From 2de3ddae9c35e85019a4bc36be6565aa70874a36 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 20 Dec 2016 09:30:01 -0500 Subject: keepass/keepassx browser fixes --- README | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README b/README index 5dc50c9bf..1d2191c65 100644 --- a/README +++ b/README @@ -97,6 +97,8 @@ valoq (https://github.com/valoq) - added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles - added wget profile - disable gnupg and systemd directories under /run/user +SYN-cook (https://github.com/SYN-cook) + - keepass/keepassx browser fixes thewisenerd (https://github.com/thewisenerd) - appimage: pass commandline arguments KOLANICH (https://github.com/KOLANICH) -- cgit v1.2.3-70-g09d2 From 29ab333108072307c38e475e9a70c32fb5182ce6 Mon Sep 17 00:00:00 2001 From: valoq Date: Wed, 21 Dec 2016 10:29:14 +0100 Subject: hardened various profiles --- etc/7z.profile | 5 +++++ etc/cpio.profile | 3 ++- etc/exiftool.profile | 3 +++ etc/gpg-agent.profile | 3 +++ etc/gpg.profile | 3 +++ etc/less.profile | 3 +++ etc/mutt.profile | 3 +++ etc/odt2txt.profile | 3 +++ etc/pdftotext.profile | 3 +++ etc/ssh-agent.profile | 3 +++ etc/strings.profile | 3 ++- etc/tracker.profile | 3 +++ etc/wget.profile | 2 ++ etc/xpra.profile | 2 ++ 14 files changed, 40 insertions(+), 2 deletions(-) diff --git a/etc/7z.profile b/etc/7z.profile index 0cb72ff8d..319126540 100644 --- a/etc/7z.profile +++ b/etc/7z.profile @@ -1,9 +1,14 @@ # 7zip crompression tool profile quiet ignore noroot + include /etc/firejail/default.profile + +blacklist /tmp/.X11-unix + tracelog net none shell none private-dev nosound +no3d diff --git a/etc/cpio.profile b/etc/cpio.profile index 519bd244c..cf89acdac 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile @@ -16,6 +16,7 @@ shell none tracelog net none nosound +no3d - +blacklist /tmp/.X11-unix diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 384695473..1cae8c093 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile @@ -17,9 +17,12 @@ protocol unix seccomp netfilter net none +no3d shell none tracelog +blacklist /tmp/.X11-unix + # private-bin exiftool,perl private-tmp private-dev diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index b0ebdf43c..59c7383d7 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile @@ -14,9 +14,12 @@ nosound protocol unix seccomp netfilter +no3d shell none tracelog +blacklist /tmp/.X11-unix + # private-bin gpg-agent,gpg private-tmp private-dev diff --git a/etc/gpg.profile b/etc/gpg.profile index 31372eb90..d711c6f3e 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile @@ -15,9 +15,12 @@ protocol unix seccomp netfilter net none +no3d shell none tracelog +blacklist /tmp/.X11-unix + # private-bin gpg,gpg-agent private-tmp private-dev diff --git a/etc/less.profile b/etc/less.profile index 08758aead..c01dfc466 100644 --- a/etc/less.profile +++ b/etc/less.profile @@ -5,7 +5,10 @@ include /etc/firejail/default.profile net none nosound +no3d shell none tracelog +blacklist /tmp/.X11-unix + private-dev diff --git a/etc/mutt.profile b/etc/mutt.profile index 2718421c5..5a714de4a 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile @@ -33,8 +33,11 @@ nogroups nonewprivs noroot nosound +no3d protocol unix,inet,inet6 seccomp shell none +blacklist /tmp/.X11-unix + private-dev diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 329275022..c4e28f70e 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile @@ -13,9 +13,12 @@ protocol unix seccomp netfilter net none +no3d shell none tracelog +blacklist /tmp/.X11-unix + private-bin odt2txt private-tmp private-dev diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 632c9d15e..fe9e9e3cd 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile @@ -13,9 +13,12 @@ protocol unix seccomp netfilter net none +no3d shell none tracelog +blacklist /tmp/.X11-unix + private-bin pdftotext private-tmp private-dev diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 548ede37d..bea3a6061 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile @@ -12,5 +12,8 @@ caps.drop all netfilter nonewprivs noroot +no3d protocol unix,inet,inet6 seccomp + +blacklist /tmp/.X11-unix diff --git a/etc/strings.profile b/etc/strings.profile index 2b7724b11..2bbab1366 100644 --- a/etc/strings.profile +++ b/etc/strings.profile @@ -7,5 +7,6 @@ net none nosound shell none tracelog - private-dev +no3d +blacklist /tmp/.X11-unix diff --git a/etc/tracker.profile b/etc/tracker.profile index 217631216..7f4f371eb 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile @@ -12,12 +12,15 @@ nogroups nonewprivs noroot nosound +no3d protocol unix seccomp netfilter shell none tracelog +blacklist /tmp/.X11-unix + # private-bin tracker # private-tmp # private-dev diff --git a/etc/wget.profile b/etc/wget.profile index d9bca2acc..ff4b92bae 100644 --- a/etc/wget.profile +++ b/etc/wget.profile @@ -10,10 +10,12 @@ nonewprivs noroot nogroups nosound +no3d protocol unix,inet,inet6 seccomp shell none +blacklist /tmp/.X11-unix # private-bin wget # private-etc resolv.conf diff --git a/etc/xpra.profile b/etc/xpra.profile index 8584e4e5b..32be90b19 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile @@ -14,6 +14,8 @@ shell none seccomp protocol unix,inet,inet6 +# blacklist /tmp/.X11-unix + # private-bin private-dev private-tmp -- cgit v1.2.3-70-g09d2 From 77a97aae04c6ed92cc13779d6b4c25a5155a7315 Mon Sep 17 00:00:00 2001 From: valoq Date: Wed, 21 Dec 2016 10:34:28 +0100 Subject: profile improvements --- etc/atool.profile | 3 +++ etc/git.profile | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/etc/atool.profile b/etc/atool.profile index 3fbfb9fc7..578a88fc7 100644 --- a/etc/atool.profile +++ b/etc/atool.profile @@ -13,9 +13,12 @@ protocol unix seccomp netfilter net none +no3d shell none tracelog +blacklist /tmp/.X11-unix + # private-bin atool private-tmp private-dev diff --git a/etc/git.profile b/etc/git.profile index d60e58c03..80e534e20 100644 --- a/etc/git.profile +++ b/etc/git.profile @@ -12,15 +12,17 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc - caps.drop all netfilter nogroups nonewprivs noroot nosound +no3d protocol unix,inet,inet6 seccomp shell none +blacklist /tmp/.X11-unix + private-dev -- cgit v1.2.3-70-g09d2 From 4ed9a798064610c86cd9167fb098969dd6665b8f Mon Sep 17 00:00:00 2001 From: valoq Date: Wed, 21 Dec 2016 11:39:14 +0100 Subject: more profile improvements --- etc/elinks.profile | 3 +++ etc/highlight.profile | 4 ++++ etc/lynx.profile | 3 +++ etc/mediainfo.profile | 3 +++ etc/w3m.profile | 3 +++ 5 files changed, 16 insertions(+) diff --git a/etc/elinks.profile b/etc/elinks.profile index df817ea56..ade15f203 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile @@ -11,12 +11,15 @@ nogroups nonewprivs noroot nosound +no3d protocol unix,inet,inet6 seccomp netfilter shell none tracelog +blacklist /tmp/.X11-unix + # private-bin elinks private-tmp private-dev diff --git a/etc/highlight.profile b/etc/highlight.profile index f95f3924a..4bab18349 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile @@ -13,10 +13,14 @@ protocol unix seccomp netfilter net none +no3d shell none tracelog +blacklist /tmp/.X11-unix + private-bin highlight +# private-etc none private-tmp private-dev diff --git a/etc/lynx.profile b/etc/lynx.profile index 6e150f62e..3e8d72103 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile @@ -9,12 +9,15 @@ nogroups nonewprivs noroot nosound +no3d protocol unix,inet,inet6 seccomp netfilter shell none tracelog +blacklist /tmp/.X11-unix + # private-bin lynx private-tmp private-dev diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index c07a9a9e8..65d12c49e 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile @@ -9,6 +9,7 @@ nogroups nonewprivs noroot nosound +no3d protocol unix seccomp netfilter @@ -16,6 +17,8 @@ net none shell none tracelog +blacklist /tmp/.X11-unix + private-bin mediainfo private-tmp private-dev diff --git a/etc/w3m.profile b/etc/w3m.profile index d765217cf..7ee91bb70 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile @@ -11,12 +11,15 @@ nogroups nonewprivs noroot nosound +no3d protocol unix,inet,inet6 seccomp netfilter shell none tracelog +blacklist /tmp/.X11-unix + # private-bin w3m private-tmp private-dev -- cgit v1.2.3-70-g09d2 From de123793c3d2ded6d19c1cebd7bc085e26857ee6 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 22 Dec 2016 11:05:32 -0500 Subject: compile fixes --- src/firejail/cmdline.c | 2 +- src/firejail/fs_whitelist.