aboutsummaryrefslogtreecommitdiffstats
path: root/src/firecfg
Commit message (Collapse)AuthorAge
* New profile for man,psi,smuxi; fix pidgin (#3590)Libravatar kortewegdevries2020-09-02
| | | | | | | | | | | | | | | | | | | * Profile for Psi * Fix pidgin buddy icon * Profile for man * Add profile for smuxi * Comment man in firecfg * Add pinentry programs * Update etc/profile-m-z/psi.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* Various profiles # 2 (#3566)Libravatar kortewegdevries2020-09-02
| | | | | | | | | * Matrix clients Initial * Add profile for fractal, # 1139 * Fixes
* Various profiles (#3561)Libravatar kortewegdevries2020-09-02
| | | | | | | | | * Various profiles Initial * Various fixes # 1 Removed blacklist,no3d; added icon flatpak paths;sorting;added space
* Added youtube-viewer profile with Gtk frontends (#3542)Libravatar kortewegdevries2020-08-11
| | | | | Initial,amend: wrong dir,delete gtk-*,added new files Co-authored-by: kortewegdevries <k0rtic_dv@aol.com>
* Add profile for otter-browser (#3564)Libravatar kortewegdevries2020-08-04
| | | | | | | * Add profile for otter-browser Initial * private-bin,sorting
* Added git-cola profile (#3560)Libravatar kortewegdevries2020-07-30
| | | | | | | | | | | * Added git-cola profile Initial * Edit private-etc Add alternatives,pki * Add disable-xdg
* Add vmware profile #3526Libravatar Neo000012020-07-30
|
* new profile: gnome-calendarLibravatar rusty-snake2020-07-30
|
* add profile for sushi (#3558)Libravatar rusty-snake2020-07-30
|
* Added lyx profile (#3556)Libravatar kortewegdevries2020-07-30
| | | | | | | | | * Added lyx profile Initial * Rmoved whitelists Make home directory more accessible
* Added minitube profile (#3555)Libravatar kortewegdevries2020-07-30
| | | | | | | | | * Added minitube profile Initial * Second Removed no3d,added novideo
* Added Nuclear profile (#3553)Libravatar kortewegdevries2020-07-30
| | | Initial
* Added mtpaint profile (#3550)Libravatar kortewegdevries2020-07-30
| | | | | | | | | * Added mtpaint profile Initial * Second Remove IPC-namespace,netfilter
* Added minecraft-launcher profile (#3538)Libravatar kortewegdevries2020-07-27
| | | | | | | | | | | | | | | * Added minecraft-launcher-profile Initial * Changed minecraft-launcher profile Added space,tracelog,nodvd * Third Fixed private-etc,added notes about path,java * Sorting
* Added xfce4-screenshooter profileLibravatar kortewegdevries2020-07-25
| | | | Initial,removed common blaclist,add netfilter,private-etc
* add newsflash profileLibravatar rusty-snake2020-07-25
|
* Added freetube profile (#3535)Libravatar kortewegdevries2020-07-23
| | | | | | | | | | | * Added freetube profile Initial * Added freetube profile Second:drop ignore seccomp,add disable-shell See https://github.com/netblue30/firejail/pull/3535
* Added cawbird profile (#3533)Libravatar kortewegdevries2020-07-23
| | | | | | * Added cawbird profile See https://github.com/netblue30/firejail/pull/3533 Squash commits for merging
* Merge pull request #3520 from onovy/mattermost-profileLibravatar rusty-snake2020-07-21
|\ | | | | Add Mattermost desktop profile
| * Add Mattermost desktop profileLibravatar Ondřej Nový2020-07-20
| |
* | New profile for homebank (#3525)Libravatar kortewegdevries2020-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add files via upload New profile for homebank * Update etc/profile-a-l/homebank.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> * Update etc/profile-a-l/homebank.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> * Update homebank.profile * Update firecfg.config homebank added * Update disable-programs.inc Added blacklist. * Update homebank.profile Added disable-shell,removed whitelisted docs * Update disable-programs.inc Changed sorting * Update homebank.profile Changed sorting * Added cawbird profile Initial * Revert "Added cawbird profile" This reverts commit 6b045976adf62a91882236600c55926af34b6a52. Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* | remoce pandoc from firecfgLibravatar rusty-snake2020-07-19
