| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
* add comment on intentional duplication of blacklisted kernel configuration
* disable-proc.inc: update the duplication comment
* disable-common.inc: add duplication notice for kernel configuration
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* disable-programs.inc: add ssmtp support
* Create ssmtp.profile
* ssmtp: support Debian/Ubuntu
* README.md: add ssmtp to 'New profiles' section
* disable-common.inc: move ssmtp support to keep CI happy
* ssmtp: improve dead.letter comment
Suggested in [review](https://github.com/netblue30/firejail/pull/5544#pullrequestreview-1225322546).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* seahorse: fixes and hardening
* seahorse-daemon: hardening
* seahorse-tool: move private-etc items to seahorse
* seahorse: unbreak nautilus file encryption
As suggested [in review](https://github.com/netblue30/firejail/pull/5543#pullrequestreview-1225250520).
* seahorse-tool: move private-tmp to seahorse
* seahorse: add private-tmp
* seahorse: fix access to ssh-agent socket
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* audacity: networking updates
* audacity: fix allowing to run local server
* audacity: move comment so it's more visible
As suggested [in review](https://github.com/netblue30/firejail/pull/5540#pullrequestreview-1225225897).
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* audacity: support more config locations
* disable-programs.inc: add more audacity locations
* audacity: cover all XDG supported locations
* audacity: cover all XDG supported locations
* audacity: fix state dir entree in disable-programs.inc
* unbreak disable-programs.inc
Oh my, GitHub syntax highlighting support completely threw me off here. Thanks to @kmk3 for [saving the bacon](https://github.com/netblue30/firejail/pull/5538#pullrequestreview-1224604663)!
|
| | |
|
| | |
|
| |\
| |
| | |
Avidemux tools support
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Add a profile for the Qt5 GUI to process Avidemux jobs.
Use a redirection to the avidemux3_qt5 profile to reuse translation
files. The application needs to create a network socket on localhost and
fails to run with protocol unix, so that entry in the default avidemux
profile needs to be extended.
|
| | |
| |
| |
| |
| | |
Add a profile for the command-line interface of Avidemux, which
redirects to the existing avidemux profile.
|
| | |
| |
| |
| |
| |
| | |
The Avidemux project stores configuration profile data in ~/.avidemux6,
while the package built by Packman-repositories for openSUSE patches it
to use ~/.avidemux3 at the moment (at least for Avidemux 2.8).
|
| | |
| |
| |
| | |
Add a profile for the Qt5-GUI of Avidemux.
|
| | |
| |
| |
| | |
Add the information that file contents will be overwritten on updates.
|
| | |
| |
| |
| |
| | |
* qbittorrent: add support for Qt6
* wusc: add support for Qt6
|
| |/
|
| |
Overlooked [this comment](https://github.com/netblue30/firejail/pull/5389#discussion_r992471940) that pointed out a mistake I made.
|
| |
|
|
|
|
|
| |
* clipit hardening
* clipit: fix hardening
* clipit: add xdotool lib to private-lib
|
| |
|
|
|
|
|
|
|
| |
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add firecfg support for tesseract
* Add tesseract to 'New profiles' section in README.md
* Create tesseract.profile
* tesseract: fix private-etc
* tesseract: fix XDG black/whitelisting
* tesseract: use 'seccomp socket' instead of 'protocol unix'
As kindly suggested by @rusty-snake.
* tesseract: add 'restrict-namespaces'
As kindly suggested by @rusty-snake.
* tesseract: use full seccomp filtering
The tesseract application works fine without 'protocol' or 'seccomp socket'.
|
| |\
| |
| | |
spotify.profile: allow spotify-adblock paths
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As suggested by @glitsj16[1].
Project homepage: https://github.com/abba23/spotify-adblock
Configuration paths:
* /etc/spotify-adblock/config.toml
* ~/.config/spotify-adblock/config.toml
Fixes #5494.
