firejail - Mirror of https://github.com/netblue30/firejail

	Commit message (Collapse)	Author	Age
*	ping: extra hardening	glitsj16	2022-03-21
\|
*	ocenaudio hardening (#5056)	glitsj16	2022-03-18
\| \| \| \| \| \| \|	* ocenaudio: blacklist cache dir * ocenaudio: hardenings * ocenaudio: fix protocol comment
*	cmake: fix local override & wusc (#5054)	glitsj16	2022-03-16
\| \| \| \| \|	* cmake: fix local override & wusc * cmake: another wusc fix
*	pip: fixes (#5053)	glitsj16	2022-03-15
\| \| \| \| \| \| \| \| \|	* pip: fix including local override * pip: allow access to cache The shared build-systems-common.profile (to which pip.profile redirects) blacklists ${HOME}/.cache/pip. Override that here. * pip: add cache support in commented whitelist
*	allow-common-devel.inc: add missing java/scala paths	Kelvin M. Klann	2022-03-14
\| \| \| \| \| \| \| \|	This amends commit f32cb8393 ("Blacklist scala devel stuff", 2022-03-05) / PR #5013. See the following review: https://github.com/netblue30/firejail/pull/5013#pullrequestreview-903794958
*	opera fixes (#5041)	glitsj16	2022-03-14
\| \| \| \| \|	* opera fixes * disable-common.inc: add blacklist /usr/lib/opera/opera_sandbox
*	mupdf refactoring cfr. ↵	glitsj16	2022-03-14
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://github.com/netblue30/firejail/discussions/4993 (#5042) * refactor mupdf * refactor mupdf * refactor mupdf * refactor mupdf * add mupdf-gl blacklist * move history file back to mupdf-gl * refactor mupdf-gl * add no3d to mupdf.profile * add suggestions from review * drop unix from protocol [accumulates] * fix protocol
*	minor cleanups, no functional changes (#5040)	glitsj16	2022-03-13
\| \| \| \| \| \| \| \| \|	* drop redundant noblacklist noblacklist ${HOME}/.vscode-oss already exists in included code.profile * remove newline Nitpick for persistency with other profiles that have the comment about #2624.
*	hardening onionshare-gui.profile (#4959)	glitsj16	2022-03-13
\| \| \| \| \| \| \|	* hardening onionshare-gui.profile * add another dbus-user filter to onionshare-gui.profile * harden onionshare
*	disable-programs.inc: add ~/.prey	Kelvin M. Klann	2022-03-11
\| \| \| \| \|	This amends commit af8f681c0 ("steam.profile: allow "${HOME}/.prey"", 2022-03-11) / PR #5029.
*	Merge branch 'master' of https://github.com/netblue30/firejail	smitsohu	2022-03-11
\|\
\| *	Merge pull request #5013 from rusty-snake/scala	netblue30	2022-03-11
\| \|\ \| \| \| \| \| \|	Blacklist scala devel stuff
\| \| *	Blacklist scala devel stuff	rusty-snake	2022-03-05
\| \| \|
\| * \|	Merge pull request #5017 from TheOneric/fix_steam+proton	netblue30	2022-03-11
\| \|\ \ \| \| \| \| \| \| \| \|	Fix newest Steam client and Proton ≥ 5.13
\| \| * \|	steam.profile: fix black window	Oneric	2022-03-06
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	After the Steam cleint update of the 04th March 2022 the steamwebhelper process now needs to be able to do chroot syscalls to render anything. If not all content tabs in the client will just appear black. fixes: https://github.com/netblue30/firejail/issues/5014
\| \| * \|	steam.profile: fix Proton 5.13+	Oneric	2022-03-06
\| \| \|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Starting with version 5.13 Proton internally uses bubblewrap to create a container for the game. To make this work with firejail we need to allow these 4 additional syscalls. fixes: https://github.com/netblue30/firejail/issues/4366 fixes: https://github.com/netblue30/firejail/issues/4686
\| * \|	Merge pull request #5029 from davidebeatrici/steam-prey-2006	netblue30	2022-03-11
\| \|\ \ \| \| \| \| \| \| \| \|	steam.profile: allow "${HOME}/.prey"
