| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
|
| |
- disable-programs.inc: blacklist ${HOME}/.local/state/pipewire
If you did not yet noticed, on 08th May 2021 the XDG Base Directory
Specification 0.8 was resleased (the first update since 2010). New are
$XDG_STATE_HOME and $HOME/.local/bin.
- keepassxc: mkdirs are necessary
- gnote: harden
- pngquant: harden
|
|
|
| |
This is a quick fix of #4482 for distributions that link /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf (Arch Linux is one of them).
|
|
|
|
| |
Freetube from AUR uses a wrapper script
|
|
|
|
|
|
| |
- whitelist /run/resolvconf/resolv.conf -- Fixes #4482
- Drop whitelist for /run/systemd/resolve/stub-resolv.conf,
/run/systemd/resolve/resolv.conf is the right path AIUI.
|
|\
| |
| | |
multimc5: fix exec of LWJGL libraries
|
| | |
|
|\ \
| | |
| | | |
telegram.profile: whitelist /usr/share/TelegramDesktop
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Telegram loads packed resources dynamically since 443eef3202ee43c2e820cc550fbcc70a7609f452.
In the official Debian package, the relevant file can be found at /usr/share/TelegramDesktop/tresources.rcc.
If the file cannot be loaded, the program fails to launch and prints "Packed resources not found".
|
|\ \
| | |
| | | |
create yt-dlp.profile
|
| |/ |
|
|\ \
| | |
| | | |
creating gallery-dl.profile
|
| |/ |
|
|/ |
|
|
|
|
| |
Fix #4469
|
| |
|
|
|
|
| |
follow up
|
|
|
|
|
| |
(#4461)
See #4454
|
| |
|
|
|
|
|
|
|
| |
- Add whitelist-run-common.inc
- Drop netlink (there are no error or borken feature for me (including
auto-type))
- Second update for the dbus-policy
|
| |
|
| |
|
|
|
|
| |
Introduced in 2e4d52ec
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Still unresolved:
> If someone who use systemd-resolved can say more which resolv.conf is necessary on such system.
> whitelist /run/systemd/resolve/resolv.conf
> whitelist /run/systemd/resolve/stub-resolv.conf
|
|
|
|
|
|
|
|
|
|
| |
- Fix #4157 -- [Feature] Should rmenv GitHub auth tokens
There are still more token variables from other program that should be
added.
- Fix #4093 -- darktable needs read access to liblua*
- Fix #4383 -- move noblacklist ${HOME}/.bogofilter to email-common.profile for claws-mail (and other mailers)
- Fix xournalpp.profile
- syscalls.txt: ausyscall i386 -> firejail --debug-syscalls32
|
| |
|
|
|
|
| |
…profiles with private-bin
|
| |
|
|\ |
|
| |\
| | |
| | | |
ordering and additions
|
| | |
| | |
| | | |
As suggested in https://github.com/netblue30/firejail/pull/4420#discussion_r676929867.
|
| | | |
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ /
|/| |
| | |
| | |
| | | |
See #4410
8b50039a1fad123b90172fadc85bc232e97eb6d1
|
|\ \ \
| | | |
| | | | |
Update telegram.profile
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Recently I have noticed these two-
- org.telegram.desktop.BaseGtkIntegration-0fe332cb424bfc37f394ccb976afec41
- org.telegram.desktop.GtkIntegration-0fe332cb424bfc37f394ccb976afec41
& without dbus rule for these two, telegram isn't quiting.
|
|\ \ \ \
| | | | |
| | | | | |
add ncdu2 redirect profile
|
| | |_|/
| |/| | |
|
| | | | |
|
| | | | |
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Closes #3785 -- Allowing calling specific apps outside the sandbox or with a different firejail profile
The idea isn't worng but should be reweiten in a seperate issue without
all the kodi/lutris clutter.
|
| | | | |
| | | | |
| | | | |
| | | | | |
Rework + suggest --seccomp-error-action=log
|
| | | | |
| | | | |
| | | | |
| | | | | |
closes #4408
|