[1] https://github.com/netblue30/firejail/discussions/5494#discussioncomment-4280887
Reported-by: @Rewig95
|
| |\ \
| |/
|/| |
kcalc.profile: fix mkfile without mkdir & comment legacy paths
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Leave them commented.
With this commit, there are no more profiles creating paths in ~/.kde
nor in ~/.kde4:
$ git grep -e '^mkdir .*\.kde' -e '^mkfile .*\.kde' -- etc
$
See also commit 3ef030257 ("ktorrent.profile: stop creating legacy KDE
paths", 2022-10-11) / PR #5415.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
firejail may fail to create the following files:
* ~/.kde/share/config/kcalcrc
* ~/.kde4/share/config/kcalcrc
Because it does not create the preceding directories beforehand:
* ~/.kde/share/config
* ~/.kde4/share/config
See also commit 7f1906dba ("ktorrent.profile: fix mkfile without mkdir",
2022-10-11) / PR #5415.
|
| | |
| |
| |
| |
| |
| |
| | |
* fix whitelisting in ${RUNUSER}
See discussions https://github.com/netblue30/firejail/discussions/5495 for context.
* Prevent whitelisting ${RUNUSER} comment
|
| |/
|
|
|
| |
* AppArmor: add more examples to firejail-local
* comments fixes
|
| | |
|
| |\
| |
| | |
ktorrent.profile: fix mkfile without mkdir & comment legacy paths
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Package-provided binaries:
$ pacman -Q ktorrent
ktorrent 22.08.3-1.2
$ pacman -Qlq ktorrent | grep bin/.
/usr/bin/ktmagnetdownloader
/usr/bin/ktorrent
/usr/bin/ktupnptest
Environment: Artix Linux
|
| | |
| |
| |
| | |
Leave them commented.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
firejail fails to create the following files:
* ~/.kde/share/config/ktorrentrc
* ~/.kde4/share/config/ktorrentrc
Because it does not create the preceding directories beforehand:
* ~/.kde/share/config
* ~/.kde4/share/config
Relates to #5414.
|
| |\ \
| | |
| | | |
fix: PyCharm profiles
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Do not use `private-cache`, because PyCharm places in cache
directories stuff like spelling dictionary (i. e. if you download
spelling dictionary with `private-cache`, on restart PyCharm you need
to download spelling dictionary again).
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
lutris.profile: fix running League of Legends
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
@Latrolage on Oct 20, 2022[1]:
> When I open the game the only error line which appears is this
> `modify_ldt: Operation not permitted`
So as suggested by @Latrolage[1] and @rusty-snake[2], allow the
`modify_ldt` syscall in seccomp.
Fixes #5430.
[1] https://github.com/netblue30/firejail/discussions/5430#discussion-4488996
[2] https://github.com/netblue30/firejail/discussions/5430#discussioncomment-3924098
Reported-by: @Latrolage
|
| |\ \ \ \
| | | | |
| | | | | |
Profile fixes
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | |/ / / |
|
| | | | |
| | | |
| | | | |
Co-authored-by: pirate486743186 <>
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | | |
* Add python3 support to nicotine
* Revert private-bin changes
Adding shell and python3 support to private-bin kept breaking nicotine for the user who reported it on IRC. Let's revert it as suggested by @rusty-snake.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Create cinelerra-gg
* add cinelerra-gg to `New profiles` section
* Add cinelerra-gg to firecfg.config
|
| | | |
| | |
| | | |
Fixes #5463 by adding netlink to the list of allowed protocols
|
| |/ /
| |
| |
| |
| | |
* Create godot3.profile
* Add godot3 redirect to firecfg.config
|
| | |
| |
| |
| | |
Closes #5437
|
glitsj16
rusty-snake
smitsohu
netblue30
Hartmut Knaack
Kelvin M. Klann
Bogdan Ruslanovich Drozd
pirate486743186
Jan Sonntag
Frostbyte4664