2026-04-15 - 2026-05-15
Overview
5817 issues closed from 1 user
Closed
#6347 [PR #7156] [MERGED] build(deps): bump step-security/harden-runner from 2.16.1 to 2.19.0
Closed
#6345 [PR #7154] [MERGED] security: create ~/.config/firejail to prevent sandbox escape
Closed
#6346 [PR #7155] [MERGED] build(deps): bump github/codeql-action from 4.35.1 to 4.35.2
Closed
#6344 [PR #7151] [MERGED] feature: allow subpaths in xdg macros
Closed
#6342 [PR #7153] [MERGED] new profile: ephoto
Closed
#6341 [PR #7149] [MERGED] profiles: steam: allow more 3d cache paths
Closed
#6339 [PR #7147] [MERGED] test: improve tests related to macros
Closed
#6337 [PR #7143] [MERGED] profiles: torbrowser-launcher: add no3d
Closed
#6338 [PR #7146] [MERGED] test: fix unescaped newlines in error messages
Closed
#6335 [PR #7141] [MERGED] build: deb: add conflict with firejail-profiles
Closed
#6334 [PR #7136] [MERGED] new profile: pi
Closed
#6332 [PR #7135] [MERGED] new profile: opencode
Closed
#6330 [PR #7127] [MERGED] build: merge fnettrace headers into fnettrace_common.h
Closed
#6331 [PR #7129] [MERGED] modif: stop following symlinks to /dev/null on disable
Closed
#6327 [PR #7123] [MERGED] build(deps): bump step-security/harden-runner from 2.15.0 to 2.16.1
Closed
#6328 [PR #7124] [MERGED] build: remove unused install.sh
Closed
#6324 [PR #7119] [CLOSED] profiles: steam: allow ~/.local/share/godot
Closed
#6325 [PR #7120] [MERGED] profiles: disable-common: add xfce clipman path
Closed
#6326 [PR #7122] [MERGED] build(deps): bump github/codeql-action from 4.32.4 to 4.35.1
Closed
#6322 [PR #7112] [MERGED] profiles: disable-exec: add mount points
Closed
#6323 [PR #7114] [MERGED] profiles: steam: allow ~/.cache/nvidia to improve game performance
Closed
#6321 [PR #7110] [MERGED] docs: recommend .deb or building from source on debian/ubuntu
Closed
#6320 [PR #7109] [MERGED] build: fix empty lists in syscall.c breaking compilation
Closed
#6318 [PR #7102] [MERGED] profiles: blobby: allow lua
Closed
#6319 [PR #7106] [MERGED] docs: man: fix typo in example
Closed
#6317 [PR #7103] [MERGED] profiles: firefox-common: allow auto light/dark theme switching
Closed
#6316 [PR #7100] [MERGED] new profile: halloy IRC client
Closed
#6314 [PR #7095] [MERGED] modif: replace --keep-hostname with new --hostname-randomize
Closed
#6315 [PR #7099] [MERGED] tests: fix strace color probing in allow-debuggers & seccomp-ptrace
Closed
#6313 [PR #7098] [MERGED] bugfix: lib: fix memory leaks in syscall_in_list()
Closed
#6312 [PR #7086] [MERGED] build(deps): bump github/codeql-action from 4.32.0 to 4.32.4
Closed
#6310 [PR #7084] [MERGED] profiles: mumble: include whitelist-runuser-common
Closed
#6311 [PR #7085] [MERGED] build(deps): bump step-security/harden-runner from 2.14.1 to 2.15.0
Closed
#6309 [PR #7083] [MERGED] profiles: disable-programs: add lact paths
Closed
#6307 [PR #7079] [MERGED] bugfix: add localhost lines to /etc/hosts
Closed
#6305 [PR #7074] [MERGED] modif: improve feature disabled warning/error messages
Closed
#6306 [PR #7077] [MERGED] bugfix: map sandbox hostname to ipv6 in /etc/hosts
Closed
#6303 [PR #7068] [MERGED] build: fix discarded const qualifier compiler warnings
Closed
#6299 [PR #7065] [MERGED] docs: man: clarify --debug-syscalls for seccomp
Closed
#6298 [PR #7061] [MERGED] profiles: firefox: add new ~/.config/mozilla dir
Closed
#6297 [PR #7064] [MERGED] docs: man: fix arch for syscall map in seccomp example
Closed
#6296 [PR #7059] [MERGED] profiles: fix allowing netcat
Closed
#6293 [PR #7052] [MERGED] build(deps): bump actions/checkout from 6.0.1 to 6.0.2
Closed
#6294 [PR #7050] [MERGED] build(deps): bump github/codeql-action from 4.31.9 to 4.32.0
Closed
#6295 [PR #7055] [MERGED] add a new option --debug-syscall-groups - part 2
Closed
#6292 [PR #7051] [MERGED] build(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1
Closed
#6291 [PR #7049] [MERGED] feature: add a new option --debug-syscall-groups - part 1
Closed
#6289 [PR #7044] [MERGED] modif: place some syscalls with access to a clock into @default-keep
Closed
#6290 [PR #7045] [MERGED] modif: move other syscalls considered deprecated into @obsolete
Closed
#6287 [PR #7042] [MERGED] modif: add missing syscalls in groups & fix setrlimit
Closed
#6288 [PR #7043] [MERGED] profiles: vesktop: fix screen sharing
Closed
#6283 [PR #7029] [MERGED] new profile: zen, zen-bin, zen-browser
Closed
#6284 [PR #7032] [MERGED] profiles: add deno paths
Closed
#6285 [PR #7034] [MERGED] modif: update syscall groups (syscall.c) - part 3
Closed
#6286 [PR #7039] [MERGED] docs: update syscall groups (syscalls.txt) - part 4
Closed
#6282 [PR #7027] [MERGED] sort syscalls in syscall groups (syscall.c) - part 2
Closed
#6281 [PR #7026] [CLOSED] new profile: zen-bin, zen-browser
Closed
#6277 [PR #7023] [MERGED] new profile: fragments
Closed
#6280 [PR #7024] [MERGED] modif: reorganize & update syscall groups (syscall.c) - part 1
Closed
#6278 [PR #7017] [MERGED] ci: gitlab: install missing git-buildpackage dependency
Closed
#6279 [PR #7021] [CLOSED] syscall.c: fix indentation of syscall groups
Closed
#6273 [PR #7013] [MERGED] build(deps): bump actions/checkout from 6.0.0 to 6.0.1
Closed
#6274 [PR #7012] [MERGED] build(deps): bump step-security/harden-runner from 2.13.2 to 2.14.0
Closed
#6275 [PR #7014] [MERGED] new profile: quakespasm
Closed
#6272 [PR #7011] [MERGED] build(deps): bump github/codeql-action from 4.31.5 to 4.31.9
Closed
#6269 [PR #7003] [MERGED] ci: codeql-cpp: print config.log if configure fails
Closed
#6270 [PR #7005] [MERGED] new profile: openra
Closed
#6271 [PR #7010] [MERGED] new profile: gzdoom
Closed
#6268 [PR #7004] [MERGED] build: add sort-profiles target for sort.py
Closed
#6266 [PR #7000] [MERGED] modif: include new generated syscall headers
Closed
#6264 [PR #6990] [MERGED] build: update gen-syscalls.sh
Closed
#6265 [PR #6998] [CLOSED] update system call groups
Closed
#6263 [PR #6985] [MERGED] profiles: electrum: add noblacklist /usr/share/fonts
Closed
#6262 [PR #6996] [MERGED] new profile: srb2
Closed
#6261 [PR #6980] [MERGED] profiles: brave: add org.mpris.MediaPlayer2.brave.*
Closed
#6259 [PR #6978] [MERGED] build(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2
Closed
#6260 [PR #6975] [MERGED] profiles: ssh: add ${RUNUSER}/openssh_agent socket path
Closed
#6258 [PR #6977] [MERGED] build(deps): bump github/codeql-action from 4.31.2 to 4.31.5
Closed
#6257 [PR #6976] [MERGED] build(deps): bump actions/checkout from 5.0.0 to 6.0.0
Closed
#6256 [PR #6972] [MERGED] modif: check for --version during early init
Closed
#6255 [PR #6970] [CLOSED] bugfix: make checkcfg init/cfg vars global
Closed
#6253 [PR #6965] [MERGED] docs: clarify that only latest and dev versions are supported
Closed
#6254 [PR #6971] [MERGED] bugfix: do sandbox check before checkcfg()
Closed
#6252 [PR #6969] [MERGED] bugfix: check for --quiet/--debug earlier during init
Closed
#6251 [PR #6964] [MERGED] docs: add distribution-specific build/install instructions
Closed
#6248 [PR #6961] [MERGED] modif: update and add syscalls for several architectures
Closed
#6249 [PR #6962] [MERGED] docs: improve build/install commands
Closed
#6250 [PR #6963] [MERGED] docs: always use full path to program in examples
Closed
#6247 [PR #6960] [MERGED] build: add script to generate syscall headers
Closed
#6245 [PR #6955] [MERGED] tests: man: disable test due to timeout
Closed
#6246 [PR #6958] [CLOSED] bugfix: correct directory traversal checking logic
Closed
#6243 [PR #6951] [MERGED] feature: add env-max-count / env-max-len to firejail.config
Closed
#6244 [PR #6954] [MERGED] build(deps): bump github/codeql-action from 3.30.5 to 4.31.2
Closed
#6242 [PR #6952] [MERGED] feature: add --xephyr-extra-params= command
Closed
#6241 [PR #6949] [MERGED] tests: man: fix timeout error
Closed
#6239 [PR #6947] [MERGED] profiles: wusc: add /usr/share/gtksourceview-5
Closed
#6240 [PR #6948] [MERGED] bugfix: add missing macros in profile.template
Closed
#6237 [PR #6942] [MERGED] bugfix: fix French translation for ${PICTURES} macro
Closed
#6238 [PR #6937] [MERGED] profiles: steam: allow ~/.local/share/doublefine
Closed
#6236 [PR #6936] [MERGED] new profile: gemini
Closed
#6234 [PR #6920] [MERGED] profiles: blink-common-hardened: disable noroot to fix saving files
Closed
#6235 [PR #6930] [MERGED] docs: man: clarify what ipc-namespace affects
Closed
#6233 [PR #6923] [MERGED] profiles: mullvad-browser: allow readlink and realpath
Closed
#6232 [PR #6918] [MERGED] build(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1
Closed
#6229 [PR #6900] [MERGED] new profile: trivalent
Closed
#6230 [PR #6909] [MERGED] profiles: wusc: add /usr/share/gtk-4.0
Closed
#6231 [PR #6917] [MERGED] build(deps): bump github/codeql-action from 3.29.11 to 3.30.5
Closed
#6228 [PR #6904] [MERGED] profiles: godot: allow ~/.local/share/Trash
Closed
#6227 [PR #6907] [MERGED] profiles: wusc: add /usr/share/glycin-loaders
Closed
#6226 [PR #6895] [MERGED] tests: rlimit: add missing tests for rlimit-as / rlimit-cpu
Closed
#6223 [PR #6893] [MERGED] modif: rlimit: improve error messages
Closed
#6224 [PR #6891] [MERGED] modif: rlimit: use uppercase suffixes in the code/docs
Closed
#6225 [PR #6894] [MERGED] docs: rlimit: improve text and use base-2 units
Closed
#6222 [PR #6890] [MERGED] modif: rlimit: allow uppercase suffixes
Closed
#6220 [PR #6887] [MERGED] build(deps): bump github/codeql-action from 3.29.7 to 3.29.11
Closed
#6219 [PR #6884] [MERGED] profiles: add missing mailcap entries
Closed
#6221 [PR #6888] [MERGED] profiles: hashcat: fix runtime errors
Closed
#6218 [PR #6886] [MERGED] build(deps): bump actions/checkout from 4.2.2 to 5.0.0
Closed
#6217 [PR #6885] [MERGED] profiles: organize blacklist sections as per profile.template
Closed
#6214 [PR #6877] [MERGED] build: cppcheck: use --check-level=exhaustive
Closed
#6215 [PR #6878] [MERGED] feature: add arg-max-count / arg-max-len to firejail.config
Closed
#6216 [PR #6879] [MERGED] profiles: qutebrowser: add comment about qute-pass support
Closed
#6212 [PR #6875] [MERGED] profiles: qutebrowser: whitelist /usr/share/pdf.js
Closed
#6213 [PR #6876] [MERGED] profiles: firefox-common: add a comment about mpris
Closed
#6210 [PR #6873] [MERGED] ci: codespell: upgrade ubuntu-22.04 to ubuntu-24.04
Closed
#6211 [PR #6874] [MERGED] ci: cppcheck: upgrade ubuntu-22.04 to ubuntu-24.04
Closed
#6209 [PR #6869] [MERGED] bugfix: fnettrace-icmp: fix uninitialized vars (cppcheck)
Closed
#6207 [PR #6871] [MERGED] bugfix: firecfg: fix parsing filenames with multiple ".desktop"
Closed
#6208 [PR #6872] [MERGED] bugfix: firemon: fix potential memory leak in procevent_monitor
Closed
#6206 [PR #6868] [MERGED] build: cppcheck: ignore src/lib/syscalls.c
Closed
#6203 [PR #6864] [MERGED] ci: speed-up main build & add build-gcc
Closed
#6205 [PR #6867] [MERGED] profiles: wine: disable noinput so gamepads work
Closed
#6204 [PR #6862] [MERGED] ci: standardize "apt-get install" step name
Closed
#6202 [PR #6859] [MERGED] bugfix: fix potential infinite loop in checkcfg (-fanalyzer)
Closed
#6201 [PR #6858] [MERGED] docs: github: clarify how to attach logs
Closed
#6198 [PR #6854] [MERGED] bugfix: firemon: fix inconsistent debug message format
Closed
#6199 [PR #6851] [MERGED] docs: man: improve strace usage and add refs
Closed
#6200 [PR #6856] [MERGED] modif: firemon: improve debug message code
Closed
#6197 [PR #6852] [MERGED] profiles: thunderbird: fix ignoring wruc
Closed
#6195 [PR #6849] [MERGED] build(deps): bump github/codeql-action from 3.29.2 to 3.29.5
Closed
#6196 [PR #6850] [MERGED] docs: add debian ci/ubuntu ppa links to README.md
Closed
#6194 [PR #6846] [MERGED] bugfix: firemon: avoid cmd double-free in procevent_monitor
Closed
#6192 [PR #6848] [MERGED] build(deps): bump step-security/harden-runner from 2.12.2 to 2.13.0
Closed
#6193 [PR #6845] [MERGED] ci: allow new github domain for codeql download
Closed
#6190 [PR #6840] [MERGED] bugfix: add NULL check for cmdline in find_child()
Closed
#6191 [PR #6844] [MERGED] bugfix: remove /usr/share + "runner:root" CI workaround
Closed
#6189 [PR #6829] [MERGED] profiles: xreader: disable no3d to fix startup
Closed
#6187 [PR #6832] [MERGED] ci: upgrade debian:buster to debian:bullseye
Closed
#6188 [PR #6828] [MERGED] profiles: keepassxc: add x11 group to private-etc
Closed
#6186 [PR #6825] [MERGED] modif: improve error messages in sandbox.c/sbox.c
Closed
#6183 [PR #6823] [MERGED] profiles: kate: fix network access
Closed
#6184 [PR #6818] [CLOSED] build: debian: packaging improvements
Closed
#6185 [PR #6824] [MERGED] modif: improve new network namespace error message
Closed
#6182 [PR #6819] [MERGED] profiles: allow org.kde.kwalletd6 for Plasma 6 systems
Closed
#6178 [PR #6808] [MERGED] bugfix: fcopy: allow /etc/resolv.conf owned by systemd-resolve
Closed
#6179 [PR #6810] [CLOSED] profiles: w3m: add xdg folders and allow x11
Closed
#6180 [PR #6812] [CLOSED] profiles: rtv: allow x11 and wayland
Closed
#6181 [PR #6816] [MERGED] profiles: makedeb: allow dpkg
Closed
#6177 [PR #6807] [MERGED] docs: fix man formatting of landlock.enforce
Closed
#6174 [PR #6804] [MERGED] modif: fcopy: try normal case first instead of last in check()
Closed
#6175 [PR #6805] [MERGED] docs: clarify --private bug in man pages
Closed
#6176 [PR #6806] [MERGED] bugfix: fix "Not enforcing Landlock" message always being printed
Closed
#6172 [PR #6801] [MERGED] modif: improve fcopy error messages in check()
Closed
#6173 [PR #6803] [MERGED] bugfix: fcopy: add /usr/share + "runner:root" exception to fix CI
Closed
#6169 [PR #6789] [CLOSED] build: sort.py: replace items in private-etc with groups
Closed
#6170 [PR #6794] [MERGED] build(deps): bump step-security/harden-runner from 2.12.0 to 2.12.2
Closed
#6171 [PR #6795] [MERGED] build(deps): bump github/codeql-action from 3.28.18 to 3.29.2
Closed
#6168 [PR #6791] [MERGED] profiles: replace hosts.conf with host.conf in private-etc
Closed
#6167 [PR #6785] [MERGED] profiles: finish converting private-opt to whitelist
Closed
#6165 [PR #6783] [MERGED] profiles: use private-etc groups in more profiles
Closed
#6166 [PR #6784] [MERGED] profiles: firecfg: disable foliate
Closed
#6164 [PR #6780] [MERGED] profiles: ripperx/sound-juicer: fix profile name typos
Closed
#6162 [PR #6779] [MERGED] profiles: ani-cli: add mpv to private-etc for plugins access
Closed
#6161 [PR #6777] [MERGED] profiles: chafa: quiet output
Closed
#6159 [PR #6761] [MERGED] feature: use non-blocking flock calls
Closed
#6160 [PR #6775] [MERGED] profiles: wusc: add /usr/share/xkeyboard-config-2
Closed
#6158 [PR #6763] [MERGED] profiles: wine: allow python to fix Epic Games Launcher
Closed
#6157 [PR #6766] [MERGED] build(deps): bump github/codeql-action from 3.28.16 to 3.28.18
Closed
#6156 [PR #6759] [MERGED] profiles: rssguard: allow lua
Closed
#6154 [PR #6751] [MERGED] New profile: ansel
Closed
#6155 [PR #6756] [CLOSED] profiles: centralize nvm allow line (archivers/hashers)
Closed
#6153 [PR #6753] [CLOSED] New profile: elixir
Closed
#6152 [PR #6755] [MERGED] profiles: firecfg: disable checksum programs
Closed
#6149 [PR #6747] [MERGED] modif: improve "Failed mount" error messages in util.c
Closed
#6150 [PR #6736] [MERGED] profiles: curl: allow ~/.netrc
Closed
#6151 [PR #6750] [MERGED] bugfix: fix potential deadlock with flock + SIGTSTP
Closed
#6148 [PR #6738] [MERGED] profiles: discord-common: add env to private-bin
Closed
#6147 [PR #6737] [MERGED] build: replace _SYSCONFDIR_ with @sysconfdir@
Closed
#6146 [PR #6735] [MERGED] profiles: mpv: remove mkfile ~/.netrc
Closed
#6145 [PR #6734] [MERGED] bugfix: add missing selinux relabeling for /dev paths
Closed
#6143 [PR #6732] [MERGED] profiles: remove mkdir ~/.pki
Closed
#6144 [PR #6728] [MERGED] build(deps): bump step-security/harden-runner from 2.11.0 to 2.12.0
Closed
#6142 [PR #6727] [MERGED] build(deps): bump github/codeql-action from 3.28.13 to 3.28.16
Closed
#6138 [PR #6719] [MERGED] modif: keep /dev/tpmrm devices if keep-dev-tpm is used
Closed
#6139 [PR #6718] [MERGED] modif: keep tss group if keep-dev-tpm is used
Closed
#6140 [PR #6721] [MERGED] profiles: firefox: add alternative tridactylrc path
Closed
#6141 [PR #6724] [MERGED] modif: keep tcm/tcmrm devices if keep-dev-tpm is used
Closed
#6137 [PR #6716] [MERGED] modif: use "Error:" in errExit message
Closed
#6136 [PR #6715] [MERGED] build: add localstatedir and use in VARDIR
Closed
#6135 [PR #6712] [MERGED] bugfix: fix flock debug messages going to stderr
Closed
#6133 [PR #6710] [MERGED] feature: add warn command
Closed
#6134 [PR #6713] [MERGED] build: use TARNAME in SYSCONFDIR/VARDIR
Closed
#6132 [PR #6711] [MERGED] modif: improve error messages in mountinfo.c
Closed
#6129 [PR #6706] [MERGED] docs: improve URL formatting in man pages
Closed
#6130 [PR #6709] [MERGED] profiles: fix include of deprecated disable-X11.inc (uppercase)
Closed
#6131 [PR #6708] [MERGED] profiles: add more xorg paths
Closed
#6128 [PR #6704] [MERGED] feature: use globbing in hardcoded numbered /dev paths
Closed
#6127 [PR #6707] [MERGED] profiles: godot: remove noinput so gamepads work
Closed
#6126 [PR #6698] [MERGED] modif: block TPM devices & turn notpm command into keep-dev-tpm
Closed
#6124 [PR #6687] [MERGED] profiles: split commands that increase/reduce access
Closed
#6125 [PR #6697] [MERGED] build(deps): bump github/codeql-action from 3.28.10 to 3.28.13
Closed
#6123 [PR #6689] [MERGED] profiles: firefox: add comment about creating PWA shortcuts
Closed
#6122 [PR #6686] [MERGED] profiles: godot: ignore noexec in home to fix addons
Closed
#6121 [PR #6683] [MERGED] profiles: floorp: add profile sync daemon paths
Closed
#6119 [PR #6679] [MERGED] New profile: xarchiver
Closed
#6120 [PR #6680] [MERGED] contrib/vim: add ftplugin file (based on cfg.vim)
Closed
#6117 [PR #6678] [MERGED] New profile: ouch
Closed
#6118 [PR #6677] [CLOSED] docs: clarify to run "sudo firecfg" as a normal (desktop) user
Closed
#6116 [PR #6676] [MERGED] build: remove cppcheck-old target/job
Closed
#6114 [PR #6673] [MERGED] profiles: seahorse: add redirect org.gnome.seahorse.Application
Closed
#6115 [PR #6674] [MERGED] bugfix: firecfg: check full .desktop filename in check_profile()
Closed
#6113 [PR #6671] [MERGED] build(deps): bump step-security/harden-runner from 2.10.4 to 2.11.0
Closed
#6112 [PR #6672] [MERGED] build(deps): bump github/codeql-action from 3.28.8 to 3.28.10
Closed
#6110 [PR #6669] [MERGED] New profile: remmina-file-wrapper
Closed
#6111 [PR #6670] [CLOSED] docs: clarify --noprofile and mention --profile=noprofile
Closed
#6107 [PR #6660] [MERGED] feature: block /dev/ntsync & add keep-dev-ntsync command
Closed
#6108 [PR #6666] [MERGED] profiles: ytmdesktop: add redirect & whitelist /opt/ytmdesktop
Closed
#6109 [PR #6664] [MERGED] modif: keep plugdev group unless nou2f is used
Closed
#6104 [PR #6641] [MERGED] profiles: tor: add memory-deny-write-execute
Closed
#6105 [PR #6659] [CLOSED] profiles: thunderbird: fix access to wayland socket
Closed
#6106 [PR #6654] [MERGED] New profile: vesktop
Closed
#6103 [PR #6653] [MERGED] docs: note that --build may generate a non-functional profile
Closed
#6102 [PR #6648] [CLOSED] profiles: qutebrowser: add @sound to private-etc
Closed
#6101 [PR #6640] [MERGED] profiles: torbrowser-launcher: move path from dc to dp
Closed
#6098 [PR #6627] [MERGED] ci: check-c: run all checks in parallel mode
Closed
#6099 [PR #6632] [MERGED] docs: clarify unmaintained status of overlayfs in configure.ac
Closed
#6100 [PR #6636] [MERGED] build(deps): bump step-security/harden-runner from 2.10.2 to 2.10.4
Closed
#6097 [PR #6635] [MERGED] build(deps): bump github/codeql-action from 3.28.0 to 3.28.8
Closed
#6094 [PR #6622] [MERGED] docs: improve whitelist and blacklist descriptions in man pages
Closed
#6095 [PR #6623] [CLOSED] build(config.mk.in): add comment explaining the different flags
Closed
#6096 [PR #6624] [MERGED] docs: update distribution table & add note in SECURITY.md
Closed
#6093 [PR #6620] [MERGED] build: rename print-version target to installcheck
Closed
#6092 [PR #6616] [MERGED] New profile: device-flasher.linux (CalyxOS)
Closed
#6090 [PR #6607] [MERGED] docs: github: add program name/version to bug_report.md
Closed
#6091 [PR #6609] [MERGED] profiles: aria2p: disable x11 and clipboard managers
Closed
#6088 [PR #6605] [MERGED] modif: clarify error messages in profile.c
Closed
#6089 [PR #6598] [MERGED] bugfix: fix possible memory leak in fs_home.c
Closed
#6087 [PR #6596] [MERGED] build(deps): bump github/codeql-action from 3.27.5 to 3.28.0
Closed
#6085 [PR #6593] [MERGED] build: sort.py: fix whitespace in entire profile
Closed
#6086 [PR #6594] [MERGED] build: sort.py: quote diff lines
Closed
#6082 [PR #6591] [MERGED] bugfix: do not interact with dbus directory if dbus proxy is disabled
Closed
#6083 [PR #6590] [MERGED] New profile: tremc
Closed
#6084 [PR #6592] [MERGED] feature: add --disable-sandbox-check configure flag
Closed
#6081 [PR #6589] [MERGED] New profile: pyradio
Closed
#6078 [PR #6587] [MERGED] New profile: ncmpcpp
Closed
#6079 [PR #6588] [MERGED] New profile: nsxiv
Closed
#6080 [PR #6585] [MERGED] New profile: hledger/hledger-ui
Closed
#6077 [PR #6586] [MERGED] New profile: monero-wallet-cli
Closed
#6076 [PR #6583] [MERGED] New profile: aria2p/aria2rpc
Closed
#6074 [PR #6580] [CLOSED] profiles: improve anki and foliate & add new profiles
Closed
#6075 [PR #6584] [MERGED] New profile: buku
Closed
#6073 [PR #6582] [MERGED] profiles: refactor com.github.johnfactotum.Foliate into foliate.profile
Closed
#6072 [PR #6581] [MERGED] profiles: anki: fix dark mode detection & misc changes
Closed
#6068 [PR #6571] [MERGED] profiles: disable-common: add bubblejail paths
Closed
#6069 [PR #6574] [MERGED] feature: add aarch64 syscalls
Closed
#6070 [PR #6578] [MERGED] profiles: firecfg: fix sha384sum & add b2sum/cksum
Closed
#6071 [PR #6579] [MERGED] bugfix: parse --debug before using it
Closed
#6067 [PR #6577] [MERGED] New profile: b3sum (blake3)
Closed
#6065 [PR #6565] [MERGED] profiles: clamav: add /etc/clamav
Closed
#6066 [PR #6562] [MERGED] build: sort.py: add -h option for help
Closed
#6063 [PR #6560] [MERGED] build(deps): bump github/codeql-action from 3.27.0 to 3.27.5
Closed
#6064 [PR #6558] [MERGED] New profile: prismlauncher
Closed
#6062 [PR #6561] [MERGED] build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2
Closed
#6060 [PR #6556] [MERGED] build: sort.py: strip whitespace in profiles
Closed
#6061 [PR #6557] [MERGED] profiles: video-players: add missing /usr/share paths
Closed
#6058 [PR #6555] [MERGED] profiles: ensure allow-lua where mpv is allowed
Closed
#6059 [PR #6551] [MERGED] profiles: wget: unify wget2 into wget profile
Closed
#6057 [PR #6552] [MERGED] profiles: tesseract: disable private-tmp to fix ocrmypdf
Closed
#6055 [PR #6545] [MERGED] profiles: anki: fix opening, allow media & add to firecfg
Closed
#6056 [PR #6549] [MERGED] New profile: irssi
Closed
#6054 [PR #6534] [MERGED] profiles: game-launchers: disable nou2f
Closed
#6052 [PR #6536] [MERGED] New profile: syncthing
Closed
#6053 [PR #6542] [MERGED] profiles: wget: allow ~/.local/share/wget
Closed
#6051 [PR #6533] [MERGED] profiles: firecfg: disable dnsmasq
Closed
#6050 [PR #6531] [MERGED] profiles: keepassxc: allow access to ssh-agent socket
Closed
#6048 [PR #6526] [MERGED] docs: fix typos of --enable-selinux configure option
Closed
#6049 [PR #6527] [MERGED] build(deps): bump actions/checkout from 4.2.0 to 4.2.2
Closed
#6047 [PR #6528] [MERGED] build(deps): bump github/codeql-action from 3.26.10 to 3.27.0
Closed
#6046 [PR #6525] [MERGED] docs: use GitHub issues as the bug reporting address
Closed
#6045 [PR #6504] [CLOSED] feature: create the link only if its endpoint is available
Closed
#6042 [PR #6514] [MERGED] profiles: thunderbird: allow /etc/thunderbird
Closed
#6043 [PR #6515] [MERGED] profiles: firefox-esr: allow /etc/firefox-esr
Closed
#6044 [PR #6524] [MERGED] docs: clarify intro and build section in README
Closed
#6040 [PR #6499] [MERGED] profiles: firefox-common: allow org.freedesktop.portal.Documents
Closed
#6041 [PR #6503] [MERGED] profiles: steam: add ~/.config/UNDERTALE
Closed
#6038 [PR #6495] [MERGED] build(deps): bump actions/checkout from 4.1.7 to 4.2.0
Closed
#6039 [PR #6498] [MERGED] profiles: signal-desktop: allow org.freedesktop.secrets (dbus)
Closed
#6037 [PR #6496] [MERGED] build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1
Closed
#6036 [PR #6494] [MERGED] build(deps): bump github/codeql-action from 3.26.6 to 3.26.10
Closed
#6035 [PR #6486] [MERGED] profiles: browsers: centralize/sync/improve comments
Closed
#6033 [PR #6477] [MERGED] profiles: firecfg: disable text editors
Closed
#6034 [PR #6478] [MERGED] profiles: nextcloud: fix access to ~/Nextcloud
Closed
#6032 [PR #6479] [MERGED] profiles: ssh: add ${RUNUSER}/gvfsd-sftp
Closed
#6029 [PR #6473] [MERGED] profiles: librewolf: add new dbus name (io.gitlab.firefox)
Closed
#6030 [PR #6474] [MERGED] docs: man: fix wrong escapes
Closed
#6031 [PR #6476] [MERGED] profiles: wesnoth: allow lua
Closed
#6027 [PR #6472] [MERGED] docs: man: fix bold in command TPs
Closed
#6028 [PR #6471] [MERGED] docs: github: streamline environment in issue templates
Closed
#6025 [PR #6468] [MERGED] profiles: video: add ~/.dvdcss
Closed
#6026 [PR #6469] [MERGED] profiles: evolution: add /tmp/evolution-* & disable private-tmp
Closed
#6023 [PR #6455] [MERGED] build(deps): bump step-security/harden-runner from 2.9.0 to 2.9.1
Closed
#6024 [PR #6463] [MERGED] New profile: singularity (Endgame: Singularity)
Closed
#6022 [PR #6454] [MERGED] build(deps): bump github/codeql-action from 3.25.15 to 3.26.6
Closed
#6019 [PR #6441] [CLOSED] build: fix undeclared AUDIT_ARCH_AARCH64 on Linux <3.17
Closed
#6020 [PR #6443] [MERGED] profiles: bitwarden: improvements and new bitwarden-desktop redirect
Closed
#6021 [PR #6451] [MERGED] docs: man: sort commands (firejail.1)
Closed
#6017 [PR #6435] [MERGED] profiles: firefox-common: fix private-etc in includers
Closed
#6016 [PR #6432] [CLOSED] profiles: firecfg.config: disable spectacle 2
Closed
#6012 [PR #6428] [MERGED] build(deps): bump github/codeql-action from 3.25.11 to 3.25.15
Closed
#6013 [PR #6429] [MERGED] profiles: blacklist sway IPC socket
Closed
#6014 [PR #6427] [MERGED] build(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0
Closed
#6015 [PR #6431] [MERGED] feature: fshaper.sh: support tc on NixOS
Closed
#6011 [PR #6425] [MERGED] docs: man: improve blacklist/whitelist examples with spaces
Closed
#6008 [PR #6422] [MERGED] New profile: dtui
Closed
#6009 [PR #6423] [MERGED] docs: add build_issue.md issue template
Closed
#6010 [PR #6424] [MERGED] profiles: element-desktop: allow /usr/share/element
Closed
#6007 [PR #6420] [MERGED] profiles: refactor dbus debugger profiles
Closed
#6006 [PR #6419] [MERGED] profiles: ssh: allow gpgagent socket for custom homedir
Closed
#6004 [PR #6408] [MERGED] profiles: okular: fix "Print to PDF"
Closed
#6005 [PR #6418] [MERGED] profiles: bijiben: update webkit var and disable in firecfg
Closed
#6002 [PR #6412] [MERGED] profiles: firecfg: disable spectacle
Closed
#6003 [PR #6415] [MERGED] bugfix: firemon: skip coredump if unsupported
Closed
#6000 [PR #6404] [MERGED] build: improve reliability/portability of date command usage
Closed
#6001 [PR #6407] [MERGED] docs: clarify that other tools may not be in PPA
Closed
#5998 [PR #6398] [MERGED] docs: man: format and sort some private- items
Closed
#5999 [PR #6401] [MERGED] bugfix: remove --noautopulse from --help and zsh comp
Closed
#5997 [PR #6396] [MERGED] build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1
Closed
#5996 [PR #6395] [MERGED] build(deps): bump github/codeql-action from 3.25.7 to 3.25.11
Closed
#5993 [PR #6390] [MERGED] feature: add notpm command & keep tpm devices in private-dev
Closed
#5994 [PR #6391] [MERGED] profiles: keepassxc: add new socket location
Closed
#5995 [PR #6394] [MERGED] build(deps): bump actions/checkout from 4.1.6 to 4.1.7
Closed
#5992 [PR #6392] [MERGED] profiles: fractal: add ~/.local/share/fractal
Closed
#5990 [PR #6383] [MERGED] profiles: claws-mail: note no3d issue with "fancy" plugin
Closed
#5991 [PR #6387] [MERGED] modif: keep /sys/module/nvidia* if prop driver and no no3d
Closed
#5988 [PR #6382] [MERGED] docs: bug_report.md: use absolute path in 'steps to reproduce'
Closed
#5989 [PR #6380] [MERGED] modif: private-dev: keep /dev/kfd unless no3d is used
Closed
#5987 [PR #6378] [MERGED] profiles: claws-mail: add ~/.cache/claws-mail
Closed
#5986 [PR #6376] [MERGED] profiles: hashcat: support newer configuration paths
Closed
#5983 [PR #6367] [MERGED] bugfix: fix various resource leaks
Closed
#5984 [PR #6366] [MERGED] build: standardize install commands
Closed
#5985 [PR #6369] [MERGED] bugfix: profstats: fix restrict-namespaces max count
Closed
#5982 [PR #6365] [MERGED] New profile: armcord
Closed
#5980 [PR #6362] [MERGED] build(deps): bump github/codeql-action from 3.25.5 to 3.25.7
Closed
#5981 [PR #6363] [MERGED] build(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0
Closed
#5979 [PR #6359] [MERGED] docs: add precedence info to manpage & fix noblacklist example
Closed
#5977 [PR #6354] [MERGED] build: allow overriding common tools
Closed
#5978 [PR #6361] [MERGED] profiles: blacklist i3 IPC socket & dir except for i3 itself
Closed
#5976 [PR #6353] [MERGED] profiles: libreoffice: support signing documents with GPG
Closed
#5974 [PR #6347] [MERGED] build(deps): bump github/codeql-action from 3.25.4 to 3.25.5
Closed
#5975 [PR #6349] [MERGED] profiles: yelp: add Firefox URL open support
Closed
#5972 [PR #6346] [MERGED] build(deps): bump actions/checkout from 4.1.5 to 4.1.6
Closed
#5973 [PR #6348] [MERGED] profiles: streamline Firefox URL opening support
Closed
#5969 [PR #6342] [MERGED] build: add strip target and simplify install targets
Closed
#5970 [PR #6341] [MERGED] New profile: nhex
Closed
#5971 [PR #6343] [MERGED] build: remove clean dependency from cppcheck targets
Closed
#5968 [PR #6339] [MERGED] build: sort.py: use -i by default and add -n
Closed
#5967 [PR #6340] [MERGED] profiles: hexchat: add noprinters
Closed
#5966 [PR #6338] [MERGED] ci: make dependabot updates monthly and bump PR limit
Closed
#5965 [PR #6337] [MERGED] build(deps): bump github/codeql-action from 3.25.3 to 3.25.4
Closed
#5963 [PR #6334] [MERGED] profiles: steam: update novideo comment for webcam motion trackers
Closed
#5964 [PR #6333] [MERGED] profiles: loupe: harden and disable apparmor
Closed
#5962 [PR #6336] [MERGED] build(deps): bump actions/checkout from 4.1.4 to 4.1.5
Closed
#5961 [PR #6330] [MERGED] build(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1
Closed
#5959 [PR #6327] [MERGED] New profile: loupe
Closed
#5960 [PR #6331] [MERGED] profiles: hexchat: allow lua/downloads and harden
Closed
#5957 [PR #6328] [MERGED] New profile: d-spy
Closed
#5953 [PR #6322] [MERGED] profiles: fluffychat: remove option present in disable-common.inc
Closed
#5954 [PR #6321] [MERGED] profiles: audacity: allow networking by default
Closed
#5955 [PR #6323] [MERGED] build(deps): bump actions/checkout from 4.1.2 to 4.1.4
Closed
#5956 [PR #6324] [MERGED] build(deps): bump github/codeql-action from 3.24.10 to 3.25.3
Closed
#5952 [PR #6320] [CLOSED] build(deps): bump github/codeql-action from 3.24.10 to 3.25.1
Closed
#5951 [PR #6319] [CLOSED] build(deps): bump actions/checkout from 4.1.2 to 4.1.3
Closed
#5949 [PR #6315] [MERGED] New profile: axel
Closed
#5950 [PR #6314] [MERGED] New profile: obsidian
Closed
#5947 [PR #6309] [MERGED] profiles: allow-ssh: allow /etc/ssh/ssh_revoked_hosts
Closed
#5946 [PR #6307] [MERGED] bugfix: fix startup race condition for /run/firejail directory
Closed
#5944 [PR #6303] [MERGED] build(deps): bump github/codeql-action from 3.24.9 to 3.24.10
Closed
#5945 [PR #6305] [MERGED] landlock: amend empty functions and comments
Closed
#5943 [PR #6304] [MERGED] profiles: mov-cli: remove ffmpeg & allow more paths
Closed
#5942 [PR #6302] [MERGED] docs: warn about limitations of landlock
Closed
