| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
| |
Command used to search for entries:
$ git grep '^read-only ${HOME}/' -- 'etc/profile*'
Note for gpg: ~/.gnupg/gpg.conf is apparently only managed by gpgconf(1)
rather than through gpg(1) itself, in which case it does not need to be
made read-write in gpg.profile.
|
| |
|
|
|
|
|
|
| |
This is an AUR helper and disable-common.inc has entries for pacman and
other system package managers.
Added on commit 6c10737f0 ("archaudit-report and cower for Arch
platforms, #1642", 2017-11-15).
|
| |
|
|
|
|
|
| |
Instead of duplicating them on every profile that tries to allow opening
links in Firefox.
And make that path read-write on firefox.profile.
|
| |
|
|
|
|
|
| |
Note: mpv itself does not modify anything in ~/.config/mpv as far as I
know, in which case it does not need a read-write entry.
Relates to #5706 #5707 #5710.
|
| |
|
|
|
|
|
| |
They are already present on etc/inc/disable-common.inc.
First added on commit 695b67f43 ("handle ~/.config/user-dirs.dirs",
2015-11-17).
|
| |\
| |
| | |
add mov-cli.profile
|
| | | |
|
| |\ \
| | |
| | | |
create blink-common.profile
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
KeePassXC can offer a Secret Service to store secrets for other
programs.
See https://specifications.freedesktop.org/secret-service/latest/
|
| | | | |
|
| | | |
| | |
| | | |
Co-authored-by: pirate486743186 <>
|
| | | |
| | |
| | | |
Co-authored-by: pirate486743186 <>
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* microsoft-edge*: fix spacing
* Create microsoft-edge-stable.profile
Relates to #5696.
* firecfg.config: add support for microsoft-edge-stable redirect
* disable-common.inc: blacklist msedge SUID executables
* microsoft-edge: add private-opt and allow internal sandbox access
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now that we have randomized UTS namespaces support[1] by default for
every sandbox, there's no longer a need to set hostname to a fixed
value. This commit removes such fixed hostname entries from all
profiles that have it.
[1] https://github.com/netblue30/firejail/discussions/5597#discussioncomment-4996357
|
| | | |
| | |
| | |
| | |
| | | |
No functional changes.
Relates to #639.
|
| |\ \ \
| | | |
| | | | |
tutanota-desktop.profile improvements
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
refactor yt-dlp
|
| | | |_|/
| |/| | |
|
| | |_|/
|/| | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
firejail-local: fix examples
|
| | |/ / |
|
| |\ \ \
| | | |
| | | | |
email-common.profile: allow bsfilter
|
| | |/ /
| | |
| | |
| | |
| | | |
https://bsfilter.org/
Signed-off-by: Marek Küthe <m.k@mk16.de>
|
| |\ \ \
| | | |
| | | | |
add ani-cli.profile
|
| | |/ /
| | |
| | |
| | | |
https://github.com/pystardust/ani-cli
|
| |\ \ \
| | | |
| | | | |
add porn-cli.profile
|
| | |/ / |
|
| |/ /
| |
| |
| | |
https://github.com/justchokingaround/lobster
|
| | |
| |
| |
| |
| | |
Closes https://github.com/netblue30/firejail/issues/5704
Signed-off-by: Marek Küthe <m.k@mk16.de>
|
| | |
| |
| | |
Co-authored-by: pirate486743186 <>
|
| | | |
|
| |/
|
| |
Co-authored-by: pirate486743186 <>
|
| | |
|
| |\
| |
| | |
New profile: parsecd
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
build: Fix whitespace and add .editorconfig
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commands used to search and replace:
$ git grep -Ilz '[[:blank:]]$' |
xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed -E \
's/[[:blank:]]+$//' '{}')\" >'{}'"
This fixes all of the "trailing whitespace" errors raised by git:
$ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD |
grep '^[^+]' | cut -f 3 -d : | LC_ALL=C sort | uniq -c
72 space before tab in indent.
4 trailing whitespace.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commands used to search and replace:
$ git grep -Ilz '.' | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(cat '{}')\" >'{}'"
The above commands ensure that there is exaclty 1 line terminator at EOF
(rather than 0 or more than 1) on all non-empty text files.
This fixes all of the "new blank line at EOF" errors raised by git:
$ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD |
grep '^[^+]' | cut -f 3 -d : | LC_ALL=C sort | uniq -c
21 new blank line at EOF.
72 space before tab in indent.
4 trailing whitespace.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Create qpdf.profile and redirects
qpdf (CLI) provides PDF metadata cleaning.
See privacy-handbuch.de[1] for details.
The site offers pdf-meta-clean.sh[2], which works very well with
firejailed qpdf.
[1] https://www.privacy-handbuch.de/handbuch_43a.htm
[2] https://www.privacy-handbuch.de/download/pdf-meta-clean.sh
* RELNOTES: add qpdf and redirects to new profiles section
* firecfg.config: add qpdf and redirects
* qpdf: use 'seccomp socket' instead of 'protocol unix'
See https://github.com/netblue30/firejail/issues/639. Thanks @rusty-snake in code review.
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Arch Linux got systemd v253:
https://github.com/archlinux/svntogit-packages/commit/05d0aedb2b83a2e1ba07cab47205772f82cb4814
It adds a few new files we should blacklist in `disable-common.inc`:
- /etc/credstore
- /etc/credstore.encrypted
- /run/credentials/systemd-sysctl.service
- /run/credentials/systemd-sysusers.service
- /run/credentials/systemd-tmpfiles-setup.service
- /run/credentials/systemd-tmpfiles-setup-dev.service
|
| | | |
|
| | | |
|
| | | |
|
Kelvin M. Klann
netblue30
pirate486743186
Thijs Raymakers
Kobaxidze256
pirate486743186
glitsj16
Neotamandua
Marek Küthe
NetSysFire