| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Harden qutebrowser profile
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
electron-mail.profile refactoring
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes:
- redirect to electron.profile
- fix program name
- update program description
- allow /bin/sh
- allow opening links in Firefox
- remove no3d, nonewprivs, noroot, protocol, seccomp
- add machine-id, nosound
- remove private-bin, disable-mnt
- harden private-etc
- allow D-Bus notifications, secrets
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenDoas is an alternative to sudo. It is an unofficial port of
OpenBSD's doas. Details:
$ LC_ALL=C pacman -Si galaxy/opendoas |
grep -e '^Version' -e '^Description' -e '^URL'
Version : 6.8.2-1
Description : Run commands as super user or another user
URL : https://github.com/Duncaen/OpenDoas
Environment: Artix Linux.
Also, add /etc/doas.conf to etc/ids.config.
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 393c5beff2686d7732221dadb6730917f24835a0.
Which broke mpv:
$ mpv --version
Cannot start application: No such file or directory
Probably because mpv itself uses many libraries and it has plugins that
may depend on files in /usr/lib as well:
$ pacman -Qlq mpv | grep /lib/ | grep -v '/$'
/usr/lib/libmpv.so
/usr/lib/libmpv.so.1
/usr/lib/libmpv.so.1.109.0
/usr/lib/pkgconfig/mpv.pc
$ strings /usr/bin/mpv | grep '^lib.*\.so' | sort -u | wc -l
53
$ pacman -Qlq yt-dlp | grep /lib/ | grep -v '/$' |
cut -f -4 -d / | sort -u
/usr/lib/python3.10
$ pacman -Q mpv yt-dlp
mpv 1:0.34.1-5
yt-dlp 2022.09.01-1
Environment: Artix Linux.
Also, private-lib is disabled by default in firejail.config (see #5190)
and mpv.profile does not use private-lib, so there should be no need to
whitelist anything in /usr/lib in the default profile.
|
| |
| |
| |
| |
| | |
This is an mpv plugin for MPRIS integration.
See: https://github.com/hoyon/mpv-mpris
|
|\ \
| | |
| | | |
Streamline Firefoxes D-Bus filtering
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
profiles: allow perl/exiftool on the relevant profiles
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Programs that seem to support exiftool:
$ LC_ALL=C pacman -Sii perl-image-exiftool |
grep -e '^Version' -e '^Required' -e '^Optional For' | head -n 3
Version : 12.42-1
Required By : digikam geotag gitlab-workhorse mat2 rapid-photo-downloader
Optional For : darktable geeqie gpsprune hugin jpeg-archive ranger recoll shutter
Environment: Artix Linux.
Note for hugin.profile: Does not currently work with private-bin on
Arch/Artix; see the private-bin comment on
etc/profile-a-l/exiftool.profile.
Relates to #5365.
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As mentioned in its description, this profile is intended for an IDE, so
allow paths used for development and stop including the following
profiles:
* disable-devel.inc
* disable-exec.inc
* disable-interpreters.inc
Fixes #5292.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* use both capitalized and regular discord commands to private-bin
* use both capitalized and regular discord commands to private-bin
* add awk and which to private-bin for better xdg-open support
* use both capitalized and regular discord commands to private-bin
* use both capitalized and regular discord commands to private-bin
* refactor CamelCased discord profiles
* refactor CamelCased discord profiles
* fix private-{bin,opt} sorting
* fix private-{bin,opt} sorting
* unfuck private-{bin,opt} sorting
* unfuck private-{bin,opt} sorting
* fix sorting once more for CI
* fix sorting once again for CI
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Fix Firefox 'Profile not found' for psd (v6.45)
code change: `whitelist ${RUNUSER}/psd/*firefox*`
fixes: #4568
* Whitelist ${RUNUSER}/psd/*firefox*
* Fix workflow for github
|
| |
| |
| | |
Co-authored-by: Albert Kim <alkim@alkim.org>
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
lbry-viewer.profile create
|
| |/ |
|
| |
| |
| | |
Co-authored-by: pirate486743186 <>
|
| |
| |
| |
| |
| | |
This amends commit e2631b40d ("steam.profile: fix breakage with newer
Proton-GE (process_vm_readv)", 2022-08-20).
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As reported by @rsramkis on #5185, upgrading from Proton-7.2-GE-2[1]
(released on 2022-02-14) to GE-Proton7-18[2] (released on 2022-05-19)
breaks logging in on World of Tanks Blitz unless the `process_vm_ready`
32-bit syscall is allowed[3], so allow it.
Fixes #5185.
[1] https://github.com/GloriousEggroll/proton-ge-custom/releases/tag/7.2-GE-2
[2] https://github.com/GloriousEggroll/proton-ge-custom/releases/tag/GE-Proton7-18
[3] https://github.com/netblue30/firejail/issues/5185#issuecomment-1152350336
|
| | |
|
| | |
|
|\ \
| | |
| | | |
makedeb profile creation
|
| |/ |
|
|\ \
| | |
| | | |
microsoft-edge.profile rewritten for stable channel and moved microsoft-edge{,-beta,-dev} from private-opt to whitelist
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
* replaced private-opt by whitelist #5307
* added stable channel config dirs to disable-programs.inc
|
|\ \ \
| | | |
| | | | |
vmware.profile: snapshot requires /etc/mtab
|