#5941 [PR #6300] [MERGED] profiles: clarify and add opengl-game to profile.template
Closed
#5940 [PR #6294] [MERGED] profiles: rename disable-X11.inc to disable-x11.inc
Closed
#5938 [PR #6295] [CLOSED] build: build with -D_FORTIFY_SOURCE=3 if available
Closed
#5939 [PR #6299] [MERGED] profiles: add allow-php.inc to profile.template
Closed
#5937 [PR #6298] [MERGED] profiles: add allow-nodejs.inc to profile.template
Closed
#5936 [PR #6293] [MERGED] New profile: gh (GitHub CLI)
Closed
#5935 [PR #6292] [MERGED] profiles: pkglog: x11 hardening
Closed
#5933 [PR #6291] [MERGED] build(deps): bump github/codeql-action from 3.24.7 to 3.24.9
Closed
#5934 [PR #6290] [MERGED] build: sort.py: add and require -i to edit in-place
Closed
#5932 [PR #6289] [MERGED] profiles: sort blacklist sections
Closed
#5929 [PR #6283] [MERGED] build: fix "warning: "_FORTIFY_SOURCE" redefined"
Closed
#5930 [PR #6286] [MERGED] profiles: replace x11 socket blacklist with disable-X11.inc
Closed
#5931 [PR #6287] [MERGED] profiles: refactor qemu into qemu-common
Closed
#5928 [PR #6285] [MERGED] profiles: firefox: add org.kde.kdeconnect to plasma comment
Closed
#5927 [PR #6284] [MERGED] Remove profile: porn-cli
Closed
#5925 [PR #6278] [MERGED] build(deps): bump github/codeql-action from 3.24.6 to 3.24.7
Closed
#5926 [PR #6280] [MERGED] profiles: k3b: disable private-dev to fix dvd drive detection
Closed
#5923 [PR #6277] [MERGED] build(deps): bump actions/checkout from 4.1.1 to 4.1.2
Closed
#5924 [PR #6270] [MERGED] torbrowser-launcher fixes (AppArmor/profile)
Closed
#5922 [PR #6272] [MERGED] profiles: qt6ct: add dbus-filtering rules
Closed
#5921 [PR #6268] [MERGED] docs: firecfg: note different .desktop naming schemes
Closed
#5919 [PR #6265] [MERGED] profiles: makepkg: fix ordering
Closed
#5920 [PR #6266] [MERGED] profiles: remove blacklisting of qt5ct/qt6ct paths
Closed
#5918 [PR #6263] [MERGED] profiles: firecfg.config: add floorp
Closed
#5917 [PR #6264] [MERGED] build(deps): bump github/codeql-action from 3.24.5 to 3.24.6
Closed
#5915 [PR #6261] [MERGED] build: sort.py: filter empty and duplicate items
Closed
#5916 [PR #6262] [CLOSED] firecfg.config: add floorp
Closed
#5914 [PR #6258] [MERGED] profiles: ssh: whitelist gcr-ssh-agent unix socket
Closed
#5912 [PR #6259] [MERGED] New profile: session-desktop
Closed
#5913 [PR #6260] [MERGED] landlock: use PATH macro in landlock-common.inc
Closed
#5911 [PR #6257] [MERGED] profiles: deny access to ~/.config/autostart
Closed
#5909 [PR #6255] [MERGED] New profile: tqemu
Closed
#5910 [PR #6256] [MERGED] New profile: tvnamer
Closed
#5908 [PR #6254] [MERGED] New profile: textroom
Closed
#5907 [PR #6253] [MERGED] New profile: statusof
Closed
#5903 [PR #6248] [CLOSED] New profile: pacseek
Closed
#5905 [PR #6251] [MERGED] New profile: rymdport
Closed
#5906 [PR #6252] [CLOSED] New profile: session messenger
Closed
#5902 [PR #6249] [MERGED] New profile: qt5ct
Closed
#5904 [PR #6250] [MERGED] New profile: qt6ct
Closed
#5899 [PR #6244] [MERGED] New profile: localsend_app
Closed
#5900 [PR #6247] [MERGED] New profile: mimetype
Closed
#5901 [PR #6246] [MERGED] New profile: metadata-cleaner
Closed
#5898 [PR #6243] [MERGED] New profile: koreader
Closed
#5897 [PR #6245] [MERGED] New profile: lyriek
Closed
#5894 [PR #6238] [MERGED] profiles: virt-manager: block /usr/libexec
Closed
#5895 [PR #6239] [MERGED] profiles: gnome-boxes: block /usr/libexec
Closed
#5896 [PR #6241] [MERGED] New profiles: lz4 and redirects
Closed
#5893 [PR #6236] [MERGED] New profile: erd
Closed
#5892 [PR #6237] [MERGED] New profile: green-recorder
Closed
#5891 [PR #6235] [MERGED] New profile: editorconfiger
Closed
#5889 [PR #6231] [MERGED] New profile: bpftop
Closed
#5890 [PR #6234] [MERGED] New profile: dexios
Closed
#5888 [PR #6232] [MERGED] New profile: cloneit
Closed
#5887 [PR #6233] [MERGED] New profile: deadlink
Closed
#5884 [PR #6227] [MERGED] New profile: virt-manager
Closed
#5885 [PR #6228] [MERGED] landlock: use "landlock.fs." prefix in filesystem commands
Closed
#5886 [PR #6230] [MERGED] build: reduce hardcoding and inconsistencies
Closed
#5883 [PR #6226] [MERGED] New profile: gnome-boxes
Closed
#5882 [PR #6223] [MERGED] build(deps): bump github/codeql-action from 3.24.3 to 3.24.5
Closed
#5880 [PR #6219] [MERGED] New profile: ledger-live-desktop
Closed
#5881 [PR #6222] [MERGED] build: allow overriding certain tools & sync targets with CI
Closed
#5879 [PR #6218] [MERGED] profiles: drop paths already in wusc
Closed
#5877 [PR #6216] [MERGED] profiles: multimc: fix instances not running & harden
Closed
#5878 [PR #6217] [MERGED] build: move errExit macro into inline function
Closed
#5874 [PR #6203] [CLOSED] landlock: sort options in man pages
Closed
#5875 [PR #6214] [MERGED] build(deps): bump github/codeql-action from 3.24.0 to 3.24.3
Closed
#5876 [PR #6211] [MERGED] profiles: nextcloud: add dbus-user.own & document dbus service
Closed
#5872 [PR #6202] [MERGED] profiles: enchant-lsmod-2: redirect to enchant-2
Closed
#5873 [PR #6201] [MERGED] profiles: gnome-keyring: harden & add gnome-keyring-daemon
Closed
#5870 [PR #6192] [CLOSED] profiles: lutris: add comment for gamescope workaround
Closed
#5871 [PR #6200] [MERGED] landlock: fix struct initialization
Closed
#5868 [PR #6193] [MERGED] build(deps): bump step-security/harden-runner from 2.6.1 to 2.7.0
Closed
#5869 [PR #6196] [MERGED] build: mkrpm.sh improvements
Closed
#5867 [PR #6194] [MERGED] build(deps): bump github/codeql-action from 3.23.2 to 3.24.0
Closed
#5864 [PR #6184] [MERGED] security: fix sscanf rv checks (CodeQL)
Closed
#5865 [PR #6186] [MERGED] build: improve main clean target
Closed
#5866 [PR #6187] [MERGED] landlock: split .special into .makeipc and .makedev
Closed
#5862 [PR #6182] [MERGED] profiles: crawl: allow lua
Closed
#5863 [PR #6183] [MERGED] profiles: geeqie: allow lua
Closed
#5859 [PR #6179] [CLOSED] ci: codeql: add the language to the category
Closed
#5860 [PR #6180] [MERGED] New profile: rawtherapee
Closed
#5861 [PR #6181] [MERGED] New profile: electron-cash
Closed
#5857 [PR #6176] [MERGED] build(deps): bump github/codeql-action from 3.23.1 to 3.23.2
Closed
#5858 [PR #6178] [MERGED] ci: add timeout limits
Closed
#5855 [PR #6172] [MERGED] bugfix: print version to stderr on startup
Closed
#5856 [PR #6173] [MERGED] profiles: tesseract: add quiet
Closed
#5854 [PR #6163] [MERGED] build(deps): bump github/codeql-action from 3.23.0 to 3.23.1
Closed
#5853 [PR #6164] [MERGED] build: automatically generate header dependencies
Closed
#5852 [PR #6159] [MERGED] build: use CPPFLAGS instead of INCLUDE in compile targets
Closed
#5851 [PR #6158] [MERGED] build: use full paths on compile/link targets
Closed
#5848 [PR #6156] [MERGED] build(deps): bump github/codeql-action from 3.22.12 to 3.23.0
Closed
#5850 [PR #6154] [MERGED] profiles: add redirect profiles for gtk video frontends
Closed
#5847 [PR #6155] [MERGED] profiles: lobster: allow basename
Closed
#5845 [PR #6150] [MERGED] profiles: use only /usr/share/lua*
Closed
#5846 [PR #6153] [MERGED] firecfg: use ignorelist also for .profile/.desktop files
Closed
#5843 [PR #6143] [MERGED] profiles: man: allow perl
Closed
#5844 [PR #6149] [CLOSED] Exit if firejail is not SUID
Closed
#5842 [PR #6139] [MERGED] build(deps): bump github/codeql-action from 3.22.11 to 3.22.12
Closed
#5839 [PR #6126] [MERGED] build: mkrpm.sh: append instead of override configure args
Closed
#5840 [PR #6131] [MERGED] profiles: obs: allow lua
Closed
#5841 [PR #6136] [MERGED] build(deps): bump github/codeql-action from 2.22.9 to 3.22.11
Closed
#5837 [PR #6128] [MERGED] profiles: mpv: whitelist /usr/share/mpv
Closed
#5838 [PR #6129] [MERGED] Revert "lookup xauth in PATH"
Closed
#5836 [PR #6125] [MERGED] landlock: move commands into profile and add landlock.enforce
Closed
#5835 [PR #6117] [MERGED] profiles: steam: add ~/Zomboid (Project Zomboid)
Closed
#5833 [PR #6118] [MERGED] profiles: minecraft-launcher: allow keyring access
Closed
#5834 [PR #6122] [MERGED] build(deps): bump github/codeql-action from 2.22.8 to 2.22.9
Closed
#5832 [PR #6120] [MERGED] profiles: curl: add ~/.config/curlrc
Closed
#5829 [PR #6108] [MERGED] build(deps): bump github/codeql-action from 2.22.7 to 2.22.8
Closed
#5830 [PR #6109] [MERGED] feature: expand simple macros in more commands
Closed
#5831 [PR #6116] [MERGED] firecfg.config: drop geary
Closed
#5828 [PR #6107] [MERGED] profiles: lutris: allow mangohud
Closed
#5827 [PR #6104] [MERGED] ci: re-enable sort.py
Closed
#5825 [PR #6096] [MERGED] build(deps): bump step-security/harden-runner from 2.6.0 to 2.6.1
Closed
#5826 [PR #6099] [CLOSED] profiles: steam: noblacklist ~/.config/unity3d
Closed
#5822 [PR #6087] [MERGED] modif: lookup xauth in PATH
Closed
#5823 [PR #6086] [MERGED] bugfix: fix displaying of large file sizes in --ls
Closed
#5824 [PR #6095] [MERGED] build(deps): bump github/codeql-action from 2.22.5 to 2.22.7
Closed
#5820 [PR #6078] [MERGED] feature: add Landlock support
Closed
#5821 [PR #6083] [MERGED] New profile: tiny-rdm
Closed
#5818 [PR #6073] [MERGED] build(deps): bump github/codeql-action from 2.22.4 to 2.22.5
Closed
#5819 [PR #6075] [MERGED] profiles: freshclam: fix .local include
Closed
#5817 [PR #6074] [MERGED] profiles: clamtk: fix scanning
Closed
#5816 [PR #6072] [MERGED] profiles: discord: allow /usr/share/discord
Closed
#5814 [PR #6067] [MERGED] profiles: lutris: allow more syscalls
Closed
#5815 [PR #6070] [MERGED] build: sort.py: use case-sensitive sorting
Closed
#5812 [PR #6064] [MERGED] profiles: disable-programs: remove duplicated entries
Closed
#5813 [PR #6066] [MERGED] profiles: steam: allow process_vm_readv syscall
Closed
#5811 [PR #6063] [MERGED] profiles: nodejs-common: add support for pnpm
Closed
#5808 [PR #6059] [MERGED] contrib/syntax: remove 'text/plain' from firejail-profile.lang.in
Closed
#5809 [PR #6061] [MERGED] build(deps): bump github/codeql-action from 2.22.3 to 2.22.4
Closed
#5810 [PR #6062] [MERGED] build(deps): bump actions/checkout from 4.1.0 to 4.1.1
Closed
#5807 [PR #6060] [MERGED] profiles: support more msmtp configuration paths
Closed
#5806 [PR #6054] [MERGED] profiles: steam: add ~/.local/share/Baba_Is_You
Closed
#5803 [PR #6051] [MERGED] profiles: disable-common: add more suid programs 2
Closed
#5804 [PR #6053] [MERGED] build(deps): bump github/codeql-action from 2.22.0 to 2.22.3
Closed
#5805 [PR #6049] [MERGED] profiles: disable-common: add more suid programs
Closed
#5802 [PR #6052] [MERGED] profiles: ssmtp: allow (SUID) binary
Closed
#5799 [PR #6039] [MERGED] New profile: termshark
Closed
#5800 [PR #6043] [MERGED] build(deps): bump github/codeql-action from 2.21.9 to 2.22.0
Closed
#5801 [PR #6045] [MERGED] profiles: pavucontrol-qt: disable whitelisting in ${HOME}
Closed
#5798 [PR #6042] [MERGED] build(deps): bump step-security/harden-runner from 2.5.1 to 2.6.0
Closed
#5797 [PR #6040] [MERGED] profiles: tshark: cli hardening
Closed
#5795 [PR #6037] [MERGED] profiles: nicotine: allow sound notifications
Closed
#5796 [PR #6038] [MERGED] profiles: wireshark: allow dumpcap
Closed
#5794 [PR #6036] [MERGED] profiles: nicotine: allow dconf and fix fcitx (dbus)
Closed
#5792 [PR #6029] [MERGED] build(deps): bump github/codeql-action from 2.21.8 to 2.21.9
Closed
#5793 [PR #6030] [MERGED] New profile: floorp
Closed
#5791 [PR #6028] [MERGED] New profile: brz
Closed
#5789 [PR #6027] [MERGED] New profile: lettura
Closed
#5790 [PR #6026] [MERGED] ci: allow running workflows manually
Closed
#5788 [PR #6024] [MERGED] build(deps): bump github/codeql-action from 2.21.7 to 2.21.8
Closed
#5787 [PR #6025] [MERGED] profiles: disable-common: add foot to "bad terminals" section
Closed
#5784 [PR #6021] [MERGED] profiles: replace private-opt with whitelist & document private-opt issues
Closed
#5785 [PR #6022] [CLOSED] profiles: drop private-opt none
Closed
#5786 [PR #6023] [MERGED] build(deps): bump actions/checkout from 4.0.0 to 4.1.0
Closed
#5782 [PR #6019] [MERGED] profiles: fix access to dpkg
Closed
#5783 [PR #6020] [MERGED] profiles: youtubemusic-nativefier: fix .local include name
Closed
#5778 [PR #6012] [MERGED] profiles: steam: add ~/.factorio (Factorio)
Closed
#5780 [PR #6014] [MERGED] build(deps): bump github/codeql-action from 2.21.5 to 2.21.7
Closed
#5781 [PR #6017] [MERGED] profiles: mocp: hardening
Closed
#5779 [PR #6016] [MERGED] profiles: mocp: fix networking in private-etc
Closed
#5777 [PR #6013] [MERGED] New profiles: blender redirect (blender-3.6)
Closed
#5774 [PR #6001] [MERGED] profiles: gwenview: add Trash support
Closed
#5775 [PR #6007] [MERGED] New profile: fluffychat
Closed
#5776 [PR #6009] [MERGED] New profile: tidal-hifi
Closed
#5773 [PR #5996] [MERGED] profiles: refactor log viewers
Closed
#5772 [PR #5998] [MERGED] build(deps): bump actions/checkout from 3.6.0 to 4.0.0
Closed
#5770 [PR #5993] [MERGED] modif: keep pipewire group unless nosound is used
Closed
#5771 [PR #5994] [MERGED] profiles: telegram: allow ~/.local/share/telegram-desktop
Closed
#5769 [PR #5987] [MERGED] profiles: standardize commented code and eol comments
Closed
#5768 [PR #5991] [MERGED] profiles: add missing Arduino paths
Closed
#5767 [PR #5989] [MERGED] profiles: transgui: fix private-etc & harden
Closed
#5764 [PR #5979] [MERGED] build(deps): bump actions/checkout from 3.5.3 to 3.6.0
Closed
#5765 [PR #5984] [MERGED] ci: fix dependabot duplicated workflow runs
Closed
#5766 [PR #5986] [MERGED] profiles: neochat: Allow netlink
Closed
#5762 [PR #5983] [MERGED] build(deps): bump github/codeql-action from 2.21.2 to 2.21.5
Closed
#5763 [PR #5981] [MERGED] profiles: wusc: allow /usr/share/locale-langpack (LC_MESSAGES)
Closed
#5759 [PR #5969] [MERGED] profiles: move ~/.rustup blacklist to disable-programs.inc
Closed
#5760 [PR #5976] [MERGED] bugfix: Fix wrong syscall names for s390_pci_mmio_{read,write}
Closed
#5761 [PR #5978] [MERGED] profiles: discord-common: harden & allow notifications
Closed
#5758 [PR #5970] [MERGED] profiles: fix access to patch
Closed
#5757 [PR #5968] [MERGED] profiles: move fakeroot blacklisting to disable-devel.inc
Closed
#5754 [PR #5957] [MERGED] modif: fcopy: use lstat when copying directory
Closed
#5755 [PR #5960] [MERGED] ci: whitelist paths, reorganize workflows & speed-up tests
Closed
#5756 [PR #5966] [CLOSED] build(deps): bump github/codeql-action from 2.21.3 to 2.21.4
Closed
#5753 [PR #5958] [MERGED] build(deps): bump github/codeql-action from 2.21.2 to 2.21.3
Closed
#5752 [PR #5956] [MERGED] build: add missing makefile dep & syntax improvements
Closed
#5750 [PR #5954] [MERGED] profiles: ani-cli: allow mktemp
Closed
#5751 [PR #5955] [MERGED] build: codespell improvements
Closed
#5749 [PR #5953] [MERGED] ci: update step-security/harden-runner and update allowed endpoints
Closed
#5748 [PR #5950] [CLOSED] profiles: safeguard single line comments
Closed
#5747 [PR #5951] [MERGED] profiles: mpd: allow mpris2 (dbus)
Closed
#5746 [PR #5947] [MERGED] New profile: clac
Closed
#5743 [PR #5943] [MERGED] New profile: journal viewer
Closed
#5744 [PR #5944] [MERGED] profiles: 0ad: include allow-gjs.inc
Closed
#5745 [PR #5946] [MERGED] profiles: improvements to profiles using private
Closed
#5742 [PR #5942] [MERGED] build: firecfg.config sorting improvements
Closed
#5740 [PR #5933] [MERGED] profiles: gramps: add new config directory
Closed
#5741 [PR #5941] [MERGED] profiles: mpv: add XDG_CACHE_HOME & missing paths
Closed
#5738 [PR #5935] [MERGED] New profile: daisy
Closed
#5739 [PR #5936] [CLOSED] profiles: mpv: add new XDG_STATE_HOME path
Closed
#5737 [PR #5934] [MERGED] New profile: reader
Closed
#5735 [PR #5931] [MERGED] build(deps): bump github/codeql-action from 2.21.0 to 2.21.2
Closed
#5736 [PR #5930] [MERGED] build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0
Closed
#5733 [PR #5923] [MERGED] profiles: spotify: dbus and misc hardening
Closed
#5734 [PR #5927] [MERGED] build: fix some shellcheck issues & use config.sh in more scripts
Closed
#5732 [PR #5924] [MERGED] profiles: mov-cli: allow ~/.config/mov-cli
Closed
#5730 [PR #5920] [MERGED] New profile: sniffnet
Closed
#5731 [PR #5922] [MERGED] profiles: audacious: dbus and misc hardening
Closed
#5729 [PR #5918] [MERGED] profiles: fix whitespace & improve misc comments
Closed
#5727 [PR #5917] [CLOSED] profiles: mpv: allow access to dbus system bus
Closed
#5728 [PR #5919] [MERGED] profiles: fixes and cleanups for opening links with firefox
Closed
#5725 [PR #5915] [MERGED] build(deps): bump github/codeql-action from 2.20.4 to 2.21.0
Closed
#5726 [PR #5916] [MERGED] build: dist and asc improvements
Closed
#5724 [PR #5911] [MERGED] build: fix hardcoded make & remove unnecessary distclean targets
Closed
#5722 [PR #5914] [MERGED] profiles: firefox-common: refactor wusc
Closed
#5723 [PR #5913] [MERGED] profiles: thunderbird: dbus hardening
Closed
#5721 [PR #5910] [MERGED] profiles: remove /usr/share/vulkan already whitelisted by wusc
Closed
#5720 [PR #5909] [MERGED] profiles: sqlitebrowser: add ~/.local/share/sqlitebrowser
Closed
#5718 [PR #5905] [MERGED] profiles: fix misc in kmail/transmission-qt & add kontact.profile
Closed
#5719 [PR #5904] [MERGED] build(deps): bump github/codeql-action from 2.20.3 to 2.20.4
Closed
#5717 [PR #5902] [CLOSED] profiles: bleachbit: allow erasing Trash contents
Closed
#5715 [PR #5898] [MERGED] build: simplify code related to seccomp filters/man pages
Closed
#5716 [PR #5900] [MERGED] feature: add doas support in firecfg and jailcheck
Closed
#5714 [PR #5894] [MERGED] modif: drop deprecated 'shell' option references
Closed
#5713 [PR #5893] [MERGED] profiles: feh: fixes & hardening
Closed
#5712 [PR #5892] [MERGED] profiles: ani-cli: fix private-bin
Closed
#5711 [PR #5890] [MERGED] build(deps): bump github/codeql-action from 2.20.1 to 2.20.3
Closed
#5710 [PR #5887] [MERGED] New profile: mullvad-browser
Closed
#5708 [PR #5886] [MERGED] profiles: torbrowser-launcher: hardening
Closed
#5709 [PR #5885] [MERGED] profiles: lobster: allow writing to ~/.local/share/applications
Closed
#5707 [PR #5884] [MERGED] profiles: mov-cli: fix private-etc
Closed
#5706 [PR #5881] [MERGED] New profile: rssguard
Closed
#5703 [PR #5871] [MERGED] modif: improve errExit error messages
Closed
#5704 [PR #5880] [MERGED] profiles: virtualbox: fix private-etc for Gentoo
Closed
#5705 [PR #5876] [MERGED] feature: firecfg: add firecfg.d & add ignore command
Closed
#5702 [PR #5868] [MERGED] build(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1
Closed
#5699 [PR #5864] [MERGED] build: disable all built-in implicit make rules
Closed
#5700 [PR #5866] [MERGED] build: organize and standardize make vars and targets
Closed
#5701 [PR #5867] [MERGED] build(deps): bump github/codeql-action from 2.20.0 to 2.20.1
Closed
#5697 [PR #5860] [MERGED] build(deps): bump github/codeql-action from 2.3.6 to 2.20.0
Closed
#5698 [PR #5865] [MERGED] profiles: vmware improvements and new redirect
Closed
#5696 [PR #5859] [MERGED] build: remove -mretpoline and NO_EXTRA_CFLAGS
Closed
#5693 [PR #5856] [MERGED] modif: Standardize and add missing name/hostname checks
Closed
#5694 [PR #5852] [MERGED] build(deps): bump actions/checkout from 3.5.2 to 3.5.3
Closed
#5695 [PR #5857] [MERGED] ci: standardize apt-get update/install & misc improvements
Closed
#5692 [PR #5853] [CLOSED] build(deps): bump github/codeql-action from 2.3.6 to 2.13.4
Closed
#5689 [PR #5842] [MERGED] build: enable compiler warnings by default
Closed
#5690 [PR #5847] [MERGED] profiles: lobster: sync with upstream changes
Closed
#5691 [PR #5850] [MERGED] contrib/vim: match profile files more broadly
Closed
#5688 [PR #5844] [MERGED] profiles: firefox: fix private-etc
Closed
#5687 [PR #5846] [MERGED] build(deps): bump github/codeql-action from 2.3.5 to 2.3.6
Closed
#5685 [PR #5829] [MERGED] modif: Improve --version/--help & print version on startup
Closed
#5686 [PR #5841] [MERGED] build(deps): bump github/codeql-action from 2.3.3 to 2.3.5
Closed
#5683 [PR #5823] [MERGED] build(deps): bump github/codeql-action from 2.3.2 to 2.3.3
Closed
#5684 [PR #5824] [CLOSED] profiles: mcomix: allow exec in ${HOME}
Closed
#5682 [PR #5826] [MERGED] profiles: block local python
Closed
#5678 [PR #5810] [MERGED] profiles: email-common: fix bogofilter/bsfilter support
Closed
#5679 [PR #5812] [MERGED] docs: add uninstall instructions to README.md
Closed
#5680 [PR #5815] [MERGED] ci: run for every branch instead of just master
Closed
#5681 [PR #5822] [MERGED] build(deps): bump step-security/harden-runner from 2.3.1 to 2.4.0
Closed
#5677 [PR #5811] [MERGED] build(deps): bump github/codeql-action from 2.3.0 to 2.3.2
Closed
#5676 [PR #5808] [MERGED] profiles: qutebrowser: update mpris name for qutebrowser-qt6
Closed
#5674 [PR #5805] [MERGED] profiles: element-desktop: allow notifications
Closed
#5675 [PR #5806] [MERGED] bugfix: arp.c: ensure positive timeout on select(2)
Closed
#5672 [PR #5802] [MERGED] ci: formatting and misc improvements
Closed
#5673 [PR #5801] [MERGED] build(deps): bump step-security/harden-runner from 2.3.0 to 2.3.1
Closed
#5668 [PR #5795] [MERGED] ci: fix swapped name/email arguments in debian_ci
Closed
#5669 [PR #5789] [MERGED] build(deps): bump actions/checkout from 3.5.0 to 3.5.2
Closed
#5670 [PR #5799] [MERGED] profiles: pycharm-professional: fix .local include name
Closed
#5671 [PR #5800] [MERGED] build(deps): bump github/codeql-action from 2.2.12 to 2.3.0
Closed
#5667 [PR #5794] [MERGED] profiles: standardize on just "GTK" on comments
Closed
#5664 [PR #5784] [MERGED] ci: split configure/build/install commands on gitlab
Closed
#5665 [PR #5782] [MERGED] build(deps): bump step-security/harden-runner from 2.2.1 to 2.3.0
Closed
#5666 [PR #5788] [MERGED] build(deps): bump github/codeql-action from 2.2.11 to 2.2.12
Closed
#5663 [PR #5783] [MERGED] ci: fix codeql unable to download its own bundle
Closed
#5662 [PR #5781] [MERGED] build(deps): bump github/codeql-action from 2.2.9 to 2.2.11
Closed
#5660 [PR #5777] [MERGED] profiles: softmaker-common: add fstab to private-etc
Closed
#5661 [PR #5780] [MERGED] New profile: url-eater
Closed
#5658 [PR #5768] [MERGED] profiles: standardnotes-desktop: fix custom (cursor) theme support
Closed
#5659 [PR #5776] [MERGED] build(deps): bump github/codeql-action from 2.2.7 to 2.2.9
Closed
#5657 [PR #5770] [MERGED] profiles: pidgin: allow netlink
Closed
#5655 [PR #5761] [MERGED] New profile: standard-notes
Closed
#5656 [PR #5763] [MERGED] profiles: move read-only config entries to disable-common.inc
Closed
#5654 [PR #5760] [MERGED] build(deps): bump actions/checkout from 3.4.0 to 3.5.0
Closed
#5652 [PR #5759] [CLOSED] build(deps): bump github/codeql-action from 2.2.7 to 2.2.8
Closed
#5653 [PR #5757] [MERGED] docs: markdown formatting and misc improvements
Closed
#5650 [PR #5752] [CLOSED] profiles: ssh-agent: add deterministic-shutdown
Closed
#5651 [PR #5755] [MERGED] profiles: allow lxqt config dir
Closed
#5648 [PR #5742] [MERGED] ci: always update the package db before installing packages
Closed
#5649 [PR #5753] [CLOSED] profiles: ssh-agent: hardening
Closed
#5647 [PR #5744] [MERGED] profiles: keepassxc: allow offering the Secret Service
Closed
#5646 [PR #5741] [MERGED] util.c: add and use ascii-only char functions
Closed
#5645 [PR #5740] [MERGED] build(deps): bump actions/checkout from 3.3.0 to 3.4.0
Closed
#5643 [PR #5737] [MERGED] fs_etc.c: conditionally create /etc/resolv.conf
Closed
#5644 [PR #5739] [MERGED] build(deps): bump github/codeql-action from 2.2.6 to 2.2.7
Closed
#5642 [PR #5736] [MERGED] profiles: file-roller: slight hardening
Closed
#5641 [PR #5735] [MERGED] profiles: streamline seccomp socket comment
Closed
#5639 [PR #5732] [MERGED] build: add missing HAVE_PRIVATE_LIB var
Closed
#5640 [PR #5734] [MERGED] profiles: engrampa: hardening
Closed
#5638 [PR #5733] [MERGED] profiles: ani-cli: fix private-bin
Closed
#5637 [PR #5731] [MERGED] build(deps): bump github/codeql-action from 2.2.5 to 2.2.6
Closed
#5636 [PR #5730] [MERGED] build(deps): bump step-security/harden-runner from 2.2.0 to 2.2.1
Closed
#5633 [PR #5719] [MERGED] profiles: email-common: allow clamav
Closed
#5634 [PR #5722] [MERGED] profiles: youtube-viewers: refactor and add gtk-youtube-viewers-common
Closed
#5635 [PR #5729] [MERGED] New profiles: discord redirects (DiscordPTB, discord-ptb)
Closed
#5632 [PR #5728] [MERGED] profiles: refactor chromium/electron into blink-common
Closed
#5630 [PR #5717] [MERGED] bugfix: fix examples in firejail-local AppArmor profile
Closed
#5631 [PR #5718] [MERGED] profiles: email-common: allow bsfilter
Closed
#5628 [PR #5714] [MERGED] New profile: porn-cli
Closed
#5629 [PR #5715] [MERGED] profiles: refactor youtube-dl and yt-dlp
Closed
#5627 [PR #5711] [MERGED] profiles: mpv: improve and clarify comments
Closed
#5626 [PR #5710] [MERGED] New profile: mov-cli
Closed
#5623 [PR #5706] [MERGED] New profile: lobster
Closed
#5624 [PR #5705] [MERGED] profiles: gajim: allow loading plugins
Closed
#5625 [PR #5708] [MERGED] modif: Forbid control chars in names and restrict hostname
Closed
#5622 [PR #5707] [MERGED] New profile: ani-cli
Closed
#5620 [PR #5700] [MERGED] profiles: bulk rename electron to electron-common
Closed
#5621 [PR #5702] [MERGED] profiles: drop hostname option from all profiles
Closed
#5618 [PR #5695] [MERGED] profiles: rsync-download_only: fix .local include name
Closed
#5619 [PR #5693] [MERGED] docs: RELNOTES: fix typo
Closed
#5617 [PR #5697] [MERGED] profiles: microsoft-edge: fixes, hardening and redirect
Closed
#5615 [PR #5690] [MERGED] build(deps): bump github/codeql-action from 2.2.4 to 2.2.5
Closed
#5616 [PR #5691] [MERGED] New profiles: jami and postman
Closed
#5613 [PR #5682] [MERGED] profiles: parsecd: sort misc
Closed
#5614 [PR #5689] [MERGED] build(deps): bump step-security/harden-runner from 2.1.0 to 2.2.0
Closed
#5612 [PR #5686] [MERGED] profiles: clarify userns comments
Closed
#5609 [PR #5674] [MERGED] build: Fix whitespace and add .editorconfig
Closed
#5610 [PR #5677] [MERGED] feature: Print the argument when failing with "too long arguments"
Closed
#5611 [PR #5681] [MERGED] profiles: iagno: sort whitelist
Closed
#5608 [PR #5675] [MERGED] New profiles: qpdf and redirects
Closed
#5607 [PR #5671] [MERGED] profiles: apostrophe: drop whitelist covered by wusc
Closed
#5606 [PR #5669] [MERGED] profiles: disable-common.inc: add systemd v253 blacklists
Closed
#5605 [PR #5668] [MERGED] build: deb: enable apparmor by default & remove deb-apparmor
Closed
#5603 [PR #5667] [MERGED] legal: selinux.c: Split Copyright notice & use same license as upstream
Closed
#5604 [PR #5665] [MERGED] profiles: foliate: fix .local include name
Closed
#5602 [PR #5666] [MERGED] profiles: wusc: allow /usr/share/hyphen
Closed
#5601 [PR #5664] [MERGED] Update copyright to 2023
Closed
#5598 [PR #5660] [MERGED] profiles: transmission-cli: allow web client
Closed
#5599 [PR #5663] [MERGED] profiles: disable-common: prevent access to LUKS keyfile
Closed
#5600 [PR #5661] [MERGED] build(deps): bump github/codeql-action from 2.2.1 to 2.2.4
Closed
#5597 [PR #5657] [CLOSED] New profiles: lz4 and redirects
Closed
#5595 [PR #5656] [MERGED] profiles: archiver-common: add mkinitcpio to private-etc
Closed
#5594 [PR #5654] [MERGED] build: mkdeb.sh: pass all arguments to ./configure
Closed
#5596 [PR #5655] [MERGED] profiles: archivers: drop private-etc now that it's in archiver-common
Closed
#5592 [PR #5653] [MERGED] profiles: blacklist sendgmail config
Closed
#5593 [PR #5651] [CLOSED] profiles: gnome-logs: fix missing machine-id in private-etc
Closed
#5590 [PR #5648] [MERGED] profiles: misc changes and self-ref fixes in ghostwriter/peek
Closed
#5591 [PR #5649] [MERGED] profiles: qutebrowser: allow userscripts by default
Closed
#5588 [PR #5646] [MERGED] New profile: parsecd
Closed
#5587 [PR #5643] [MERGED] profiles: whois: re-fix private-etc
Closed
#5583 [PR #5635] [MERGED] profiles: disable-common.inc: add more ro editor/browser paths
Closed
#5584 [PR #5637] [MERGED] build: mark most phony targets as such
Closed
#5585 [PR #5641] [MERGED] profiles: private-etc fixes
Closed
#5586 [PR #5642] [MERGED] profiles: ephemeral: use new private-etc @groups syntax
Closed
#5582 [PR #5638] [MERGED] etc_groups.h: sort groups alphabetically
Closed
#5578 [PR #5630] [MERGED] profiles: warzone2100: add paths for Arch Linux
Closed
#5580 [PR #5631] [MERGED] profiles: inkscape: harden & allow saving settings via dbus
Closed
#5581 [PR #5634] [MERGED] feature: add "keep-shell-rc" command and option
Closed
#5579 [PR #5633] [MERGED] build(deps): bump github/codeql-action from 2.1.39 to 2.2.1
Closed
#5577 [PR #5629] [MERGED] profiles: atool: fix private-etc (add missing resolv.conf)
Closed
#5574 [PR #5618] [MERGED] profiles: qutebrowser: fix links not opening in the existing instance
Closed
#5575 [PR #5627] [MERGED] build: auto-generate syntax files
Closed
#5576 [PR #5626] [MERGED] profiles: mutt: add ~/.mutthistory & reduce amount of paths created
Closed
#5573 [PR #5614] [MERGED] build(deps): bump github/codeql-action from 2.1.38 to 2.1.39
Closed
#5572 [PR #5624] [MERGED] profiles: qutebrowser: add passwd to private-etc
Closed
#5571 [PR #5613] [MERGED] modif: Escape control characters of the command line
Closed
#5570 [PR #5609] [MERGED] profiles: fix private-etc (add missing resolv.conf)
Closed
#5567 [PR #5600] [MERGED] modif: Stop forwarding own double-dash to the shell
Closed
#5568 [PR #5604] [CLOSED] profiles: abiword: remove no3d to fix libEGL warning
Closed
#5569 [PR #5602] [MERGED] profiles: profanity: fix notifications (dbus)
Closed
#5565 [PR #5595] [MERGED] Rename etc-no-blacklisted to etc-hide-blacklisted
Closed
#5566 [PR #5596] [MERGED] profiles: zoom: whitelist ~/.config/zoom.conf
Closed
#5564 [PR #5594] [MERGED] profiles: email-common: allow timezone to fix libical
Closed
#5562 [PR #5593] [MERGED] build(deps): bump github/codeql-action from 2.1.37 to 2.1.38
Closed
#5563 [PR #5592] [MERGED] build(deps): bump step-security/harden-runner from 2.0.0 to 2.1.0
Closed
#5559 [PR #5586] [MERGED] docs: Remove invalid --profile-path from --help
Closed
#5560 [PR #5589] [MERGED] docs: remove apparmor options in --help when building without apparmor support
Closed
#5561 [PR #5591] [MERGED] modif: stop hiding blacklisted files in /etc by default and add a new etc-no-blacklisted option
Closed
#5558 [PR #5579] [CLOSED] profiles: ssh: allow ~/.ansible/cp
Closed
#5557 [PR #5583] [MERGED] profiles: QMediathekView: harden
Closed
#5556 [PR #5578] [MERGED] modif: Prevent sandbox name from containing only digits
Closed
#5553 [PR #5573] [CLOSED] profiles: vlc: disable apparmor
Closed
#5554 [PR #5577] [MERGED] build: make shell commands more portable in firejail.vim
Closed
#5555 [PR #5576] [MERGED] build(deps): bump actions/checkout from 3.2.0 to 3.3.0
Closed
#5552 [PR #5574] [CLOSED] feature: add fireurl
Closed
#5548 [PR #5569] [MERGED] profiles: electron: fix hardening include/comment
Closed
#5550 [PR #5564] [MERGED] profiles: email: allow pinentry and opening links in Firefox via dbus
Closed
#5551 [PR #5571] [MERGED] profiles: email-common: refactor
Closed
#5549 [PR #5567] [MERGED] profiles: ytmdesktop: fix typo in comment
Closed
#5547 [PR #5565] [MERGED] profiles: geary: allow opening hyperlinks via dbus
Closed
#5546 [PR #5563] [MERGED] New profiles: linuxqq/qq
Closed
#5545 [PR #5557] [MERGED] window manager profiles: fix browser/electron internal sandboxes
Closed
#5542 [PR #5553] [MERGED] profiles: blacklist google-drive-ocamlfuse config
Closed
#5543 [PR #5554] [MERGED] docs: Fix broken Restrict-DBus wiki link on profile.template
Closed
#5544 [PR #5556] [MERGED] New profile: chatterino
Closed
#5538 [PR #5548] [MERGED] profiles: clarify that duplicated blacklisting of /proc/config.gz is intentional
Closed
#5539 [PR #5549] [MERGED] gpg-agent: sort private-bin (even though it's commented)
Closed
#5540 [PR #5550] [MERGED] gpg: fix private-bin
Closed
#5541 [PR #5551] [CLOSED] Add new (redirect) profile: dirmngr
Closed
#5537 [PR #5547] [MERGED] Revert "remove make deb and use make deb-apparmor to build packages"
Closed
#5536 [PR #5546] [MERGED] spectre-meltdown-checker: fixes
