aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
...
* etc/profile-a-l/display.profile: additions needed on GentooLibravatar Hank Leininger2021-12-02
| | | | | | | | | | | Various .so's are needed to allow execution, /etc/ImageMagick-7/ is needed for various policy XML files, and /usr/$(libdir)/ImageMagick-x.y.z/ is needed in order to have access to decoders. Tested on Gentoo; I don't know if other distros put the relevant bits in different paths. Signed-off-by: Hank Leininger <hlein@korelogic.com>
* goldendict: whitelist path to documentation and localesLibravatar Jose Riha2021-12-01
|
* move whitelists down according to profile.templateLibravatar glitsj162021-11-30
|
* add noblacklists tooLibravatar glitsj162021-11-30
| | | As suggested in https://github.com/netblue30/firejail/pull/4727#discussion_r759402234.
* additional whitelist pathsLibravatar glitsj162021-11-30
|
* additional electron blacklistsLibravatar glitsj162021-11-30
|
* Merge pull request #4725 from kmk3/fix-groups-misc2Libravatar netblue302021-11-30
|\ | | | | Keep some groups regardless of nogroups and restore nogroups on nvidia
| * etc: Remove comments about nogroups and noroot on nvidiaLibravatar Kelvin M. Klann2021-11-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `nogroups` should not have been causing issues with rendering on nvidia since commit 623e68216 ("temporary fix for nvidia/nogroups/noroot issue (#3644, #841)", 2020-10-02) and commit cb460c32c ("more nvidia (#3644)", 2020-10-03), which had made it a no-op on nvidia. And the handling of the "render" and "video" groups are independent to the handling of `nogroups` now; see the previous 3 commits. Commits which introduced the comments on each profile: * kodi.profile: commit ce462b6b1 ("fix #3501", 2020-07-16) * mpsyt.profile: commit e17b48fca ("new profile mpsyt.profile", 2018-11-28) * mpv.profile: commit cc7c48983 ("Document #1945", 2018-07-25) * steam.profile: commit d6f8169dd ("steam fixes; #841, #3267", 2020-03-15) Commands used to find the comments: git grep -i nvidia -- etc/profile-* | grep -v private-etc Relates to #4632.
* | Blacklist ~/.config/monero-projectLibravatar Ted Robertson2021-11-30
| |
* | fix #4714Libravatar netblue302021-11-29
| |
* | disable by default several network toolsLibravatar netblue302021-11-24
|/
* Merge pull request #4688 from Bundy01/masterLibravatar netblue302021-11-23
|\ | | | | Update firejail-local for Brave + ipfs
| * Update firejail-local for Brave + ipfsLibravatar Bundy012021-11-14
| |
* | cleanupLibravatar netblue302021-11-23
| |
* | Merge pull request #4438 from caydey/masterLibravatar netblue302021-11-23
|\ \ | |/ |/| Added `quiet` to some CLI profiles
| * Added "quiet" to profileLibravatar caydey2021-08-03
| |
| * Added ~/Private blacklistLibravatar caydey2021-08-02
| |
* | Profile fixesLibravatar rusty-snake2021-11-14
| | | | | | | | | | | | | | | | - Update RELNOTES and README.md - disable-common.inc - blacklist ${HOME}/.local/share/ibus-typing-booster - blacklist /run/timeshift (closes #4660) - fix audacity.profile (closes #4659)
* | Merge pull request #4635 from smitsohu/noorphansLibravatar netblue302021-11-13
|\ \ | | | | | | deterministic-shutdown option
| * | deterministic-shutdown optionLibravatar smitsohu2021-10-28
| | |
* | | Merge pull request #4681 from jmetrius/openstego-profileLibravatar netblue302021-11-13
|\ \ \ | | | | | | | | Add OpenStego profile
| * | | implement review suggestionsLibravatar Jan Sonntag2021-11-12
| | | |
| * | | sort.py cleanupLibravatar Jan Sonntag2021-11-12
| | | |
| * | | Add OpenStego profileLibravatar Jan Sonntag2021-11-12
| | | |
* | | | Merge pull request #4679 from pirate486743186/patch-3Libravatar netblue302021-11-13
|\ \ \ \ | | | | | | | | | | update yt-dlp.profile
| * | | | update yt-dlp.profileLibravatar pirate4867431862021-11-11
| |/ / / | | | | | | | | ffprobe used for embedding images in difficult cases.
