020-10-26
| |
* | Update celluloid.profileLibravatar Neo000012020-10-26
| |
* | Update celluloid.profileLibravatar Neo000012020-10-25
|/ | | liblua is needed for celluloid & otherwise at least on arch it's showing this error - "celluloid: error while loading shared libraries: liblua5.2.so.5.2: cannot open shared object file: Permission denied"
* mergesLibravatar netblue302020-10-25
|
* Merge pull request #3607 from kortewegdevries/wemailLibravatar netblue302020-10-25
|\ | | | | Switch mails to whitelisting
| * Add note about private-binLibravatar kortewegdevries2020-09-03
| |
| * Add firefox supportLibravatar kortewegdevries2020-08-29
| |
| * Switch kmail to whitelistingLibravatar kortewegdevries2020-08-29
| |
| * GPG default, fixes...Libravatar kortewegdevries2020-08-28
| |
| * Switch Evolution to whitelistingLibravatar kortewegdevries2020-08-28
| |
* | harden peek; update README.md; add gnome-sound-…Libravatar rusty-snake2020-10-23
| | | | | | | | …recorder to firecfg.config
* | Fix vlc blu-ray playback with libaacsLibravatar Jan Sonntag2020-10-20
| |
* | Update virtualbox.profileLibravatar Bundy012020-10-19
| |
* | update firefox fedora private-bin [skip ci]Libravatar rusty-snake2020-10-16
| |
* | flameshot has changed it's APP-IDLibravatar rusty-snake2020-10-16
| | | | | | | | closes #3643
* | Merge pull request #3667 from Neo00001/patch-2Libravatar rusty-snake2020-10-13
|\ \ | | | | | | Update wire-desktop.profile (again)
| * | Update wire-desktop.profileLibravatar Neo000012020-10-13
| | |
| * | Update wire-desktop.profile (again)Libravatar Neo000012020-10-13
| | | | | | | | | On arch,wire-desktop is now depending on electron9. Using wildcard for this sorta packages would be better.
* | | merges, fix for #3662 etc.Libravatar netblue302020-10-13
|/ /
* | Fix AppArmor 3.0 support (closes #3659)Libravatar Kristóf Marussy2020-10-10
| | | | | | | | | | | | | | | | | | | | | | | | AppArmor introduces the @{run} variable, which is used in <abstractions/dbus-strict> and <abstractions/dbus-session-strict> among other places. Thus, we follow suit of the built-in profiles and #include <tunables/global>, which includes <tunables/run> in AppArmor 3.0, defining the variable. As <tunables/global> exists in previous versions of AppArmor, too, this patch does not introduce a backward-compatibility issue with Apparmor 2.x.
* | Update vmware.profileLibravatar Neo000012020-10-06
| | | | | | With private-etc enabled vmware-tools doesn't get installed. Existing VM with an installed vmware-tools works as usual. For the time being keep it commented.
* | New profile: equalxLibravatar rusty-snake2020-10-03
| |
* | chromium-freeworld profile (#3633)Libravatar rusty-snake2020-10-03
| |
* | splitting up media players whitelists in whitelist-players.incLibravatar netblue302020-10-02
| |
* | new profile: xournalppLibravatar rusty-snake2020-09-25
| |
* | fix eog profileLibravatar netblue302020-09-14
| |
* | New profiles + fixes + hardeningLibravatar rusty-snake2020-09-14
| | | | | | | | | | | | | | | | - blacklist ~/.rustup in disable-devel.inc - add note to mpv (See #3628) - harden warsow - update relnotes - new profile qrencode, dbus-send, notify-send
* | profstats: track dbus-system noneLibravatar netblue302020-09-08
| |
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-20 00:55:33 +0000