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/firejail/cmdline.c b/src/firejail/cmdline.c index dcb0a5424..a17758f8b 100644 --- a/src/firejail/cmdline.c +++ b/src/firejail/cmdline.c @@ -163,7 +163,7 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc, // the program should exit with an error before entering this function assert(index != -1); - unsigned argcount = argc - index; +// unsigned argcount = argc - index; int len1 = cmdline_length(argc, argv, index); // length of argv w/o changes int len2 = cmdline_length(1, &argv[index], 0); // apptest.AppImage diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index b10858411..0970642db 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c @@ -95,9 +95,10 @@ static char *resolve_downloads(void) { if (asprintf(&fname, "%s/%s", cfg.homedir, ptr1) == -1) errExit("asprintf"); - if (stat(fname, &s) == -1) + if (stat(fname, &s) == -1) { free(fname); goto errout; + } char *rv; if (asprintf(&rv, "whitelist ~/%s", ptr + 24) == -1) -- cgit v1.2.3-70-g09d2 From f44b83a0020e6968b213e08123abd0d24c7362ec Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 22 Dec 2016 14:54:46 -0500 Subject: testing --- test/fs/whitelist-dev.exp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/fs/whitelist-dev.exp b/test/fs/whitelist-dev.exp index a2002bc0a..827f32126 100755 --- a/test/fs/whitelist-dev.exp +++ b/test/fs/whitelist-dev.exp @@ -33,7 +33,8 @@ sleep 1 send -- "ls -l /dev | wc -l\r" expect { timeout {puts "TESTING ERROR 3\n";exit} - "13" + "13" {puts "OK\n"} + "12" {puts "OK\n"} } after 100 send -- "exit\r" -- cgit v1.2.3-70-g09d2 From 4e221d70f498cc42b52019122dbd30bcfdb1eba5 Mon Sep 17 00:00:00 2001 From: thewisenerd Date: Sat, 24 Dec 2016 05:03:54 +0530 Subject: main: guess_shell: use $SHELL variable if set fixes #983 --- src/firejail/main.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/firejail/main.c b/src/firejail/main.c index 15820f7dd..c74fb02d2 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -754,12 +754,21 @@ static void delete_x11_file(pid_t pid) { char *guess_shell(void) { char *shell = NULL; + struct stat s; + + shell = getenv("SHELL"); + if (shell) { + // TODO: handle rogue shell variables? + if (stat(shell, &s) == 0 && access(shell, R_OK) == 0) { + return shell; + } + } + // shells in order of preference char *shells[] = {"/bin/bash", "/bin/csh", "/usr/bin/zsh", "/bin/sh", "/bin/ash", NULL }; int i = 0; while (shells[i] != NULL) { - struct stat s; // access call checks as real UID/GID, not as effective UID/GID if (stat(shells[i], &s) == 0 && access(shells[i], R_OK) == 0) { shell = shells[i]; -- cgit v1.2.3-70-g09d2 From 93d9d7aece7f5951ccfd106cf5b94636074ece67 Mon Sep 17 00:00:00 2001 From: thewisenerd Date: Sat, 24 Dec 2016 06:46:42 +0530 Subject: argv: private-home: exit on invalid option --- src/firejail/main.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/firejail/main.c b/src/firejail/main.c index 15820f7dd..f9742cc3f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1500,6 +1500,10 @@ int main(int argc, char **argv) { } // extract private home dirname + if (*(argv[i] + 15) == '\0') { + fprintf(stderr, "Error: invalid private-home option\n"); + exit(1); + } cfg.home_private_keep = argv[i] + 15; arg_private = 1; } -- cgit v1.2.3-70-g09d2 From ee338c3757e3b02765689623a6e81ee8b6c55905 Mon Sep 17 00:00:00 2001 From: thewisenerd Date: Sat, 24 Dec 2016 07:04:28 +0530 Subject: firejail: private-* : check, then assign. --- src/firejail/main.