| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | | |
| | |
| | | |
Inspired by https://github.com/netblue30/firejail/pull/5352/files/c04ceb49c7001bb931a35667c831545cd64aeece#r963032151.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
profiles: allow perl/exiftool on the relevant profiles
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Programs that seem to support exiftool:
$ LC_ALL=C pacman -Sii perl-image-exiftool |
grep -e '^Version' -e '^Required' -e '^Optional For' | head -n 3
Version : 12.42-1
Required By : digikam geotag gitlab-workhorse mat2 rapid-photo-downloader
Optional For : darktable geeqie gpsprune hugin jpeg-archive ranger recoll shutter
Environment: Artix Linux.
Note for hugin.profile: Does not currently work with private-bin on
Arch/Artix; see the private-bin comment on
etc/profile-a-l/exiftool.profile.
Relates to #5365.
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As mentioned in its description, this profile is intended for an IDE, so
allow paths used for development and stop including the following
profiles:
* disable-devel.inc
* disable-exec.inc
* disable-interpreters.inc
Fixes #5292.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* use both capitalized and regular discord commands to private-bin
* use both capitalized and regular discord commands to private-bin
* add awk and which to private-bin for better xdg-open support
* use both capitalized and regular discord commands to private-bin
* use both capitalized and regular discord commands to private-bin
* refactor CamelCased discord profiles
* refactor CamelCased discord profiles
* fix private-{bin,opt} sorting
* fix private-{bin,opt} sorting
* unfuck private-{bin,opt} sorting
* unfuck private-{bin,opt} sorting
* fix sorting once more for CI
* fix sorting once again for CI
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Fix Firefox 'Profile not found' for psd (v6.45)
code change: `whitelist ${RUNUSER}/psd/*firefox*`
fixes: #4568
* Whitelist ${RUNUSER}/psd/*firefox*
* Fix workflow for github
|
| | |
| |
| | |
Co-authored-by: Albert Kim <alkim@alkim.org>
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
lbry-viewer.profile create
|
| | |/ |
|
| | |
| |
| | |
Co-authored-by: pirate486743186 <>
|
| | |
| |
| |
| |
| | |
This amends commit e2631b40d ("steam.profile: fix breakage with newer
Proton-GE (process_vm_readv)", 2022-08-20).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As reported by @rsramkis on #5185, upgrading from Proton-7.2-GE-2[1]
(released on 2022-02-14) to GE-Proton7-18[2] (released on 2022-05-19)
breaks logging in on World of Tanks Blitz unless the `process_vm_ready`
32-bit syscall is allowed[3], so allow it.
Fixes #5185.
[1] https://github.com/GloriousEggroll/proton-ge-custom/releases/tag/7.2-GE-2
[2] https://github.com/GloriousEggroll/proton-ge-custom/releases/tag/GE-Proton7-18
[3] https://github.com/netblue30/firejail/issues/5185#issuecomment-1152350336
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
makedeb profile creation
|
| | |/ |
|
| |\ \
| | |
| | | |
microsoft-edge.profile rewritten for stable channel and moved microsoft-edge{,-beta,-dev} from private-opt to whitelist
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* replaced private-opt by whitelist #5307
* added stable channel config dirs to disable-programs.inc
|
| |\ \ \
| | | |
| | | | |
vmware.profile: snapshot requires /etc/mtab
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
This patch avoid the following error:
Error: One of the parameters supplied is invalid
Tested with VMware Workstation 16.2.4
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
neomutt won't write to these locations. Processes it spawns might read
to some of them, but creating an empty file doesn't help. This just
pollutes user's $HOME with empty files and directories.
I've kept a few paths that MAY be written to by neomutt; it's not ideal,
but I want to minimise the risk of potential data loss, even if it is
corener cases.
See: https://github.com/netblue30/firejail/discussions/5276
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* fix(audacity): !5281 sharedlib bug on Arch/Fedora
removed `private-bin` line from audacity profile as it appears to block
access to shared libraries needed to start audacity on some
distributions.
Relates to github issue #5281
* fix(audacity): Disabling apparmor and reenabling private-bin
|
| |\ \
| | |
| | | |
makepkg: add description
|
| | |/ |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add gdu to 'new profiles' section
* Create gdu.profile
* add gdu to firecfg
* harden gdu sandbox
* fix protocol
* simulate empty protocol in gdu
* more user-friendly gdu sandboxing
|
| |\
| |
| | |
introduce new option restrict-namespaces
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This directory contains the MAC address for connections available
Tested working with torbrowser-launcher and onionshare
Signed-off-by: Tad <tad@spotco.us>
|
| |/ |
|
| |
|
|
|
|
|
|
|
| |
* remmina.profile: allow python
* Update etc/profile-m-z/remmina.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
now covers syscalls up to including process_madvise (440)
group assignment was blindly copied from systemd:
https://github.com/systemd/systemd/blob/729d2df8065ac90ac606e1fff91dc2d588b2795d/src/shared/seccomp-util.c#L305
the only exception is close_range, which was added to both @basic-io and @file-system
this commit adds the following syscalls to the default blacklist:
pidfd_getfd,fsconfig,fsmount,fsopen,fspick,move_mount,open_tree
|
| |
|
|
|
|
|
|
| |
As a reminder to create a profile for winetricks instead of allowing
access to its paths to programs used by winetricks (see #5238).
Added on commit 0ec1c66b5 ("aria2c.profile: allow access to
~/.cache/winetricks") / PR #5238.
|
glitsj16
netblue30
Kelvin M. Klann
godbless
alkim0
slowpeek
pirate486743186
pirate486743186
Азалия Смарагдова
Quentin RETORNAZ
Davide Gerhard
Hugo Osvaldo Barrera
Christopher Morrow
smitsohu
Tad
NetSysFire