Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Fix missing lib libmfx.so.1 (standardnotes-desktop) (#3151) | Florian Begusch | 2020-01-16 |
| | |||
* | fix wire-desktop [1] | rusty-snake | 2020-01-16 |
| | | | | [1]: https://github.com/netblue30/firejail/issues/2946#issuecomment-574861226 | ||
* | fix ffmpeg privat-etc | rusty-snake | 2020-01-15 |
| | | | | closes #3147 | ||
* | Update RELNOTES, README.md|Add firefox-x11.profile | rusty-snake | 2020-01-13 |
| | |||
* | Fix sorting private-etc in i2prouter.profile | glitsj16 | 2020-01-13 |
| | | | @rusty-snake For now I've fixed the sorting to let it pass CI. Do you think sort.py should put java-{8,9}-openjdk before java-10-openjdk? | ||
* | update i2prouter profile, and remove from firecfg (#3123) | corecontingency | 2020-01-13 |
| | |||
* | aria2c fixes (#3143) | glitsj16 | 2020-01-13 |
| | | | | | | * Support XDG_CONFIG_HOME for aria2c * Fix aria2c.profile | ||
* | fix #3141 | rusty-snake | 2020-01-12 |
| | |||
* | move whitelist /usr/share/webext from firefox-com… | rusty-snake | 2020-01-12 |
| | | | | | …mon.profile to firefox.profile. See https://github.com/netblue30/firejail/commit/c8f78d7b536ec2dce4cc74de2653ae6c8c99b553#commitcomment-36763119 | ||
* | profiles: whitelist /usr/share/webext in firefox-common | Reiner Herrmann | 2020-01-12 |
| | | | | | directory is used for system-wide installed webext-addons. Reported at: https://bugs.debian.org/948558 | ||
* | freecad: allow access to python | smitsohu | 2020-01-10 |
| | |||
* | Merge pull request #3131 from smitsohu/webengine | netblue30 | 2020-01-09 |
|\ | | | | | allow chroot syscall where apps depend on QtWebengine | ||
| * | allow chroot syscall where apps depend on QtWebengine | smitsohu | 2020-01-08 |
| | | | | | | | | derived from QtWebengine reverse dependencies | ||
* | | cmus: allow access to resolv.conf | Florian Preinstorfer | 2020-01-08 |
| | | |||
* | | misc profile fixups and hardening | rusty-snake | 2020-01-08 |
| | | |||
* | | hexchat: comment machine-id | rusty-snake | 2020-01-06 |
| | | | | | | | | da44ecb removed nosound, but machine-id breaks pulseaudio | ||
* | | Allow sound for hexchat | haarp | 2020-01-06 |
|/ | | | Hexchat can play sounds for notifications or other events. It makes sense to allow it to play them. | ||
* | Add comment to sylpheed.profile for supporting non-default storage path | glitsj16 | 2020-01-05 |
| | |||
* | Add support for default storage path in claws-mail.profile | glitsj16 | 2020-01-05 |
| | |||
* | Allow Tor Browser to run /usr/bin/id (#3114) | creideiki | 2020-01-05 |
| | | | | | | | | | | | | | The start-tor-browser script tries to run /usr/bin/id to check that it isn't root before starting the browser. See https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/RelativeLink/start-tor-browser?id=41fd236bbb7d3d75a27473f927be31f7dd8fdc99#n94 If id is not in the private-bin directory, the test still works by accident, but prints these error messages: ./Browser/start-tor-browser: line 94: id: command not found ./Browser/start-tor-browser: line 94: [: : integer expression expected Add id to the private-bin directory to make it run as intended. | ||
* | Use nowhitelist in sylpheed.profile | glitsj16 | 2020-01-05 |
| | | | Thanks @rusty-snake for the suggestion (see #3122). | ||
* | Turn sylpheed.profile into a (claws-mail) redirect | glitsj16 | 2020-01-04 |
| | |||
* | Tighten wusc in claws-mail.profile | glitsj16 | 2020-01-04 |
| | |||
* | Fix private-lib for gentoo in evince.profile | glitsj16 | 2020-01-04 |
| | | | Fixes #3121. | ||
* | Fix neverputt profile | Tad | 2020-01-04 |
| | |||
* | sylpheed: noblacklist ${HOME}/Mail (see #3122) | rusty-snake | 2020-01-04 |
| | |||
* | Add barrier profile (#3115) | Adrian L. Shaw | 2020-01-04 |
| | | | | | | | | | | | | | | | | | | | | * Add barrier.profile * Add newline before special options * Modify description * Add disable mount to barrier.profile * Address feedback from rusty-snake * Remove stray carriage return * Add noexec for /home/user and /tmp * Don't blacklist openssl * Remove redundant rules | ||
* | Gentoo fixes (#3120) | glitsj16 | 2020-01-04 |
| | | | | | | | | * fix private-etc on gentoo * Fix private-etc on gentoo * Fix evince on gentoo | ||
* | update pavucontrol | rusty-snake | 2020-01-03 |
| | | | | see #3112 | ||
* | ${HOME} whitelisting breaks settings in artha | glitsj16 | 2020-01-03 |
| | | | More background info in #3112. | ||
* | typo (wget) & fix (baobab) [skip ci] | rusty-snake | 2020-01-03 |
| | |||
* | fix #3110 | rusty-snake | 2020-01-03 |
| | |||
* | Get rid of #2302 (#3111) | rusty-snake | 2020-01-03 |
| | |||
* | fixup! Extra hardening for wget | rusty-snake | 2020-01-03 |
| | |||
* | Fix wusc in mpv (#3108) | Daniel M. Capella | 2020-01-03 |
| | | | Partly fixes #3107. | ||
* | Fix wusc in exiftool | glitsj16 | 2020-01-03 |
| | | | Arch puts files under /usr/share/perl-image-exiftool, whitelist that path for wusc. | ||
* | Fix wusc in weechat | glitsj16 | 2020-01-03 |
| | | | Partly fixes #3107 (the weechat part). | ||
* | Add artha log to disable-programs.inc | glitsj16 | 2020-01-02 |
| | |||
* | Fix artha | glitsj16 | 2020-01-02 |
| | | | I intentionally wanted to have this as a 'whitelist' profile. The only snag is that artha seems to generate ${HOME}/.config/artha.config.XXXXXX that I cannot whitelist upfront. Added notes to highlight this behaviour. | ||
* | Extra hardening for wget | glitsj16 | 2020-01-02 |
| | |||
* | Additional hardening for whois | glitsj16 | 2020-01-02 |
| | |||
* | Harden artha.profile | glitsj16 | 2020-01-02 |
| | |||
* | Harden aria2c.profile | glitsj16 | 2020-01-02 |
| | |||
* | Future-proof private-lib in gedit.profile | glitsj16 | 2020-01-02 |
| | | | Better fix for #3104 . | ||
* | Fix #3105 -- add allow-ruby.inc | rusty-snake | 2020-01-02 |
| | |||
* | fix gnome-maps | rusty-snake | 2020-01-02 |
| | |||
* | fix celluloid | rusty-snake | 2020-01-02 |
| | |||
* | harden whois.profile | rusty-snake | 2020-01-02 |
| | |||
* | Harden openshot | rusty-snake | 2020-01-02 |
| | |||
* | gnome-builder: fix build cache | rusty-snake | 2020-01-02 |
| |