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/firejail/main.c b/src/firejail/main.c index f9742cc3f..c7470c33b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1521,38 +1521,38 @@ int main(int argc, char **argv) { } // extract private etc list - cfg.etc_private_keep = argv[i] + 14; - if (*cfg.etc_private_keep == '\0') { + if (*(argv[i] + 14) == '\0') { fprintf(stderr, "Error: invalid private-etc option\n"); exit(1); } + cfg.etc_private_keep = argv[i] + 14; arg_private_etc = 1; } else if (strncmp(argv[i], "--private-opt=", 14) == 0) { // extract private opt list - cfg.opt_private_keep = argv[i] + 14; - if (*cfg.opt_private_keep == '\0') { + if (*(argv[i] + 14) == '\0') { fprintf(stderr, "Error: invalid private-opt option\n"); exit(1); } + cfg.opt_private_keep = argv[i] + 14; arg_private_opt = 1; } else if (strncmp(argv[i], "--private-srv=", 14) == 0) { // extract private srv list - cfg.srv_private_keep = argv[i] + 14; - if (*cfg.srv_private_keep == '\0') { + if (*(argv[i] + 14) == '\0') { fprintf(stderr, "Error: invalid private-etc option\n"); exit(1); } + cfg.srv_private_keep = argv[i] + 14; arg_private_srv = 1; } else if (strncmp(argv[i], "--private-bin=", 14) == 0) { // extract private bin list - cfg.bin_private_keep = argv[i] + 14; - if (*cfg.bin_private_keep == '\0') { + if (*(argv[i] + 14) == '\0') { fprintf(stderr, "Error: invalid private-bin option\n"); exit(1); } + cfg.bin_private_keep = argv[i] + 14; arg_private_bin = 1; } else if (strcmp(argv[i], "--private-tmp") == 0) { -- cgit v1.2.3-70-g09d2 From ef75c0c22e35bc1cb5339519871de8e1dc4ed5c7 Mon Sep 17 00:00:00 2001 From: thewisenerd Date: Sat, 24 Dec 2016 07:10:24 +0530 Subject: firejail: profile: allow multiple private-* options --- src/firejail/profile.c | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/src/firejail/profile.c b/src/firejail/profile.c index da3daf95a..fab4f1efa 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -179,7 +179,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { if (strncmp(ptr, "private-home ", 13) == 0) { #ifdef HAVE_PRIVATE_HOME if (checkcfg(CFG_PRIVATE_HOME)) { - cfg.home_private_keep = ptr + 13; + if (cfg.home_private_keep) { + if ( asprintf(&cfg.home_private_keep, "%s,%s", cfg.home_private_keep, ptr + 13) < 0 ) + errExit("asprintf"); + } else + cfg.home_private_keep = ptr + 13; arg_private = 1; } else @@ -748,7 +752,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { fprintf(stderr, "Error: --private-etc and --writable-etc are mutually exclusive\n"); exit(1); } - cfg.etc_private_keep = ptr + 12; + if (cfg.etc_private_keep) { + if ( asprintf(&cfg.etc_private_keep, "%s,%s", cfg.etc_private_keep, ptr + 12) < 0 ) + errExit("asprintf"); + } else { + cfg.etc_private_keep = ptr + 12; + } arg_private_etc = 1; return 0; @@ -756,7 +765,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { // private /opt list of files and directories if (strncmp(ptr, "private-opt ", 12) == 0) { - cfg.opt_private_keep = ptr + 12; + if (cfg.opt_private_keep) { + if ( asprintf(&cfg.opt_private_keep, "%s,%s", cfg.opt_private_keep, ptr + 12) < 0 ) + errExit("asprintf"); + } else { + cfg.opt_private_keep = ptr + 12; + } arg_private_opt = 1; return 0; @@ -764,7 +778,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { // private /srv list of files and directories if (strncmp(ptr, "private-srv ", 12) == 0) { - cfg.srv_private_keep = ptr + 12; + if (cfg.srv_private_keep) { + if ( asprintf(&cfg.srv_private_keep, "%s,%s", cfg.srv_private_keep, ptr + 12) < 0 ) + errExit("asprintf"); + } else { + cfg.srv_private_keep = ptr + 12; + } arg_private_srv = 1; return 0; @@ -772,7 +791,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { // private /bin list of files if (strncmp(ptr, "private-bin ", 12) == 0) { - cfg.bin_private_keep = ptr + 12; + if (cfg.bin_private_keep) { + if ( asprintf(&cfg.bin_private_keep, "%s,%s", cfg.bin_private_keep, ptr + 12) < 0 ) + errExit("asprintf"); + } else { + cfg.bin_private_keep = ptr + 12; + } arg_private_bin = 1; return 0; } -- cgit v1.2.3-70-g09d2 