* | | | Merge pull request #4680 from kmk3/dc-fix-slock-pathLibravatar netblue302021-11-13
|\ \ \ \ | | | | | | | | | | disable-common.inc: fix paths of slock and physlock
| * | | | disable-common.inc: fix paths of slock and physlockLibravatar Kelvin M. Klann2021-11-11
| |/ / / | | | | | | | | | | | | | | | | | | | | Added on commit f0adf06c3 ("disable-common.inc: more SUID", 2021-11-09). Relates to #4668.
* / / / telnet and ftpLibravatar netblue302021-11-12
|/ / /
* | | change Fedora ssh fixLibravatar glitsj162021-11-10
| | | | | | | | | Suggested in https://github.com/netblue30/firejail/pull/4675#discussion_r746510840. Makes sense!
* | | add Fedora fixLibravatar glitsj162021-11-10
| | | | | | | | | | | | Added Fedora path as per https://github.com/netblue30/firejail/pull/4675#pullrequestreview-802438767. NOTE: there are several other profiles touching /usr/libexec, so untill someone on Fedora can shed some light on what files are installed under /usr/libexec, I only blacklisted ssh-keysign. I'll pick this up tomorrow, a bit pressed for time in the non-digital worlds...
* | | add Fedora fixesLibravatar glitsj162021-11-10
| | | | | | | | | Added Fedora path as per https://github.com/netblue30/firejail/pull/4675#pullrequestreview-802438767.
* | | fixes for sshLibravatar glitsj162021-11-10
| | | | | | | | | Counterpart fix for changes in allow-ssh.inc.
* | | fixes for sshLibravatar glitsj162021-11-10
| | | | | | | | | After seeing https://github.com/netblue30/firejail/commit/9a81078ddbbb4215d06f7d1861481ece05ebda99 it dawned on me that Arch Linux doesn't have /usr/lib/openssh, but uses /usr/lib/ssh instead. That's a different path than what's referenced in our current {allow-ssh,disable-common}.inc files. Some very superficial checks revealed that OpenSSH seems to be packaged quite differently, at least on Debian/Ubuntu and Arch Linux. And then there's version differences on non-rolling distro's to consider. All in all IMO it makes more sense to (no)blacklist /usr/lib/openssh and /usr/lib/ssh instead of referencing all the possible individual files that live under those paths.
* | | disable-common.inc: fix sshLibravatar netblue302021-11-09
| | |
* | | disable-common.inc: more SUIDLibravatar netblue302021-11-09
| | |
* | | disable-common.inc: vmware SUID binariesLibravatar netblue302021-11-09
| | |
* | | disable-common.inc: disable chrome-sandboxLibravatar netblue302021-11-09
| | |
* | | disable-common.inc: blacklist sshLibravatar netblue302021-11-09
| | |
* | | adding more SUID executables to disable-common.incLibravatar netblue302021-11-04
| | |
* | | apparmor base drop-in: remove chroot/overlay pathsLibravatar smitsohu2021-11-01
| | | | | | | | | | | | | | | | | | As the upstream AppArmor base abstraction does not contain references to paths in /run/firejail/mnt/oroot there is not much point to have them in our drop-in
* | | ids: add some more pathsLibravatar smitsohu2021-10-31
| | |
* | | adding noprofile.profile from rusty-snakeLibravatar netblue302021-10-30
| | |
* | | Merge pull request #4643 from rusty-snake/profile-checksLibravatar Kelvin M. Klann2021-10-29
|\ \ \ | | | | | | | | Profile Checks
| * | | Sort disaple-programs.incLibravatar rusty-snake2021-10-27
| | | |
| * | | Add alteratives and ld.so.cache to all private-etc linesLibravatar rusty-snake2021-10-27
| |/ / | | | | | | | | | Command is the same as in d8d97acb
* / / update mpv.profileLibravatar pirate4867431862021-10-24
|/ / | | | | add yt-dlp in private-bin
* | Add disable-proc to firefox-commonLibravatar rusty-snake2021-10-23
| |
* | Remove 'none' from private-etc linesLibravatar rusty-snake2021-10-23
| |
* | wrc: whitelist journal socketsLibravatar smitsohu2021-10-23
| | | | | | | | fixes --tracelog among other things
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-03 17:27:29 +0000