Closed
#5533 [PR #5543] [MERGED] seahorse refactoring
Closed
#5534 [PR #5541] [MERGED] Fix mDNS name resolution with wrc
Closed
#5535 [PR #5544] [MERGED] New profile: ssmtp
Closed
#5532 [PR #5542] [MERGED] disable-common.inc: add gnome-console to disabled terminals
Closed
#5530 [PR #5538] [MERGED] audacity: support more config locations
Closed
#5529 [PR #5537] [MERGED] add restrict-namespaces to (almost) all applicable profiles
Closed
#5531 [PR #5540] [MERGED] audacity: networking updates
Closed
#5528 [PR #5536] [MERGED] build(deps): bump github/codeql-action from 2.1.36 to 2.1.37
Closed
#5527 [PR #5535] [MERGED] build(deps): bump actions/checkout from 3.1.0 to 3.2.0
Closed
#5524 [PR #5522] [MERGED] Avidemux tools support
Closed
#5525 [PR #5527] [MERGED] profiles: Add support for Qt6
Closed
#5526 [PR #5526] [MERGED] qutebrowser: fix whitelisting for wusc
Closed
#5522 [PR #5523] [MERGED] build(deps): bump github/codeql-action from 2.1.35 to 2.1.36
Closed
#5523 [PR #5521] [MERGED] clipit hardening
Closed
#5521 [PR #5517] [MERGED] private-etc: always reference 'alternatives'
Closed
#5519 [PR #5502] [MERGED] Add basic gtksourceview language-spec (file type detection/syntax highlighting for profiles)
Closed
#5520 [PR #5516] [MERGED] New profile: tesseract
Closed
#5518 [PR #5504] [MERGED] build: actually set LDFLAGS/LIBS & stop overriding CFLAGS/LDFLAGS
Closed
#5517 [PR #5506] [MERGED] build(deps): bump github/codeql-action from 2.1.31 to 2.1.35
Closed
#5514 [PR #5497] [MERGED] firefox-common-addons: fix whitelisting in ${RUNUSER}
Closed
#5516 [PR #5498] [MERGED] spotify.profile: allow spotify-adblock paths
Closed
#5515 [PR #5496] [MERGED] kcalc.profile: fix mkfile without mkdir & comment legacy paths
Closed
#5512 [PR #5493] [MERGED] docs: add more Firefox examples to the firejail-local AppArmor profile
Closed
#5513 [PR #5488] [MERGED] build: fix formatting and misc in configure
Closed
#5511 [PR #5486] [MERGED] firefox-common.profile: Add DRM support when using psd
Closed
#5509 [PR #5481] [MERGED] ci: sort and ignore more paths
Closed
#5510 [PR #5485] [MERGED] ci: whitelist needed endpoints and block access to sudo
Closed
#5508 [PR #5484] [MERGED] profiles: email-common: add localtime to private-etc
Closed
#5507 [PR #5478] [MERGED] build: deduplicate makefiles
Closed
#5506 [PR #5476] [MERGED] fix: PyCharm profiles
Closed
#5505 [PR #5475] [MERGED] Add --apparmor-replace (workaround for apparmor profile stacking bug)
Closed
#5504 [PR #5467] [MERGED] Add support for cinelerra-gg
Closed
#5502 [PR #5464] [MERGED] profiles: deluge: add netlink to list of allowed protocols
Closed
#5503 [PR #5473] [MERGED] build(deps): bump step-security/harden-runner from 1.5.0 to 2.0.0
Closed
#5499 [PR #5458] [MERGED] build(deps): bump github/codeql-action from 2.1.29 to 2.1.31
Closed
#5500 [PR #5457] [CLOSED] firefox-common.profile: allow semtimedop syscall
Closed
#5501 [PR #5459] [MERGED] Add python3 support/fixes to nicotine
Closed
#5497 [PR #5456] [MERGED] Add godot3 redirect
Closed
#5498 [PR #5454] [CLOSED] profiles: keepassxc: allow access to the wayland socket
Closed
#5494 [PR #5446] [CLOSED] firejail/checkcfg: fix xephyr-extra-params size
Closed
#5495 [PR #5452] [CLOSED] profiles: keepassxc: add new socket location
Closed
#5496 [PR #5453] [CLOSED] profiles: keepassxc: whitelist ~/.config/keepassxc
Closed
#5492 [PR #5451] [MERGED] docs: clarify that --appimage should appear before --profile
Closed
#5493 [PR #5449] [MERGED] lutris.profile: fix running League of Legends
Closed
#5491 [PR #5443] [MERGED] build(deps): bump github/codeql-action from 2.1.28 to 2.1.29
Closed
#5490 [PR #5442] [MERGED] profiles: fixes for brave/evince/whalebird
Closed
#5487 [PR #5431] [MERGED] build: Fix musl warnings
Closed
#5488 [PR #5432] [MERGED] build(deps): bump github/codeql-action from 2.1.27 to 2.1.28
Closed
#5489 [PR #5439] [MERGED] [StepSecurity] ci: Harden GitHub Actions
Closed
#5485 [PR #5408] [MERGED] build(deps): bump github/codeql-action from 2.1.26 to 2.1.27
Closed
#5486 [PR #5429] [MERGED] build: sort.py improvements
Closed
#5483 [PR #5409] [MERGED] build(deps): bump actions/checkout from 3.0.2 to 3.1.0
Closed
#5484 [PR #5415] [MERGED] ktorrent.profile: fix mkfile without mkdir & comment legacy paths
Closed
#5482 [PR #5402] [MERGED] docs: Make appimage examples consistent with --appimage option short description
Closed
#5480 [PR #5399] [CLOSED] mpv: whitelist mpv-mpris in lib64
Closed
#5481 [PR #5400] [MERGED] Revert "mpv: whitelist mpv-mpris (#5386)"
Closed
#5479 [PR #5389] [MERGED] Harden qutebrowser profile
Closed
#5478 [PR #5394] [MERGED] build(deps): bump github/codeql-action from 2.1.25 to 2.1.26
Closed
#5477 [PR #5398] [MERGED] docs: Add gist note to bug_report.md
Closed
#5475 [PR #5387] [MERGED] profiles: blacklist sudo/doas paths in /etc
Closed
#5473 [PR #5382] [MERGED] build(deps): bump github/codeql-action from 2.1.24 to 2.1.25
Closed
#5474 [PR #5380] [CLOSED] profiles: firefox: allow owning org.mozilla.firefox_esr.*
Closed
#5472 [PR #5386] [MERGED] mpv: whitelist mpv-mpris
Closed
#5470 [PR #5376] [MERGED] .git-blame-ignore-revs: change format and add Landlock v1
Closed
#5471 [PR #5377] [MERGED] RELNOTES: dedup/reword/sort/add
Closed
#5469 [PR #5371] [MERGED] profiles: allow perl/exiftool on the relevant profiles
Closed
#5467 [PR #5374] [MERGED] profiles: arduino: allow devel paths
Closed
#5468 [PR #5375] [MERGED] build(deps): bump github/codeql-action from 2.1.22 to 2.1.24
Closed
#5465 [PR #5369] [CLOSED] [ignore] Test sort.py collate
Closed
#5466 [PR #5370] [MERGED] build: Remove deprecated syntax and modernize shell test scripts
Closed
#5463 [PR #5368] [MERGED] profiles: discord: fix issues with command-line usage
Closed
#5464 [PR #5362] [MERGED] build(deps): bump github/codeql-action from 2.1.21 to 2.1.22
Closed
#5462 [PR #5366] [MERGED] docs: man: Note that some commands can be disabled in firejail.config
Closed
#5459 [PR #5357] [MERGED] build: only install ids.config when --enable-ids is set
Closed
#5460 [PR #5360] [MERGED] profiles: firefox-common: streamline dbus filtering
Closed
#5461 [PR #5361] [MERGED] docs: Add IRC channel info to README.md
Closed
#5457 [PR #5355] [MERGED] Add profile for chafa
Closed
#5458 [PR #5359] [CLOSED] docs: fix spacing & typo in Landlock section of README.md
Closed
#5454 [PR #5349] [MERGED] docs: Typo fixes
Closed
#5455 [PR #5353] [MERGED] Make /etc/ssh/ssh_config.d visible for ssh
Closed
#5456 [PR #5352] [MERGED] fix opening links in firefox youtube-viewers-common.profile
Closed
#5453 [PR #5348] [MERGED] Fix Firefox 'Profile not found' for psd (v6.45)
Closed
#5452 [PR #5347] [MERGED] Revert "Add Landlock support to Firejail"
Closed
#5450 [PR #5344] [MERGED] docs: note that blacklist/whitelist follow symlinks
Closed
#5451 [PR #5345] [MERGED] build(deps): bump github/codeql-action from 2.1.19 to 2.1.21
Closed
#5448 [PR #5331] [MERGED] lbry-viewer.profile create
Closed
#5449 [PR #5343] [CLOSED] profiles: firefox-common: enable tracelog
Closed
#5447 [PR #5334] [MERGED] build(deps): bump github/codeql-action from 2.1.18 to 2.1.19
Closed
#5445 [PR #5325] [MERGED] profiles: tutanota-desktop: fixes and improvements
Closed
#5446 [PR #5330] [MERGED] tuir.profile creation
Closed
#5443 [PR #5322] [MERGED] man.profile needs additional private-etc items on arch
Closed
#5444 [PR #5323] [MERGED] profiles: steam: fix seccomp breakage with newer Proton-GE (process_vm_readv)
Closed
#5442 [PR #5317] [MERGED] Fix an AppArmor profile denial issue with ptrace reading and signals
Closed
#5439 [PR #5304] [CLOSED] profiles: clarify userns comments & fix comment on electron.profile
Closed
#5440 [PR #5310] [MERGED] build: add and use TARNAME instead of NAME for paths
Closed
#5441 [PR #5315] [MERGED] Add Landlock support to Firejail
Closed
#5437 [PR #5309] [MERGED] microsoft-edge.profile rewritten for stable channel and moved microsoft-edge{,-beta,-dev} from private-opt to whitelist
Closed
#5438 [PR #5305] [CLOSED] profiles: rename email-common to claws-sylpheed-common
Closed
#5434 [PR #5300] [MERGED] audacity: disable apparmor
Closed
#5435 [PR #5301] [MERGED] build(deps): bump github/codeql-action from 2.1.17 to 2.1.18
Closed
#5436 [PR #5302] [MERGED] makedeb profile creation
Closed
#5433 [PR #5298] [MERGED] electron-mail.profile refactoring
Closed
#5432 [PR #5299] [MERGED] makepkg: add description
Closed
#5430 [PR #5290] [MERGED] docs: mention risk of SUID binaries and also firejail-users(5)
Closed
#5431 [PR #5296] [MERGED] docs: set vim filetype on man pages for syntax highlighting
Closed
#5429 [PR #5289] [MERGED] new profile: gdu
Closed
#5427 [PR #5284] [MERGED] build: config.sh.in: quote variables and fix shellcheck issues
Closed
#5428 [PR #5285] [MERGED] vmware.profile: snapshot requires /etc/mtab
Closed
#5426 [PR #5283] [MERGED] build: Add files make uninstall forgot to remove
Closed
#5424 [PR #5278] [MERGED] neomutt: Avoid creating empty files/directories
Closed
#5425 [PR #5282] [MERGED] build(deps): bump github/codeql-action from 2.1.16 to 2.1.17
Closed
#5423 [PR #5274] [MERGED] Add support for custom AppArmor profiles (--apparmor=)
Closed
#5422 [PR #5275] [MERGED] ci: bump ubuntu to 22.04 and use newer compilers / analyzers
Closed
#5421 [PR #5271] [MERGED] improve force-nonewprivs security guarantees
Closed
#5418 [PR #5259] [MERGED] introduce new option restrict-namespaces
Closed
#5419 [PR #5253] [MERGED] remmina.profile: allow python3
Closed
#5420 [PR #5270] [MERGED] viewnior.profile: allow accessing /usr/share/viewnior
Closed
#5417 [PR #5254] [MERGED] build(deps): bump github/codeql-action from 2.1.15 to 2.1.16
Closed
#5415 [PR #5249] [MERGED] ci: ignore git-related paths and the project license
Closed
#5416 [PR #5251] [MERGED] build: add autoconf auto-generation comment to input files
Closed
#5413 [PR #5247] [MERGED] RELNOTES: add build items (plus commands)
Closed
#5414 [PR #5248] [MERGED] build: add dist build directory to .gitignore
Closed
#5412 [PR #5242] [MERGED] Warn when encountering EIO during remount
Closed
#5410 [PR #5237] [MERGED] add Colossal Order to steam.profile
Closed
#5411 [PR #5238] [MERGED] aria2c.profile: allow access to ~/.cache/winetricks
Closed
#5408 [PR #5223] [MERGED] profiles: steam: add path for Paradox Interactive Launcher
Closed
#5409 [PR #5231] [MERGED] build(deps): bump github/codeql-action from 2.1.14 to 2.1.15
Closed
#5407 [PR #5224] [MERGED] build(deps): bump github/codeql-action from 2.1.12 to 2.1.14
Closed
#5404 [PR #5209] [MERGED] Remove shell none from profiles
Closed
#5405 [PR #5216] [MERGED] test/fs: enable private-lib in firejail.config
Closed
#5406 [PR #5219] [MERGED] build: reduce autoconf input files from 32 to 2
Closed
#5402 [PR #5213] [MERGED] Transmission fixes: drop private-lib
Closed
#5403 [PR #5206] [MERGED] build: fix file mode of shell scripts (644 -> 755)
Closed
#5399 [PR #5184] [MERGED] RELNOTES: add new and removed profiles
Closed
#5401 [PR #5203] [MERGED] fix artha and add dbus-user filtering
Closed
#5398 [PR #5189] [MERGED] docs: fix typo in firejail-welcome.sh
Closed
#5397 [PR #5187] [CLOSED] profiles: steam: add path for Paradox Interactive Launcher
Closed
#5396 [PR #5182] [MERGED] Revert "Makefile.in: stop running distclean on dist"
Closed
#5394 [PR #5175] [MERGED] Add comment for enabling D-Bus desktop notifications to transmission-{gtk,qt}
Closed
#5395 [PR #5177] [MERGED] build(deps): bump github/codeql-action from 2.1.11 to 2.1.12
Closed
#5392 [PR #5174] [MERGED] Revert "I am preparing a point release for next week, fixes and small…
Closed
#5393 [PR #5176] [MERGED] mkdeb.sh.in: stop enabling apparmor
Closed
#5391 [PR #5172] [MERGED] disable-shell.inc: add global shell paths from ids.config
Closed
#5390 [PR #5170] [MERGED] ids.config: add missing global shell paths
Closed
#5388 [PR #5163] [MERGED] build(deps): bump github/codeql-action from 2.1.10 to 2.1.11
Closed
#5389 [PR #5167] [MERGED] profiles: move blacklist of /etc/profile.d & blacklist /etc/profile
Closed
#5387 [PR #5165] [MERGED] minor fixes for git.profile
Closed
#5385 [PR #5159] [MERGED] Kate fixes
Closed
#5386 [PR #5161] [CLOSED] Update transmission profile for DBus notifications
Closed
#5382 [PR #5154] [MERGED] mkdeb.sh.in: pass remaining arguments to ./configure
Closed
#5383 [PR #5158] [MERGED] seamonkey.profile: support enigmail/gpg
Closed
#5384 [PR #5152] [MERGED] updates for wget2
Closed
#5380 [PR #5147] [MERGED] ci: fix --version not printing compile-time features
Closed
#5381 [PR #5148] [MERGED] ci: print version after install & fix apparmor support on build_apparmor
Closed
#5378 [PR #5141] [MERGED] nvim: add XDG_STATE_HOME path
Closed
#5379 [PR #5144] [MERGED] build(deps): bump github/codeql-action from 2.1.9 to 2.1.10
Closed
#5377 [PR #5142] [MERGED] Makefile.in: stop running distclean on dist
Closed
#5376 [PR #5140] [MERGED] build: deduplicate configure-time vars into new config files
Closed
#5373 [PR #5134] [MERGED] fzenity: fix dead store
Closed
#5374 [PR #5133] [MERGED] configure*: remove ultimately unused INSTALL and RANLIB check macros
Closed
#5372 [PR #5132] [MERGED] NixOS fix OpenGL app support
Closed
#5371 [PR #5131] [MERGED] Whitelist for NixOS to resolve binary paths in user environment
Closed
#5370 [PR #5129] [MERGED] Prevent empty /usr/share in google-chrome profiles
Closed
#5368 [PR #5128] [MERGED] build(deps): bump github/codeql-action from 2.1.8 to 2.1.9
Closed
#5369 [PR #5121] [MERGED] hostnames.c: fix mismatched dealloc (fclose -> pclose)
Closed
#5367 [PR #5119] [MERGED] build(deps): bump actions/checkout from 3.0.1 to 3.0.2
Closed
#5364 [PR #5102] [MERGED] build(deps): bump github/codeql-action from 2.1.6 to 2.1.8
Closed
#5365 [PR #5114] [MERGED] Stop warning on safe supplementary group clean
Closed
#5366 [PR #5115] [MERGED] Whitelist electron-flags.conf for all versions of electron
Closed
#5363 [PR #5097] [MERGED] steam: add HotLine Miami
Closed
#5362 [PR #5108] [MERGED] build(deps): bump actions/checkout from 3.0.0 to 3.0.1
Closed
#5360 [PR #5090] [MERGED] build(deps): bump github/codeql-action from 1.1.5 to 2.1.6
Closed
#5361 [PR #5093] [MERGED] more snap blacklisting
Closed
#5358 [PR #5088] [MERGED] Allow resolution of .local names with avahi-daemon in the apparmor profile
Closed
#5359 [PR #5092] [MERGED] harden vlc
Closed
#5357 [PR #5087] [MERGED] teams: drop doubled option
Closed
#5353 [PR #5072] [MERGED] Fix Hugin profile.
Closed
#5355 [PR #5078] [MERGED] docs: mention capabilities(7) on --caps
Closed
#5356 [PR #5084] [MERGED] man: typo fixes
Closed
#5352 [PR #5071] [MERGED] profiles: blacklist and make ~/Applications dir read-only
Closed
#5354 [PR #5077] [MERGED] disable-common.inc: make ~/.config/pkcs11 read-only
Closed
#5351 [PR #5069] [CLOSED] whitelist-common.inc: remove redundant read-only entries
Closed
#5349 [PR #5058] [MERGED] Node.js stack refactoring
Closed
#5350 [PR #5066] [MERGED] megaglest.profile: Add allow-lua.inc
Closed
#5348 [PR #5060] [MERGED] build(deps): bump github/codeql-action from 1.1.4 to 1.1.5
Closed
#5347 [PR #5061] [MERGED] ping: (extra) hardening
Closed
#5346 [PR #5056] [MERGED] ocenaudio hardening
Closed
#5345 [PR #5054] [MERGED] cmake: fix local override & wusc
Closed
#5343 [PR #5051] [CLOSED] [WIP] Node.js refactoring - again
Closed
#5344 [PR #5052] [MERGED] docs: mention inconsistent homedir bug involving --private=dir
Closed
#5342 [PR #5053] [MERGED] pip: fixes
Closed
#5341 [PR #5044] [MERGED] Bump github/codeql-action from 1.1.3 to 1.1.4
Closed
#5339 [PR #5041] [MERGED] opera fixes
Closed
#5340 [PR #5043] [MERGED] man: mention that the protocol command accumulates
Closed
#5337 [PR #5040] [MERGED] minor cleanups, no functional changes
Closed
#5338 [PR #5042] [MERGED] mupdf refactoring cfr. https://github.com/netblue30/firejail/discussions/4993
Closed
#5335 [PR #5028] [MERGED] gcov: fix gcov functions always declared as dummy
Closed
#5336 [PR #5029] [MERGED] steam.profile: allow "${HOME}/.prey"
Closed
#5333 [PR #5020] [MERGED] Bump actions/checkout from 2.4.0 to 3
Closed
#5334 [PR #5026] [MERGED] profiles: fix whitelisting in electron apps
Closed
#5332 [PR #5017] [MERGED] Fix newest Steam client and Proton ≥ 5.13
Closed
#5331 [PR #5013] [MERGED] Blacklist scala devel stuff
Closed
#5329 [PR #5009] [MERGED] drop redundant ignore in chromium-based browsers
Closed
#5330 [PR #5007] [MERGED] whitelist /usr/share/gnupg2 for consistency
Closed
#5328 [PR #5005] [MERGED] man: drop redundant whitelisting handled by wusc
Closed
#5327 [PR #5003] [MERGED] fix sylpheed
Closed
#5325 [PR #5001] [MERGED] add opera-developer.profile
Closed
#5326 [PR #5002] [MERGED] more fixes for opera-beta
Closed
#5323 [PR #4992] [MERGED] geary fixes
Closed
#5324 [PR #4999] [MERGED] opera fixes/hardening
Closed
#5322 [PR #4990] [MERGED] Add ability to disable user profiles at compile time
Closed
#5318 [PR #4981] [CLOSED] ffplay: fix private-etc
Closed
#5319 [PR #4985] [MERGED] whitelist restructuring
Closed
#5320 [PR #4979] [CLOSED] [firejail] Add ability to disable user profiles at compile time. OMP#…
Closed
#5321 [PR #4989] [MERGED] Bump github/codeql-action from 1.1.2 to 1.1.3
Closed
#5317 [PR #4977] [MERGED] fix globals.local in mupdf & redirects
Closed
#5316 [PR #4976] [MERGED] gconf-editor fix
Closed
#5314 [PR #4964] [MERGED] qbittorrent.profile: fix data directory location
Closed
#5315 [PR #4970] [MERGED] hardening zeal.profile
Closed
#5313 [PR #4966] [MERGED] Add support for changing appearance of the Qt6 apps with qt6ct
Closed
#5312 [PR #4967] [MERGED] Bump github/codeql-action from 1.1.0 to 1.1.2
Closed
#5309 [PR #4957] [MERGED] add onionshare redirects
Closed
#5310 [PR #4959] [MERGED] hardening onionshare-gui.profile
Closed
#5311 [PR #4963] [MERGED] wireshark.profile: Add dac_read_search to caps.keep
Closed
#5308 [PR #4958] [MERGED] profiles: wireshark: disable private-dev
Closed
#5307 [PR #4950] [MERGED] man.profile: remove read-only tmp to fix mandoc
Closed
#5305 [PR #4946] [MERGED] firejail.config: add warning about allow-tray
Closed
#5306 [PR #4948] [MERGED] Improve dino.profile.
Closed
#5304 [PR #4934] [CLOSED] WIP: README.md: Update project page
Closed
#5303 [PR #4933] [MERGED] Disable/comment message about nogroups being ignored
Closed
#5302 [PR #4943] [MERGED] Bump github/codeql-action from 1.0.31 to 1.1.0
Closed
#5298 [PR #4916] [MERGED] Refer to firejail.config in configuration files
Closed
#5299 [PR #4918] [MERGED] testing: fix expect matching of numbers
Closed
#5300 [PR #4919] [MERGED] Fix iridium.profile
Closed
#5301 [PR #4920] [MERGED] Update security policy for 0.9.68 release
Closed
#5297 [PR #4915] [MERGED] keepassx: restore nou2f
Closed
#5295 [PR #4911] [MERGED] push changelog date, so that it's different from the previous one
Closed
#5296 [PR #4912] [MERGED] CI: replace centos (EOL) with almalinux
Closed
#5292 [PR #4908] [MERGED] Bump github/codeql-action from 1.0.30 to 1.0.31
Closed
#5293 [PR #4902] [MERGED] Organize relnotes
Closed
#5294 [PR #4903] [MERGED] profiles: keepass*: remove nou2f & add note about private-dev
Closed
#5289 [PR #4889] [MERGED] RELNOTES: add security-related items
Closed
#5290 [PR #4901] [MERGED] mediainfo.profile: add quiet
Closed
#5291 [PR #4898] [MERGED] shellcheck.profile: remove mdwe
Closed
#5287 [PR #4897] [MERGED] librewolf: use new d-bus message bus
Closed
#5288 [PR #4894] [MERGED] Allow common access to EGL External platform configuration directory
Closed
#5286 [PR #4886] [MERGED] Fix a typo in README.md
Closed
#5285 [PR #4885] [MERGED] Bump github/codeql-action from 1.0.29 to 1.0.30
Closed
#5284 [PR #4881] [MERGED] RELNOTES: add bugfixes
Closed
#5282 [PR #4877] [MERGED] Bump github/codeql-action from 1.0.27 to 1.0.29
Closed
#5283 [PR #4878] [MERGED] build option: add AppImage support
Closed
#5278 [PR #4872] [MERGED] signal-desktop: fix opening links in Firefox
Closed
#5279 [PR #4868] [MERGED] Blacklist rclone, 1Password, Ledger Live and cointop
Closed
#5280 [PR #4873] [MERGED] add a profile for cointop
Closed
#5281 [PR #4874] [MERGED] New profile: 1password
Closed
#5277 [PR #4870] [MERGED] profiles: enable deterministic shutdown for ssh
Closed
#5276 [PR #4865] [MERGED] gitlab-ci: fix debian_ci build (dh_missing hostnames)
Closed
#5273 [PR #4862] [MERGED] steam.profile: allow /etc/vulkan
Closed
#5274 [PR #4863] [MERGED] {lutris,wine}.profile: allow ~/.cache/wine
Closed
#5275 [PR #4864] [MERGED] steam.profile: allow ~/.config/MangoHud
Closed
#5272 [PR #4861] [MERGED] Bump github/codeql-action from 1.0.26 to 1.0.27
Closed
#5268 [PR #4852] [MERGED] Add wget2 support
Closed
#5269 [PR #4851] [MERGED] Keep vglusers group unless no3d is used (virtualgl)
Closed
#5270 [PR #4853] [MERGED] wget2 fixes
Closed
#5271 [PR #4856] [MERGED] keep-fd option (#4845)
Closed
#5267 [PR #4843] [MERGED] Noblacklist rxvt in allow-perl.inc
Closed
#5266 [PR #4841] [MERGED] New profile: nvim (neovim)
Closed
#5264 [PR #4832] [MERGED] Add DBus filter rules specific to firefox-developer-edition
Closed
#5265 [PR #4840] [MERGED] profiles: mediathekview: fixes
Closed
#5263 [PR #4838] [MERGED] profiles: fix librewolf
Closed
#5262 [PR #4831] [MERGED] Blacklist rxvt after the blacklist of Perl.
Closed
#5261 [PR #4830] [MERGED] profiles: ordering fixes
Closed
#5260 [PR #4829] [MERGED] Seafile
Closed
#5259 [PR #4826] [MERGED] RPCS3 profile
Closed
#5257 [PR #4827] [MERGED] noprinters: add missing items & add to profile.template
Closed
#5258 [PR #4828] [MERGED] profiles: allow /usr/share/webext in chromium profile
Closed
#5256 [PR #4824] [MERGED] add notable profile
Closed
#5253 [PR #4783] [MERGED] profiles: telegram: allow opening links (xdg-open)
Closed
#5254 [PR #4802] [MERGED] Fix clipgrab profile (yt-dlp requires python)
Closed
#5255 [PR #4807] [MERGED] skypeforlinux: Whitelist downloads directory
Closed
#5252 [PR #4803] [MERGED] Bump github/codeql-action from 1.0.24 to 1.0.26
Closed
#5248 [PR #4774] [MERGED] CI: pin GitHub actions to SHAs and use Dependabot to update them
Closed
#5250 [PR #4781] [MERGED] Whitelist ${HOME}/.local/opt/tor-browser to make tor-browser work
Closed
#5251 [PR #4782] [MERGED] Whitelist /usr/share/nextcloud to allow access to translation files.
Closed
#5249 [PR #4779] [MERGED] Fix teams ignoring input sources e.g. microphones
Closed
#5247 [PR #4776] [MERGED] allow lua in highlight.profile
Closed
#5245 [PR #4759] [MERGED] Allow /opt/tor-browser for Tor Browser profile
Closed
#5246 [PR #4771] [MERGED] Revert allow/deny leftovers
Closed
#5244 [PR #4755] [MERGED] yt-dlp: add missing paths & mpv.profile: whitelist paths for yt-dlp
Closed
#5242 [PR #4748] [MERGED] README.md: Mention security situation on Ubuntu and recommend PPA
Closed
#5243 [PR #4752] [MERGED] elinks.profile: Fix missing access to liblua
Closed
#5240 [PR #4744] [MERGED] dino.profile: netlink protocol is required for audio/video calls.
Closed
#5241 [PR #4747] [MERGED] Skype profile tweaks
Closed
#5239 [PR #4743] [MERGED] Add CachyBrowser profile
Closed
#5237 [PR #4736] [CLOSED] Stop creating unused ~/.TelegramDesktop
Closed
#5238 [PR #4740] [MERGED] Implement a whitelist-ro command
Closed
#5236 [PR #4732] [MERGED] Fix keeping certain groups with nogroups
Closed
#5235 [PR #4735] [MERGED] etc/profile-a-l/display.profile: additions needed on Gentoo
Closed
#5233 [PR #4730] [MERGED] profstats cleanup
Closed
#5234 [PR #4729] [MERGED] goldendict: whitelist path to documentation and locales
Closed
#5232 [PR #4727] [MERGED] additional electron blacklists
Closed
#5230 [PR #4725] [MERGED] Keep some groups regardless of nogroups and restore nogroups on nvidia
Closed
#5231 [PR #4726] [MERGED] Add monero-project blacklist to disable-programs.inc
Closed
#5228 [PR #4712] [MERGED] Configure improvements2
Closed
#5229 [PR #4695] [MERGED] build: Stop linking pthread
Closed
#5227 [PR #4724] [MERGED] Add a profile for Flatseal
Closed
#5226 [PR #4690] [MERGED] Fix inconsistent descriptions of machine-id option
Closed
#5224 [PR #4680] [MERGED] disable-common.inc: fix paths of slock and physlock
Closed
#5225 [PR #4688] [MERGED] Update firejail-local for Brave + ipfs
Closed
#5223 [PR #4681] [MERGED] Add OpenStego profile
Closed
#5222 [PR #4679] [MERGED] update yt-dlp.profile
Closed
#5221 [PR #4678] [CLOSED] update yt-dlp.profile
Closed
#5217 [PR #4656] [CLOSED] WIP: Build firejail with meson
Closed
#5218 [PR #4675] [MERGED] more ssh fixes
Closed
#5219 [PR #4669] [MERGED] Relocate firecfg.config to /etc/firejail/
Closed
#5220 [PR #4676] [MERGED] Make env/arg sanity check failure messages more useful
Closed
#5216 [PR #4652] [MERGED] Fix TOCTOU/CodeQL CWE-367 warnings (easy ones + fs.c)
Closed
#5215 [PR #4643] [MERGED] Profile Checks
Closed
#5214 [PR #4632] [MERGED] Consider nosound and novideo when keeping groups & misc refactors
Closed
#5212 [PR #4634] [MERGED] [minor] update mpv.profile
Closed
#5213 [PR #4635] [MERGED] deterministic-shutdown option
Closed
#5210 [PR #4624] [MERGED] Fix warsow profile for Arch users
Closed
#5211 [PR #4628] [MERGED] add basic Firejail support to AppArmor base abstraction (#3226)
Closed
#5209 [PR #4621] [MERGED] Fix tremulous profile for Arch users
Closed
#5207 [PR #4613] [MERGED] Drop noinput for games with joystick/gamepad support
Closed
#5208 [PR #4622] [MERGED] Fix jumpnbump for Arch users
Closed
#5206 [PR #4610] [MERGED] Fix misc in get_group_id
Closed
#5204 [PR #4606] [MERGED] libtrace.c: use realpath instead of readlink to avoid PATH_MAX
Closed
#5205 [PR #4612] [MERGED] blobwars: add path to game assets compatible with Arch
Closed
#5203 [PR #4599] [MERGED] Use ?ALLOW_TRAY: (#4510) in profiles
Closed
#5202 [PR #4600] [MERGED] Add profiles for imv, retroarch, and torbrowser
Closed
#5199 [PR #4590] [MERGED] Read mount id also on legacy kernels
Closed
#5200 [PR #4594] [MERGED] build: allow building with address sanitizer
Closed
#5197 [PR #4593] [MERGED] Revert "allow/deny fbuilder"
Closed
#5198 [PR #4591] [MERGED] s/S_IWRITE/S_IWUSR/
Closed
#5196 [PR #4587] [MERGED] profiles: vscodium: add missing paths & codium redirect
Closed
#5194 [PR #4583] [MERGED] firejail.h: add missing linux/limits.h include & include cleanup
Closed
#5195 [PR #4586] [MERGED] trace, tracelog: don't truncate /etc/ld.so.preload in sandbox
Closed
#5193 [PR #4579] [MERGED] fix compilation on musl (#4578)
Closed
#5192 [PR #4585] [MERGED] add more EUID improvements
Closed
#5191 [PR #4575] [MERGED] Trim excess whitespace
Closed
#5188 [PR #4573] [MERGED] Fix many typos
Closed
#5189 [PR #4571] [MERGED] Use complete license file
Closed
#5190 [PR #4574] [MERGED] Fix shellcheck warnings
Closed
#5187 [PR #4572] [MERGED] Add missing final newlines
Closed
#5185 [PR #4561] [MERGED] Issue template improvements2
Closed
#5184 [PR #4556] [MERGED] Fix #4555 - Allow evince to read .cbz file format
Closed
#5186 [PR #4564] [MERGED] Create goldendict.profile
Closed
#5183 [PR #4559] [MERGED] Add ld.so.preload to all private-etc lines
Closed
#5182 [PR #4560] [MERGED] Remove /etc/hosts is_link check
Closed
#5179 [PR #4519] [MERGED] Add profiles for build-systems (/package-managers)
Closed
#5180 [PR #4533] [MERGED] rework exitcodes
Closed
#5181 [PR #4546] [MERGED] Let programs outside librewolf sandbox open new tabs in librewolf
Closed
#5177 [PR #4515] [MERGED] Rework issue templates
Closed
#5178 [PR #4521] [MERGED] Create disable-proc.inc
Closed
#5174 [PR #4510] [MERGED] Add new condition ALLOW_TRAY
Closed
#5175 [PR #4513] [CLOSED] telegram: Enable private-bin
Closed
#5176 [PR #4514] [MERGED] telegram: Enable private-bin
Closed
#5172 [PR #4502] [MERGED] Revert "allow/deny help and man pages"
Closed
#5173 [PR #4507] [MERGED] Fix broken DNS resolution on Arch Linux using systemd-resolved
Closed
#5171 [PR #4501] [MERGED] Blacklist Exodus wallet
Closed
#5168 [PR #4487] [MERGED] .git-blame-ignore-revs: add revert of allow/deny move
Closed
#5169 [PR #4493] [MERGED] fix duplicate globals
Closed
#5170 [PR #4497] [CLOSED] WIP: Minor cleanup
Closed
#5167 [PR #4486] [MERGED] create yt-dlp.profile
Closed
#5165 [PR #4484] [MERGED] creating gallery-dl.profile
Closed
#5166 [PR #4485] [MERGED] updating youtube-viewers-common.profile
Closed
#5164 [PR #4477] [MERGED] multimc5: fix exec of LWJGL libraries
Closed
#5162 [PR #4479] [MERGED] Issue template improvements
Closed
#5163 [PR #4481] [MERGED] README.md: add artix linux to distro list
Closed
#5160 [PR #4475] [MERGED] telegram.profile: whitelist /usr/share/TelegramDesktop
Closed
#5161 [PR #4476] [MERGED] Fix hanging arp_check
Closed
#5158 [PR #4467] [MERGED] Give fbuilder full original environment
Closed
#5159 [PR #4473] [CLOSED] Add profile for Beyond All Reason
Closed
#5157 [PR #4470] [MERGED] Update celluloid.profile
Closed
#5154 [PR #4434] [MERGED] Added ${HOME}/Private blacklist to disable-common
Closed
#5155 [PR #4461] [MERGED] Move disable-passwordmgr.inc into disable-common.inc/disable-programs…
Closed
#5156 [PR #4462] [MERGED] Create disable-X11.inc
Closed
#5152 [PR #4427] [MERGED] IDS fixes
Closed
#5153 [PR #4438] [MERGED] Added quiet to some CLI profiles
Closed
#5151 [PR #4420] [MERGED] ordering and additions
Closed
#5149 [PR #4410] [MERGED] Revert "move whitelist/blacklist to allow/deny"
Closed
#5150 [PR #4419] [MERGED] add ncdu2 redirect profile
Closed
#5148 [PR #4413] [MERGED] Add new command checklist to CONTRIBUTING.md
Closed
#5147 [PR #4412] [MERGED] Update telegram.profile
Closed
#5145 [PR #4399] [CLOSED] rkhunter fix
Closed
#5146 [PR #4407] [MERGED] Fix Firefox 'Profile not found' - whitelist /run/user/xxx/firefox
Closed
#5144 [PR #4390] [MERGED] Exclude allow/deny move in profile from git blame
Closed
#5142 [PR #4392] [MERGED] LC_ALL=C sort disable-programs.inc
Closed
#5143 [PR #4391] [MERGED] Update Clion profile and Add Clion EAP profile
Closed
#5141 [PR #4389] [MERGED] Create profcleaner.sh
Closed
#5138 [PR #4375] [MERGED] remove kcmp from seccomp default drop list
Closed
#5139 [PR #4376] [MERGED] gcov: use no-op functions if not enabled
Closed
#5140 [PR #4388] [MERGED] allow/deny in zsh completion
Closed
#5137 [PR #4374] [MERGED] fs_home.c: run more code with euid of the user
Closed
#5136 [PR #4373] [MERGED] gcov: fix build failure with gcc 11.1.0
Closed
#5133 [PR #4369] [MERGED] rtv profile correction
Closed
#5134 [PR #4368] [MERGED] Address #3872 with changes in pipewire for Firefox and Chromium
Closed
#5135 [PR #4371] [MERGED] Correct amule.profile for upnp
Closed
#5132 [PR #4370] [MERGED] allow access to pkgconfig
Closed
#5129 [PR #4349] [MERGED] Misc hardening + refactoring
Closed
#5130 [PR #4360] [MERGED] gcov: add missing gcov.h includes
Closed
#5131 [PR #4365] [MERGED] Fix sndio support
Closed
#5128 [PR #4356] [MERGED] profiles: add profile for tin news reader
Closed
#5127 [PR #4350] [MERGED] creating alpine.profile
Closed
#5126 [PR #4348] [MERGED] Update weechat.profile
Closed
#5124 [PR #4345] [CLOSED] Add allow-pandoc.local
Closed
#5125 [PR #4347] [MERGED] Update w3m.profile
Closed
#5123 [PR #4344] [MERGED] creating qcomicbook profile
Closed
#5122 [PR #4343] [MERGED] tightening zathura profile
Closed
#5118 [PR #4333] [MERGED] creating googler and ddgr profiles
Closed
#5119 [PR #4338] [MERGED] mcomix profile creation
Closed
#5120 [PR #4340] [MERGED] augment seccomp lists in firejail.config
Closed
#5121 [PR #4342] [MERGED] minor fix googler profile
Closed
#5117 [PR #4334] [MERGED] Fix sort error in profile.template
Closed
#5114 [PR #4327] [MERGED] Correct typo in telegram-desktop profile
Closed
#5115 [PR #4330] [MERGED] add firejail.config switch for private-{bin,etc,opt,srv}
Closed
#5116 [PR #4332] [MERGED] Refactor bitwarden as electron redirect
Closed
#5112 [PR #4326] [MERGED] cmdline.c: optionally quote the resulting command line
Closed
#5113 [PR #4325] [MERGED] jail_prober: enable absolut include directives
Closed
#5109 [PR #4317] [MERGED] [minor] gunzip profile broken
Closed
#5110 [PR #4318] [MERGED] Update vim syntax highlighting
Closed
#5111 [PR #4320] [MERGED] reorganizing links browsers
Closed
#5108 [PR #4316] [MERGED] Configure improvements
Closed
#5107 [PR #4315] [CLOSED] added size specifier for rlimit-as.