From df38295faa992dbcb02b4f18dedbd60b770d4d22 Mon Sep 17 00:00:00 2001 From: thewisenerd Date: Sat, 24 Dec 2016 07:14:16 +0530 Subject: firejail: argv: allow multiple private-* options --- src/firejail/main.c | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/src/firejail/main.c b/src/firejail/main.c index c7470c33b..f1095d41f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1504,7 +1504,11 @@ int main(int argc, char **argv) { fprintf(stderr, "Error: invalid private-home option\n"); exit(1); } - cfg.home_private_keep = argv[i] + 15; + if (cfg.home_private_keep) { + if ( asprintf(&cfg.home_private_keep, "%s,%s", cfg.home_private_keep, argv[i] + 15) < 0 ) + errExit("asprintf"); + } else + cfg.home_private_keep = argv[i] + 15; arg_private = 1; } else @@ -1525,7 +1529,11 @@ int main(int argc, char **argv) { fprintf(stderr, "Error: invalid private-etc option\n"); exit(1); } - cfg.etc_private_keep = argv[i] + 14; + if (cfg.etc_private_keep) { + if ( asprintf(&cfg.etc_private_keep, "%s,%s", cfg.etc_private_keep, argv[i] + 14) < 0 ) + errExit("asprintf"); + } else + cfg.etc_private_keep = argv[i] + 14; arg_private_etc = 1; } else if (strncmp(argv[i], "--private-opt=", 14) == 0) { @@ -1534,7 +1542,11 @@ int main(int argc, char **argv) { fprintf(stderr, "Error: invalid private-opt option\n"); exit(1); } - cfg.opt_private_keep = argv[i] + 14; + if (cfg.opt_private_keep) { + if ( asprintf(&cfg.opt_private_keep, "%s,%s", cfg.opt_private_keep, argv[i] + 14) < 0 ) + errExit("asprintf"); + } else + cfg.opt_private_keep = argv[i] + 14; arg_private_opt = 1; } else if (strncmp(argv[i], "--private-srv=", 14) == 0) { @@ -1543,7 +1555,11 @@ int main(int argc, char **argv) { fprintf(stderr, "Error: invalid private-etc option\n"); exit(1); } - cfg.srv_private_keep = argv[i] + 14; + if (cfg.srv_private_keep) { + if ( asprintf(&cfg.srv_private_keep, "%s,%s", cfg.srv_private_keep, argv[i] + 14) < 0 ) + errExit("asprintf"); + } else + cfg.srv_private_keep = argv[i] + 14; arg_private_srv = 1; } else if (strncmp(argv[i], "--private-bin=", 14) == 0) { @@ -1552,7 +1568,11 @@ int main(int argc, char **argv) { fprintf(stderr, "Error: invalid private-bin option\n"); exit(1); } - cfg.bin_private_keep = argv[i] + 14; + if (cfg.bin_private_keep) { + if ( asprintf(&cfg.bin_private_keep, "%s,%s", cfg.bin_private_keep, argv[i] + 14) < 0 ) + errExit("asprintf"); + } else + cfg.bin_private_keep = argv[i] + 14; arg_private_bin = 1; } else if (strcmp(argv[i], "--private-tmp") == 0) { -- cgit v1.2.3-70-g09d2 From d8c2d7f1def5749dc0210f73d1a3228533d365e2 Mon Sep 17 00:00:00 2001 From: eventyrer Date: Sat, 24 Dec 2016 18:45:31 +0400 Subject: Update gnome-mplayer.profile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GMLIB-Message: Error when running: Cannot execute child-process «mplayer» (Access denied) --- etc/gnome-mplayer.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 1b0fc9807..488c7e0b8 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile @@ -12,6 +12,6 @@ protocol unix,inet,inet6 seccomp shell none -private-bin gnome-mplayer +private-bin gnome-mplayer,mplayer private-dev private-tmp -- cgit v1.2.3-70-g09d2 From 89f2705ae1e91b5b145cbe6c956977290f7980f4 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 24 Dec 2016 13:29:49 -0500 Subject: fixes --- README | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README b/README index 1d2191c65..751480868 100644 --- a/README +++ b/README @@ -97,6 +97,11 @@ valoq (https://github.com/valoq) - added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles - added wget profile - disable gnupg and systemd directories under /run/user +eventyrer (https://github.com/eventyrer) + - update gnome-mplayer.profile +thewisenerd (https://github.com/thewisenerd) + - allow multiple private-home commands + - use $SHELL variable if the shell is not specified SYN-cook (https://github.com/SYN-cook) - keepass/keepassx browser fixes thewisenerd (https://github.com/thewisenerd) -- cgit v1.2.3-70-g09d2