| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
| |
Committer note: For each profile there is both XXX-gtk and gtk-XXX (such
as lbry-viewer-gtk and gtk-lbry-viewer).
XXX-gtk is the symlink
gtk-XXX is the actual file
Co-authored-by: exponential <echo ZXhwb25lbnRpYWxtYXRyaXhAcHJvdG9ubWFpbC5jb20K | base64 -d>
|
|
|
|
|
| |
Geary uses bubblewrap now.
Fixes #6103.
|
|
|
|
|
|
|
| |
* disable-programs.inc: add support for tiny-rdm
* Create tiny-rdm.profile
* firecfg.config: add support for tiny-rdm
|
|
|
|
|
|
|
| |
* Create termshark.profile
* firecfg.config: add termshark support
* termshark: CLI hardening
|
|\
| |
| | |
New profile: tidal-hifi
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
modified src/firecfg/firecfg.config to add tidal-hifi
created etc/profile-m-z/tidal-hifi.profile
closes: #6008
Apply suggestions from code review
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
|/
|
|
|
|
|
| |
* disable-programs.inc: add lettura support
* Create lettura.profile
* firecfg.config: add lettura
|
|
|
| |
Co-authored-by: pirate486743186 <>
|
| |
|
|
|
|
|
| |
* firecfg.config: add support for clac
* Create clac.profile
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the CI check does not consider certain special characters
(such as `-`) when sorting due to `sort -d`.
So remove `-d`, sort firecfg using `LC_ALL=C` and enforce that order.
Also add `sort -u` to check for duplicates.
This also allows the CI check to ignore normal comments (lines starting
with `# `) anywhere in the file.
Relates to #4643.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the space after `#` for commented code and use `#` instead of `-`
for comments at the end of the line.
Commands used to search and replace:
$ f=src/firecfg/firecfg.config; printf '%s\n' "$(sed -E \
-e '3,9999s/^# /#/' \
-e '3,9999s/^#([^ ]+) --? /#\1 # /' \
"$f")" >"$f"
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create reader.profile
* firecfg.config: add reader support
* reader: integrate review suggestions
- blacklist whole ${RUNUSER}
- drop x11 none
* reader: fix 'x11 none'
|
|
|
|
|
| |
* firecfg.config: add daisy support
* Create daisy.profile
|
|
|
|
|
|
|
| |
* disable-programs.inc: add sniffnet support
* Create sniffnet.profile
* firecfg.config: add sniffnet support
|
|
|
|
|
|
|
|
|
| |
Homepage: https://mullvad.net/en/download/browser/linux
mullvad-browser: don't use restrict-namespaces
mullvad-browser: cover both installation paths
Suggested in review by @kmk3.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
And remove the comment, as firecfg does not appear to support
end-of-line comments and normal comments break the linter:
$ ./ci/check/profiles/sort-firecfg.config.sh src/firecfg/firecfg.config
sort: -:13: disorder: #Debian 11 seems to be installing the same fbreader executable twice under two different names
This amends commit 869333a5f ("firecfg.config: fix sorting",
2023-06-28).
|
|
|
|
|
|
|
|
|
| |
It's currently breaking the profile-checks job in CI[1].
Tihs amends commit d88c8d439 ("fbreader/FBReader profile fixes; more on
static ip map", 2023-06-27).
[1] https://github.com/netblue30/firejail/actions/runs/5394764503/jobs/9796380881
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It appears to be broken on Linux Mint 20.3 (based on Ubuntu 20.04), due
to the "VMWare Kernel Module Updater" being unable to install kernel
modules[1].
Relates to #3526.
[1] https://github.com/netblue30/firejail/issues/5861#issuecomment-1598407890
Reported-by: @MikeNavy
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As a redirect to vmware.profile.
This is apparently the filename for the "VMWare Workstation Player" on
Linux Mint 20.3 (based on Ubuntu 20.04)[1].
Relates to #3526.
[1] https://github.com/netblue30/firejail/issues/5861#issuecomment-1598132860
Reported-by: @MikeNavy
|
|
|
|
|
| |
* Create url-eater.profile
* RELNOTES: add url-eater to 'new profiles'
|
|\
| |
| | |
add mov-cli.profile
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* microsoft-edge*: fix spacing
* Create microsoft-edge-stable.profile
Relates to #5696.
* firecfg.config: add support for microsoft-edge-stable redirect
* disable-common.inc: blacklist msedge SUID executables
* microsoft-edge: add private-opt and allow internal sandbox access
|
| | |
|
|\ \
| | |
| | | |
add ani-cli.profile
|
| |/
| |
| |
| | |
https://github.com/pystardust/ani-cli
|
|\ \
| | |
| | | |
add porn-cli.profile
|
| |/ |
|
|/
|
|
| |
https://github.com/justchokingaround/lobster
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create qpdf.profile and redirects
qpdf (CLI) provides PDF metadata cleaning.
See privacy-handbuch.de[1] for details.
The site offers pdf-meta-clean.sh[2], which works very well with
firejailed qpdf.
[1] https://www.privacy-handbuch.de/handbuch_43a.htm
[2] https://www.privacy-handbuch.de/download/pdf-meta-clean.sh
* RELNOTES: add qpdf and redirects to new profiles section
* firecfg.config: add qpdf and redirects
* qpdf: use 'seccomp socket' instead of 'protocol unix'
See https://github.com/netblue30/firejail/issues/639. Thanks @rusty-snake in code review.
|
|
|
|
| |
md5sum/sha512sum, more sysutils testing, fix electron-hardened.inc.profile
|
|\ |
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
| |
Add a profile for the Qt5 GUI to process Avidemux jobs.
Use a redirection to the avidemux3_qt5 profile to reuse translation
files. The application needs to create a network socket on localhost and
fails to run with protocol unix, so that entry in the default avidemux
profile needs to be extended.
|
|
|
|
|
| |
Add a profile for the command-line interface of Avidemux, which
redirects to the existing avidemux profile.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add firecfg support for tesseract
* Add tesseract to 'New profiles' section in README.md
* Create tesseract.profile
* tesseract: fix private-etc
* tesseract: fix XDG black/whitelisting
* tesseract: use 'seccomp socket' instead of 'protocol unix'
As kindly suggested by @rusty-snake.
* tesseract: add 'restrict-namespaces'
As kindly suggested by @rusty-snake.
* tesseract: use full seccomp filtering
The tesseract application works fine without 'protocol' or 'seccomp socket'.
|
|
|
|
|
|
|
| |
* Create cinelerra-gg
* add cinelerra-gg to `New profiles` section
* Add cinelerra-gg to firecfg.config
|
|
|
|
|
| |
* Create godot3.profile
* Add godot3 redirect to firecfg.config
|
|
|
| |
Co-authored-by: Albert Kim <alkim@alkim.org>
|
|\
| |
| | |
lbry-viewer.profile create
|
| | |
|
| |
| |
| | |
Co-authored-by: pirate486743186 <>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add gdu to 'new profiles' section
* Create gdu.profile
* add gdu to firecfg
* harden gdu sandbox
* fix protocol
* simulate empty protocol in gdu
* more user-friendly gdu sandboxing
|
| |
|