Closed
#5104 [PR #4300] [MERGED] CI: build with GCC 11
Closed
#5105 [PR #4302] [MERGED] Whitelist2 follow-up
Closed
#5106 [PR #4307] [MERGED] Refine appimage example in docs
Closed
#5102 [PR #4291] [MERGED] fixes for eb30ce5 (new profiles)
Closed
#5103 [PR #4293] [MERGED] configure*: fix build with non-bash /bin/sh
Closed
#5100 [PR #4288] [MERGED] Create whitelist-run-common.inc
Closed
#5101 [PR #4290] [MERGED] profiles: zoom: allow ~/Documents/Zoom
Closed
#5097 [PR #4287] [MERGED] Restrict /usr/libexec
Closed
#5098 [PR #4284] [MERGED] Add cargo.profile
Closed
#5099 [PR #4286] [MERGED] add support for cargo toml/non-toml files
Closed
#5096 [PR #4283] [MERGED] profiles: lutris: allow bin paths and gamemode dbus
Closed
#5095 [PR #4278] [MERGED] rename noautopulse to keep-config-pulse
Closed
#5094 [PR #4273] [MERGED] Try to fix #2310 -- Can't create run directory without suid-root
Closed
#5092 [PR #4277] [MERGED] CI: build with clang 11
Closed
#5093 [PR #4276] [MERGED] Harden device access in default.profile
Closed
#5089 [PR #4260] [MERGED] Add songrec
Closed
#5090 [PR #4269] [CLOSED] profile.template: add missing noautopulse option
Closed
#5091 [PR #4271] [MERGED] Follow-up for #4165
Closed
#5087 [PR #4266] [MERGED] fix: discord logout on opening twice
Closed
#5088 [PR #4259] [MERGED] contrib/vim: add missing noinput command to syn match
Closed
#5085 [PR #4257] [MERGED] read-write fixes
Closed
#5086 [PR #4258] [MERGED] revert comment changes from #4257
Closed
#5083 [PR #4254] [MERGED] pluma broken with memory-deny-write-execute
Closed
#5084 [PR #4255] [MERGED] Node.js stack refactoring
Closed
#5082 [PR #4251] [MERGED] whitelist /var/lib/aspell in whitelist-var-common.inc
Closed
#5080 [PR #4245] [MERGED] some wireshark hardening
Closed
#5081 [PR #4248] [CLOSED] [WIP] joplin cli profile
Closed
#5078 [PR #4240] [MERGED] profiles: whitelist mozilla (webext) extensions in chromium profile
Closed
#5079 [PR #4239] [MERGED] Add noinput to all profiles with private-dev
Closed
#5077 [PR #4242] [MERGED] profiles: wireshark: disable seccomp
Closed
#5075 [PR #4233] [MERGED] harden audio-recorder
Closed
#5076 [PR #4234] [MERGED] support older gstreamer setups in xfce4-mixer
Closed
#5074 [PR #4230] [MERGED] New profile for neochat
Closed
#5073 [PR #4232] [MERGED] add FAQ references to firefox.profile
Closed
#5072 [PR #4231] [MERGED] fix regextester
Closed
#5069 [PR #4221] [CLOSED] Added Kotatogram-Desktop & Other Fixes
Closed
#5070 [PR #4229] [MERGED] Whitelist2
Closed
#5071 [PR #4226] [MERGED] Rework sort_protocol (sort.py)
Closed
#5067 [PR #4219] [MERGED] Some minor changes
Closed
#5068 [PR #4225] [MERGED] steam.profile: fix rogue legacy paths and syntax
Closed
#5064 [PR #4209] [MERGED] Map /dev/input with "--private-dev", add "--no-input" option to disable it
Closed
#5065 [PR #4215] [MERGED] Add support for subdirs in private-etc
Closed
#5066 [PR #4217] [MERGED] Delete *.profie
Closed
#5063 [PR #4207] [CLOSED] [WIP] refactor vivaldi profiles
Closed
#5062 [PR #4204] [MERGED] man: corrections regarding --private-FOO options
Closed
#5059 [PR #4193] [MERGED] add passwd to private-etc
Closed
#5060 [PR #4200] [MERGED] unblock tor support in brave
Closed
#5061 [PR #4203] [MERGED] Add FireDragon profile
Closed
#5058 [PR #4196] [MERGED] profstats - fix printf for include globals
Closed
#5057 [PR #4188] [MERGED] Create tmux.profile
Closed
#5056 [PR #4179] [MERGED] Add examples how to allow browser access to Gnome extensions connector
Closed
#5054 [PR #4176] [MERGED] Fix typo
Closed
#5055 [PR #4180] [MERGED] Fix typo (adivsory -> advisory)
Closed
#5052 [PR #4172] [CLOSED] Update nodejs-common: enable npx, clarify
Closed
#5053 [PR #4174] [MERGED] Minor Fixes
Closed
#5051 [PR #4170] [MERGED] steam: some more games added
Closed
#5049 [PR #4165] [MERGED] Encourage making overrides in *.local files
Closed
#5050 [PR #4167] [MERGED] WebStorm: allow Dolphin to access its config file
Closed
#5048 [PR #4164] [MERGED] Update Librewolf profile and Add Sway profile
Closed
#5047 [PR #4161] [MERGED] allow notifications + comment fixes
Closed
#5046 [PR #4159] [MERGED] New profile: Librewolf Nightly
Closed
#5045 [PR #4155] [MERGED] dropbox: allow python3, fix for issue #4150
Closed
#5043 [PR #4149] [MERGED] Add localtime to signal-desktop's profile.
Closed
#5044 [PR #4141] [MERGED] Improve issue template
Closed
#5042 [PR #4148] [MERGED] Improve comments in apparmor files
Closed
#5039 [PR #4128] [MERGED] reorganizing youtube-viewers
Closed
#5040 [PR #4139] [MERGED] makefiles: replace character class with plain char
Closed
#5041 [PR #4140] [MERGED] Follow up for #4126
Closed
#5038 [PR #4126] [MERGED] Rename chromium-common-hardened and feh-network …
Closed
#5037 [PR #4125] [MERGED] fixes for gnome-logs
Closed
#5036 [PR #4121] [MERGED] fix private-lib in clawsker.profile
Closed
#5034 [PR #4102] [MERGED] fixing dbus filtering for engrampa
Closed
#5035 [PR #4119] [MERGED] [minor] .cache/youtube-viewer in disable-programs.inc
Closed
#5032 [PR #4117] [MERGED] profiles: nheko: fix paths
Closed
#5033 [PR #4116] [MERGED] Update vmware.profile & dbus-policy for amarok
Closed
#5031 [PR #4101] [MERGED] [minor] qcomicbook and pipe-viewer in disable-programs
Closed
#5029 [PR #4098] [MERGED] Create bcompare.profile
Closed
#5030 [PR #4100] [MERGED] Clarify novideo
Closed
#5028 [PR #4095] [MERGED] make appimage mounts private to sandbox
Closed
#5027 [PR #4097] [MERGED] Fix typo policies
Closed
#5026 [PR #4094] [MERGED] fixing engrampa profile
Closed
#5025 [PR #4085] [MERGED] Document enabling debugging for Node.js
Closed
#5022 [PR #4083] [MERGED] Improve English in the PR template
Closed
#5023 [PR #4082] [MERGED] Improve English in default profile template
Closed
#5024 [PR #4084] [MERGED] Clarify what the Description comment is for
Closed
#5020 [PR #4071] [MERGED] Commons of opengl-game-wrapper.sh
Closed
#5021 [PR #4079] [MERGED] Add profile for youtube-dl-gui & some other changes
Closed
#5019 [PR #4065] [MERGED] man firejail: fix --dbus-{system,user}.log requirement
Closed
#5017 [PR #4068] [MERGED] atril support for cbz, cbr, cbt, cb7
Closed
#5018 [PR #4069] [MERGED] New profiles: hasher-common and checksum tools
Closed
#5016 [PR #4064] [MERGED] newsboat/newsbeuter corrections
Closed
#5015 [PR #4051] [MERGED] Fix "Could not create AF_NETLINK socket"
Closed
#5013 [PR #4045] [MERGED] private-lib: move to mount-only
Closed
#5014 [PR #4048] [MERGED] Grammar
Closed
#5012 [PR #4043] [MERGED] private-lib: mask /usr/local/lib[,64] directories, too
Closed
#5011 [PR #4042] [MERGED] private-lib hardening
Closed
#5008 [PR #4040] [MERGED] sandbox setup: postpone fslogger
Closed
#5009 [PR #4038] [MERGED] Zsh completion improvements
Closed
#5010 [PR #4041] [MERGED] sandbox setup: postpone library preloading
Closed
#5007 [PR #4037] [MERGED] adding support for "play with..." extension
Closed
#5003 [PR #4029] [MERGED] Rename feh-network.inc
Closed
#5004 [PR #4030] [MERGED] Rename chromium-common-hardened.inc
Closed
#5005 [PR #4036] [MERGED] Add new condition ?HAS_PRIVATE:
Closed
#5006 [PR #4035] [MERGED] Improve error messages
Closed
#5002 [PR #4031] [MERGED] Rename firefox-common-addons.inc
Closed
#4999 [PR #4024] [MERGED] Makefile improvements
Closed
#5000 [PR #4028] [MERGED] Rename archiver-common.inc
Closed
#5001 [PR #4025] [CLOSED] add support for "play with..."
Closed
#4998 [PR #4022] [CLOSED] fix audit 'syscalls check' output
Closed
#4997 [PR #4023] [CLOSED] adding pipe-viewer profile
Closed
#4994 [PR #4015] [MERGED] dbus.c: check_object_path: Allow /StatusNotifierWatcher
Closed
#4996 [PR #4021] [MERGED] Force nnp compile time
Closed
#4993 [PR #4016] [MERGED] Create rtv-addons.inc
Closed
#4995 [PR #4019] [MERGED] fix protocol list
Closed
#4992 [PR #4010] [MERGED] Add --mkdir and --mkfile CLI options
Closed
#4991 [PR #4009] [MERGED] Allow changing protocol list after initial set
Closed
#4990 [PR #4008] [MERGED] add new profile for gget
Closed
#4988 [PR #4007] [MERGED] fix firecfg links in restrictive sandboxes
Closed
#4989 [PR #4005] [MERGED] new profile: lzop
Closed
#4987 [PR #4004] [MERGED] add PATH_FCOPY to private-lib automatically
Closed
#4984 [PR #3998] [MERGED] Upstreaming a set of fixes from Sailfish's packaging
Closed
#4985 [PR #4002] [MERGED] ipcalc: misc fixes
Closed
#4986 [PR #4003] [MERGED] Minor fixes for vmware
Closed
#4983 [PR #4000] [MERGED] Fix patch-util not having access to libdl.so
Closed
#4982 [PR #4001] [MERGED] profiles: signal-desktop: remove invalid ignore include-xdg.inc
Closed
#4979 [PR #3994] [MERGED] contrib/firejail-welcome.sh: fix copyright year
Closed
#4980 [PR #3995] [MERGED] fix private-bin in jitsi-meet-desktop
Closed
#4981 [PR #3997] [MERGED] Create nextcloud-desktop.profile
Closed
#4978 [PR #3993] [MERGED] fixes for profile.template
Closed
#4977 [PR #3990] [MERGED] Follow-up fixes for torbrowser-launcher
Closed
#4976 [PR #3988] [MERGED] add apparmor to torbrowser-launcher
Closed
#4973 [PR #3974] [MERGED] Always allow empty environment variables
Closed
#4974 [PR #3985] [MERGED] Sort.py updates
Closed
#4975 [PR #3983] [MERGED] New profile: Quodlibet
Closed
#4972 [PR #3984] [MERGED] profiles: firefox: add new keepassxc socket paths
Closed
#4971 [PR #3970] [MERGED] small man fixes
Closed
#4970 [PR #3969] [MERGED] add support for faccessat2 syscall
Closed
#4967 [PR #3967] [MERGED] configure*: fix typo of HAVE_USERTMPFS
Closed
#4968 [PR #3964] [MERGED] Revert "etc: use ${DOCUMENTS} macro where appropriate"
Closed
#4969 [PR #3966] [MERGED] Add a comment in some profiles to allow screen sharing
Closed
#4964 [PR #3950] [MERGED] disable-interpreters.inc: blacklist the other libmozjs
Closed
#4965 [PR #3956] [MERGED] Organize archivers
Closed
#4966 [PR #3961] [MERGED] etc: use ${DOCUMENTS} macro where appropriate
Closed
#4963 [PR #3947] [MERGED] add a /usr/share whitelist item for uim
Closed
#4962 [PR #3955] [MERGED] use ${DOWNLOADS} in lutris.profile
Closed
#4960 [PR #3936] [MERGED] Fix minor typo in firecfg's manual page
Closed
#4961 [PR #3946] [MERGED] Add profile for Gemini
Closed
#4958 [PR #3935] [MERGED] Add profile for avidemux
Closed
#4959 [PR #3944] [MERGED] Update spectacle.profile
Closed
#4957 [PR #3934] [MERGED] Seccomp error action fixes
Closed
#4953 [PR #3930] [CLOSED] manpage: clarify seccomp behavior
Closed
#4954 [PR #3926] [MERGED] Disable the webkit2gtk-4.0 sandbox in bijiben
Closed
#4955 [PR #3932] [MERGED] add quiet to lzdiff/lzmadec
Closed
#4956 [PR #3931] [MERGED] follow-up fixes for #3914
Closed
#4952 [PR #3929] [MERGED] tests: improve check for sound capabilities
Closed
#4948 [PR #3920] [MERGED] remove noblacklist without blacklist
Closed
#4949 [PR #3923] [MERGED] google-earth-pro: fix private-bin & add extensive comment on sandboxing
Closed
#4950 [PR #3922] [MERGED] streamline 'Allow xxx' comments
Closed
#4951 [PR #3924] [CLOSED] follow-up fixes for #3914
Closed
#4947 [PR #3921] [MERGED] revert #3920
Closed
#4946 [PR #3918] [MERGED] Add profile for kdiff3
Closed
#4944 [PR #3915] [MERGED] profiles: google-earth: refactor
Closed
#4945 [PR #3917] [CLOSED] profiles: fix cheese, authenticator & harden liferea
Closed
#4942 [PR #3913] [MERGED] Update vmware.profile
Closed
#4943 [PR #3916] [MERGED] Misc comment fixes
Closed
#4940 [PR #3903] [MERGED] private-lib: add new timetrace
Closed
#4941 [PR #3908] [MERGED] Update bibletime.profile, add new whitelist
Closed
#4938 [PR #3900] [MERGED] Add $PATH expansion to private-lib
Closed
#4939 [PR #3902] [MERGED] add new profile: pkglog
Closed
#4937 [PR #3901] [MERGED] harden plv.profile
Closed
#4934 [PR #3896] [MERGED] Add new allow include allow-bin-sh.inc
Closed
#4935 [PR #3897] [MERGED] Update telegram.profile
Closed
#4936 [PR #3899] [MERGED] Create nolocal6.net
Closed
#4933 [PR #3895] [MERGED] newsboat: add lynx support
Closed
#4932 [PR #3893] [MERGED] bug_report.md: improve wording (upstream/duplicates)
Closed
#4929 [PR #3888] [MERGED] new profile: mdr
Closed
#4930 [PR #3890] [MERGED] new profile: qnapi
Closed
#4931 [PR #3889] [MERGED] add new profile: shotwell
Closed
#4928 [PR #3886] [MERGED] add new profiles: lsar & unar (ar redirects)
Closed
#4927 [PR #3887] [MERGED] new profile: agetpkg
Closed
#4925 [PR #3885] [MERGED] ssh: Refactor, fix bugs & harden
Closed
#4926 [PR #3882] [MERGED] fix ordering in ssh.profile
Closed
#4924 [PR #3880] [MERGED] discord-common.profile: Fix audio support
Closed
#4923 [PR #3876] [MERGED] refactor nodejs applications (npm & yarn)
Closed
#4922 [PR #3879] [MERGED] Whitelist Bohemia Interactive config dir for Steam
Closed
#4921 [PR #3875] [MERGED] electron redirect fixes
Closed
#4919 [PR #3867] [MERGED] return to non-dumpable plugins
Closed
#4920 [PR #3873] [MERGED] harden liferea
Closed
#4918 [PR #3870] [MERGED] new profile: tutanota-desktop
Closed
#4917 [PR #3869] [MERGED] drop doubled disable-exec in signal-desktop
Closed
#4916 [PR #3866] [MERGED] Add profile for npm
Closed
#4915 [PR #3864] [MERGED] Add first version of zsh completion
Closed
#4913 [PR #3863] [MERGED] fix #3859
Closed
#4914 [PR #3859] [MERGED] really fix running kernel config check
Closed
#4912 [PR #3854] [MERGED] profiles: add redirect from matrix-mirage to mirage
Closed
#4911 [PR #3853] [MERGED] New profile for CoyIM
Closed
#4909 [PR #3850] [MERGED] join: add fexecve fallback for shells
Closed
#4910 [PR #3852] [MERGED] Implement netns in profiles, closes #3846
Closed
#4908 [PR #3849] [MERGED] Email part (2)
Closed
#4907 [PR #3848] [MERGED] Add profiles for MS Edge dev build for Linux and Librewolf
Closed
#4905 [PR #3839] [MERGED] x11=none: don't fail on abstract socket if netns …
Closed
#4906 [PR #3847] [MERGED] Small fixes
Closed
#4903 [PR #3830] [MERGED] archiver fixes
Closed
#4904 [PR #3834] [MERGED] profiles: archivers: drop disable-common and disable-programs
Closed
#4902 [PR #3832] [MERGED] Archiver fixes - drop private-bin
Closed
#4900 [PR #3828] [MERGED] Dc add dns
Closed
#4901 [PR #3829] [MERGED] disable-shell.inc: add oksh
Closed
#4899 [PR #3827] [MERGED] Refactor archivers ii
Closed
#4898 [PR #3826] [MERGED] Runuser fixes
Closed
#4897 [PR #3825] [MERGED] rename softmaker-common.inc to softmaker-common.profile
Closed
#4895 [PR #3820] [MERGED] Refactor archivers
Closed
#4896 [PR #3824] [MERGED] re-enable nogroups with a comment in zoom.profile
Closed
#4893 [PR #3819] [MERGED] rename whitelist-players.inc to whitelist-player-common.inc
Closed
#4894 [PR #3821] [MERGED] Fix sound in games using FMOD
Closed
#4892 [PR #3818] [MERGED] streamline comments in inc files
Closed
#4890 [PR #3813] [MERGED] curl HSTS cache support
Closed
#4891 [PR #3816] [MERGED] New profiles for alacarte,tootle,photoflare
Closed
#4888 [PR #3811] [MERGED] refactor playonlinux as wine redirect
Closed
#4889 [PR #3810] [MERGED] Dc add ldns
Closed
#4887 [PR #3812] [MERGED] Create firejail-welcome.s
Closed
#4886 [PR #3808] [MERGED] integrate relevant options into server.profile
Closed
#4884 [PR #3791] [MERGED] Improvements to balsa,fractal,gajim,trojita
Closed
#4885 [PR #3807] [MERGED] profiles: refactor electron.profile and electron-based programs
Closed
#4882 [PR #3803] [MERGED] Update yelp.profile
Closed
#4883 [PR #3802] [MERGED] harden sysprof
Closed
#4880 [PR #3778] [MERGED] Fix building C# projects in Godot
Closed
#4881 [PR #3779] [MERGED] Update build.yml
Closed
#4878 [PR #3771] [MERGED] disable dbus in QMediathekView
Closed
#4879 [PR #3772] [MERGED] use openat2 syscall when available
Closed
#4877 [PR #3768] [MERGED] add gnome-shell search-provider file to firefox.profile
Closed
#4875 [PR #3766] [MERGED] Miscellaneous whitelist-runuser-common fixes
Closed
#4876 [PR #3764] [MERGED] minetest: Enable rm
Closed
#4874 [PR #3763] [CLOSED] Minetest profile fix
Closed
#4872 [PR #3760] [MERGED] keepassxc.profile: Fix hang due to seccomp
Closed
#4873 [PR #3762] [MERGED] reimplement --private-cache using --tmpfs
Closed
#4870 [PR #3752] [MERGED] reimplement --get using --cat
Closed
#4869 [PR #3748] [MERGED] evince.profile: noblacklist bookmark folder
Closed
#4871 [PR #3757] [MERGED] from my overrides
Closed
#4868 [PR #3750] [MERGED] Dbus fixes
Closed
#4867 [PR #3751] [MERGED] disable-shell.inc: add mksh shell
Closed
#4864 [PR #3740] [MERGED] minetest.profile: whitelist /usr/share/games/minetest
Closed
#4865 [PR #3746] [MERGED] install libraries needed by fcopy when using private-lib
Closed
#4866 [PR #3747] [MERGED] Add profile for authenticator-rs, improve falkon
Closed
#4863 [PR #3742] [MERGED] Add profile for straw-viewer
Closed
#4862 [PR #3734] [MERGED] Update linphone profile
Closed
#4861 [PR #3719] [MERGED] ci: enable test-fs tests on github-ci
Closed
#4858 [PR #3710] [CLOSED] Exec failure logging
Closed
#4859 [PR #3717] [MERGED] Add spectacle's profile
Closed
#4860 [PR #3708] [CLOSED] sync to 0.9.64
Closed
#4857 [PR #3716] [MERGED] Remove nou2f in ssh profile
Closed
#4855 [PR #3704] [MERGED] Update okular.profile to support cbr files
Closed
#4856 [PR #3705] [CLOSED] Improve firejail exec failure logging
Closed
#4853 [PR #3703] [MERGED] Remove redundant read-only item
Closed
#4854 [PR #3700] [MERGED] fix #3699 -- Firefox can't inhibit screensavers/screen blanking
Closed
#4852 [PR #3698] [MERGED] profiles: celluloid: allow lua
Closed
#4849 [PR #3679] [MERGED] Update virtualbox.profile
Closed
#4850 [PR #3692] [CLOSED] let tests fail build
Closed
#4851 [PR #3694] [MERGED] check that profiles are sorted
Closed
#4848 [PR #3688] [MERGED] profiles: chromium: rework & add new profiles
Closed
#4847 [PR #3683] [MERGED] Fix blu-ray playback with libaacs
Closed
#4845 [PR #3675] [MERGED] Strip out \r's.
Closed
#4846 [PR #3676] [MERGED] Allow --tmpfs and --bind inside $HOME for unprivileged users
Closed
#4844 [PR #3674] [MERGED] Apply --rmenv immediately to help to avoid the env var length check
Closed
#4842 [PR #3672] [MERGED] Updated fix_private-bin.py shebang to use env python3 like other contrib/*.py scripts
Closed
#4843 [PR #3670] [MERGED] build: enable CI build with scan-build
Closed
#4841 [PR #3667] [MERGED] Update wire-desktop.profile (again)
Closed
#4838 [PR #3660] [MERGED] Fix AppArmor 3.0 support (closes #3659)
Closed
#4839 [PR #3656] [MERGED] Update vmware.profile
Closed
#4840 [PR #3664] [MERGED] Allowing links in netns
Closed
#4837 [PR #3657] [MERGED] Fix SELinux crash
Closed
#4835 [PR #3652] [MERGED] added configure option to disable man pages
Closed
#4836 [PR #3653] [MERGED] fix command test in jail_prober.py
Closed
#4833 [PR #3651] [MERGED] Create build.yml
Closed
#4834 [PR #3642] [MERGED] Update bug_report.md
Closed
#4832 [PR #3650] [MERGED] Create codeql-analysis.yml
Closed
#4831 [PR #3624] [CLOSED] Syscalls py (#3106)
Closed
#4829 [PR #3607] [MERGED] Switch mails to whitelisting
Closed
#4830 [PR #3622] [MERGED] New disable include: disable-write-mnt.inc
Closed
#4827 [PR #3619] [MERGED] Fixes smplayer
Closed
#4828 [PR #3621] [MERGED] Update fj-mkdeb.py
Closed
#4826 [PR #3603] [MERGED] New profiles for balsa,trojita,kube
Closed
#4824 [PR #3590] [MERGED] New profile for man,psi,smuxi; fix pidgin
Closed
#4825 [PR #3594] [MERGED] cat option
Closed
#4823 [PR #3592] [MERGED] Allow video for Signal profile
Closed
#4822 [PR #3588] [MERGED] Fix private-etc of electron-mail, fix geary,minitube
Closed
#4821 [PR #3583] [MERGED] Fix nomacs
Closed
#4819 [PR #3577] [MERGED] Add profile for twitch,youtube,youtube-music; fix git-cola ,add cola
Closed
#4820 [PR #3587] [MERGED] add whitelist items for uim
Closed
#4817 [PR #3574] [MERGED] annotate some functions as non-returning
Closed
#4818 [PR #3573] [MERGED] mkdeb.sh should not use files outside $CODE_DIR
Closed
#4816 [PR #3572] [MERGED] hardening: run plugins with dumpable flag cleared
Closed
#4814 [PR #3569] [MERGED] seccomp: logging
Closed
#4815 [PR #3571] [MERGED] add --include
Closed
#4813 [PR #3566] [MERGED] Various profiles # 2
Closed
#4812 [PR #3564] [MERGED] Add profile for otter-browser
Closed
#4809 [PR #3559] [MERGED] harden bandwidth command
Closed
#4811 [PR #3561] [MERGED] Various profiles
Closed
#4808 [PR #3556] [MERGED] Added lyx profile
Closed
#4810 [PR #3560] [MERGED] Added git-cola profile
Closed
#4807 [PR #3558] [MERGED] add profile for sushi
Closed
#4805 [PR #3553] [MERGED] Added Nuclear profile
Closed
#4806 [PR #3555] [MERGED] Added minitube profile
Closed
#4803 [PR #3550] [MERGED] Added mtpaint profile
Closed
#4804 [PR #3548] [MERGED] fix typo in multicast CIDR
Closed
#4802 [PR #3547] [MERGED] Added xfce4-screenshooter profile
Closed
#4801 [PR #3543] [MERGED] Github-desktop: Add chroot to seccomp
Closed
#4799 [PR #3538] [MERGED] Added minecraft-launcher profile
Closed
#4800 [PR #3542] [MERGED] Added youtube-viewer profile with Gtk frontends
Closed
#4797 [PR #3537] [MERGED] Update virtualbox.profile
Closed
#4798 [PR #3535] [MERGED] Added freetube profile
Closed
#4796 [PR #3533] [MERGED] Added cawbird profile
Closed
#4793 [PR #3525] [MERGED] New profile for homebank
Closed
#4794 [PR #3526] [CLOSED] Add vmware profile
Closed
#4795 [PR #3532] [CLOSED] Added cawbird profile
Closed
#4792 [PR #3529] [MERGED] Update telegram.profile
Closed
#4791 [PR #3521] [MERGED] integrate join(-or-start) with dbus options (partial fix)
Closed
#4788 [PR #3518] [MERGED] Hardend Zoom profile
Closed
#4789 [PR #3519] [MERGED] Hardend Signal desktop profile
Closed
#4790 [PR #3520] [MERGED] Add Mattermost desktop profile
Closed
#4787 [PR #3517] [MERGED] add element-desktop redirect profile
Closed
#4786 [PR #3516] [MERGED] fixing busybox workaround
Closed
#4784 [PR #3505] [MERGED] hardening some profiles
Closed
#4785 [PR #3511] [MERGED] fix #3404
Closed
#4783 [PR #3502] [MERGED] Ignore SIGTTOU during flush_stdin()
Closed
#4782 [PR #3499] [MERGED] Update disable-common.inc
Closed
#4781 [PR #3497] [MERGED] Fixed Blender profile being unable to import numpy
Closed
#4778 [PR #3493] [MERGED] Blacklist .local/share/kxmlgui5 and allow access only for applications which use it.
Closed
#4779 [PR #3489] [MERGED] Okular profile fixes
Closed
#4780 [PR #3496] [MERGED] Whitelist /usr/share/hplip for simple-scan
Closed
#4777 [PR #3490] [MERGED] noblacklist a config file in konversation profile
Closed
#4774 [PR #3469] [CLOSED] corrections to the vlc profile
Closed
#4775 [PR #3486] [MERGED] fixes for /var/mail in mail clients
Closed
#4776 [PR #3487] [MERGED] clarify writing to /var/mail and /var/spool/mail in apparmor
Closed
#4773 [PR #3472] [MERGED] Use whitelisting for video players
Closed
#4772 [PR #3470] [MERGED] Allow python3 in totem profile
Closed
#4771 [PR #3467] [MERGED] Add strawberry profile to README{,.md} & RELNOTES
Closed
#4770 [PR #3463] [MERGED] Fix qt5ct colour schemes and QSS
Closed
#4769 [PR #3459] [MERGED] Add strawberry profile
Closed
#4767 [PR #3450] [MERGED] enable apparmor support by default in update_deb.sh
Closed
#4768 [PR #3455] [MERGED] Ignore read-only mount of emacs configuration in the emacs profile.
Closed
#4766 [PR #3445] [MERGED] man: minor clarifications to man pages
Closed
#4765 [PR #3444] [MERGED] Set quiet in w3m profile
Closed
#4762 [PR #3442] [MERGED] prioritize installing via OS
Closed
#4763 [PR #3438] [MERGED] harden mpg123.profile
Closed
#4764 [PR #3440] [MERGED] Man pages: were missing info about .profile .local resolution
Closed
#4761 [PR #3435] [MERGED] rework make realinstall and uninstall
Closed
#4759 [PR #3422] [MERGED] Add configure options when building rpm
Closed
#4760 [PR #3437] [MERGED] new profile: mocp
Closed
#4758 [PR #3430] [MERGED] Add Ubuntu's renamed version of dino
Closed
#4757 [PR #3433] [MERGED] Update dino-im.profile
Closed
#4756 [PR #3414] [MERGED] Configure Debian package with AA and SELinux options
Closed
#4753 [PR #3410] [MERGED] add new profile: plv
Closed
#4754 [PR #3411] [MERGED] disable-shell.inc
Closed
#4755 [PR #3418] [MERGED] Allow google-chrome access to the custom flags files in ~/.config.
Closed
#4752 [PR #3409] [MERGED] Add several games to steam and disable-programs
Closed
#4750 [PR #3405] [MERGED] add ommitted scripts from contrib
Closed
#4751 [PR #3406] [MERGED] DBus filtering enhancements
Closed
#4749 [PR #3397] [MERGED] Follow-up for #3326
Closed
#4748 [PR #3395] [MERGED] docs: bug_report.md: clarify and ask for more specific information
Closed
#4747 [PR #3401] [MERGED] Build improvements
Closed
#4745 [PR #3394] [MERGED] various hardening from my locals
Closed
#4746 [PR #3390] [MERGED] Disable browser drm by default.
