| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Added `quiet` to some CLI profiles
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
- Update RELNOTES and README.md
- disable-common.inc
- blacklist ${HOME}/.local/share/ibus-typing-booster
- blacklist /run/timeshift (closes #4660)
- fix audacity.profile (closes #4659)
|
|\ \
| | |
| | | |
deterministic-shutdown option
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add OpenStego profile
|
| | | | |
|
| | | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
update yt-dlp.profile
|
| |/ / /
| | | |
| | | | |
ffprobe used for embedding images in difficult cases.
|
|\ \ \ \
| | | | |
| | | | | |
disable-common.inc: fix paths of slock and physlock
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Added on commit f0adf06c3 ("disable-common.inc: more SUID", 2021-11-09).
Relates to #4668.
|
|/ / / |
|
| | |
| | |
| | | |
Suggested in https://github.com/netblue30/firejail/pull/4675#discussion_r746510840. Makes sense!
|
| | |
| | |
| | |
| | | |
Added Fedora path as per https://github.com/netblue30/firejail/pull/4675#pullrequestreview-802438767.
NOTE: there are several other profiles touching /usr/libexec, so untill someone on Fedora can shed some light on what files are installed under /usr/libexec, I only blacklisted ssh-keysign. I'll pick this up tomorrow, a bit pressed for time in the non-digital worlds...
|
| | |
| | |
| | | |
Added Fedora path as per https://github.com/netblue30/firejail/pull/4675#pullrequestreview-802438767.
|
| | |
| | |
| | | |
Counterpart fix for changes in allow-ssh.inc.
|
| | |
| | |
| | | |
After seeing https://github.com/netblue30/firejail/commit/9a81078ddbbb4215d06f7d1861481ece05ebda99 it dawned on me that Arch Linux doesn't have /usr/lib/openssh, but uses /usr/lib/ssh instead. That's a different path than what's referenced in our current {allow-ssh,disable-common}.inc files. Some very superficial checks revealed that OpenSSH seems to be packaged quite differently, at least on Debian/Ubuntu and Arch Linux. And then there's version differences on non-rolling distro's to consider. All in all IMO it makes more sense to (no)blacklist /usr/lib/openssh and /usr/lib/ssh instead of referencing all the possible individual files that live under those paths.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
As the upstream AppArmor base abstraction does not
contain references to paths in /run/firejail/mnt/oroot
there is not much point to have them in our drop-in
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Profile Checks
|
| | | | |
|
| |/ /
| | |
| | |
| | | |
Command is the same as in d8d97acb
|
|/ /
| |
| | |
add yt-dlp in private-bin
|
| | |
|
| | |
|
| |
| |
| |
| | |
fixes --tracelog among other things
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
add basic Firejail support to AppArmor base abstraction (#3226)
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add profiles for imv, retroarch, and torbrowser
|
| | | |
| | | |
| | | |
| | | |
| | | | |
imv, retroarch, and torbrowser are also added to
firecfg.config
|
|\ \ \ \
| | | | |
| | | | | |
blobwars: add path to game assets compatible with Arch
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Drop noinput for games with joystick/gamepad support
|
| |/ / / /
| | | | |
| | | | |
| | | | | |
Fixes #4608
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix tremulous profile for Arch users
|
| | | | | |
| | | | | |
| | | | | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
| | | | | |
| | | | | |
| | | | | | |
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|