|/ | | | | | | | | I too saw some breaktages with programs using it. It can still be used like this: firejail pandoc -t foo bar.tex closes #3524
* add element-desktop redirect profile (#3517)Libravatar glitsj162020-07-16
| | | | | | | | | * Create element-desktop.profile * add element-desktop dirs to disable-programs.inc * add element-desktop to firecfg.config * Update RELNOTES
* hardening some profiles (#3505)Libravatar rusty-snake2020-07-09
| | | | | | | | | | | | | * hardening some profiles - harden and fix flameshot - wruc: frogatto, ghostwriter - harden gnome-latex - add whitelist opt-in note to keepassxc - add comment to minetest - harden openarena, tremulous, xonotic - add profile for xonotic-sdl-wrapper * followup
* new profile: gapplicationLibravatar rusty-snake2020-07-03
|
* new profilesLibravatar rusty-snake2020-06-25
|
* New profiles: apostrophe & quadrapasselLibravatar rusty-snake2020-06-11
|
* Add strawberry profile (#3459)Libravatar Amin Vakil2020-06-11
| | | | | | | | | | | | | | | | | | | | | | | * Add strawberry profile * Fix comment * Add to disable-programs.inc & firecfg.config * Add /home/amin/.local/share/strawberry to profile and disable-programs * Various hardening for strawberry profile Signed-off-by: Amin Vakil <info@aminvakil.com> * Change nodbus to dbus-system none in strawberry profile * Add dbus-user none to strawberry profile * Add whitelist-var-common, sort private-etc * Sort, Add wruc, Add netlink to protocol in strawberry profile * Remove dbus-user none to allow using gnome functions for various usage in strawberry profile
* firecfg: Only use fix_desktop_files automatically when run through sudo (#3382)Libravatar backspac2020-06-04
| | | | | * firecfg: Only use fix_desktop_files when --fix is specified * firecfg: Only use fix_desktop_files automatically when run through sudo
* new profile: mocp (#3437)Libravatar glitsj162020-05-27
| | | | | | | | | | | | | * Create mocp.profile * add mocp support to disable-programs.inc * add mocp support in firecfg.config * update RELNOTES for mocp * fix configuration access for mocp Thanks to @rusty-snake for spotting this.
* Add Ubuntu specific name for dinoLibravatar Karoshi422020-05-22
| | | Ubuntu packages dino as dino-im
* add new profile: plv (#3410)Libravatar glitsj162020-05-11
| | | | | | | | | | | Also fixed a typo for new profiles: nicontine --> nicotine * add plv to firecfg * add plv to disable-programs.inc * Create plv.profile * Update plv.profile
* Add steam-runtime aliasLibravatar backspac2020-04-24
|
* Profile for jitsi-meet-desktop (#3362)Libravatar Kishore96in2020-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Profile for Jitsi Meet desktop app (electron) * Update description. * Correctly include global definitions. * Add jitsi-meet-desktop to firecfg. * blacklist Jitsi-meet config directory in disable-programs.inc * Disable more things. disable-exec.inc not included, as the application shows some error if I include it. * Disable more stuff. * No need to whitelist Downloads directory. I don't think this application has any file sharing / downloading feature. * Use private-bin I needed to allow the bash executable as well for this to work. * Add some whitelist rules. * Use private-cache option * include disable-exec.inc Apparently one needs to allow execution in /tmp for the program to work. * Redirect to electron.profile. * Use private-etc. * Do not whitelist Downloads directory. electron.profile does this, but I do not think this program needs it. * Rearrange whitelisted files to alphabetical order. * Move nonwhitelist to appropriate section. * Newlines as section separators.
* Merge pull request #3348 from chrpinedo/profile-nicotineLibravatar rusty-snake2020-04-17
|\ | | | | Add new profile: nicotine
| * Add nicotine to firecfg.configLibravatar Christian Pinedo2020-04-17
| |
* | add sthortwave (#1139) and remove gjs from firecf…Libravatar rusty-snake2020-04-13
|/ | | | …g.config (#3333).