Closed
#4743 [PR #3382] [MERGED] firecfg: Only use fix_desktop_files automatically when run through sudo
Closed
#4744 [PR #3386] [MERGED] Increase MAX_ENVS to 256
Closed
#4742 [PR #3387] [MERGED] Print status of SELinux support with --version
Closed
#4740 [PR #3380] [MERGED] Add steam-runtime alias
Closed
#4741 [PR #3375] [MERGED] profiles: refactor file managers into file-manager-common
Closed
#4738 [PR #3365] [CLOSED] profiles: refactor file managers into file-manager-common
Closed
#4739 [PR #3373] [MERGED] update --build
Closed
#4737 [PR #3370] [CLOSED] github issue template ask unusual setups,debug warnings/errors
Closed
#4735 [PR #3362] [MERGED] Profile for jitsi-meet-desktop
Closed
#4736 [PR #3364] [CLOSED] github issues improvements
Closed
#4734 [PR #3359] [MERGED] 32bit ARM syscall table
Closed
#4733 [PR #3347] [MERGED] Clarify that file globbing occurs only at start
Closed
#4732 [PR #3348] [MERGED] Add new profile: nicotine
Closed
#4730 [PR #3339] [MERGED] early decision in bug report if using git version
Closed
#4731 [PR #3340] [MERGED] Improvements for syscalls.sh contib file
Closed
#4728 [PR #3338] [CLOSED] bug report template on github
Closed
#4729 [PR #3337] [MERGED] Build improvements
Closed
#4727 [PR #3334] [MERGED] Request behavior change description in bug reports
Closed
#4724 [PR #3326] [MERGED] profiles: add dbus filters
Closed
#4725 [PR #3327] [MERGED] Add bug report template
Closed
#4726 [PR #3331] [CLOSED] Don't change default xpra window title
Closed
#4722 [PR #3325] [CLOSED] WIP: improve firejail's error messaging
Closed
#4723 [PR #3324] [MERGED] Alphabetically order firejail.config
Closed
#4720 [PR #3319] [MERGED] Simple sanity checks for arguments and environment
Closed
#4721 [PR #3322] [MERGED] Filter environment variables
Closed
#4717 [PR #3317] [MERGED] Speedup the buildsystem
Closed
#4718 [PR #3310] [MERGED] Preserve CFLAGS given to configure in common.mk.in
Closed
#4716 [PR #3305] [MERGED] Mention --seccomp.32 etc in usage
Closed
#4715 [PR #3301] [MERGED] Changeable seccomp error action
Closed
#4713 [PR #3298] [MERGED] fsec-print: print address of BPF_JA jump in hex
Closed
#4714 [PR #3300] [MERGED] Added compatibility with BetterDiscord
Closed
#4712 [PR #3296] [MERGED] Create ferdi.profile
Closed
#4711 [PR #3294] [MERGED] profiles: thunderbird: harden and enable opening links in Firefox
Closed
#4708 [PR #3292] [MERGED] steam.profile: correctly blacklist unneeded directories in user's home
Closed
#4709 [PR #3286] [MERGED] Whitelist runuser common
Closed
#4710 [PR #3293] [MERGED] Update wire-desktop.profile
Closed
#4707 [PR #3278] [MERGED] new condition: HAS_NOSOUND
Closed
#4705 [PR #3275] [MERGED] add name or private directory being used to the window title when xpra is being used
Closed
#4706 [PR #3276] [MERGED] seccomp: allow defining separate filters for 32-bit arch
Closed
#4703 [PR #3273] [MERGED] zoom.profile: fix zoom SSO workflow
Closed
#4704 [PR #3268] [MERGED] remount hardening: move to file descriptor based mounts
Closed
#4702 [PR #3271] [MERGED] profiles: whitelist firefox/thunderbird default directories
Closed
#4699 [PR #3255] [MERGED] conky needs lua
Closed
#4700 [PR #3259] [MERGED] discord 0.10 | fix #3247
Closed
#4701 [PR #3265] [MERGED] Fine-grained DBus sandboxing
Closed
#4698 [PR #3253] [CLOSED] nvim
Closed
#4697 [PR #3256] [CLOSED] support netcat variants
Closed
#4696 [PR #3251] [MERGED] add xournal.profile
Closed
#4694 [PR #3241] [MERGED] Harden sbox_run by using fexecve instead of execvp
Closed
#4695 [PR #3246] [MERGED] profiles: blacklist more lua paths
Closed
#4693 [PR #3242] [MERGED] integrate AppArmor with join options
Closed
#4692 [PR #3243] [MERGED] profiles: mpv: allow lua
Closed
#4690 [PR #3234] [MERGED] Allow exec from /usr/libexec & co. with AppArmor
Closed
#4691 [PR #3239] [MERGED] Harden dhcp by checking for /sbin/dhclient
Closed
#4687 [PR #3229] [MERGED] Whitelist more /usr/share for okular and others
Closed
#4688 [PR #3209] [MERGED] include wvc to more profiles
Closed
#4689 [PR #3231] [MERGED] Add support for SELinux labeling
Closed
#4686 [PR #3208] [MERGED] Fixes for fix_private-bin.py
Closed
#4685 [PR #3207] [MERGED] Fixing the bug in 189772034b211578aca59540d7277f45da4f45d2 breaking meld
Closed
#4683 [PR #3195] [MERGED] fix missing global include documentation
Closed
#4684 [PR #3193] [MERGED] updates for zathura.profile
Closed
#4682 [PR #3194] [MERGED] profiles: whitelist /usr/share/doc
Closed
#4679 [PR #3186] [MERGED] blacklist gjs in disable-interpreters
Closed
#4680 [PR #3188] [MERGED] refactor some profiles as electron redirects
Closed
#4681 [PR #3190] [MERGED] DHCP client code quality fixes
Closed
#4678 [PR #3187] [MERGED] allow-*.local customizations
Closed
#4677 [PR #3183] [CLOSED] fix test catchsignal-master.sh
Closed
#4676 [PR #3182] [MERGED] move copyright statement to 2020 (part 3)
Closed
#4674 [PR #3180] [MERGED] move copyright statement to 2020 (part 1)
Closed
#4675 [PR #3181] [MERGED] move copyright to 2020 (part 2)
Closed
#4673 [PR #3178] [MERGED] Allow mbind syscall for GIMP
Closed
#4672 [PR #3177] [MERGED] Allow request_key syscall for udiskie
Closed
#4670 [PR #3172] [MERGED] Fix firefox (#3171)
Closed
#4671 [PR #3176] [CLOSED] Move more whitelisting into firefox-common.profile
Closed
#4669 [PR #3168] [MERGED] Fix typos in fs_bin.c
Closed
#4667 [PR #3167] [MERGED] clarify dropping python2 support in meld.profile
Closed
#4668 [PR #3166] [MERGED] fixes for 'blacklist ${RUNUSER}/wayland-*'
Closed
#4666 [PR #3163] [MERGED] make devilspie2 redircet to devilspie
Closed
#4664 [PR #3160] [MERGED] hardenings for various profiles
Closed
#4665 [PR #3162] [MERGED] refactor claws-mail and sylpheed as whitelist profiles
Closed
#4663 [PR #3161] [MERGED] blacklist ${RUNUSER}/wayland-* in every profile with blacklist /tmp/.X11-unix or x11 none
Closed
#4662 [PR #3159] [MERGED] Add profiles for common (la)tex commands
Closed
#4661 [PR #3155] [MERGED] profiles: whitelist transmission-daemon config directory
Closed
#4659 [PR #3151] [MERGED] Fix missing lib libmfx.so.1 (standardnotes-desktop)
Closed
#4660 [PR #3156] [MERGED] print rejected character in invalid filenames
Closed
#4657 [PR #3152] [MERGED] Add profile for offical Linux Teams application
Closed
#4658 [PR #3154] [MERGED] Update whois.profile
Closed
#4656 [PR #3150] [CLOSED] Fix missing lib libmfx.so.1 for ffmpeg
Closed
#4655 [PR #3149] [MERGED] Blacklisting openrc paths by defaults
Closed
#4653 [PR #3131] [MERGED] allow chroot syscall where apps depend on QtWebengine
Closed
#4654 [PR #3143] [MERGED] aria2c fixes
Closed
#4652 [PR #3134] [MERGED] cmus: allow access to resolv.conf
Closed
#4650 [PR #3123] [MERGED] Update i2prouter profile, and remove from firecfg
Closed
#4651 [PR #3128] [MERGED] Allow sound for hexchat
Closed
#4648 [PR #3120] [MERGED] Gentoo fixes
Closed
#4649 [PR #3114] [MERGED] Allow Tor Browser to run /usr/bin/id
Closed
#4647 [PR #3115] [MERGED] Add barrier profile
Closed
#4646 [PR #3111] [MERGED] Get rid of #2302
Closed
#4644 [PR #3102] [MERGED] DHCP client support
Closed
#4645 [PR #3108] [MERGED] Fix wusc in mpv
Closed
#4642 [PR #3098] [CLOSED] profiles: firecfg: disable CLI archivers
Closed
#4643 [PR #3097] [MERGED] profiles: firecfg: disable CLI archivers
Closed
#4641 [PR #3094] [MERGED] Add ephemeral profile
Closed
#4639 [PR #3091] [MERGED] Rework thunderbird.profile
Closed
#4640 [PR #3093] [MERGED] add join timeout and make it configurable
Closed
#4638 [PR #3088] [MERGED] Add brave redirect profiles
Closed
#4637 [PR #3087] [MERGED] Fix Brave's native sandbox
Closed
#4635 [PR #3083] [MERGED] Add gzip redirect profiles
Closed
#4636 [PR #3086] [CLOSED] remove read access from fs log file
Closed
#4633 [PR #3077] [MERGED] gpg additions
Closed
#4634 [PR #3065] [MERGED] Minor profile tweaks.
Closed
#4632 [PR #3064] [MERGED] Fix profile: ffmpeg
Closed
#4630 [PR #3061] [MERGED] Add new profile: gist
Closed
#4631 [PR #3062] [MERGED] Add redirect profile for gist-paste
Closed
#4629 [PR #3060] [MERGED] Add new profile: unf
Closed
#4627 [PR #3058] [MERGED] Add new profile: drawio
Closed
#4628 [PR #3059] [MERGED] Add new profile: gmpc
Closed
#4626 [PR #3057] [MERGED] Add new profile: ddgtk
Closed
#4625 [PR #3056] [MERGED] Add new profile: cameramonitor
Closed
#4624 [PR #3053] [MERGED] Add new electron-mail profile
Closed
#4622 [PR #3055] [MERGED] New profile: audio-recorder
Closed
#4623 [PR #3054] [MERGED] Add profanity profile
Closed
#4620 [PR #3044] [MERGED] RFC: profiles: allow nc in ssh profile by default
Closed
#4621 [PR #3051] [MERGED] Add babl/gegl support for gimp
Closed
#4618 [PR #3028] [MERGED] Update QOwnNotes.profile
Closed
#4619 [PR #3032] [MERGED] dia apparently wants access to python and crashes without
Closed
#4617 [PR #3037] [MERGED] Resolve #3029: drop outdated Skype profile
Closed
#4615 [PR #3019] [MERGED] Slack profile: use temporary cache
Closed
#4616 [PR #3021] [MERGED] Wusc fixes for profiles allowing perl
Closed
#4612 [PR #3011] [MERGED] Add Comment Mentioning that nodbus Breaks Native Notifications
Closed
#4613 [PR #3010] [MERGED] Update main.c
Closed
#4614 [PR #3014] [MERGED] profiles: waterfox: rework profile
Closed
#4610 [PR #3004] [MERGED] Fix #2995
Closed
#4611 [PR #3005] [MERGED] Add wusc to more profiles
Closed
#4609 [PR #2999] [CLOSED] Close #2995
Closed
#4607 [PR #3002] [MERGED] Profiles: add signal-cli profile
Closed
#4608 [PR #2998] [MERGED] Fix ebook-viewer/calibre on manjaro
Closed
#4604 [PR #2978] [MERGED] KeePassXC: Added a warning regarding tray icon
Closed
#4605 [PR #2982] [MERGED] Move chroot entirely from path based to file descriptor based mounts
Closed
#4606 [PR #2992] [MERGED] Wusc fixes
Closed
#4603 [PR #2981] [CLOSED] Update evince
Closed
#4602 [PR #2973] [MERGED] Adding sort.py to GitLab CI
Closed
#4599 [PR #2965] [MERGED] Removed disable-interpreters.inc from w3m.profile
Closed
#4600 [PR #2972] [MERGED] whitelist-usr-share-common.inc
Closed
#4601 [PR #2971] [MERGED] Add allow-debuggers to steam.profile
Closed
#4598 [PR #2962] [MERGED] "Net None" Option Breaks Functionality
Closed
#4597 [PR #2964] [CLOSED] Deleted Clamav.profile cause it breaks AV completely
Closed
#4596 [PR #2960] [MERGED] Update SkypeForLinux profile for latest version
Closed
#4593 [PR #2940] [MERGED] update seccomp in man firejail
Closed
#4594 [PR #2939] [MERGED] Revert changes in #2928 to seccomp group @default
Closed
#4595 [PR #2957] [MERGED] Fix #2899
Closed
#4592 [PR #2949] [MERGED] Add ar profile
Closed
#4591 [PR #2937] [CLOSED] Fix seccomp for firefox, kate, and others
Closed
#4589 [PR #2929] [MERGED] seccomp fix: allow numeric syscalls
Closed
#4590 [PR #2935] [MERGED] Fix profile builder
Closed
#4588 [PR #2928] [MERGED] Add further seccomp groups
Closed
#4587 [PR #2927] [MERGED] Use new seccomp syntax
Closed
#4585 [PR #2921] [MERGED] Introduce allow-common-devel.inc
Closed
#4586 [PR #2926] [MERGED] Allow exceptions to seccomp lists
Closed
#4583 [PR #2919] [MERGED] Profiles: add I2P
Closed
#4584 [PR #2920] [MERGED] Refactor transmission profiles
Closed
#4582 [PR #2915] [MERGED] tighten private-bin and etc for torbrowser-launcher.profile
Closed
#4580 [PR #2911] [MERGED] remove x11 xorg
Closed
#4581 [PR #2913] [MERGED] Prevent quiet option output leakage
Closed
#4578 [PR #2907] [MERGED] Fix quiet option in archiver redirect profiles
Closed
#4579 [PR #2909] [MERGED] get_user() do not use the unreliable getlogin()
Closed
#4577 [PR #2904] [MERGED] Place quiet option cfr. all other profiles
Closed
#4575 [PR #2902] [MERGED] Add zstd (redirect) profile(s)
Closed
#4576 [PR #2903] [MERGED] Add unzstd profile
Closed
#4574 [PR #2890] [MERGED] Fix #2866 -- private-etc needed fedora-release
Closed
#4573 [PR #2900] [MERGED] Fix QOwnNotes path
Closed
#4572 [PR #2898] [MERGED] added 'noblacklist ${PICTURES}' to mpv.profile
Closed
#4571 [PR #2886] [MERGED] noblacklist but no blacklist
Closed
#4568 [PR #2884] [MERGED] Update itch profile
Closed
#4569 [PR #2883] [MERGED] Add Whalebird profile
Closed
#4570 [PR #2885] [MERGED] Add new Tor Browser alias
Closed
#4567 [PR #2881] [MERGED] Add Zulip profile
Closed
#4565 [PR #2871] [MERGED] Create rsync.profile
Closed
#4566 [PR #2879] [MERGED] qpdfview: Fix issue when opening a file from file manager
Closed
#4564 [PR #2861] [MERGED] document profile support for allow-debuggers in firejail-profile man page
Closed
#4563 [PR #2870] [CLOSED] Adding sort.py to .travis.yml
Closed
#4562 [PR #2858] [MERGED] issues with electron-based apps. see issue #2854
Closed
#4559 [PR #2851] [MERGED] Update libpostexecseccomp.c
Closed
#4560 [PR #2856] [MERGED] Make 'allow-debuggers' configurable in profiles
Closed
#4561 [PR #2855] [MERGED] ipc-namespace breaks galculator on archlinux
Closed
#4558 [PR #2850] [MERGED] Update pid.c
Closed
#4557 [PR #2848] [MERGED] Sort private-bin in obs.profile
Closed
#4555 [PR #2845] [MERGED] improve support for home directories outside /home
Closed
#4556 [PR #2847] [MERGED] Add redirects for mpg123
Closed
#4553 [PR #2837] [MERGED] Harden qpdfview.profile with nodbus
Closed
#4554 [PR #2844] [MERGED] Fix issue #561. Refactor/Optimize code to get and use pid and process name.
Closed
#4552 [PR #2843] [MERGED] Add OWD and ARGV0 environment variables. Correctly create APPIMAGE envvar.
Closed
#4549 [PR #2832] [MERGED] Add electron4 to allow wire-desktop to launch on Arch Linux
Closed
#4550 [PR #2835] [MERGED] Fix #2834
Closed
#4551 [PR #2836] [MERGED] Add youtube-dl config handling
Closed
#4547 [PR #2827] [MERGED] Fix #2826
Closed
#4548 [PR #2828] [CLOSED] seccomp prevents riot-desktop from launching
Closed
#4544 [PR #2818] [MERGED] profiles: thunderbird: add comment to allow opening links in firefox
Closed
#4545 [PR #2823] [MERGED] Remove mdwe from sqlitebrowser
Closed
#4546 [PR #2825] [MERGED] Fixes #2821, riot-desktop
Closed
#4543 [PR #2819] [MERGED] Add alias for pavucontrol (Qt version)
Closed
#4542 [PR #2822] [MERGED] Unbreak gconf-editor
Closed
#4541 [PR #2817] [MERGED] Revert #2816 (except gconf-editor)
Closed
#4539 [PR #2806] [MERGED] Add fonts to private-etc in udiskie profile
Closed
#4540 [PR #2816] [MERGED] Fixes
Closed
#4538 [PR #2815] [MERGED] Update wording in templates
Closed
#4537 [PR #2814] [MERGED] Change include/redirect logic in autokey profiles
Closed
#4536 [PR #2803] [MERGED] Streamline redirect profiles (follow-up)
Closed
#4535 [PR #2802] [MERGED] Streamline redirect profiles
Closed
#4533 [PR #2800] [MERGED] Hardening a few profiles
Closed
#4534 [PR #2796] [MERGED] Silence xauth output in src/firejail/x11.c
Closed
#4532 [PR #2789] [MERGED] Tighten SSH with nodbus
Closed
#4531 [PR #2788] [MERGED] Arch Linux specific changes
Closed
#4529 [PR #2783] [MERGED] Fix spotify.profile
Closed
#4530 [PR #2785] [MERGED] Fix typo in man firejail [--x11]
Closed
#4527 [PR #2781] [MERGED] allow nodbus in thunderbird profile
Closed
#4528 [PR #2784] [MERGED] Improve profile PRs (Related to #2739)
Closed
#4526 [PR #2779] [MERGED] More sorting private-etc
Closed
#4525 [PR #2780] [MERGED] Sort caps.keep and seccomp.drop options
Closed
#4523 [PR #2778] [MERGED] Sort private-lib
Closed
#4524 [PR #2775] [MERGED] Add profile for udiskie
Closed
#4522 [PR #2774] [MERGED] chromium: disable nodbus
Closed
#4520 [PR #2771] [MERGED] mount new proc filesystem earlier
Closed
#4521 [PR #2773] [MERGED] Refactoring as whitelist profile
Closed
#4519 [PR #2766] [MERGED] automatically fixed all private-{bin,etc} lines
Closed
#4517 [PR #2769] [MERGED] Streamline mdwe comment
Closed
#4518 [PR #2764] [MERGED] Fix youtube video in totem
Closed
#4515 [PR #2759] [MERGED] Mention macros in profile.template
Closed
#4516 [PR #2757] [MERGED] Make it possible for cheese app to save pictures too
Closed
#4514 [PR #2756] [CLOSED] Fix cheese
Closed
#4513 [PR #2753] [MERGED] Add davfs2 secrets file to blacklist
Closed
#4512 [PR #2754] [MERGED] Create syscalls file
Closed
#4509 [PR #2741] [MERGED] Typo fix in brackets.profile
Closed
#4510 [PR #2746] [MERGED] firefox-common-addons.inc: + tridactyl
Closed
#4511 [PR #2751] [MERGED] Make lua commented in profile template
Closed
#4508 [PR #2745] [MERGED] template profile: update private-etc templates
Closed
#4507 [PR #2742] [MERGED] Fix comment in gimp.profile
Closed
#4504 [PR #2734] [MERGED] Add profile for links and xlinks
Closed
#4505 [PR #2737] [MERGED] Fix typo in template
Closed
#4506 [PR #2740] [MERGED] hostname reordering
Closed
#4503 [PR #2736] [MERGED] Create allow-INTERPETER.inc
Closed
#4502 [PR #2735] [MERGED] Extend profile.template with comments
Closed
#4501 [PR #2732] [CLOSED] improve/add support for arbitrary home directories
Closed
#4498 [PR #2724] [MERGED] Create SECURITY.md
Closed
#4499 [PR #2727] [MERGED] Create qgis.profile
Closed
#4500 [PR #2716] [MERGED] Re-add 'shell none' to gpg.profile
Closed
#4497 [PR #2719] [MERGED] Harden gnome-chess
Closed
#4495 [PR #2714] [MERGED] Add meteo-qt info
Closed
#4496 [PR #2715] [MERGED] Add deterministic-exit-code option
Closed
#4493 [PR #2708] [MERGED] Refactor eog and eom profiles with common redirect
Closed
#4494 [PR #2710] [MERGED] Add Microsoft Teams for Linux (Electron) profile
Closed
#4492 [PR #2712] [MERGED] Add private-cwd option to control working directory within jail
Closed
#4491 [PR #2705] [MERGED] Cosmetic changes for pidgin.profile
Closed
#4490 [PR #2704] [MERGED] Create meteo-qt.profile
Closed
#4487 [PR #2694] [MERGED] Propagate --quiet to children Firejail'ed processes
Closed
#4488 [PR #2701] [MERGED] glibc missing O_PATH definition on CentOS 6
Closed
#4489 [PR #2697] [MERGED] dbus: make --nodbus block also system D-Bus socket
Closed
#4486 [PR #2691] [MERGED] cantata.profile
Closed
#4483 [PR #2687] [MERGED] Update keepassxc.profile
Closed
#4484 [PR #2682] [CLOSED] disable seccomp for gimp
Closed
#4485 [PR #2688] [MERGED] nodbus enhancements
Closed
#4482 [PR #2684] [MERGED] Whitespace fix
Closed
#4481 [PR #2680] [MERGED] Mumble: add new path for client data
Closed
#4480 [PR #2679] [MERGED] Add vim syntax and ftdetect files
Closed
#4478 [PR #2674] [MERGED] Comment fixes
Closed
#4479 [PR #2677] [MERGED] Drop noblacklist ${DOWNLOADS} in bitwarden.profile
Closed
#4477 [PR #2676] [MERGED] Refactor min as chromium redirect profile
Closed
#4474 [PR #2660] [MERGED] Gajim: Allow reading of system-wide Flatpak locale
Closed
#4475 [PR #2672] [MERGED] Support Enpass v6
Closed
#4476 [PR #2673] [MERGED] Add Bitwarden profile
Closed
#4472 [PR #2656] [MERGED] Fix PostScript file opening in Evince
Closed
#4473 [PR #2659] [MERGED] SMPlayer: Add support for python and youtube-dl
Closed
#4470 [PR #2652] [MERGED] Profiles for gramps, newsboat and freeoffice
Closed
#4471 [PR #2654] [MERGED] Follow upstream changes in authenticator.profile
Closed
#4469 [PR #2650] [MERGED] fixed electrum not resolving domains
Closed
#4467 [PR #2649] [MERGED] Add a conditional to control DRM/noexec exception for browsers
Closed
#4468 [PR #2651] [MERGED] Add .pythonrc.py to disable-common.inc
Closed
#4465 [PR #2647] [MERGED] More disable-exec stuff
Closed
#4466 [PR #2648] [MERGED] Fixes https://github.com/netblue30/firejail/issues/2547
Closed
#4464 [PR #2641] [MERGED] Add cheese.profile
Closed
#4462 [PR #2640] [MERGED] Fix typo in gnome-chess.profile
Closed
#4463 [PR #2646] [MERGED] Fix networking for transmission-show and transmission-remote
Closed
#4461 [PR #2639] [MERGED] Fix git in some IDE's
Closed
#4460 [PR #2636] [MERGED] Fix assogiate
Closed
#4458 [PR #2634] [MERGED] Temp fix firecfg
Closed
#4459 [PR #2635] [MERGED] Add autokey profiles
Closed
#4457 [PR #2633] [MERGED] private-bin breaks --join for filezilla
Closed
#4455 [PR #2631] [MERGED] Add warning about nodbus breaking evince two-page-view on some systems
Closed
#4456 [PR #2632] [CLOSED] Add ignore for feh to allow internet access
Closed
#4453 [PR #2628] [MERGED] Fixes for man firejail
Closed
#4454 [PR #2627] [MERGED] Fix typo's in firecfg util.c
Closed
#4452 [PR #2630] [MERGED] Fix gnome-logs.profile
Closed
#4450 [PR #2625] [MERGED] add gnuchess to play against computer
Closed
#4451 [PR #2626] [MERGED] Add anki.profile
Closed
#4449 [PR #2615] [MERGED] Add VCS support to meld
Closed
#4447 [PR #2622] [MERGED] Fix dconf-editor access to glib schemas
Closed
#4448 [PR #2620] [MERGED] Refactor pidgin as whitelist profile
Closed
#4446 [PR #2611] [MERGED] Add freemind
Closed
#4444 [PR #2603] [MERGED] Fix assogiate's private-bin
Closed
#4445 [PR #2614] [MERGED] Add kid3, kid3-cli, kid3-qt
Closed
#4443 [PR #2606] [MERGED] Harden easystroke
Closed
#4442 [PR #2604] [MERGED] pavucontrol does not work with ipc-namespace
Closed
#4440 [PR #2601] [MERGED] Follow-up on flatpak/snap support
Closed
#4441 [PR #2602] [MERGED] mount runtime seccomp files read-only
Closed
#4438 [PR #2600] [MERGED] Seahorse revisited
Closed
#4439 [PR #2599] [MERGED] Fix seahorse.profile seahorse-tool.profile
Closed
#4437 [PR #2598] [MERGED] Re-order options in ssh-agent.profile
Closed
#4436 [PR #2596] [MERGED] ffmpegthumbnailer breaks in ranger with private-cache enabled
Closed
#4433 [PR #2588] [MERGED] Streamline 'Allow python' options
Closed
#4434 [PR #2594] [MERGED] Hardening compressors
Closed
#4435 [PR #2595] [MERGED] fixes for aria2c not resolving domain names
Closed
#4432 [PR #2592] [MERGED] Fixes for seahorse/seahorse-tool
Closed
#4429 [PR #2585] [MERGED] Update firejail.txt
Closed
#4430 [PR #2586] [MERGED] Avoid including globals.local twice
Closed
#4431 [PR #2587] [MERGED] Fix incorrect parsing of --keep-var-tmp command
Closed
#4428 [PR #2583] [MERGED] Harden Minetest
Closed
#4427 [PR #2584] [MERGED] Harden youtube-dl.profile
Closed
#4426 [PR #2582] [MERGED] Harden qtox
Closed
#4423 [PR #2576] [MERGED] add disable-exec.inc to all profiles with apparmor
Closed
#4424 [PR #2580] [MERGED] Drop private-home from gucharmap profile
Closed
#4425 [PR #2581] [MERGED] exiftool needs access to the /usr/bin/vendor_perl directory in archlinux
Closed
#4422 [PR #2577] [MERGED] Harden meld.profile
Closed
#4418 [PR #2571] [MERGED] Fixes and comment for eog/eom
Closed
#4420 [PR #2574] [MERGED] Add new profiles for lrzip and friends
Closed
#4421 [PR #2575] [MERGED] Drop ipc-namespace from viewnior.profile
Closed
#4419 [PR #2573] [MERGED] viewnior is completely broken with 'hostname viewnior'
Closed
#4417 [PR #2572] [MERGED] Fix and harden meld
Closed
#4415 [PR #2569] [MERGED] Fix and harden soundconverter
Closed
#4416 [PR #2570] [MERGED] Fix and harden viewnior
Closed
#4413 [PR #2566] [MERGED] Harden gucharmap
Closed
#4414 [PR #2568] [MERGED] Fix simplescreenrecorder
Closed
#4412 [PR #2567] [MERGED] Fix masterpdfeditor
Closed
#4411 [PR #2565] [MERGED] Fixes for gnome-system-log
Closed
#4410 [PR #2562] [MERGED] Harden galculator
Closed
#4408 [PR #2563] [MERGED] Fix gnome-pie
Closed
#4409 [PR #2564] [MERGED] Fix gnome-schedule
Closed
#4407 [PR #2561] [MERGED] Support older versions of font-manager
Closed
#4405 [PR #2559] [MERGED] Fix devhelp
Closed
#4406 [PR #2560] [MERGED] Support older versions of file-roller
Closed
#4404 [PR #2557] [MERGED] Fixes for d-feet
Closed
#4403 [PR #2558] [MERGED] Fix dconf-editor
Closed
#4402 [PR #2556] [MERGED] Fix clawsker for older GTK2 versions
Closed
#4400 [PR #2554] [MERGED] Fix possible typo
Closed
#4401 [PR #2555] [MERGED] Fixes for artha
Closed
#4399 [PR #2553] [MERGED] Update feh-network.inc
Closed
#4397 [PR #2549] [MERGED] Fix #2548
Closed
#4398 [PR #2552] [MERGED] ipc-namespace causing problems with file-roller
Closed
#4395 [PR #2545] [MERGED] More alphabetical ordering of firecfg.config
Closed
#4396 [PR #2546] [MERGED] Add recently added (redirect) profiles to firecfg.conf
Closed
#4393 [PR #2542] [MERGED] Support local override for code-oss
Closed
#4394 [PR #2544] [MERGED] Alphabetical ordering of firecfg.config
Closed
#4392 [PR #2541] [MERGED] Add comments to firefox-common.profile
Closed
#4391 [PR #2540] [MERGED] Add code-oss config directory
Closed
#4389 [PR #2537] [CLOSED] Add ffmpeg redirect profiles to firecfg
Closed
#4390 [PR #2539] [MERGED] Add code-oss profile
Closed
#4387 [PR #2535] [MERGED] Create nomacs.profile
Closed
#4388 [PR #2536] [MERGED] Add fakeroot support for makepkg on Arch
Closed
#4385 [PR #2530] [MERGED] Update evince.profile (add private-cache)
Closed
#4386 [PR #2534] [MERGED] Harden gnome-clocks.profile
Closed
#4383 [PR #2529] [MERGED] Update ffmpeg.profile
Closed
#4384 [PR #2533] [MERGED] Add new ffmpegthumbnailer profile
Closed
#4382 [PR #2532] [MERGED] Add ffmpeg redirect profiles
Closed
#4381 [PR #2528] [MERGED] Add gconf + redirect profiles
Closed
#4379 [PR #2525] [MERGED] Hardening and added network functionality in sqlitebrowser.profile
Closed
#4380 [PR #2527] [MERGED] Fixes for evince profiles
Closed
#4378 [PR #2526] [MERGED] mdwx changes for sysprof profiles
Closed
#4377 [PR #2524] [MERGED] Add dirname to private-bin in spectre-meltdown-checker.profile
Closed
#4375 [PR #2522] [MERGED] Drop hardinfo profile
Closed
#4376 [PR #2523] [MERGED] Fix pavucontrol
Closed
#4373 [PR #2521] [MERGED] Fix typo in gpicview.profile
Closed
#4374 [PR #2517] [MERGED] 'noexec /tmp' not causing the problem i thought it was
Closed
#4372 [PR #2520] [MERGED] Fix typos in geekbench.profile
Closed
#4371 [PR #2516] [MERGED] Refactor Transmission profiles
Closed
#4369 [PR #2512] [CLOSED] Fix machine-id for xfce4-mixerXfce4 mixer
Closed
#4370 [PR #2515] [MERGED] Fix private-lib in regextester profile
Closed
#4368 [PR #2511] [MERGED] Pavucontrol
Closed
#4367 [PR #2510] [MERGED] Fix netactview
Closed
#4365 [PR #2508] [MERGED] Fix regextester
Closed
#4366 [PR #2509] [MERGED] Fix hardinfo
Closed
#4363 [PR #2502] [MERGED] Add new profile for transgui
Closed
#4364 [PR #2504] [CLOSED] mdwx: block memfd_create
Closed
#4362 [PR #2501] [MERGED] Add new profile for sysprof
Closed
#4361 [PR #2500] [MERGED] Add new profile for simplescreenrecorder
Closed
#4358 [PR #2495] [MERGED] Fix mpDris2 for Debian/Ubuntu
Closed
#4359 [PR #2498] [MERGED] Add new profile for geekbench
Closed
#4360 [PR #2499] [MERGED] Add new profile for gnome-schedule
Closed
#4357 [PR #2494] [MERGED] Add new profile for xfce4-mixer
Closed
#4355 [PR #2492] [MERGED] Add new profile for d-feet
Closed
#4356 [PR #2493] [MERGED] Add new profile for pavucontrol
Closed
#4354 [PR #2489] [MERGED] Add new profile for gnome-keyring
Closed
#4352 [PR #2490] [MERGED] Add new profile for secret-tool
Closed
#4353 [PR #2491] [MERGED] Add new profile for seahorse
Closed
#4351 [PR #2488] [MERGED] Add new profile for regextester
Closed
#4348 [PR #2485] [MERGED] Add new profile for gnome-nettool
Closed
#4350 [PR #2487] [MERGED] Add new profile for hardinfo
Closed
#4349 [PR #2486] [MERGED] Add new profile for gnome-system-log
Closed
#4347 [PR #2484] [MERGED] Add new profile for netactview
Closed
#4344 [PR #2478] [MERGED] Remove double entree from bsdtar.profile
Closed
#4345 [PR #2483] [MERGED] Add new profile for redshift
Closed
#4346 [PR #2481] [MERGED] gnome-mpv -> celluloid
Closed
#4342 [PR #2479] [MERGED] Sort items alphabetically in man firejail
Closed
#4343 [PR #2476] [MERGED] Reintroduce whitelist-var-common.inc
Closed
#4338 [PR #2473] [MERGED] Fix inkscape.profile
Closed
#4339 [PR #2469] [MERGED] Harden eog.profile
Closed
#4340 [PR #2474] [MERGED] Streamline Include comment for relevant profiles
Closed
#4341 [PR #2475] [CLOSED] Archivers
Closed
#4337 [PR #2470] [MERGED] Harden gpicview.profile
Closed
#4334 [PR #2466] [MERGED] Harden less.profile
Closed
#4335 [PR #2467] [MERGED] Harden mediainfo.profile
Closed
#4336 [PR #2468] [MERGED] Harden file-roller.profile
Closed
#4333 [PR #2464] [MERGED] Harden img2txt.profile
Closed
#4332 [PR #2465] [MERGED] Harden inkscape.profile
Closed
#4329 [PR #2460] [MERGED] Harden gnome-calculator.profile
Closed
#4330 [PR #2463] [MERGED] Harden gucharmap.profile
Closed
#4331 [PR #2462] [MERGED] Harden gnome-maps.profile
Closed
#4328 [PR #2461] [MERGED] Harden gnome-logs.profile
Closed
#4327 [PR #2459] [MERGED] Harden git.profile
Closed
#4325 [PR #2457] [MERGED] Harden ffmpeg.profile
Closed
#4326 [PR #2458] [MERGED] Harden file.profile
Closed
#4323 [PR #2456] [MERGED] Harden exiftool.profile
Closed
#4324 [PR #2454] [MERGED] Harden dig.profile
Closed
#4322 [PR #2455] [MERGED] Harden enchant.profile
Closed
#4321 [PR #2453] [MERGED] Create new dconf/gsettings profiles
Closed
#4318 [PR #2450] [MERGED] Harden arch-audit.profile
Closed
#4320 [PR #2452] [MERGED] Harden clipit.profile
Closed
#4319 [PR #2445] [CLOSED] Add 'video' to profile options
Closed
#4317 [PR #2451] [MERGED] Harden checkbashisms.profile
Closed
#4315 [PR #2443] [MERGED] Fix include in enchant redirect profiles
Closed
#4316 [PR #2444] [MERGED] Harden gnome-recipes.profile
Closed
#4313 [PR #2441] [MERGED] masterpdfeditor cleanup
Closed
#4314 [PR #2440] [MERGED] Revert machine-id comment mess (part 2)
Closed
#4312 [PR #2442] [MERGED] Add machine-id note to man firejail
Closed
#4311 [PR #2439] [MERGED] Reverts
Closed
#4310 [PR #2438] [MERGED] Add devhelp profile
Closed
#4308 [PR #2436] [MERGED] Add machine-id comment
Closed
#4309 [PR #2437] [MERGED] Streamline machine-id comment
Closed
#4307 [PR #2435] [MERGED] Harden devilspie{2} profiles
Closed
#4306 [PR #2431] [MERGED] fix start-tor-browser.desktop.profile
Closed
#4305 [PR #2430] [CLOSED] Update .travis.yml
Closed
#4303 [PR #2426] [MERGED] Add font-manager profile
Closed
#4304 [PR #2428] [MERGED] Add assogiate profile
Closed
#4302 [PR #2427] [MERGED] Add subdownloader profile
Closed
#4301 [PR #2425] [MERGED] Add exfalso profile
Closed
#4298 [PR #2421] [MERGED] Openssh
Closed
#4299 [PR #2424] [MERGED] Add gconf-editor profile
Closed
#4300 [PR #2423] [MERGED] Add dconf-editor profile
Closed
#4297 [PR #2422] [MERGED] Create nano.profile
Closed
#4295 [PR #2418] [MERGED] Alphabetize fixes for webstorm.profile
Closed
#4296 [PR #2420] [MERGED] Add mpdris2 profile
Closed
#4294 [PR #2415] [MERGED] Add 'alternatives' to all private-etc lines
Closed
#4293 [PR #2409] [MERGED] New profile: webui-aria2
Closed
#4292 [PR #2412] [MERGED] Add profiles for mypaint & mypaint-ora-thumbnailer
Closed
#4290 [PR #2403] [MERGED] minor fixes to keepassxc, thunderbird and pluma
Closed
#4291 [PR #2402] [MERGED] Snap
Closed
#4288 [PR #2392] [MERGED] Add netlink to QMediathekView
Closed
#4289 [PR #2394] [MERGED] changes fixing keepassxc auto-type
Closed
#4287 [PR #2398] [MERGED] Fix snap.profile description
Closed
#4286 [PR #2391] [MERGED] Add a profile for klavaro
Closed
#4285 [PR #2390] [MERGED] Retain local apparmor customizations
Closed
#4283 [PR #2384] [MERGED] remove nodbus from MPRIS client profiles
Closed
#4284 [PR #2382] [CLOSED] Create firefox-wayland.profile
Closed
#4282 [PR #2386] [MERGED] Temporary fix for noexec ${HOME} breakage
Closed
#4281 [PR #2373] [MERGED] Fix gnome-maps
Closed
#4280 [PR #2362] [MERGED] Refactoring github-desktop profile and firecfg
Closed
#4278 [PR #2358] [CLOSED] Update peek.profile
Closed
#4279 [PR #2372] [MERGED] additional blacklisting
Closed
#4277 [PR #2366] [CLOSED] add nyx, crow, fix g earth pro
Closed
#4276 [PR #2356] [MERGED] Unbreak currency conversion for gnome-calculator
Closed
#4274 [PR #2353] [MERGED] Harden gnome-calculator profile
Closed
#4275 [PR #2354] [MERGED] Create gcalccmd.profile
Closed
#4273 [PR #2350] [MERGED] Add new clawsker profile
Closed
#4272 [PR #2352] [MERGED] Harden eog profile
Closed
#4271 [PR #2349] [MERGED] comment machine-id in libreoffice.profile
Closed
#4270 [PR #2347] [MERGED] add google earth pro, update google earth profile
Closed
#4268 [PR #2334] [CLOSED] restrict audacious profile
Closed
#4269 [PR #2344] [MERGED] Update gajim.profile
Closed
#4267 [PR #2331] [CLOSED] update mps-youtube profile
Closed
#4264 [PR #2313] [MERGED] Fix gajim.profile
Closed
#4265 [PR #2328] [MERGED] Fix ocenaudio profile
Closed
#4266 [PR #2327] [MERGED] Correctly set address length in arp frames
Closed
#4263 [PR #2319] [MERGED] Add a profile for ghostwriter
Closed
#4262 [PR #2308] [MERGED] Update disable-common.inc, disable-programs.inc.