\| \| * \|	steam.profile: allow "${HOME}/.prey"	Davide Beatrici	2022-03-11
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The directory is used by the Linux binary for Prey (2006), available at https://icculus.org/prey. Not whitelisting the directory results in the game failing to launch: found DLL in pak file: /home/user/.steam/steamapps/common/Prey 2006/base/game01.pk4/gamex86.so copy gamex86.so to /home/user/.prey/base/gamex86.so dlopen '/home/user/.prey/base/gamex86.so' failed: /home/user/.prey/base/gamex86.so: failed to map segment from shared object
* \| \| \|	harden songrec	smitsohu	2022-03-11
\|/ / / \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	as suggested by @rusty-snake in addition blacklist/noblacklist/whitelist songrec application files
* \| \|	Merge pull request #4260 from sandsmark/martin/songrec	smitsohu	2022-03-11
\|\ \ \ \| \|/ / \|/\| \|	Add songrec
\| * \|	Add songrec	Martin T. H. Sandsmark	2021-05-08
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	It is a Rust application using Cargo, so harden based on common supply chain attacks seen. https://github.com/marin-m/SongRec
* \| \|	skypeforlinux cleanup	smitsohu	2022-03-09
\| \| \|
* \| \|	fix Electron app profiles (#5012)	smitsohu	2022-03-09
\| \|/ \|/\|
* \|	drop redundant ignore	glitsj16	2022-03-04
\| \|
* \|	drop redundant ignore	glitsj16	2022-03-04
\| \|
* \|	drop redundant ignore	glitsj16	2022-03-04
\| \|
* \|	drop redundant ignore	glitsj16	2022-03-04
\| \|
* \|	drop redundant ignore	glitsj16	2022-03-04
\| \|
* \|	drop redundant ignore	glitsj16	2022-03-04
\| \|
* \|	drop redundant ignore	glitsj16	2022-03-04
\| \|
* \|	drop redundant ignore	glitsj16	2022-03-04
\| \|
* \|	drop redundant ignore	glitsj16	2022-03-04
\| \|
* \|	whitelist /usr/share/gnupg2 for consistency (#5007)	glitsj16	2022-03-04
\| \|
* \|	drop redundant whitelisting (#5005)	glitsj16	2022-03-03
\| \|
* \|	fix sylpheed (#5003)	glitsj16	2022-03-03
\| \|
* \|	more fixes for opera-beta (#5002)	glitsj16	2022-03-03
\| \|
* \|	add opera-developer.profile (#5001)	glitsj16	2022-03-03
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* add opera-developer to firecfg * add opera-developer * fix typo * add configs for opera-developer * Create opera-developer.profile * fixes for opera-developer * fix for opera-developer
* \|	opera fixes/hardening (#4999)	glitsj16	2022-03-03
\| \| \| \| \| \| \| \| \| \|	* harden opera-beta * harden opera
* \|	geary fixes (#4992)	glitsj16	2022-03-01
\| \| \| \| \| \| \| \| \| \|	* geary fixes * comment ipc-namespace
* \|	fix mupdf redirect profiles (#4977)	glitsj16	2022-02-25
\| \|
* \|	gconf-editor fix (#4976)	glitsj16	2022-02-24
\| \|
* \|	update noprofile.profile	smitsohu	2022-02-24
\| \|
* \|	hardening zeal.profile (#4970)	glitsj16	2022-02-23
\| \|
* \|	evince fix	netblue30	2022-02-22
\| \|
* \|	openSUSE Leap - whitelist-run-common.inc (#4954)	netblue30	2022-02-22
\| \|
* \|	allow printing in evince	netblue30	2022-02-22
\| \|
* \|	Add support for changing appearance of the Qt6 apps with qt6ct (#4966)	avallach2000	2022-02-21
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Add support for changing appearance of the Qt6 apps with qt6ct * Remove qt5ct artifact from zeal.profile * Remove qt5ct artifact from bibletime.profile
* \|	Merge pull request #4964 from avallach2000/fix-qbittorrent-profile	netblue30	2022-02-20
\|\ \ \| \| \| \| \| \|	qbittorrent.profile: fix data directory location
\| * \|	disable-programs.inc: blacklist new qbittorrent data directory	Andrew Kotsyuba	2022-02-20
\| \| \|
\| * \|	qbittorrent.profile: fix data directory location	Andrew Kotsyuba	2022-02-20
\| \| \|