* Fix `man` break - remove less from firecfg by defaultLibravatar Fred Barclay2020-04-05
| | | | | | | | | | | | | | If `less` is sandboxed, then we get a similar message to below when calling `man <anything>` Error clone: main.c:2743 main: Operation not permitted man: command exited with status 1: sed -e '/^[[:space:]]*$/{ N; /^[[:space:]]*\n[[:space:]]*$/D; }' | LESS=-ix8RmPm Manual page grep(1) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$PM Manual page grep(1) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$-R MAN_PN=grep(1) less See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899143 https://github.com/netblue30/firejail/issues/1856 Noticed on Debian 10, firejail 0.9.63
* gnome games: more + fixesLibravatar rusty-snake2020-04-04
| | | | | | | - fix description - add gnome-klotski, five-or-more, swell-foop [skip ci]
* more gamesLibravatar rusty-snake2020-04-04
| | | | | | | | | | | | | | | | | - blobwars - gravity-beams-and-evaporating-stars - hyperrogue - jumpnbump-menu (alias) - jumpnbump - magicor - mindless - mirrormagic - mrrescue - scorched3d-wrapper (alias) - scorchwentbonkers - seahorse-adventures - wordwarvi - xbill
* abiword and more gnome-gamesLibravatar rusty-snake2020-03-29
| | | | | | | | | | | - four-in-a-row - gnome-mahjongg - gnome-robots - gnome-sudoku - gnome-taquin - gnome-tetravex harden gnome-chess
* Added ferdi to firecfg.configLibravatar 0x79692020-03-29
|
* Add a profile for X2GoClientLibravatar Tad2020-03-23
|
* penguin-commadLibravatar netblue302020-03-23
|
* kmplayer etcLibravatar netblue302020-03-22
|
* new profiles: agenda, gnome-pomodoro, gnome-todoLibravatar rusty-snake2020-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | rules for xdg-dbus-proxy: dbus-user filter dbus-user.own org.gnome.Pomodoro dbus-user.talk ca.desrt.dconf dbus-user.talk org.gnome.Shell dbus-system none dbus-user filter dbus-user.own org.gnome.Todo dbus-user.talk ca.desrt.dconf dbus-user.talk org.gnome.evolution.dataserver.AddressBook9 dbus-user.talk org.gnome.evolution.dataserver.Calendar8 dbus-user.talk org.gnome.evolution.dataserver.Sources5 dbus-user.talk org.gnome.evolution.dataserver.Subprocess.Backend.* dbus-user.talk org.gnome.OnlineAccounts dbus-user.talk org.gnome.SettingsDaemon.Color dbus-system filter dbus-system.talk org.freedesktop.login1 dbus-user filter dbus.own com.github.dahenson.agenda dbus.talk ca.desrt.dconf dbus-system block
* iagno profileLibravatar netblue302020-03-21
|
* new profiles: ripperx, sound-juicerLibravatar netblue302020-03-19
|
* nslookup, host profilesLibravatar netblue302020-03-18
|
* add gnome-screenshot.profileLibravatar rusty-snake2020-03-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patch for xdg-dbus-proxy ``` --- a/etc/gnome-screenshot.profile +++ b/etc/gnome-screenshot.profile @@ -45,3 +45,8 @@ private-bin gnome-screenshot private-dev private-etc dconf,fonts,gtk-3.0,localtime,machine-id private-tmp + +dbus-user filter +dbus-user.own org.gnome.Screenshot +dbus-user.talk org.gnome.Shell.Screenshot +dbus-system block ``` patch for whitelist-runuser-common.inc ``` --- a/etc/gnome-screenshot.profile +++ b/etc/gnome-screenshot.profile @@ -17,11 +17,8 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc -whitelist ${RUNUSER}/bus -whitelist ${RUNUSER}/pulse -whitelist ${RUNUSER}/gdm/Xauthority -whitelist ${RUNUSER}/wayland-0 include whitelist-usr-share-common.inc +include whitelist-runuser-common.inc include whitelist-var-common.inc apparmor ```
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 19:48:14 +0000