Closed
#4261 [PR #2299] [MERGED] fix netstats typo in man firejail
Closed
#4259 [PR #2295] [MERGED] Fix bibletime.profile
Closed
#4260 [PR #2298] [MERGED] New profile for supertuxkart.
Closed
#4258 [PR #2297] [MERGED] enforce nonewprivs instead of seccomp for chroot sandboxes
Closed
#4257 [PR #2294] [MERGED] Add a profile for thunderbird-wayland
Closed
#4256 [PR #2293] [MERGED] enable apparmor in libreoffice profile
Closed
#4254 [PR #2281] [MERGED] restricting more, HOME and tmp in mpsyt.profile
Closed
#4253 [PR #2280] [MERGED] new profile mpsyt.profile
Closed
#4255 [PR #2285] [CLOSED] add HAS_NODBUS conditional, ${RUNUSER} makro
Closed
#4252 [PR #2279] [MERGED] allowing youtube-dl and python in gnome-mpv
Closed
#4250 [PR #2277] [MERGED] New profile ocenaudio
Closed
#4251 [PR #2278] [MERGED] Update kdenlive.profile
Closed
#4248 [PR #2276] [MERGED] refactor private-cache and tmpfs
Closed
#4249 [PR #2272] [MERGED] removing vim and ranger from firecfg
Closed
#4247 [PR #2275] [MERGED] allowing local python* in mpv and youtube-dl #2262
Closed
#4246 [PR #2271] [MERGED] Add quiet option to transmission-cli profile
Closed
#4244 [PR #2265] [MERGED] Misc. typos
Closed
#4245 [PR #2268] [MERGED] Fix easystroke.profile
Closed
#4243 [PR #2266] [MERGED] Consistency fixes for alias profiles
Closed
#4242 [PR #2260] [MERGED] Fix Evince profile
Closed
#4240 [PR #2254] [MERGED] Add better documentation for "-c" option.
Closed
#4241 [PR #2255] [MERGED] Allow prefixing colon to profile argument of --profile to for a profile search
Closed
#4238 [PR #2251] [MERGED] Fix alphabetical sort
Closed
#4239 [PR #2253] [MERGED] Have appimage handling be the same with or with out special -- argument.
Closed
#4237 [PR #2250] [MERGED] Fix spacing in disable-common.inc
Closed
#4236 [PR #2249] [MERGED] Sort whitelist-common.inc alphabetically
Closed
#4234 [PR #2246] [MERGED] Use ${HOME} instead of ~ in dig.profile
Closed
#4235 [PR #2247] [MERGED] Add new config option to disable U2F in browsers, enabled by default
Closed
#4233 [PR #2244] [MERGED] Update file.profile
Closed
#4232 [PR #2245] [MERGED] Add 'quiet' to atool.profile
Closed
#4230 [PR #2241] [MERGED] Fix seccomp in mpd.profile
Closed
#4231 [PR #2243] [MERGED] Fix gpg.profile for Arch users
Closed
#4228 [PR #2237] [MERGED] Update enpass.profile
Closed
#4229 [PR #2240] [MERGED] Fix tar.profile on Debian based distributions
Closed
#4227 [PR #2238] [MERGED] Reorganize whois.profile
Closed
#4226 [PR #2236] [MERGED] Add description to dig.profile
Closed
#4225 [PR #2235] [MERGED] Fix typo in brackets.profile
Closed
#4223 [PR #2218] [MERGED] experimental: remounts child mount points as well
Closed
#4224 [PR #2213] [MERGED] git.profile: Disable blacklist for default Oh My Zsh directory
Closed
#4222 [PR #2227] [MERGED] Expanded the comment about nodbus breaking stuff
Closed
#4221 [PR #2201] [MERGED] Add nou2f to all profiles
Closed
#4220 [PR #2199] [MERGED] Fix #2142: Firefox appimage fails because it needs non-default seccomp
Closed
#4218 [PR #2198] [MERGED] Fix docs to more correctly list the syscalls in the @default seccomp group.
Closed
#4219 [PR #2192] [MERGED] The path in ld.so.preload should point to RUN_FIREJAIL_LIB_DIR, as LIBDIR may not exist.
Closed
#4217 [PR #2193] [MERGED] Make --join return exit code of the invoked program
Closed
#4216 [PR #2191] [MERGED] Update gnome-pie profile
Closed
#4214 [PR #2189] [MERGED] Add Bitwarden to blacklisted PW manager files
Closed
#4215 [PR #2190] [CLOSED] Revert "Fix issue #2148: Make sure firejail can find helper programs in sandbox regardless of options."
Closed
#4213 [PR #2185] [MERGED] New profile masterpdfeditor
Closed
#4212 [PR #2186] [MERGED] Fix issue #2148: Make sure firejail can find helper programs in sandbox regardless of options.
Closed
#4211 [PR #2184] [MERGED] Add artha & nitroshare to disable-programs.inc
Closed
#4209 [PR #2182] [MERGED] New profile mencoder
Closed
#4210 [PR #2183] [MERGED] New profile nitroshare
Closed
#4208 [PR #2180] [MERGED] Create artha.profile
Closed
#4207 [PR #2181] [MERGED] New profile gnome pie
Closed
#4205 [PR #2178] [MERGED] Fix atool for UID/GID > 1000
Closed
#4206 [PR #2179] [MERGED] Add some more cpio aliases
Closed
#4203 [PR #2173] [MERGED] Redirect profiles for bsdtar
Closed
#4204 [PR #2177] [MERGED] Add gzip aliases
Closed
#4202 [PR #2174] [MERGED] Alias profile for xzdec
Closed
#4201 [PR #2172] [MERGED] New profile min
Closed
#4200 [PR #2171] [MERGED] New profile desktop (a.k.a. github-desktop)
Closed
#4198 [PR #2168] [MERGED] New profile devilspie2
Closed
#4199 [PR #2170] [MERGED] New profile easystroke
Closed
#4197 [PR #2169] [MERGED] New profile devilspie
Closed
#4196 [PR #2167] [MERGED] Fix GTK theme and some hardening
Closed
#4194 [PR #2165] [MERGED] Authenticator
Closed
#4195 [PR #2166] [MERGED] Create checkbashisms.profile
Closed
#4193 [PR #2163] [MERGED] Harden strings.profile
Closed
#4192 [PR #2164] [MERGED] New profile aria2c
Closed
#4188 [PR #2157] [CLOSED] Fix 2155 - Add user-profiles configuration option.
Closed
#4189 [PR #2161] [MERGED] Fix file.profile
Closed
#4190 [PR #2158] [MERGED] Add support for rudimentary conditionals in profiles
Closed
#4191 [PR #2162] [MERGED] new profile QMediathekView
Closed
#4187 [PR #2159] [MERGED] allow overriding of disable-mnt with noblacklist
Closed
#4185 [PR #2152] [CLOSED] Improve profile handling
Closed
#4186 [PR #2156] [MERGED] Improve include handling
Closed
#4183 [PR #2141] [MERGED] Update appimage size calculation to newest code from libappimage.
Closed
#4184 [PR #2138] [MERGED] Fix incorrect --list and --tree output under certain circumstances
Closed
#4182 [PR #2144] [MERGED] Write-protection for thumbnailer dir
Closed
#4180 [PR #2131] [MERGED] fixed discord not able to check for updates
Closed
#4181 [PR #2133] [CLOSED] added keep-dev-shm so firefox-sync works
Closed
#4179 [PR #2127] [MERGED] fixed vim missing from firecfg.config
Closed
#4177 [PR #2123] [CLOSED] Fix incorrect whitelist-path handling
Closed
#4178 [PR #2130] [MERGED] FIX-2045: Fix command name parsing for program paths with spaces.
Closed
#4175 [PR #2105] [MERGED] created jdownloader profile
Closed
#4176 [PR #2115] [MERGED] Amend gnome-music profile
Closed
#4174 [PR #2104] [MERGED] hardening evince, dbus not needed
Closed
#4172 [PR #2096] [CLOSED] Remove nogroups from audio player profiles
Closed
#4173 [PR #2094] [MERGED] Update disable-common.inc
Closed
#4168 [PR #2081] [MERGED] Add descriptions to profiles
Closed
#4169 [PR #2091] [CLOSED] Create pybitmessage.profile
Closed
#4170 [PR #2092] [MERGED] Create pybitmessage.profile
Closed
#4171 [PR #2093] [CLOSED] profiles: add auto-generated private-etc lines to all profiles
Closed
#4167 [PR #2079] [MERGED] Add Beaker browser
Closed
#4166 [PR #2076] [MERGED] Add various vim related profiles
Closed
#4165 [PR #2063] [MERGED] created flameshot profile
Closed
#4163 [PR #2060] [MERGED] WIP: Add new disable-xdg.inc
Closed
#4164 [PR #2057] [CLOSED] Make ktorrent actually work
Closed
#4162 [PR #2058] [MERGED] Add netlink protocol
Closed
#4161 [PR #2056] [MERGED] noblacklist added for standardnotes-desktop
Closed
#4159 [PR #2054] [CLOSED] firefox-beta
Closed
#4160 [PR #2055] [MERGED] added firefox-beta.profile
Closed
#4157 [PR #2052] [MERGED] Create standardnotes-desktop.profile
Closed
#4158 [PR #2033] [MERGED] additional whitelist hardening
Closed
#4155 [PR #2022] [MERGED] discord: added localtime and ld.so.cache to private-etc to fix wrong time and "discord: error while loading shared libraries: libstdc++.so.6: cannot open shared object file: No such file or directory"
Closed
#4156 [PR #2025] [MERGED] Creating the gradio profile and editing the geary profile
Closed
#4153 [PR #2012] [MERGED] 7z redirect profiles
Closed
#4154 [PR #2020] [MERGED] Fix Gajim 1.0.3 startup on Fedora 28.
Closed
#4152 [PR #2015] [MERGED] i'm modifying inox-hard (aur)
Closed
#4150 [PR #2007] [MERGED] include globals.local only once
Closed
#4151 [PR #2010] [MERGED] don't include globals.local twice (take two)
Closed
#4148 [PR #2000] [MERGED] Create tor-browser-* directories
Closed
#4149 [PR #2003] [MERGED] Revert private cache enabled by default
Closed
#4147 [PR #1999] [MERGED] Create tor-browser-en directory, add missing bin programs
Closed
#4145 [PR #1997] [MERGED] Add riot-desktop redirect profile, create Riot config directory
Closed
#4146 [PR #1998] [MERGED] Amend Wire profiles
Closed
#4143 [PR #1996] [MERGED] Add gnome-mpv profile
Closed
#4144 [PR #1977] [MERGED] Fix installing skins on qmmp.profile
Closed
#4142 [PR #1976] [MERGED] Fix DjVu opening in Evince
Closed
#4139 [PR #1958] [CLOSED] travis: update to bionic
Closed
#4140 [PR #1936] [CLOSED] add whitelist-common.inc to qmmp profile
Closed
#4141 [PR #1969] [CLOSED] Allow Telegram to use Netlink sockets
Closed
#4137 [PR #1954] [MERGED] Add dictionary access to Slack
Closed
#4138 [PR #1943] [CLOSED] Krita: Enable python and KDE (ksyscoca)
Closed
#4136 [PR #1935] [MERGED] disable tracelog in firefox-common.profile
Closed
#4134 [PR #1933] [MERGED] profile for sayonara player
Closed
#4135 [PR #1934] [MERGED] profile for qmmp
Closed
#4133 [PR #1932] [MERGED] Fixes to make Blender with AMD GPU work under firejail (#1931)
Closed
#4132 [PR #1924] [MERGED] add note for 'volatile' storage support
Closed
#4131 [PR #1923] [MERGED] add disable-interpreters.inc to gnome-logs
Closed
#4129 [PR #1919] [MERGED] Add --keep-var-tmp and associated profile option
Closed
#4130 [PR #1922] [MERGED] Allow GNOME Shell integration in unzip
Closed
#4128 [PR #1918] [MERGED] priv tweak
Closed
#4127 [PR #1916] [MERGED] Amend WebStorm profile
Closed
#4126 [PR #1915] [MERGED] Add nvm to list of disabled interpreters
Closed
#4125 [PR #1914] [MERGED] Update Gajim profile
Closed
#4123 [PR #1910] [MERGED] Add XMind profile
Closed
#4124 [PR #1911] [MERGED] Enable KVM on Android Studio
Closed
#4122 [PR #1909] [MERGED] Add AnyDesk profile
Closed
#4119 [PR #1903] [MERGED] priv tweaks
Closed
#4120 [PR #1905] [MERGED] typo in disable-common.inc
Closed
#4121 [PR #1906] [MERGED] Re-enable join-or-start
Closed
#4117 [PR #1904] [MERGED] avoid TESTING warning in firefox-common-addons.inc
Closed
#4118 [PR #1900] [MERGED] Add WebStorm profile
Closed
#4116 [PR #1898] [MERGED] Add CLion profile
Closed
#4115 [PR #1894] [MERGED] Repairing programs
Closed
#4113 [PR #1892] [MERGED] correct spelling
Closed
#4114 [PR #1891] [MERGED] Fix firefox common addons
Closed
#4112 [PR #1890] [MERGED] fix bitblbee doubled-up private-dev option
Closed
#4108 [PR #1884] [MERGED] Add Discord profile
Closed
#4109 [PR #1881] [CLOSED] Allow firefox to access proxychains' local config.
Closed
#4110 [PR #1888] [MERGED] Amend Discord profile
Closed
#4111 [PR #1886] [MERGED] allow java in some more profiles
Closed
#4107 [PR #1882] [MERGED] Fix profile for last version (musixmatch)
Closed
#4103 [PR #1870] [MERGED] atool fixes
Closed
#4104 [PR #1873] [MERGED] atool 'redirect' profiles
Closed
#4105 [PR #1874] [CLOSED] fix settings - disable nodus
Closed
#4106 [PR #1875] [MERGED] fix sqlitebrowser blacklist
Closed
#4102 [PR #1868] [MERGED] Disable memory-deny-write-execute
Closed
#4101 [PR #1867] [MERGED] Soundconverter needs python
Closed
#4098 [PR #1863] [MERGED] Config support fixup
Closed
#4099 [PR #1864] [MERGED] Update enchant profile
Closed
#4100 [PR #1865] [CLOSED] Potential fixes for Firefox 60
Closed
#4097 [PR #1862] [MERGED] consistent pid/PID usage
Closed
#4096 [PR #1861] [MERGED] mpd config modernizing
Closed
#4093 [PR #1859] [MERGED] Allow perl
Closed
#4094 [PR #1854] [MERGED] add --noautopulse arg for complex pulse setups
Closed
#4095 [PR #1860] [MERGED] syntax fixup
Closed
#4092 [PR #1853] [MERGED] Create gnome-logs.profile
Closed
#4090 [PR #1851] [MERGED] Fix private-lib
Closed
#4091 [PR #1852] [MERGED] Fix private-lib again
Closed
#4089 [PR #1849] [MERGED] Added a basic profile for gcloud
Closed
#4088 [PR #1848] [MERGED] Add a section for cloud-providers to the default block-list
Closed
#4087 [PR #1843] [MERGED] recalibrate dbus access, deploy nodbus option
Closed
#4085 [PR #1837] [MERGED] WIP: Blacklist common programming interpreters.
Closed
#4086 [PR #1840] [CLOSED] fix immutable settings
Closed
#4083 [PR #1835] [MERGED] Adding thunderbird-beta and Blender-28
Closed
#4084 [PR #1830] [CLOSED] whitelist-common.inc fixes for several profiles
Closed
#4082 [PR #1831] [MERGED] private-lib fix
Closed
#4080 [PR #1828] [MERGED] gnome-recipes profile
Closed
#4081 [PR #1829] [MERGED] evince fixes
Closed
#4079 [PR #1825] [CLOSED] WIP: Recalibration of D-Bus access, see #1822
Closed
#4077 [PR #1821] [CLOSED] Musixmatch support
Closed
#4078 [PR #1827] [MERGED] Add support for the devil musixmatch
Closed
#4074 [PR #1802] [CLOSED] Don't enable profiles which may be used for system administrtion
Closed
#4075 [PR #1806] [CLOSED] kate: allow system-wide read access
Closed
#4076 [PR #1820] [MERGED] Fix compilation with musl
Closed
#4072 [PR #1787] [MERGED] .Xauthority moved from blacklist to read-only
Closed
#4073 [PR #1783] [CLOSED] viewnior needs access to X
Closed
#4069 [PR #1777] [MERGED] playonlinux: unblacklist perl usage
Closed
#4070 [PR #1779] [MERGED] Add a profile for Vivaldi Snapshot
Closed
#4071 [PR #1780] [MERGED] Add a profile for bitcoin-qt
Closed
#4068 [PR #1776] [MERGED] Apparmor: blacklist /proc and /sys access from firejail
Closed
#4067 [PR #1775] [MERGED] Apparmor: don't duplicate userspace /run/user restrictions
Closed
#4065 [PR #1766] [MERGED] Apparmor: fix various denials
Closed
#4066 [PR #1774] [MERGED] Unify all Chromium and Firefox based browser profiles
Closed
#4063 [PR #1763] [MERGED] Update remmina.profile
Closed
#4064 [PR #1764] [MERGED] Add seccomp filters for remmina, from an strace session connecting via RDP
Closed
#4062 [PR #1762] [MERGED] add localtime to private-etc to make qtox show correct time
Closed
#4058 [PR #1744] [MERGED] fixes for the keepassxc 2.2.5 version
Closed
#4059 [PR #1758] [MERGED] Apparmor: minor fixes
Closed
#4060 [PR #1745] [MERGED] Apparmor: restrict access to writable files
Closed
#4061 [PR #1761] [MERGED] Allow Spotify to run Zenity
Closed
#4057 [PR #1751] [MERGED] chromium canary (inox-family)
Closed
#4056 [PR #1738] [MERGED] add new syscalls from glibc 2.26-10
Closed
#4055 [PR #1715] [MERGED] Create discord-canary.profile
Closed
#4053 [PR #1714] [CLOSED] Create Popcorn-Time.profile
Closed
#4054 [PR #1733] [MERGED] chore(.gitignore) ignore built packages
Closed
#4052 [PR #1713] [MERGED] Apparmor: fix broken file dialogs in kde plasma
Closed
#4048 [PR #1701] [MERGED] tor flavours
Closed
#4050 [PR #1708] [MERGED] Fix #1702 - Couldn't start 'minetest' in Debian Testing
Closed
#4051 [PR #1710] [MERGED] Add profile for "playonlinux"
Closed
#4049 [PR #1704] [MERGED] Add "sylpheed" to profiles
Closed
#4047 [PR #1706] [MERGED] Blacklist the Dash Core wallet directory
Closed
#4044 [PR #1689] [MERGED] disable-common.inc: read-only access to ~/.ssh/authorized_keys
Closed
#4045 [PR #1697] [MERGED] Blacklist the monero wallets directory
Closed
#4046 [PR #1700] [MERGED] inox edgy flavours fix (doesnt work history and extensions)
Closed
#4042 [PR #1696] [MERGED] Blacklist ~/.ethereum
Closed
#4043 [PR #1691] [MERGED] Fix Deluge
Closed
#4040 [PR #1681] [MERGED] Profiles updates
Closed
#4041 [PR #1687] [MERGED] Added environment variable QML_DISABLE_DISK_CACHE=1 to okular.profile.
Closed
#4037 [PR #1664] [MERGED] qtox needs libstdc++.so.6
Closed
#4038 [PR #1676] [MERGED] libtrace/libtrace.c: add missing limits.h include
Closed
#4039 [PR #1662] [MERGED] In Testing: (Re)add disable-mnt to common browser profiles.
Closed
#4036 [PR #1657] [MERGED] Blacklist s3cmd and s3fs configs
Closed
#4035 [PR #1617] [CLOSED] Merge pull request #1 from netblue30/master
Closed
#4033 [PR #1643] [MERGED] Update franz.profile to work with version 5 upwards
Closed
#4034 [PR #1647] [MERGED] Blacklist the Electron Cash Wallet
Closed
#4032 [PR #1637] [MERGED] profiles: keepassxc: add machine-id to private-etc
Closed
#4030 [PR #1604] [MERGED] Addition of RLIMIT_AS
Closed
#4031 [PR #1613] [CLOSED] Add Popcorn-Time profile
Closed
#4028 [PR #1596] [MERGED] Update manpages to use HTTPS links
Closed
#4029 [PR #1593] [MERGED] Create signal-desktop.profile
Closed
#4027 [PR #1587] [MERGED] Enumerate root directories in apparmor profile
Closed
#4024 [PR #1565] [MERGED] Some profiles
Closed
#4025 [PR #1577] [MERGED] Update waterfox.profile
Closed
#4026 [PR #1582] [MERGED] Add profile for gnome-ring
Closed
#4022 [PR #1561] [MERGED] fix usage of STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 in steam.profile
Closed
#4023 [PR #1571] [MERGED] Update quiterss.profile
Closed
#4021 [PR #1558] [MERGED] Set shell none for ssh-agent configuration
Closed
#4019 [PR #1554] [CLOSED] harden corebird
Closed
#4020 [PR #1555] [MERGED] Upstream many profiles from various sources
Closed
#4018 [PR #1551] [MERGED] little KDE app enhancements
Closed
#4017 [PR #1552] [MERGED] Add a profile for Terasology
Closed
#4014 [PR #1542] [MERGED] Update waterfox.profile
Closed
#4015 [PR #1548] [MERGED] goobox enhancements
Closed
#4016 [PR #1549] [MERGED] harden baloo, clementine
Closed
#4013 [PR #1544] [MERGED] localhost mail fix for mutt
Closed
#4012 [PR #1538] [MERGED] Fix gitg diff not showing
Closed
#4011 [PR #1536] [MERGED] Add a profile for Minetest
Closed
#4009 [PR #1528] [MERGED] syscalls blacklisted twice
Closed
#4010 [PR #1533] [MERGED] remount ~/.config/pulse with noexec
Closed
#4007 [PR #1532] [MERGED] Fix broken audio in Slack
Closed
#4008 [PR #1530] [MERGED] cleanup snap profile
Closed
#4004 [PR #1523] [MERGED] add smtube (add-on for smplayer) to private-bin
Closed
#4005 [PR #1526] [MERGED] tighten some capability sets further
Closed
#4006 [PR #1524] [MERGED] firejail profile for smtube
Closed
#4003 [PR #1517] [MERGED] Added profile for yandex-browser (beta)
Closed
#4002 [PR #1519] [MERGED] Add a profile for Yandex Browser
Closed
#3999 [PR #1512] [MERGED] Fix logging for servers
Closed
#4001 [PR #1515] [MERGED] Fix Spotify #1513
Closed
#4000 [PR #1503] [MERGED] enhance and fix profiles (mostly novideo additions)
Closed
#3998 [PR #1511] [MERGED] improve servers, harden musescore
Closed
#3997 [PR #1501] [MERGED] Tweak itch.io profile
Closed
#3996 [PR #1500] [MERGED] firejail profile for itch.io desktop app
Closed
#3995 [PR #1496] [MERGED] Fix MulitMC5 and Xonotic
Closed
#3993 [PR #1495] [MERGED] Support for gnome-shell integration extension in Waterfox
Closed
#3994 [PR #1493] [MERGED] Fix #1492
Closed
#3992 [PR #1494] [MERGED] Allow private-bin parameters to be absolute paths
Closed
#3991 [PR #1489] [MERGED] profile fixes and enhancements
Closed
#3990 [PR #1488] [MERGED] Various changes
Closed
#3988 [PR #1485] [MERGED] Add pass to common blacklist
Closed
#3987 [PR #1484] [MERGED] Fix Gnome 2048 under wayland
Closed
#3989 [PR #1483] [MERGED] fix simple-scan
Closed
#3985 [PR #1477] [MERGED] new MuseScore profile
Closed
#3986 [PR #1482] [MERGED] Update waterfox.profile
Closed
#3983 [PR #1472] [MERGED] unbreak k3b
Closed
#3984 [PR #1475] [MERGED] some fixes and enhancements
Closed
#3982 [PR #1473] [CLOSED] Dino: Fix file downloads
Closed
#3979 [PR #1466] [MERGED] Fix nodvd placement
Closed
#3980 [PR #1468] [MERGED] firejail profile for torbrowser-launcher
Closed
#3981 [PR #1469] [MERGED] Add novideo and noexec /tmp to Tor browsers
Closed
#3977 [PR #1461] [MERGED] Fix notv placement
Closed
#3978 [PR #1465] [MERGED] fix smplayer for mpv
Closed
#3975 [PR #1453] [MERGED] Add TuxGuitar profile
Closed
#3976 [PR #1460] [MERGED] fix tuxguitar comments
Closed
#3974 [PR #1451] [MERGED] more novideo options, enhanced mediathekview
Closed
#3972 [PR #1449] [CLOSED] Add License field to Debian control file
Closed
#3973 [PR #1452] [MERGED] Add a profile alias for Firefox Nightly
Closed
#3971 [PR #1448] [MERGED] Match RPM license tag with license set in COPYING
Closed
#3969 [PR #1444] [MERGED] Harden 18 profiles using private-bin
Closed
#3970 [PR #1445] [CLOSED] comment private-dev in VLC
Closed
#3968 [PR #1443] [MERGED] Automatically build each commit on Travis CI and upload
Closed
#3967 [PR #1442] [MERGED] various little profile fixes and enhancements
Closed
#3966 [PR #1438] [MERGED] Change KDE4 services folder to read-only
Closed
#3965 [PR #1437] [MERGED] fix steam startup with >=llvm-4
Closed
#3963 [PR #1435] [MERGED] Update firecfg.config and add a wireshark-* alias
Closed
#3964 [PR #1433] [MERGED] various profile fixes
Closed
#3962 [PR #1436] [MERGED] Add a profile for Gnome Twitch
Closed
#3959 [PR #1427] [MERGED] Unify all profiles
Closed
#3961 [PR #1432] [MERGED] Gwenview: drop kbuildsycoca5 from private-bin
Closed
#3960 [PR #1431] [MERGED] Add 8 new profiles
Closed
#3957 [PR #1428] [MERGED] Change ${HOME}/.local/share/kservices5 to read-only
Closed
#3958 [PR #1430] [MERGED] profile fixes
Closed
#3956 [PR #1426] [MERGED] Apparmor: add local configuration
Closed
#3955 [PR #1424] [MERGED] Apparmor: update whitelist path for kde
Closed
#3953 [PR #1423] [MERGED] Add some /proc dirs to firejail apparmor profile
Closed
#3954 [PR #1421] [MERGED] Fix #1420
Closed
#3952 [PR #1416] [MERGED] telegram is called telegram-desktop in Debian
Closed
#3951 [PR #1415] [MERGED] Tentative implementation for #1405
Closed
#3950 [PR #1412] [MERGED] Improve loading of seccomp filter and memory-deny-write-execute feature
Closed
#3947 [PR #1411] [MERGED] Add a profile for arm
Closed
#3948 [PR #1409] [MERGED] Fix typo for fnet moveif invocation on 2nd interface.
Closed
#3949 [PR #1410] [MERGED] Improve seccomp printing
Closed
#3945 [PR #1407] [MERGED] Add Electron and Riot profiles
Closed
#3946 [PR #1408] [MERGED] Zoom cache dir
Closed
#3944 [PR #1403] [MERGED] Block some obsolete or unusual syscalls
Closed
#3942 [PR #1402] [MERGED] /proc/sys can be nosuid,noexec,nodev
Closed
#3943 [PR #1399] [MERGED] Private /lib feature
Closed
#3940 [PR #1394] [MERGED] Fix typo usr->user
Closed
#3941 [PR #1397] [MERGED] Add access to trash for eog
Closed
#3939 [PR #1393] [MERGED] Improve mount handling
Closed
#3938 [PR #1390] [MERGED] Fix #1383
Closed
#3937 [PR #1389] [CLOSED] Fix wget breaking rkhunter
Closed
#3935 [PR #1379] [MERGED] Add quiet to exiftool profile
Closed
#3936 [PR #1380] [CLOSED] tidy up of disable-common.inc
Closed
#3933 [PR #1377] [MERGED] Fix .java after e2449ae7d25925cec444ac08bbfb9cbc7199e647
Closed
#3934 [PR #1374] [MERGED] Add profiles for IntelliJ IDEA and Android Studio
Closed
#3932 [PR #1373] [MERGED] Add a profile for SILENTARMY
Closed
#3931 [PR #1372] [MERGED] Fix permission denied for chromium-flags.conf in Arch
Closed
#3929 [PR #1367] [MERGED] Harden profiles
Closed
#3930 [PR #1369] [MERGED] Add profile for Peek
Closed
#3927 [PR #1363] [MERGED] Allow ~/.netrc for youtube-dl
Closed
#3928 [PR #1365] [MERGED] Harden 50 profiles
Closed
#3923 [PR #1358] [MERGED] fix empty-string assignment
Closed
#3924 [PR #1354] [MERGED] More fixes for #1349 and 1acfd077b124cbfc8ed257f0c0aacf4f4cbaba38
Closed
#3925 [PR #1359] [MERGED] Fix race condition when setting up /run/firejail files (#1013)
Closed
#3926 [PR #1360] [MERGED] Allow env for youtube-dl in mpv profile
Closed
#3922 [PR #1357] [MERGED] Add profile for Liferea
Closed
#3920 [PR #1343] [MERGED] Fix typo in usage example command
Closed
#3921 [PR #1345] [MERGED] Update Waterfox and Cyberfox profile
Closed
#3918 [PR #1317] [MERGED] Fix lintian warning package-contains-timestamped-gzip
Closed
#3919 [PR #1322] [MERGED] Add profile for Waterfox and update profile for Cyberfox
Closed
#3917 [PR #1315] [CLOSED] pulseaudio with whitelisting
Closed
#3916 [PR #1307] [MERGED] minor bugfix: Correctly dereference "subdirname" variable
Closed
#3914 [PR #1295] [MERGED] Clementine seccomp update
Closed
#3915 [PR #1304] [MERGED] gnome-calculator profile fix
Closed
#3913 [PR #1297] [MERGED] Add fish-shell history and config to disable-common.inc
Closed
#3912 [PR #1296] [MERGED] WIP: --novideo option
Closed
#3909 [PR #1278] [MERGED] make seccomp optional again
Closed
#3911 [PR #1288] [MERGED] added floader files
Closed
#3908 [PR #1279] [MERGED] Fix VLC GUI artifacts #1277
Closed
#3910 [PR #1284] [MERGED] allow python and python3 for youtube-dl in MPV profile
Closed
#3907 [PR #1283] [CLOSED] allow python3 for youtube-dl in MPV profile
Closed
#3906 [PR #1270] [MERGED] completing noexec
Closed
#3905 [PR #1269] [MERGED] gimp profile fix
Closed
#3902 [PR #1265] [MERGED] blacklist keepass plugins
Closed
#3903 [PR #1266] [MERGED] harden baloo_file
Closed
#3904 [PR #1263] [CLOSED] Disable file managers from firecfg by default
Closed
#3901 [PR #1262] [MERGED] complete icons whitelist
Closed
#3899 [PR #1254] [MERGED] Prevent running shells recursively
Closed
#3900 [PR #1260] [MERGED] blacklist file-manager python scripts
Closed
#3898 [PR #1253] [MERGED] Add overlay configuration to profiles
Closed
#3897 [PR #1252] [MERGED] update k3b profile
Closed
#3896 [PR #1242] [CLOSED] Add noexec ~/.local/share to all profiles using noexec ~
Closed
#3894 [PR #1239] [MERGED] noexec ~/.local/share
Closed
#3895 [PR #1232] [MERGED] Harden more profiles
Closed
#3892 [PR #1228] [MERGED] Add a profile for Viking
Closed
#3893 [PR #1229] [MERGED] Add some programs to firecfg
Closed
#3889 [PR #1223] [MERGED] Add a profile for Arduino IDE
Closed
#3890 [PR #1226] [MERGED] Harden 8 more profiles
Closed
#3891 [PR #1225] [MERGED] Add a profile for youtube-dl
Closed
#3887 [PR #1222] [MERGED] Add a profile for meld
Closed
#3888 [PR #1224] [MERGED] Fix gtk theme loading in Dino
Closed
#3885 [PR #1220] [MERGED] Harden some profiles
Closed
#3886 [PR #1221] [MERGED] Add a profile for Kodi
Closed
#3883 [PR #1209] [MERGED] --quiet fixes
Closed
#3884 [PR #1214] [MERGED] make Baloo experiment more meaningful
Closed
#3882 [PR #1219] [MERGED] Add a profile for Dino
Closed
#3880 [PR #1208] [MERGED] fix baloo_file.profile (x11 isolation)
Closed
#3881 [PR #1207] [MERGED] Fix fj-mkdeb.py not functional when installed
Closed
#3879 [PR #1205] [MERGED] Add a script to build a .deb with custom configure options
Closed
#3877 [PR #1201] [MERGED] new baloo profile
Closed
#3878 [PR #1198] [MERGED] Okular and Gwenview profiles, Baloo blacklist
Closed
#3876 [PR #1195] [MERGED] blacklist attic and borg
Closed
#3875 [PR #1194] [MERGED] various profile enhancements
Closed
#3873 [PR #1188] [CLOSED] Allow fish_config
Closed
#3874 [PR #1190] [MERGED] mediathekview profile
Closed
#3872 [PR #1186] [MERGED] Add Go, Rust, and OpenSSL to disable-devel.conf
Closed
#3870 [PR #1182] [MERGED] tidy up
Closed
#3871 [PR #1184] [MERGED] add new syscalls in default seccomp filter
Closed
#3868 [PR #1174] [MERGED] firejail.config cleanup
Closed
#3869 [PR #1177] [MERGED] various profile fixes and enhancements
Closed
#3867 [PR #1181] [MERGED] restrict more KDE files
Closed
#3866 [PR #1166] [MERGED] blacklist more KDE files
Closed
#3865 [PR #1165] [MERGED] blacklist krunnerrc
Closed
#3863 [PR #1164] [MERGED] firecfg: create ~/.local/share/applications directory if it doesn't exist
Closed
#3864 [PR #1159] [MERGED] Adds icedove directories in thunderbird profile
Closed
#3862 [PR #1163] [MERGED] blacklist more KDE files
Closed
#3858 [PR #1154] [MERGED] New profile: mousepad
Closed
#3859 [PR #1155] [MERGED] enable/disable join support in /etc/firejail/firejail.config
Closed
#3860 [PR #1153] [MERGED] syscall list update
Closed
#3861 [PR #1156] [MERGED] profile enhancements
Closed
#3857 [PR #1152] [MERGED] blacklist X11 startup scripts
Closed
#3855 [PR #1149] [MERGED] complete autostart blacklist for KDE
Closed
#3856 [PR #1151] [MERGED] Handles #1150
Closed
#3854 [PR #1147] [MERGED] profile for scribus
Closed
#3852 [PR #1145] [CLOSED] profile for engrampa
Closed
#3853 [PR #1146] [MERGED] profile for engrampa
Closed
#3849 [PR #1108] [MERGED] Thunar
Closed
#3850 [PR #1124] [MERGED] keepass browser integration, lastpass
Closed
#3851 [PR #1118] [MERGED] fixing and tidying up Keepass(x) profiles
Closed
#3848 [PR #1106] [MERGED] Tighten keepassx
Closed
#3847 [PR #1103] [MERGED] Update unbound profile to block 3D acceleration.
Closed
#3846 [PR #1100] [CLOSED] Rewrite X11 handling and add --x11=xvfb mode.
Closed
#3843 [PR #1089] [MERGED] Security filters
Closed
#3844 [PR #1079] [MERGED] fixing --hosts-file privelege check
Closed
#3845 [PR #1099] [MERGED] added iridium browser profile
Closed
#3842 [PR #1068] [MERGED] Fix for uudeview
Closed
#3839 [PR #1060] [MERGED] added uzbl-browser.profile (refs #825)
Closed
#3840 [PR #1062] [MERGED] Add support for joining a persistent, named network namespace.
Closed
#3841 [PR #1064] [MERGED] Prevent tmux connecting to an existing session
Closed
#3838 [PR #1061] [MERGED] uzbl-browser.profile: enabled support for pass password-manager
Closed
#3837 [PR #1056] [MERGED] blacklist GNOME keyring and Konqueror
Closed
#3836 [PR #1053] [MERGED] added update scripts
Closed
#3835 [PR #1044] [MERGED] Make ~/.local read-only
Closed
#3833 [PR #1036] [MERGED] disable-common: Make directories commonly found in $PATH read-only
Closed
#3834 [PR #1052] [MERGED] etc/Cryptocat: Fix missing app name
Closed
#3832 [PR #1037] [MERGED] typo in changelog
Closed
#3829 [PR #1027] [MERGED] Reference new CVEs
Closed
#3831 [PR #1034] [MERGED] etc: Support local customizations in *.inc
Closed
#3828 [PR #1033] [MERGED] evolution.profile: add local mail dirs
Closed
#3830 [PR #1035] [MERGED] disable-common: Make mutt and msmtp's rc files read-only
Closed
#3827 [PR #1026] [MERGED] Reference new CVEs
Closed
#3826 [PR #1025] [MERGED] Add references to CVEs in release notes
Closed
#3825 [PR #1024] [MERGED] Add references to CVEs in release notes
Closed
#3823 [PR #1010] [MERGED] Don't touch aliases
Closed
#3824 [PR #1017] [MERGED] Add FossaMail profile
Closed
#3822 [PR #1021] [MERGED] Improved fix_private-bin.py a bit: added commandline arguments, metainfo and breadth-first search
Closed
#3820 [PR #1006] [MERGED] Update gnome-mplayer.profile
Closed
#3821 [PR #1009] [CLOSED] Blacklists common mount points like /mnt
Closed
#3818 [PR #1004] [MERGED] allow multiple private-argv
Closed
#3819 [PR #1002] [MERGED] main: guess_shell: use $SHELL variable if set
Closed
#3817 [PR #994] [MERGED] profile improvements
Closed
#3816 [PR #993] [MERGED] Replace keepassx whitelisting with keepass whitelisting
Closed
#3814 [PR #988] [MERGED] Added symlink fixer.
Closed
#3815 [PR #991] [MERGED] appimage: pass commandline arguments
Closed
#3812 [PR #979] [MERGED] Correct skanlite.profile
Closed
#3813 [PR #990] [MERGED] Implement the --allow-private-blacklist option
Closed
#3811 [PR #978] [MERGED] Add keepassx2 profile
Closed
#3809 [PR #962] [MERGED] Correct and tighten QuiteRss profile
Closed
#3810 [PR #967] [MERGED] make ipc blacklist more reliable
Closed
#3808 [PR #960] [MERGED] block dbus ipc
Closed
#3807 [PR #963] [MERGED] Wireshark
Closed
#3803 [PR #949] [MERGED] gajim fix
Closed
#3804 [PR #953] [MERGED] Added profiles for truecrypt and zuluCrypt
Closed
#3805 [PR #951] [MERGED] blacklisted various program files
Closed
#3806 [PR #957] [MERGED] qutebrowser fixes
Closed
#3802 [PR #946] [MERGED] Added 10 new profiles
Closed
#3801 [PR #945] [MERGED] Cryptocat
Closed
#3799 [PR #943] [CLOSED] Fixed buggy typo (my fault)
Closed
#3800 [PR #936] [MERGED] added wget profile
Closed
#3798 [PR #941] [MERGED] New profiles: pluma and xed
Closed
#3797 [PR #924] [MERGED] Many new profiles
Closed
#3796 [PR #923] [MERGED] explain audit for seccomp logging
Closed
#3795 [PR #920] [MERGED] various fixes
Closed
#3793 [PR #916] [MERGED] fixed missing profiles
Closed
#3794 [PR #912] [MERGED] Guayadeque profile
Closed
#3792 [PR #901] [MERGED] do not blacklist msmtprc in mutt
Closed
#3790 [PR #899] [MERGED] Blacklist ecryptfs files
Closed
#3791 [PR #900] [MERGED] completed ecryptfs blacklist
Closed
#3788 [PR #891] [MERGED] various changes
Closed
#3789 [PR #898] [MERGED] adopted wire profile
Closed
#3787 [PR #893] [MERGED] Added profile for zoom.us messanger
Closed
#3786 [PR #890] [MERGED] Improvements for Zathura profile
Closed
#3785 [PR #878] [MERGED] Adding XDG-compat fontconfig's fonts path
Closed
#3783 [PR #874] [MERGED] Minor fixes
Closed
#3784 [PR #885] [MERGED] Added a profile for mumble
Closed
#3782 [PR #881] [MERGED] Added profiles for display (imagemagick) and wire
Closed
#3780 [PR #866] [CLOSED] blacklisted common suid programms
Closed
#3781 [PR #872] [MERGED] Extra profiles
Closed
#3779 [PR #871] [MERGED] Alphabetise
Closed
#3777 [PR #867] [MERGED] Misc fixes
Closed
#3778 [PR #870] [MERGED] Tightened Spotify profile
Closed
#3776 [PR #865] [MERGED] added profiles for eog and evolution
Closed
#3774 [PR #859] [MERGED] added /srv in whitelist option
Closed
#3775 [PR #860] [MERGED] Whitelist Arch's chromium-flags.conf to Chromium
Closed
#3773 [PR #857] [MERGED] add xpdf profile
Closed
#3772 [PR #856] [MERGED] minor fixes
Closed
#3770 [PR #851] [MERGED] fixed database not found error
Closed
#3771 [PR #854] [MERGED] new profiles
Closed
#3768 [PR #835] [MERGED] fixed recovery issue
Closed
#3769 [PR #852] [MERGED] Allow evince to access /tmp
Closed
#3767 [PR #830] [CLOSED] fixed issue with /sbin and /usr/sbin
Closed
#3765 [PR #828] [MERGED] hardened profiles and fixed blacklisting
Closed
#3766 [PR #829] [MERGED] Fix typos found by lintian
Closed
#3762 [PR #822] [MERGED] If .Xauthority is symlink, skip and warn
Closed
#3763 [PR #819] [CLOSED] Yet another atempt to improve CVE-2016-7545 fix
Closed
#3764 [PR #826] [MERGED] Added profiles for feh, ranger and zathura
Closed
#3759 [PR #808] [MERGED] Added tracelog
Closed
#3760 [PR #813] [CLOSED] Quickfix for problem found in SELinux that affects Firejail too.
Closed
#3761 [PR #815] [MERGED] CVE-2016-7545 fix improvement
Closed
#3757 [PR #809] [MERGED] Fixed typo in comment
Closed
#3758 [PR #805] [MERGED] join-or-start option
Closed
#3755 [PR #798] [MERGED] Quiet SSH config
Closed
#3756 [PR #790] [MERGED] Update okular.profile
Closed
#3752 [PR #776] [MERGED] small --x11=block fixes
Closed
#3753 [PR #782] [MERGED] Accept /mnt in --whitelist option
Closed
#3754 [PR #788] [MERGED] Add netlink to --protocols in steam profile
Closed
#3750 [PR #771] [MERGED] use enum for enumeration
Closed
#3751 [PR #773] [MERGED] Add option to block X11
Closed
#3749 [PR #769] [MERGED] xpra fix
Closed
#3748 [PR #766] [MERGED] fix read_pid
Closed
#3747 [PR #763] [MERGED] small fixes
Closed
#3746 [PR #761] [MERGED] minor fixes
Closed
#3743 [PR #755] [MERGED] Profile tightening
Closed
#3744 [PR #753] [MERGED] Fix chmod/umask problem
Closed
#3745 [PR #758] [MERGED] Option to fix .desktop files for firecfg
Closed
#3742 [PR #757] [MERGED] extra dosbox files
Closed
#3738 [PR #735] [MERGED] Fix error in Slack profile
Closed
#3739 [PR #751] [MERGED] Fix spelling error
Closed
#3740 [PR #742] [MERGED] Tighten security
Closed
#3741 [PR #752] [MERGED] another typo
Closed
#3737 [PR #743] [MERGED] additional batch of chown/chmod changes
Closed
#3735 [PR #729] [MERGED] run_no_sandbox fix
Closed
#3733 [PR #727] [MERGED] Small fixes (icecat.profile, disable-common.inc and whitelist-common.inc)
Closed
#3734 [PR #724] [MERGED] Fix Spotify - "private-bin spotify" prevents Spotify loading
Closed
#3736 [PR #734] [MERGED] join fixes
Closed
#3732 [PR #728] [MERGED] Add profile for Gajim IM client
Closed
#3729 [PR #714] [MERGED] Fixes remaining issues related to #704
Closed
#3730 [PR #722] [MERGED] tightened profiles
Closed
#3731 [PR #723] [MERGED] Add profile support for Slack
Closed
#3727 [PR #716] [MERGED] Create inox.profile
Closed
#3728 [PR #717] [MERGED] x11 fixes
Closed
#3723 [PR #709] [MERGED] Gather shell selection code in one place
Closed
#3724 [PR #702] [MERGED] Added more overlay options
Closed
#3725 [PR #711] [MERGED] Sandy shores
Closed
#3726 [PR #713] [MERGED] Fixed #712
Closed
#3722 [PR #701] [MERGED] rewrite of X11 support
Closed
#3718 [PR #694] [MERGED] typo #688
Closed
#3720 [PR #695] [MERGED] Busybox workaround + expand ${PATH} macro in noblacklist entries
Closed
#3721 [PR #696] [MERGED] Fixed & tightened gnome-chess
Closed
#3719 [PR #689] [MERGED] tar profile and test fixes
Closed
#3717 [PR #691] [MERGED] Pair of small fixes
Closed
#3715 [PR #684] [MERGED] Checkmate
Closed
#3716 [PR #687] [MERGED] Typo
Closed
#3713 [PR #679] [MERGED] Change hardcoded Xephyr options to close window at exit of last client.
Closed
#3714 [PR #681] [MERGED] add --private-template=directory option
Closed
#3712 [PR #673] [MERGED] Simplify installation of profiles and manpages
Closed
#3711 [PR #672] [MERGED] Add uudeview to detect_quiet()
Closed
#3709 [PR #663] [MERGED] Include mkuid.sh in "make dist"
Closed
#3710 [PR #668] [MERGED] Improve libtrace / libtracelog
Closed
#3708 [PR #664] [MERGED] Allow recursive mkdir (Closes #305)
Closed
#3707 [PR #665] [MERGED] Add profiles for tar (gtar), unzip and unrar
Closed
#3705 [PR #661] [MERGED] Fix command line quoting on joining, move quoting code to functions
Closed
#3706 [PR #662] [MERGED] Suggestions to release process
Closed
#3703 [PR #660] [MERGED] Add new skypeforlinux profile.
Closed
#3704 [PR #658] [MERGED] Allow BitlBee to write /var/lib/bitlbee
Closed
#3702 [PR #659] [MERGED] Improve profile list
Closed
#3699 [PR #652] [MERGED] Two fixes to --join behaviour
Closed
#3700 [PR #654] [MERGED] Add profile for uudeview
Closed
#3701 [PR #657] [MERGED] Some test fixes
Closed
#3698 [PR #653] [MERGED] disable-passwdmgr.inc: Don't leak keepassx config
Closed
#3697 [PR #646] [MERGED] Fix spelling errors found by lintian
Closed
#3696 [PR #643] [MERGED] Eom
Closed
#3694 [PR #629] [MERGED] Additional fixes of command line quoting
Closed
#3695 [PR #638] [MERGED] Blacklist .gnomerc
Closed
#3693 [PR #634] [MERGED] Pidgin private-bin conversion
Closed
#3692 [PR #628] [MERGED] Jitsi
Closed
#3691 [PR #626] [MERGED] restrict Dropbox to its own directories
Closed
#3688 [PR #622] [MERGED] correction no. 2
Closed
#3689 [PR #620] [MERGED] Various
Closed
#3690 [PR #624] [MERGED] Mousetrap
Closed
#3687 [PR #621] [MERGED] Proposed
Closed
#3686 [PR #617] [MERGED] Fix chdir bug in libtracelog
Closed
#3683 [PR #614] [MERGED] Telegram
Closed
#3684 [PR #613] [MERGED] Fix improper quoting of arguments
Closed
#3685 [PR #616] [MERGED] disable-common: Blacklist ~/.config/keybase
Closed
#3682 [PR #603] [MERGED] fix some typos
Closed
#3681 [PR #602] [MERGED] tighten disable-devel.inc
Closed
#3680 [PR #601] [MERGED] Audacity
Closed
#3677 [PR #598] [MERGED] Committer: Paupiah Yashvi <yash@hackers.mu>
Closed
#3678 [PR #599] [MERGED] cpio sandbox profile for decompression
Closed
#3679 [PR #597] [MERGED] xz decompressor
Closed
#3674 [PR #584] [MERGED] Add profile for Firefox ESR
Closed
#3675 [PR #591] [MERGED] Fixed conffiles warning for soffice
Closed
#3676 [PR #596] [MERGED] add a firejail profile for strings
Closed
#3672 [PR #586] [MERGED] mpv.profile: make youtube-dl work
Closed
#3673 [PR #585] [MERGED] Proposed
Closed
#3669 [PR #577] [MERGED] noqueue not exposed on older kernels; pfifo_fast is default qdisc
Closed
#3670 [PR #580] [MERGED] added libreoffice profile
Closed
#3671 [PR #582] [CLOSED] .
Closed
#3668 [PR #579] [MERGED] Complete disable-common.inc
Closed
#3667 [PR #575] [MERGED] skip ip6 test if filter table not available
Closed
#3664 [PR #558] [MERGED] added profile for franz messenger
Closed
#3665 [PR #564] [MERGED] Set $APPIMAGE and $APPDIR environment variables
Closed
#3666 [PR #568] [MERGED] kwallet typo
Closed
#3663 [PR #542] [CLOSED] Various
Closed
#3662 [PR #540] [MERGED] Brave
Closed
#3660 [PR #538] [MERGED] Extend profiles to use the new nonewprivs feature
Closed
#3661 [PR #539] [CLOSED] Various
Closed
#3658 [PR #537] [MERGED] Make restricted-network prevent use of netfilter
Closed
#3659 [PR #536] [MERGED] Enable using the NO_NEW_PRIVS prctl(2) flag
Closed
#3657 [PR #534] [MERGED] Extra profiles (Psi+, Corebird, Konversation)
Closed
#3655 [PR #526] [CLOSED] fix manual: --whitelist dir inside --read-only dir
Closed
#3656 [PR #533] [MERGED] Some fixes
Closed
#3653 [PR #519] [MERGED] cmus.profile: use empty /etc
Closed
#3654 [PR #521] [MERGED] Revert "cmus.profile: use empty /etc"
Closed
#3652 [PR #518] [MERGED] mcabber.profile: use empty /etc
Closed
#3650 [PR #515] [MERGED] update seccomp default list in firejail-profile
Closed
#3651 [PR #517] [MERGED] mcabber.profile
Closed
#3648 [PR #505] [MERGED] Proposed
Closed
#3649 [PR #502] [MERGED] Xapps
Closed
#3647 [PR #499] [MERGED] Use locale-independent sorting
Closed
#3646 [PR #495] [MERGED] blacklisted g++
Closed
#3644 [PR #491] [MERGED] test/filters: some additional checks about testing environment
Closed
#3645 [PR #492] [MERGED] cherrytree.profile fix
Closed
#3643 [PR #490] [MERGED] Mark skipped tests differently
Closed
#3642 [PR #488] [MERGED] Fixes for ls.exp and trace.exp
Closed
#3638 [PR #478] [MERGED] Fixes for hexchat.profile
Closed
#3640 [PR #485] [CLOSED] Make some tests more robust
Closed
#3641 [PR #486] [MERGED] Make some tests more robust
Closed
#3639 [PR #479] [MERGED] cyberfox profile
Closed
#3637 [PR #476] [MERGED] blacklisted additional terminals
Closed
#3635 [PR #473] [MERGED] Temp fix for #472
Closed
#3636 [PR #474] [MERGED] Create quiterss.profile
Closed
#3633 [PR #468] [MERGED] fix "clean/clear" typos
Closed
#3634 [PR #457] [MERGED] Aweather && Stellarium
Closed
#3632 [PR #466] [MERGED] HexChat/Atril profile fix
Closed
#3631 [PR #456] [MERGED] added google-play-music-desktop-player profile
Closed
#3630 [PR #454] [MERGED] fs.c: correct debug message
Closed
#3628 [PR #450] [MERGED] Blacklist vera crypt
Closed
#3629 [PR #451] [MERGED] Removed thunderbird todo
Closed
#3627 [PR #453] [MERGED] added gpredict profile
Closed
#3624 [PR #443] [MERGED] Use "~" in package name
Closed
#3625 [PR #444] [MERGED] add new files to rpm
Closed
#3626 [PR #449] [MERGED] warzone2100 profile
Closed
#3623 [PR #439] [CLOSED] GitHub stroking out on my end. :)
Closed
#3622 [PR #442] [CLOSED] Proposed
Closed
#3620 [PR #428] [MERGED] Profile cleanup
Closed
#3621 [PR #434] [MERGED] Separated thunderbird/icedove profiles
Closed
#3618 [PR #436] [MERGED] Abrowser profile, based on Firefox
Closed
#3619 [PR #438] [CLOSED] added new 0ad profile
Closed
#3617 [PR #432] [MERGED] Pale Moon profile && python blacklists
Closed
#3613 [PR #415] [MERGED] profile.c: add --net <iface>
Closed
#3614 [PR #409] [MERGED] Allow alternative opera config path
Closed
#3615 [PR #416] [MERGED] Minor profile.c change
Closed
#3616 [PR #427] [MERGED] Paths fix
Closed
#3612 [PR #406] [MERGED] add cmus.profile
Closed
#3611 [PR #405] [MERGED] "/etc/password" -> "/etc/passwd"
Closed
#3607 [PR #378] [MERGED] Add qTox profile
Closed
#3608 [PR #387] [MERGED] fix flashpeak-slimjet profile typos
Closed
#3609 [PR #391] [CLOSED] fix seccomp filter (32bit/64bit)
Closed
#3610 [PR #392] [MERGED] Fix xephyr methods referring to xpra
Closed
#3606 [PR #371] [MERGED] fs_etc: continue to copy files if one fails.
Closed
#3604 [PR #349] [MERGED] Created Atril profile
Closed
#3605 [PR #368] [CLOSED] add restrictions to chromium browser profile
Closed
#3603 [PR #365] [MERGED] Add profile for qutebrowser.
Closed
#3602 [PR #363] [MERGED] Forward exit code from child process
Closed
#3600 [PR #345] [MERGED] More rpm fixes
Closed
#3601 [PR #346] [MERGED] add hedgewars profile (whitelist)
Closed
#3599 [PR #323] [MERGED] Fix manual typo
Closed
#3597 [PR #337] [MERGED] Added profiles for vivaldi
Closed
#3598 [PR #340] [MERGED] fix typo
Closed
#3596 [PR #319] [MERGED] Add compile-time option to restrict --net= to root only
Closed
#3594 [PR #315] [MERGED] edit wesnoth profile (small fix)
Closed
#3595 [PR #317] [MERGED] man/firejail.txt: note you don't need --ip6= with SLAAC
Closed
#3593 [PR #304] [MERGED] profile for wesnoth
Closed
#3592 [PR #314] [MERGED] Epiphany: Fix settings being saved but not loaded
Closed
#3591 [PR #302] [MERGED] Add Polari profile
Closed
#3588 [PR #299] [CLOSED] Add epiphany profile
Closed
#3589 [PR #297] [MERGED] RPM build fixes
Closed
#3590 [PR #300] [MERGED] Adding cherrytree profile
Closed
#3587 [PR #293] [MERGED] Fix memory leak
Closed
#3585 [PR #289] [MERGED] Fix problem with relative path in storage_find function
Closed
#3586 [PR #292] [CLOSED] Fix building on systems without bash
Closed
#3584 [PR #274] [MERGED] Make additional vimrc files; .xscreensaver file read only
Closed
#3583 [PR #275] [MERGED] add mupen64plus profile
Closed
#3582 [PR #272] [MERGED] Typos
Closed
#3581 [PR #269] [MERGED] Include <sys/socket.h> for sa_family_t (RHEL 6.6)
Closed
#3580 [PR #268] [MERGED] Fix for systems that don't have CAP_SYSLOG
Closed
#3578 [PR #267] [MERGED] Add alternative location for muttrc
Closed
#3579 [PR #265] [MERGED] remove duplicate include from uGet profile
Closed
#3577 [PR #264] [MERGED] add uGet profile
Closed
#3576 [PR #262] [MERGED] add Mathematica profile
Closed
#3574 [PR #251] [MERGED] Blacklisting ~/.local/share/kwalletd
Closed
#3575 [PR #257] [MERGED] Make the sandbox process reap all children.
Closed
#3572 [PR #255] [MERGED] Fix symlink invocation for programs placing symlinks in $PATH
Closed
#3573 [PR #250] [MERGED] Added Telegram profile
Closed
#3571 [PR #243] [MERGED] Fixing lintian warnings
Closed
#3570 [PR #244] [MERGED] changed typo in man file (namely --debug-blackilsts)
Closed
#3568 [PR #236] [MERGED] Adding Seamonkey profiles
Closed
#3569 [PR #227] [MERGED] blacklist /usr/local/sbin
Closed
#3567 [PR #224] [MERGED] Don't blacklist recently-used.xbel
Closed
#3564 [PR #202] [MERGED] Allow netlink for Spotify
Closed
#3565 [PR #213] [MERGED] dynamic allocation of noblacklist buffer
Closed
#3566 [PR #217] [CLOSED] Adds support for tmpfs-based profiles (profile-sync-daemon)
Closed
#3563 [PR #198] [MERGED] use UTMP_FILE to check for its existence
Closed
#3562 [PR #210] [MERGED] Disallow access to kdbx files
Closed
#3560 [PR #193] [MERGED] Make the build reproducible
Closed
#3561 [PR #194] [MERGED] Fix typos
Closed
#3559 [PR #187] [MERGED] whitelist keysnail config for firefox
Closed
#3557 [PR #185] [CLOSED] blacklist recently-used.xbel*
Closed
#3558 [PR #186] [MERGED] add parole.profile
Closed
#3555 [PR #179] [MERGED] add rtorrent profile
Closed
#3556 [PR #180] [MERGED] add google-chrome{,-stable,-beta,-unstable}.profile
Closed
#3554 [PR #177] [MERGED] add 'hostname' command to profile
Closed
#3552 [PR #174] [MERGED] clarify firejail-profile manpage
Closed
#3553 [PR #169] [MERGED] blacklist ncat
Closed
#3551 [PR #161] [MERGED] Add weechat profile
Closed
#3548 [PR #145] [MERGED] Fix #144
Closed
#3549 [PR #135] [MERGED] add some other whitelisting for theme and core firefox related functionality on Linux
Closed
#3550 [PR #150] [MERGED] keep original file permissions
Closed
#3547 [PR #148] [MERGED] Add '"' chars around every argument passed to bash
Closed
#3546 [PR #134] [MERGED] Fix warnings by clang-analyzer (scan-build)
Closed
#3545 [PR #113] [MERGED] Added profile for Conkeror Browser
Closed
#3543 [PR #129] [MERGED] Allow firefox theming with non-global themes
Closed
#3544 [PR #130] [MERGED] Fixed Skype profile: was a copy of Steam profile
Closed
#3542 [PR #102] [MERGED] Use configured libdir instead of $prefix/lib
Closed
#3540 [PR #100] [MERGED] Create Steam profile
Closed
#3541 [PR #85] [MERGED] Correct typo
Closed
#3539 [PR #96] [MERGED] fix libtrace for musl libc
Closed
#3537 [PR #88] [MERGED] Update pidgin.profile
Closed
#3538 [PR #89] [MERGED] add a few new items to blacklist
Closed
#3536 [PR #81] [MERGED] update url in rpm spec
Closed
#3535 [PR #79] [MERGED] switch project url to github
Closed
#3533 [PR #78] [CLOSED] standalone rpm spec
Closed
#3534 [PR #73] [MERGED] Add a profile for Spotify
Closed
#3532 [PR #77] [MERGED] use configure options in Makefile
Closed
#3529 [PR #55] [MERGED] Stop blacklisting from traversing . and .. after a glob
Closed
#3530 [PR #60] [MERGED] added install-strip, make install now without strip.
Closed
#3531 [PR #66] [MERGED] Add seccomp errno filter support
Closed
#3527 [PR #52] [MERGED] Clean up some fragile uses of strncmp.
Closed
#3528 [PR #53] [MERGED] Noblacklist
Closed
#3523 [PR #42] [MERGED] Implement the expand_home util function
Closed
#3525 [PR #46] [MERGED] Use generic.profile by default
Closed
#3526 [PR #51] [MERGED] Add tags file and vim temporary files to .gitignore
Closed
#3524 [PR #48] [MERGED] Rewrite globbing code to fix various minor issues
Closed
#3522 [PR #43] [MERGED] Fix typo in usage.c
Closed
#3521 [PR #41] [MERGED] Support --enable-fatal-warnings in all Makefiles
Closed
#3518 [PR #34] [MERGED] Fix the 'make install' command for new bash completion location
Closed
#3519 [PR #35] [MERGED] Compile with -W -Wall -Werror
Closed
#3520 [PR #38] [MERGED] Fix arguments passed to child process during execvp in --shell=none mode
Closed
#3517 [PR #33] [MERGED] Support filenames with spaces in the blacklist option
Closed
#3516 [PR #32] [MERGED] Support ~ in blacklist and profile includes
Closed
#3514 [PR #28] [MERGED] Fix some compiler warnings
Closed
#3515 [PR #30] [MERGED] Update disable-mgmt.inc
Closed
#3513 [PR #29] [MERGED] Replace get_link with realpath
Closed
#3512 [PR #27] [MERGED] Fix typos in firejail and firejail-profile man
Closed
#3510 [PR #26] [MERGED] Call realpath to resolve symlinks correctly in disable_file
Closed
#3511 [PR #24] [CLOSED] Profile work (jitsi / [he]xchat)
Closed
#3508 [PR #21] [MERGED] Implement the --private-home option
Closed
#3509 [PR #20] [MERGED] Create a .gitignore file for firejail
Closed
#3507 [PR #23] [CLOSED] Some profile work (jitsi/[he]xchat)
Closed
#3506 [PR #17] [MERGED] A bit more for CVE-2015-4495
Closed
#3505 [PR #19] [MERGED] Fix typos in firejail-profile manpage
Closed
#3503 [PR #18] [CLOSED] Fix typos in the firejail-profile manpage
Closed
#3504 [PR #13] [MERGED] Fix potential null pointer dereference in netfilter
Closed
#3502 [PR #16] [MERGED] Block access to history files
Closed
#3501 [GH-ISSUE #7144] Add support for queue leasing and AF_XDP
Closed
#3487 [GH-ISSUE #7107] torbrowser: cannot start program
Closed
#3488 [GH-ISSUE #7108] build: ../../src/lib/syscall.c:913:9: error: expected expression before ‘}’ token (Fails to build on i686, kernel 3.8)
Closed
#3485 [GH-ISSUE #7097] fractal: cannot view multimedia due to glycin/bwrap
Closed
#3486 [GH-ISSUE #7096] Add a profile for Heroic Games Launcher
Closed
#3484 [GH-ISSUE #7105] Create a GitHub Project for 0.9.82
Closed
#3482 [GH-ISSUE #7093] feature: add apparmor profiles for --nettrace command
Closed
#3483 [GH-ISSUE #7094] modif: make Xephyr default for --x11 option
Closed
#3481 [GH-ISSUE #7092] build: remove ./configure --disable-usertmpfs option
Closed
#3480 [GH-ISSUE #7091] build: remove ./configure --disable-man option
Closed
#3477 [GH-ISSUE #7069] Add --keep-hostname command
Closed
#3473 [GH-ISSUE #7062] xorg: Authorization required, but no authorization protocol specified
Closed
#3469 [GH-ISSUE #7056] firefox: cannot find existing firefox profiles
Closed
#3467 [GH-ISSUE #7054] Add link-local addresses to 'nolocal' firewall configs
Closed
#3468 [GH-ISSUE #7048] Random hostname is not set & localhost is missing from /etc/hosts
Closed
#3464 [GH-ISSUE #7046] Hide/Mask firejail process (pid 1) inside sandbox
Closed
#3461 [GH-ISSUE #7038] Not keeping all mounts
Closed
#3462 [GH-ISSUE #7037] paths containing ".." are valid, why are they refused?
Closed
#3457 [GH-ISSUE #7033] google-chrome: no input possible in searchbar and fields
Closed
#3459 [GH-ISSUE #7030] yt-dlp: Unable to access browser cookies for authenticated downloads
Closed
#3453 [GH-ISSUE #7008] firecfg: snap programs break due to firejail symlinks
Closed
#3451 [GH-ISSUE #7009] feature: add --allow-bwrap command / fbwrap program
Closed
#3452 [GH-ISSUE #7018] Create a GitHub Project for 0.9.80
Closed
#3450 [GH-ISSUE #7002] firefox: crash when dragging a bookmark (glycin)
Closed
#3448 [GH-ISSUE #6999] yt-dlp: No supported JavaScript runtime could be found (deno)
Closed
#3449 [GH-ISSUE #7007] tests: make test-appimage fails on Arch and Debian 13
Closed
#3445 [GH-ISSUE #6994] Remove overlayfs support/--overlay commands
Closed
#3446 [GH-ISSUE #6995] Remove Intrusion Detection System (IDS)/fids
Closed
#3442 [GH-ISSUE #6984] Remove --disable-globalcfg configure option
Closed
#3443 [GH-ISSUE #6981] Firejailed Thunderbird can't open links in Firejailed Firefox (Separate jails) when /usr/local/bin/firefox exists at thunderbird launch. Discord also had trouble opening links but its usage of private-bin works around this issue
Closed
#3444 [GH-ISSUE #6982] Kernel 6.19 merged ipe check good for every container
Closed
#3441 [GH-ISSUE #6974] kate: links open in KMenuEditor instead of firefox
Closed
#3436 [GH-ISSUE #6966] Error: Firejail configuration file /etc/firejail/firejail.config not found (private-etc)
Closed
#3437 [GH-ISSUE #6967] librewolf: program does not load system fonts properly
Closed
#3433 [GH-ISSUE #6956] Some system calls can not be whitelisted
Closed
#3434 [GH-ISSUE #6950] firefox: crash when saving an image / opening the file browser dialog (glycin)
Closed
#3435 [GH-ISSUE #6946] firefox: program stutters and bad performance
Closed
#3431 [GH-ISSUE #6944] anydesk: program does not open (gdk-pixbuf)
Closed
#3428 [GH-ISSUE #6941] lutris: fails to start: No image loaders are configured
Closed
#3429 [GH-ISSUE #6940] audacity: crash when opening file dialog
Closed
#3426 [GH-ISSUE #6934] librewolf: crash on open file dialog (kde plasma)
Closed
#3424 [GH-ISSUE #6935] Add a profile for gemini-cli
Closed
#3422 [GH-ISSUE #6929] Portable version for Windows
Closed
#3418 [GH-ISSUE #6915] swww: Error: "/run/user/1000/wayland-1-swww-daemon..sock" is an invalid filename
Closed
#3420 [GH-ISSUE #6921] /home/user is mounted with noexec when --private is used
Closed
#3416 [GH-ISSUE #6912] claws-mail: program fails to start (bwrap)
Closed
#3417 [GH-ISSUE #6911] playonlinux: Cannot start application: Permission denied
Closed
#3412 [GH-ISSUE #6906] File dialog crashes (gdk-pixbuf2 + glycin + bwrap)
Closed
#3414 [GH-ISSUE #6910] playonlinux: Cannot start application: Permission denied
Closed
#3409 [GH-ISSUE #6899] browsers: cannot read/write to ~/Applications even when with noblacklist/whitelist
Closed
#3411 [GH-ISSUE #6901] "Capability-limited" firejail packages to limit SUID privilege escalation risks
Closed
#3410 [GH-ISSUE #6897] torbrowser-launcher: cannot launch the browser
Closed
#3408 [GH-ISSUE #6883] firefox: ~/.mailcap should be whitelisted to get the default helper applications
Closed
#3407 [GH-ISSUE #6896] --profile=FILE with just a filename has security implications and should be highly discouraged
Closed
#3403 [GH-ISSUE #6882] firefox: --allow-debuggers: PTRACE_TRACEME: Permission denied (AppArmor)
Closed
#3404 [GH-ISSUE #6880] firefox: xkbcommon: ERROR: failed to add default include path /usr/share/X11/xkb
Closed
#3405 [GH-ISSUE #6866] wine: noinput breaks joysticks
Closed
#3401 [GH-ISSUE #6861] element-desktop: program does not start
Closed
#3402 [GH-ISSUE #6865] firecfg: telegram-desktop desktop file valid but described as 'not a .desktop file'
Closed
#3399 [GH-ISSUE #6857] chromium: ERR_INTERNET_DISCONNECTED: cannot connect to the Internet
Closed
#3391 [GH-ISSUE #6838] vscode: cannot access ~/.local/share/fish/fish_history
Closed
#3393 [GH-ISSUE #6839] thunderbird: Failed to connect to Wayland display
Closed
#3392 [GH-ISSUE #6837] firefox: xkbcommon: ERROR: failed to add default include path /usr/share/X11/xkb
Closed
#3385 [GH-ISSUE #6821] Firejail outputs an empty profile file when --build=profile is run
Closed
#3387 [GH-ISSUE #6827] keepassxc: cannot start program (dbus/machine-id)
Closed
#3383 [GH-ISSUE #6815] kate: no internet connection
Closed
#3384 [GH-ISSUE #6820] netfilter: Error: the sandbox doesn't use a new network namespace
Closed
#3382 [GH-ISSUE #6814] kate: no internet connection
Closed
#3376 [GH-ISSUE #6802] firefox: cannot create PWAs due to read-only ~/.local/share/applications
Closed
#3375 [GH-ISSUE #6797] ci: test: Error fcopy: invalid ownership for file /etc/localtime
Closed
#3373 [GH-ISSUE #6792] potential double-free in procevent_monitor (SAST Warning)
Closed
#3370 [GH-ISSUE #6782] foliate: cannot launch ebooks & GTK style is not followed
Closed
#3366 [GH-ISSUE #6773] xkeyboard-config 2.45: cannot start many programs (new /usr/share path)
Closed
#3361 [GH-ISSUE #6762] wine: blacklisting python prevents gstreamer initialization
Closed
#3359 [GH-ISSUE #6758] rssguard: cannot launch: error while loading shared libraries: libluajit-5.1.so.2
Closed
#3353 [GH-ISSUE #6743] firefox: garbage chars for entire GUI + web pages
Closed
#3354 [GH-ISSUE #6741] firefox: gibberish chars with custom profile
Closed
#3351 [GH-ISSUE #6731] Add a profile for LM-Studio
Closed
#3347 [GH-ISSUE #6725] Thunderbird cannot send emails via IMAP when email crypgraphic signing is enabled
Closed
#3348 [GH-ISSUE #6729] Deadlock on /run/firejail/firejail-run.lock when a firejailed process is suspended
Closed
#3346 [GH-ISSUE #6726] profile request: gradle
Closed
#3344 [GH-ISSUE #6703] Missing files when whitelisting /var/log (--writable-var-log)
Closed
#3345 [GH-ISSUE #6720] firefox: add new tridactylrc config path
Closed
#3340 [GH-ISSUE #6702] Update Debian package / Ubuntu PPA to 0.9.74
Closed
#3337 [GH-ISSUE #6693] (Duplicate of #6065)
Closed
#3338 [GH-ISSUE #6695] Create a GitHub Project for 0.9.76
Closed
#3336 [GH-ISSUE #6688] Cannot block keyboard/mouse input (multiseat)
Closed
#3332 [GH-ISSUE #6665] dovecot: errors with disable-exec.inc
Closed
#3333 [GH-ISSUE #6662] ytmdesktop: new version renames the binary to youtube-music-desktop-app
Closed
#3330 [GH-ISSUE #6658] firecfg: seahorse is not sandboxed (.desktop file)
Closed
#3328 [GH-ISSUE #6657] firecfg: gedit is not sandboxed (.desktop file)
Closed
#3329 [GH-ISSUE #6655] Include /dev/ntsync in private-dev
Closed
#3325 [GH-ISSUE #6650] firecfg: microsoft-edge is not being sandboxed after running 'sudo firecfg'
Closed
#3326 [GH-ISSUE #6651] Add a profile for betterbird
Closed
#3327 [GH-ISSUE #6652] Add a profile for betterbird 2
Closed
#3322 [GH-ISSUE #6645] steam-session & firejail (steamos, other distros)
Closed
#3323 [GH-ISSUE #6646] firecfg: program symlinks are removed when not in firecfg.config
Closed
#3324 [GH-ISSUE #6649] Add a profile for zen web browser
Closed
#3319 [GH-ISSUE #6644] foliate: program does not work due to private-bin and bwrap
Closed
#3320 [GH-ISSUE #6642] NOTICE: Detuning locks due to high load per core (performance issue on server daemon)
Closed
#3321 [GH-ISSUE #6639] Cannot override read-only entry with --read-write option
Closed
#3317 [GH-ISSUE #6634] zoom: program does not start (nvidia)
Closed
#3316 [GH-ISSUE #6630] overlayfs "temporarily disabled" since 4 years 🧐
Closed
#3314 [GH-ISSUE #6625] discord: Error: no suitable /usr/bin/discord executable found
Closed
#3315 [GH-ISSUE #6626] --private isn't enough to prevent generating dot files
Closed
#3310 [GH-ISSUE #6614] signal-desktop: program does not work on Ubuntu 22.04
Closed
#3306 [GH-ISSUE #6567] Firejail + tmux: tmux windows are labeled "firejail" instead of the actual application
Closed
#3305 [GH-ISSUE #6566] Vulkan applications don't work even with --noprofile (nvidia)
Closed
#3301 [GH-ISSUE #6550] tesseract: ocrmypdf fails due to private-tmp
Closed
#3302 [GH-ISSUE #6553] How to specify the path of the firejail.config file?
Closed
#3298 [GH-ISSUE #6544] anki: program fails to open because it requires mpv
Closed
#3300 [GH-ISSUE #6540] Profile for zed editor.
Closed
#3299 [GH-ISSUE #6547] Fine-grained permission to DBus for Dropbox Profile.
Closed
#3296 [GH-ISSUE #6520] Wayland alternative to xephyr and xpra?
Closed
#3292 [GH-ISSUE #6509] Nvidia driver 560.35.03 cannot access gpu
Closed
#3293 [GH-ISSUE #6505] librewolf: cannot open new URLs into running instance
Closed
#3286 [GH-ISSUE #6481] Add profiles for gifsicle + gifski
Closed
#3287 [GH-ISSUE #6475] wesnoth: error while loading shared libraries: liblua++.so.5.4
Closed
#3284 [GH-ISSUE #6461] vscodium: missing profile redirect for codium
Closed
#3280 [GH-ISSUE #6458] Add a directive like "include" that will fail if profile cannot be found
Closed
#3277 [GH-ISSUE #6457] Look for config files in /usr/local/etc/firejail/
Closed
#3274 [GH-ISSUE #6445] firefox: Warning: I can run programs in /run/user/1000
Closed
#3275 [GH-ISSUE #6444] firefox: cannot drag and drop files from Dolphin
Closed
#3276 [GH-ISSUE #6447] mkdir command works even when the path is blacklisted
Closed
#3273 [GH-ISSUE #6442] bitwarden: using electron.profile blacklists ~/.config/Bitwarden
Closed
#3268 [GH-ISSUE #6426] Hardcoded tc command is not found on NixOS
Closed
#3269 [GH-ISSUE #6421] element-desktop: Unable to find Electron app at /usr/share/element/app
Closed
#3270 [GH-ISSUE #6416] c compiler cannot create executables inside firejail
Closed
#3265 [GH-ISSUE #6413] librewolf: cannot open new URLs into running instance 3
Closed
#3266 [GH-ISSUE #6414] build: error: ‘PROC_EVENT_COREDUMP’ undeclared on Linux <3.10
Closed
#3262 [GH-ISSUE #6403] build: failure due to invalid --date option (ChromeOS)
Closed
#3263 [GH-ISSUE #6400] [meta] private-etc rework
Closed
#3264 [GH-ISSUE #6399] --private allows writing to the real ~/.bashrc (shell redirect)
Closed
#3259 [GH-ISSUE #6388] wireguard: cannot connect to server (configuration issue)
Closed
#3260 [GH-ISSUE #6389] Cannot mount usb flash drive (modprobe.d)
Closed
#3256 [GH-ISSUE #6379] ssh: cannot access private key stored in TPM (private-dev)
Closed
#3257 [GH-ISSUE #6386] steam: Steam beta won't start (dbus)
Closed
#3258 [GH-ISSUE #6381] Add a profile for prismlauncher
Closed
#3253 [GH-ISSUE #6372] Nvidia driver 550.90.07 needs access to /sys/module/nvidia*
Closed
#3255 [GH-ISSUE #6373] DNS problem with "--net=eth0"
Closed
#3254 [GH-ISSUE #6377] claws-mail: window doesn't paint / is unresponsive with "fancy" plugin
Closed
#3250 [GH-ISSUE #6364] hashcat: failure with private-dev & private-bin
Closed
#3247 [GH-ISSUE #6355] memory protection system call "mseal" is now in kernel 6.10
Closed
#3249 [GH-ISSUE #6358] docs: manpage should explain precedence of CLI options vs profile settings
Closed
#3244 [GH-ISSUE #6352] libreoffice: cannot sign documents with GPG
Closed
#3246 [GH-ISSUE #6335] wine: chdir error in bazzite linux (ostree)
Closed
#3243 [GH-ISSUE #6318] neovim: Cannot run neovim appimage (Linux Lite)
Closed
#3238 [GH-ISSUE #6310] keepassxc: failure to launch on Gentoo (private-etc)
Closed
#3239 [GH-ISSUE #6312] zoom: profile bypasses --private (mkdir/mkfile)
Closed
#3236 [GH-ISSUE #6308] ssh: failure because it cannot access /etc/ssh/ssh_revoked_hosts
Closed
#3237 [GH-ISSUE #6296] Error fcopy: invalid ownership for file /etc/resolv.conf (chattr +i)
Closed
#3233 [GH-ISSUE #6282] build: warning: "_FORTIFY_SOURCE" redefined (Arch Linux)
Closed
#3234 [GH-ISSUE #6279] k3b: cannot detect all dvd drives due to private-dev
Closed
#3230 [GH-ISSUE #6276] Game "Faster Than Light" with font issues (--noprofile)
Closed
#3226 [GH-ISSUE #6267] chromium: --private=<dir> not preserving cookies (browser config)
Closed
#3228 [GH-ISSUE #6225] chromium: does not open unless ignoring whitelist-runuser-common.inc (hyprland)
Closed
#3225 [GH-ISSUE #6213] Disable force-nonewprivs on a per-profile basis
Closed
#3221 [GH-ISSUE #6208] x2goclient: no sound device
Closed
#3222 [GH-ISSUE #6204] mpv: profile breaks thumbfast thumbnails
Closed
#3217 [GH-ISSUE #6195] landlock: "Invalid argument" error when creating the ruleset
Closed
#3219 [GH-ISSUE #6199] Make a PPA for Ubuntu 23.04 (Lunar Lobster)
Closed
#3216 [GH-ISSUE #6189] mousepad: cannot edit any setting
Closed
#3208 [GH-ISSUE #6171] tesseract: output contains firejail messages
Closed
#3210 [GH-ISSUE #6174] Make a PPA for Ubuntu 23.10 (Mantic Minotaur)
Closed
#3206 [GH-ISSUE #6152] Read profiles from /usr, in addition to /etc and ~/.config
Closed
#3203 [GH-ISSUE #6146] keepassxc: cannot open without no3d (mesa regression)
Closed
#3201 [GH-ISSUE #6140] firejail --private --private-cwd 无法限制访问
Closed
#3196 [GH-ISSUE #6137] private-etc exceeds 500MB limit due to large files symlinked in /etc/alternatives
Closed
#3197 [GH-ISSUE #6135] whitelisting nc does not work with disable-common.inc
Closed
#3198 [GH-ISSUE #6134] proxychains works but apparmor lib is not invoked
Closed
#3187 [GH-ISSUE #6114] Release Notes and/or Wiki 0.9.58.* & 0.9.56-LTS inconsistencies
Closed
#3188 [GH-ISSUE #6115] build: cannot compile with landlock disabled on Ubuntu 16.04 (gcc 9.5.0)
Closed
#3189 [GH-ISSUE #6119] fractal: program does not start (missing whitelist)
Closed
#3184 [GH-ISSUE #6110] discord: Check failed: . : Permission denied (13)
Closed
#3186 [GH-ISSUE #6113] firejail: fs_lib.c:56: find_in_path: Assertion \`geteuid() != 0' failed
Closed
#3182 [GH-ISSUE #6106] lutris: MangoHud cannot load custom profiles
Closed
#3183 [GH-ISSUE #6103] geary: crash when showing email contents
Closed
#3179 [GH-ISSUE #6101] vlan setup launch
Closed
#3180 [GH-ISSUE #6100] keepassxc: cannot save database
Closed
#3176 [GH-ISSUE #6093] Userspace driver proxy for kernel managed by firejail
Closed
#3177 [GH-ISSUE #6097] chromium: blacklisted paths are accessible (dbus)
Closed
#3173 [GH-ISSUE #6080] file-roller: cannot use "open with" (dbus/noroot)
Closed
#3170 [GH-ISSUE #6071] clamtk: program fails to start
Closed
#3171 [GH-ISSUE #6057] contrib/syntax: firejail-profile.lang causes Gnome Editor to recognize every plain text document as "Firejail Profile"
Closed
#3166 [GH-ISSUE #6046] Cannot whitelist ${RUNUSER}/gnupg
Closed
#3167 [GH-ISSUE #6047] keepassxc: tray icon does not appear (KDE/Plasma Wayland)
Closed
#3163 [GH-ISSUE #6034] nicotine: cannot start with fcitx dbus entries enabled
Closed
#3164 [GH-ISSUE #6035] lutris: Ubisoft Connect: Error at hooking API
Closed
#3165 [GH-ISSUE #6044] pavucontrol-qt: does not inherit system theme, icons and font
Closed
#3161 [GH-ISSUE #6033] Zip the supplied profiles
Closed
#3162 [GH-ISSUE #6032] Support ${HOME} and ~ in --netfilter=
Closed
#3157 [GH-ISSUE #6011] whitelist ${HOME}/Documents is not working
Closed
#3159 [GH-ISSUE #6015] vscodium: nodejs extension fails to execute a command correctly
Closed
#3156 [GH-ISSUE #6008] Add tidal-hifi
Closed
#3155 [GH-ISSUE #6010] Add gomuks
Closed
#3151 [GH-ISSUE #5999] Unable to switch input methods within the sandbox
Closed
#3152 [GH-ISSUE #6000] gwenview: cannot move files into Trash directory
Closed
#3153 [GH-ISSUE #6002] text-editors: cannot access all text files in the user home
Closed
#3149 [GH-ISSUE #5990] vscodium: cannot access Arduino code
Closed
#3148 [GH-ISSUE #5992] Leave pipewire group along with audio group if logind is absent
Closed
#3145 [GH-ISSUE #5982] firejail --ls reports wrong file sizes for large files
Closed
#3146 [GH-ISSUE #5971] discord: notifications are not shown
Closed
#3147 [GH-ISSUE #5975] nautilus: cannot connect through sftp
Closed
#3142 [GH-ISSUE #5965] Wrong syscall names for s390_pci_mmio_read and s390_pci_mmio_write
Closed
#3143 [GH-ISSUE #5963] brave: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
Closed
#3139 [GH-ISSUE #5940] archlinux Update Account Information problems
Closed
#3138 [GH-ISSUE #5938] 0ad: error while loading shared libraries: libmozjs-78.so.0 (OpenSUSE Tumbleweed)
Closed
#3133 [GH-ISSUE #5926] vscode: cannot access USB debugger
Closed
#3135 [GH-ISSUE #5932] gramps: add the new xdg config directory
Closed
#3131 [GH-ISSUE #5921] mpv: mpv 0.36.0 + pipewire 0.3.75 dbus error
Closed
#3130 [GH-ISSUE #5908] Cannot open files in gocryptfs/securefs filesystem with firejailed programs
Closed
#3132 [GH-ISSUE #5925] GNOME Settings: vlc does not appear when trying to set default media player
Closed
#3127 [GH-ISSUE #5907] telegram: program asks to relogin on every launch
Closed
#3128 [GH-ISSUE #5903] docs: non-ASCII hyphens in commands - copy pasting them fails on command line
Closed
#3124 [GH-ISSUE #5899] firecfg: Support OpenDoas
Closed
#3125 [GH-ISSUE #5897] Shell script fails to kill-off child processes upon app closure and sandbox termination
Closed
#3121 [GH-ISSUE #5889] How do you unblacklist directories?
Closed
#3118 [GH-ISSUE #5878] virtualbox: Could not find VirtualBox installation. Please reinstall. (Gentoo)
Closed
#3119 [GH-ISSUE #5879] How to whitelist (permit user) to a single directory?
Closed
#3120 [GH-ISSUE #5877] nextcloud: cannot access ~/Nextcloud/Notes
Closed
#3117 [GH-ISSUE #5874] "firecfg.conf" with list of disabled profiles
Closed
#3114 [GH-ISSUE #5869] google-chrome: blacklisted paths are accessible (dbus)
Closed
#3112 [GH-ISSUE #5863] libreoffice: cannot open URL in flatpak program (AppImage)
Closed
#3109 [GH-ISSUE #5854] bug with accessing whitelisted directories from lutris
Closed
#3110 [GH-ISSUE #5861] vmplayer: cannot work with firejail
Closed
#3111 [GH-ISSUE #5837] Add a profile for x2goserver
Closed
#3107 [GH-ISSUE #5832] firefox: Error: invalid --env setting (Debian)
Closed
#3104 [GH-ISSUE #5819] calibre: ImportError: /home/bandura/.local/lib/python3.9/site-packages/_dbus_bindings.cpython-39-x86_64-linux-gnu.so: failed to map segment from shared object
Closed
#3105 [GH-ISSUE #5821] No syscall table provided in firejail on ARM64 platform
Closed
#3102 [GH-ISSUE #5818] ci: cannot update the package index in debian:stretch
Closed
#3100 [GH-ISSUE #5816] ssh: sftp fails in nautilus with GNOME gvfs 1.53+ (ControlMaster, ControlPath)
Closed
#3101 [GH-ISSUE #5817] firefox: browser notifications do not appear in KDE notifications
Closed
#3097 [GH-ISSUE #5807] recoll: blacklisted paths are accessible (dbus)
Closed
#3099 [GH-ISSUE #5813] WINE prefix error: no such file/c0000135
Closed
#3098 [GH-ISSUE #5809] claws-mail: bogofilter fails to create wordlist.db
Closed
#3095 [GH-ISSUE #5797] How can I make all profiles private automatically on startup?
Closed
#3096 [GH-ISSUE #5803] ssh: Couldn't open /dev/null: Permission denied
Closed
#3091 [GH-ISSUE #5790] keepassxc: cannot access freedesktop.org secret service
Closed
#3093 [GH-ISSUE #5787] Hard to do "secure by default" profiles
Closed
#3090 [GH-ISSUE #5778] build: error: ‘for’ loop initial declarations are only allowed in C99 mode
Closed
#3088 [GH-ISSUE #5773] freeoffice-textmaker: cannot create unique identifier
Closed
#3087 [GH-ISSUE #5767] linuxqq: private-bin needs bash due to shell script wrapper
Closed
#3085 [GH-ISSUE #5766] Add whitelist directoryname with single quotes
Closed
#3086 [GH-ISSUE #5764] pidgin: program does not start
Closed
#3083 [GH-ISSUE #5748] firejail --appimage doesn't have supplementary groups required for device access
Closed
#3084 [GH-ISSUE #5750] inside firejail running webserver, cant find latest live files
Closed
#3080 [GH-ISSUE #5746] php-fpm: no internet access (--noprofile) (resolv.conf)
Closed
#3081 [GH-ISSUE #5747] CVE-2023-28100 and firejail
Closed
#3076 [GH-ISSUE #5727] build: --enable-private-lib is broken
Closed
#3077 [GH-ISSUE #5726] signal-desktop: program fails on startup
Closed
#3074 [GH-ISSUE #5716] claws-mail: ClamAV plugin fails with "Permission denied"
Closed
#3075 [GH-ISSUE #5723] Arch Linux: Cannot install/update AUR packages (fs_resolvconf: No such file or directory)
Closed
#3070 [GH-ISSUE #5704] gajim: cannot load plugins
Closed
#3067 [GH-ISSUE #5696] microsoft-edge-stable: cannot launch with default profile
Closed
#3064 [GH-ISSUE #5687] uvm lightweight vm support
Closed
#3059 [GH-ISSUE #5676] kitty + ssh: Error: too long arguments: argv[22] len (5056) >= MAX_ARG_LEN (4128)
Closed
#3060 [GH-ISSUE #5679] claws-mail: bsfilter plugin does not work
Closed
#3055 [GH-ISSUE #5650] private-etc breaks with 'net none' and 'dns=foo'
Closed
#3052 [GH-ISSUE #5639] qutebrowser: cannot run userscripts
Closed
#3051 [GH-ISSUE #5636] chromium: different instances can talk to each other when --noprofile is used
Closed
#3046 [GH-ISSUE #5620] How to use /media in --chroot?
Closed
#3047 [GH-ISSUE #5617] Is it possible to blacklist all the .txt files recursively under a directory?
Closed
#3043 [GH-ISSUE #5615] libreoffice: cannot save files (AppArmor)
Closed
#3044 [GH-ISSUE #5608] private-etc rework broke profiles without resolv.conf in private-etc
Closed
#3041 [GH-ISSUE #5603] [ignore] https://github.com/netblue30/firejail/projects/3#card-75760383
Closed
#3037 [GH-ISSUE #5601] qutebrowser: links do not open in the existing instance
Closed
#3038 [GH-ISSUE #5599] End-of-options indicator "--" leads to invalid shell invocation (fish shell)
Closed
#3036 [GH-ISSUE #5585] Invalid --profile-path command line option
Closed
#3035 [GH-ISSUE #5584] spotify: Error fcopy: invalid ownership for file /usr/bin/spotify
Closed
#3031 [GH-ISSUE #5572] vlc: program does not shutdown (AppArmor)
Closed
#3032 [GH-ISSUE #5568] Potentially broken chaining in electron redirect profiles
Closed
#3033 [GH-ISSUE #5581] Programs are not sandboxed by default in i3
Closed
#3029 [GH-ISSUE #5545] /proc/config.gz blacklisted twice
Closed
#3027 [GH-ISSUE #5534] add olive video editor
Closed
#3025 [GH-ISSUE #5539] audacity: network access and sandbox violation report
Closed
#3026 [GH-ISSUE #5533] cinelerra-gg: program uses default.profile
Closed
#3019 [GH-ISSUE #5518] firefox: permissive access to /etc
Closed
#3021 [GH-ISSUE #5510] Error chdir: sandbox.c:1117 sandbox: Permission denied
Closed
#3018 [GH-ISSUE #5500] firefox: cannot access the microphone (possibly pipewire related)
Closed
#3013 [GH-ISSUE #5487] --private=dir can be bypassed without --dbus-user=filter (dbus)
Closed
#3014 [GH-ISSUE #5490] (Duplicate of #5489)
Closed
#3015 [GH-ISSUE #5491] transmission-cli: error: could not load the shared library (issue with private-lib)
Closed
#3012 [GH-ISSUE #5480] vscodium: cannot use sudo nor ssh
Closed
#3008 [GH-ISSUE #5472] virtualbox: cannot access shared folders: Permission denied
Closed
#3009 [GH-ISSUE #5469] PPA installation: Key is stored in legacy trusted.gpg keyring (Linux Mint)
Closed
#3007 [GH-ISSUE #5474] gedit: failed to start while using ibus and dbproxy: "Failed to register: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown" (dbus)
Closed
#3005 [GH-ISSUE #5463] deluge: downloads do not work without netlink protocol
Closed
#3006 [GH-ISSUE #5466] audacity: error while loading shared libraries: lib-project-rate.so
Closed
#3001 [GH-ISSUE #5450] keepassxc: Warning: not remounting /run/user/1000/app/org.keepassxc.KeePassXC
Closed
#3003 [GH-ISSUE #5460] librewolf: program is not sandboxed (unexpected .desktop filename)
Closed
#2998 [GH-ISSUE #5447] firefox: cannot communicate with keepassxc
Closed
#2999 [GH-ISSUE #5448] claws-mail: local timezone is not used
Closed
#3000 [GH-ISSUE #5445] chafa: needs "shell none" for NixOS and/or Fish shell
Closed
#2995 [GH-ISSUE #5438] firefox: cannot send email links to thunderbird (dbus)
Closed
#2997 [GH-ISSUE #5440] Use restrict-namespaces in profiles
Closed
#2993 [GH-ISSUE #5437] freetube: enable KDE Plasma multimedia control (mpris)
Closed
#2994 [GH-ISSUE #5433] build: cannot compile with --enable-apparmor on Arch Linux
Closed
#2991 [GH-ISSUE #5421] build: Some compiler warnings with musl
Closed
#2988 [GH-ISSUE #5411] Firejail AppImage or Portable version of Firejail?
Closed
#2984 [GH-ISSUE #5403] add unikernel support to restrict attack surface
Closed
#2985 [GH-ISSUE #5401] libreoffice: cannot start due to whitelist-run-common.inc
Closed
#2980 [GH-ISSUE #5392] evince: changes to settings are not persisted (gvfs)
Closed
#2982 [GH-ISSUE #5390] discord: Failed to move to new namespace (userns)
Closed
#2977 [GH-ISSUE #5383] firejail just went crazy
Closed
#2978 [GH-ISSUE #5385] qutebrowser profile exposes lots of stuff in /
Closed
#2974 [GH-ISSUE #5373] conky: cannot display process information
Closed
#2975 [GH-ISSUE #5379] firefox-esr: needs rule for dbus names org.mozilla.firefox_esr.*
Closed
#2976 [GH-ISSUE #5378] Yet another --private-etc symlink issue, with /etc/alternatives/
Closed
#2971 [GH-ISSUE #5365] Hugin: missing GPS EXIF data in panorama output
Closed
#2973 [GH-ISSUE #5367] discord: when not using firecfg, launching discord from CLI is prone to failure
Closed
#2969 [GH-ISSUE #5356] build: ids.config should only be installed when --enable-ids is set during configure
Closed
#2970 [GH-ISSUE #5358] ci: GitLab CI is broken (autoreconf)
Closed
#2965 [GH-ISSUE #5340] discord: notifications are not shown
Closed
#2966 [GH-ISSUE #5346] Blacklisting symlink also blacklists the linked directory
Closed
#2963 [GH-ISSUE #5339] Cannot unblacklist /usr/libexec in firefox-common.local
Closed
#2964 [GH-ISSUE #5338] No access to /tmp if blacklisted paths symlink to it
Closed
#2962 [GH-ISSUE #5337] bleachbit: cannot securely delete the Trash
Closed
#2959 [GH-ISSUE #5329] firefox: no audio with bluez-alsa on NixOS (dbus-system)
Closed
#2957 [GH-ISSUE #5326] librewolf: Error: Can't find profile directory
Closed
#2953 [GH-ISSUE #5311] whalebird: program does not start (AppArmor/private-etc)
Closed
#2955 [GH-ISSUE #5312] --netlock does not work (Error: no valid sandbox)
Closed
#2950 [GH-ISSUE #5303] chromium: real home is accessible with --private= (dbus)
Closed
#2951 [GH-ISSUE #5306] Error while opening directory: fs.c:476 fs_tmpfs: No such file or directory (Fedora Silverblue)
Closed
#2952 [GH-ISSUE #5308] When using --private=/home/tests mode
Closed
#2947 [GH-ISSUE #5293] Slowdown with latest kernels
Closed
#2948 [GH-ISSUE #5297] Add electronapps-common.profile
Closed
#2949 [GH-ISSUE #5292] arduino: program does not start
Closed
#2944 [GH-ISSUE #5291] chromium: umatrix does not show the list of domains
Closed
#2945 [GH-ISSUE #5288] Delimitate execution permissions for firejail
Closed
#2946 [GH-ISSUE #5281] audacity: error while loading shared libraries: lib-screen-geometry.so (AppArmor/private-bin)
Closed
#2943 [GH-ISSUE #5273] kate: program will not truly exit (AppImage) (dbus)
Closed
#2942 [GH-ISSUE #5277] qtox: audit log spam due to blocked netlink
Closed
#2939 [GH-ISSUE #5267] --build: Error: cannot open profile file
Closed
#2940 [GH-ISSUE #5269] Add Landlock support
Closed
#2938 [GH-ISSUE #5272] fcopy: cannot copy files with private-etc (ACLs)
Closed
#2936 [GH-ISSUE #5265] jetbrains-toolbox: "Invalid client serial" when using dbus-user=filter
Closed
#2937 [GH-ISSUE #5257] steam: profile creates a bunch of directories
Closed
#2932 [GH-ISSUE #5245] Firecfg still creates desktop files despite being disabled in firecfg.config
Closed
#2933 [GH-ISSUE #5241] Disable creation of wrapper for single binary
Closed
#2934 [GH-ISSUE #5246] google-chrome: real home is accessible with --private= (dbus)
Closed
#2929 [GH-ISSUE #5236] rkhunter detects possible rootkit in /usr/local/bin/ping
Closed
#2931 [GH-ISSUE #5240] On failing to remount a fuse filesystem, give warning instead of erroring out
Closed
#2926 [GH-ISSUE #5233] skype: icon in gnome-shell top bar does not show status
Closed
#2927 [GH-ISSUE #5235] Whitelist/blacklist paths while running
Closed
#2928 [GH-ISSUE #5230] /etc is unwritable on --chroot on debootstrap system
Closed
#2924 [GH-ISSUE #5227] librewolf: cannot open new URLs into running instance 2
Closed
#2925 [GH-ISSUE #5226] skype: credentials are not persisted
Closed
#2921 [GH-ISSUE #5217] enable-force-nonewprivs and join
Closed
#2922 [GH-ISSUE #5214] ci: Error: private-lib feature is disabled in Firejail configuration file
Closed
#2917 [GH-ISSUE #5207] Flood of seccomp audit log entries
Closed
#2918 [GH-ISSUE #5211] Transmission crashes in a second
Closed
#2919 [GH-ISSUE #5210] ci: Error: shell=none configured, but no program specified
Closed
#2916 [GH-ISSUE #5204] Autocomplete doesn't work in bash (when firejailed)
Closed
#2915 [GH-ISSUE #5201] ci: Error: chroot feature is disabled in Firejail configuration file
Closed
#2913 [GH-ISSUE #5196] Remove shell command (Weechat and Irssi cannot work with firejail if you use fish shell)
Closed
#2912 [GH-ISSUE #5200] Remove --cgroups support
Closed
#2908 [GH-ISSUE #5191] Backports for CVE-2022-31214 fix
Closed
#2909 [GH-ISSUE #5190] Too many features
Closed
#2910 [GH-ISSUE #5195] firejail always creates an empty .zshrc
Closed
#2905 [GH-ISSUE #5188] Update syscall tables and seccomp groups
Closed
#2906 [GH-ISSUE #5186] steam: Paradox Interactive Lancher does not open (missing whitelist)
Closed
#2907 [GH-ISSUE #5185] steam: World of Tanks Blitz fails with new GE-Proton (seccomp)
Closed
#2902 [GH-ISSUE #5178] private-opt exceeds fcopy's 500MB limit.
Closed
#2904 [GH-ISSUE #5179] kodi: can access non-media paths
Closed
#2900 [GH-ISSUE #5162] transmission-gtk: very slow start due to private-lib
Closed
#2901 [GH-ISSUE #5169] vscodium: changes to settings do not persist (whitelisting issue)
Closed
#2898 [GH-ISSUE #5155] make: --disable-ids
Closed
#2896 [GH-ISSUE #5156] build: seccomp filters and man pages are always being rebuilt
Closed
#2897 [GH-ISSUE #5153] Add a profile for Check Point's Ssl Network eXtender (SNX)
Closed
#2894 [GH-ISSUE #5143] psi-plus: cannot receive PGP-encrypted messages (writable-run-user)
Closed
#2892 [GH-ISSUE #5138] vscode source control adding remote error
Closed
#2890 [GH-ISSUE #5137] dnsmasq: libvirtd cannot start NAT interface: PATH environment variable not set
Closed
#2891 [GH-ISSUE #5139] Trying to get in contact for a security report
Closed
#2887 [GH-ISSUE #5125] /usr/share is empty with google chrome profiles.
Closed
#2888 [GH-ISSUE #5122] Change the oom_score_adj for a sandbox
Closed
#2886 [GH-ISSUE #5120] Unable to use tcpdump with -Z 'username'
Closed
#2881 [GH-ISSUE #5107] [Website Text Amends] What is SUID, and how does it affect me?
Closed
#2882 [GH-ISSUE #5110] Log blocked syscall
Closed
#2883 [GH-ISSUE #5111] Interactive configuration guide
Closed
#2879 [GH-ISSUE #5095] tutanota-desktop: Cannot start application: Permission denied
Closed
#2876 [GH-ISSUE #5091] Nextcloud fails to connect to socket bus_0
Closed
#2877 [GH-ISSUE #5094] telegram: fcopy: invalid ownership for file /usr/bin/telegram
Closed
#2875 [GH-ISSUE #5089] dnsmasq: libvirtd cannot start bridge network: PATH environment variable not set
Closed
#2873 [GH-ISSUE #5081] Firefox DRM broken when using profile-sync-daemon because noexec is ignored
Closed
#2867 [GH-ISSUE #5068] Hugin profile requires shell and uname
Closed
#2868 [GH-ISSUE #5062] firefox: theme changes are not picked up automatically
Closed
#2864 [GH-ISSUE #5046] One time private application (no sharing)
Closed
#2865 [GH-ISSUE #5055] Add option to automatically create symlink on sandbox activation
Closed
#2862 [GH-ISSUE #5045] chromium: program does not start (snap)
Closed
#2861 [GH-ISSUE #5039] Firejail sould be released as AppImage
Closed
#2857 [GH-ISSUE #5023] [REOPEN] Element Messenger breaking out of Firejail?
Closed
#2859 [GH-ISSUE #5014] Newest Steam client has black window under firejail (fix included)
Closed
#2855 [GH-ISSUE #5012] vscode: cannot access own config directory (whitelisting issue)
Closed
#2856 [GH-ISSUE #5010] firefox: cannot make new connections after switching network connection methods (resolv.conf)
Closed
#2854 [GH-ISSUE #5011] Evince will not print - /bin/sh not found
Closed
#2853 [GH-ISSUE #5008] akregator: program does not start
Closed
#2851 [GH-ISSUE #5004] signal-desktop fails with Wayland Ozone platform
Closed
#2848 [GH-ISSUE #4995] problems with sylpheed
Closed
#2845 [GH-ISSUE #4988] mplayer: program does not start
Closed
#2846 [GH-ISSUE #4994] disable-xdg.inc weirdness with ${DESKTOP} [mupdf and directory whitelist]
Closed
#2843 [GH-ISSUE #4974] Tiny typo
Closed
#2844 [GH-ISSUE #4978] ffplay fails to play anything
Closed
#2839 [GH-ISSUE #4973] rmenv looks broken
Closed
#2841 [GH-ISSUE #4971] U2F key with firefox becomes and usable after browser is opened for long time
Closed
#2840 [GH-ISSUE #4965] The latest stable chrome (98.0.4758.102) does not start with firejail.
Closed
#2837 [GH-ISSUE #4960] Brave crashes on multiple browser profiles with PWAs under Wayland
Closed
#2838 [GH-ISSUE #4962] chromium: program does not start (snap)
Closed
#2835 [GH-ISSUE #4952] error: failed retrieving file 'apparmor-3.0.3-3-x86_64.pkg.tar.zst' when installing firejail
Closed
#2833 [GH-ISSUE #4954] No internet access with whitelist-run-common.inc (OpenSUSE) (resolv.conf)
Closed
#2834 [GH-ISSUE #4953] cannot create an empty sandbox any more
Closed
#2831 [GH-ISSUE #4945] Firejail Configuration Wizard - readability issue (light grey text on white background)
Closed
#2832 [GH-ISSUE #4939] Deny CLONE_NEWUSER (restrict namespaces)
Closed
#2828 [GH-ISSUE #4937] Profile for signal-desktop fails!
Closed
#2829 [GH-ISSUE #4936] broken bash autocomplete with --private option
Closed
#2824 [GH-ISSUE #4932] local qutebrowser profile issues since last update
Closed
#2826 [GH-ISSUE #4930] nogroups + wrc prints confusing messages
Closed
#2825 [GH-ISSUE #4931] w3m doesn´t work any more
Closed
#2823 [GH-ISSUE #4929] Opera not starting after updating profiles
Closed
#2821 [GH-ISSUE #4927] broken man.profile in 0.9.68
Closed
#2819 [GH-ISSUE #4925] flameshot complaining about AF_NETLINK socket
Closed
#2820 [GH-ISSUE #4926] [feature] create /etc/firejail/local
Closed
#2815 [GH-ISSUE #4910] private-cwd not expanding macros (e.g. ${HOME})
Closed
#2817 [GH-ISSUE #4917] iridium-browser crashes when started with firejail
Closed
#2814 [GH-ISSUE #4907] [ignore] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
Closed
#2811 [GH-ISSUE #4899] librewolf: Error: Can't find profile directory
Closed
#2809 [GH-ISSUE #4896] vscodium: crashes due to seccomp
Closed
#2810 [GH-ISSUE #4900] quiet from mediainfo.profile does not suppress 'Reading profile...' message
Closed
#2808 [GH-ISSUE #4892] steam: gamepad does not work with nou2f due to /dev/hidraw access (and enumeration fails)
Closed
#2807 [GH-ISSUE #4893] Firefox WebRender acceleration broken with proprietary nvidia driver
Closed
#2803 [GH-ISSUE #4890] tutanota: "Could not access secret storage"
Closed
#2804 [GH-ISSUE #4891] librewolf: cannot open new URLs into running instance
Closed
#2805 [GH-ISSUE #4888] static-ip-map license
Closed
#2800 [GH-ISSUE #4887] When /etc/fonts is a symlink to a directory, private-etc rules that invoke fcopy produce wrong directory structure and breaks apps (NixOS)
Closed
#2801 [GH-ISSUE #4884] Geeqie - protocol=unix disables map view
Closed
#2802 [GH-ISSUE #4883] keepassxc: cannot detect hardware key (nou2f/private-dev)
Closed
#2799 [GH-ISSUE #4875] shellcheck: cannot enable executable stack (mdwe)
Closed
#2794 [GH-ISSUE #4867] Rename and move /etc/firejail/hostnames
Closed
#2795 [GH-ISSUE #4855] chromium: no sound with pipewire
Closed
#2792 [GH-ISSUE #4848] --netlock
Closed
#2793 [GH-ISSUE #4845] Options to deal with open file descriptors
Closed
#2791 [GH-ISSUE #4844] profile-request for metaless anonymized app session.
Closed
#2788 [GH-ISSUE #4835] new xephyr version crashes
Closed
#2790 [GH-ISSUE #4842] retroshare profile needed
Closed
#2785 [GH-ISSUE #4815] firejail --list truncates command output in pipes and command substitutions
Closed
#2786 [GH-ISSUE #4823] xed: cannot edit common blacklisted files
Closed
#2784 [GH-ISSUE #4796] VirtualBox not starting when clicking on it with newest firejail version
Closed
#2783 [GH-ISSUE #4797] VLC Player can't open with doubleclick on icon with latest firejail
Closed
#2779 [GH-ISSUE #4789] keepassxc: Error: permission is denied to join a sandbox created by a different user
Closed
#2781 [GH-ISSUE #4794] xpra crashes
Closed
#2778 [GH-ISSUE #4780] private-cwd leaks access to the entire filesystem
Closed
#2776 [GH-ISSUE #4784] telegram: cannot open links in browser
Closed
#2777 [GH-ISSUE #4785] Firefox on KDE & Wayland fails to show Qt file-picker using portals, old fixes do not work on new Firejail versions
Closed
#2773 [GH-ISSUE #4775] Highlight profile blacklists lua which is required
Closed
#2774 [GH-ISSUE #4769] Can session D-BUS and --net both available
Closed
#2775 [GH-ISSUE #4754] Support for youtube-dl forks in e.g mpv
Closed
#2770 [GH-ISSUE #4753] Allow running firecfg as non-root
Closed
#2768 [GH-ISSUE #4741] When installing a software with wine, icons doesn't appear
Closed
#2769 [GH-ISSUE #4733] GitLab CI broken: Lintian failure because of binary in /etc (profstats)
Closed
#2767 [GH-ISSUE #4734] Error: cannot join namespace user
Closed
#2764 [GH-ISSUE #4716] firefox: cannot save files with the File Chooser Portal (dbus)
Closed
#2761 [GH-ISSUE #4713] Can't mount using firejail
Closed
#2762 [GH-ISSUE #4714] dhclient-script needs ip, which is disabled in disable-common.inc
Closed
#2758 [GH-ISSUE #4708] minecraft-launcher fails with fatal error (Manjaro 5.13.19-2, nvidia)
Closed
#2759 [GH-ISSUE #4707] elinks on Arch complains about missing access to liblua
Closed
#2760 [GH-ISSUE #4706] Implement case insensitive sorting of profiles on GitHub to avoid duplication
Closed
#2757 [GH-ISSUE #4702] Open torrent in firefox
Closed
#2756 [GH-ISSUE #4704] balena etcher profile
Closed
#2753 [GH-ISSUE #4699] Problem with Tor Browser Bundle and seccomp !chroot
Closed
#2754 [GH-ISSUE #4698] firefox: freeze with custom profile (seccomp)
Closed
#2752 [GH-ISSUE #4697] [solved] Firejail 0.9.66-1~0ubuntu21.10.1 Breaks Tor 11.0.1 (disabling apparmor for tor fixed this)
Closed
#2750 [GH-ISSUE #4692] A Viber.AppImage update broke firejail execution
Closed
#2751 [GH-ISSUE #4696] libreWolf: cannot detect local timezone
Closed
#2746 [GH-ISSUE #4682] konsole: Cannot find binary
Closed
#2747 [GH-ISSUE #4686] Seccomp is blocking Steam from launching a child container
Closed
#2748 [GH-ISSUE #4677] Add openstego profile
Closed
#2743 [GH-ISSUE #4671] Can't start docker in firejail
Closed
#2744 [GH-ISSUE #4670] firefox: cannot open new URLs into running instance
Closed
#2745 [GH-ISSUE #4668] Chasing SUID executables
Closed
#2741 [GH-ISSUE #4660] Should /run/timeshift be blacklisted by default?
Closed
#2742 [GH-ISSUE #4659] Audacity fails to start when "protocol unix" is set
Closed
#2740 [GH-ISSUE #4667] mpv does not see files in certain directories
Closed
#2739 [GH-ISSUE #4653] Allow specifying paths relative to XDG user dir variables (${DOWNLOADS}/something, ${PICTURES}/something...)
Closed
#2738 [GH-ISSUE #4646] private-bin throws fopen: Permission denied after latest related commits
Closed
#2734 [GH-ISSUE #4641] Firefox doesn't work with Discord
Closed
#2736 [GH-ISSUE #4637] keepassxc: cannot access devices in /media after whitelist (snap)
Closed
#2732 [GH-ISSUE #4633] Higher argument limits? (Error: too many arguments)
Closed
#2733 [GH-ISSUE #4627] Impossible to inclure tutanota-desktop-linux.AppImage in a sandbox with firejail with Linux Mint 20.2
Closed
#2730 [GH-ISSUE #4625] Firejail Incompatible with Ubuntu 21.10
Closed
#2728 [GH-ISSUE #4626] Strange issue with xonotic.profile on Arch
Closed
#2725 [GH-ISSUE #4620] Xbox controller not recognized with wine
Closed
#2726 [GH-ISSUE #4619] Steam with apparmor doesn't launch
Closed
#2727 [GH-ISSUE #4616] Tremulous and warsow profiles are broken on Arch
Closed
#2722 [GH-ISSUE #4611] jumpnbump-menu is broken (does not start)
Closed
#2723 [GH-ISSUE #4609] Firejail on Kubuntu 21.10 not working (missing SUID bit)
Closed
#2724 [GH-ISSUE #4614] Allow apostrophe in whitelist (and blacklist)
Closed
#2719 [GH-ISSUE #4607] noprinters
Closed
#2720 [GH-ISSUE #4608] noinput in supertux2.profile means no joystick/gamepad support
Closed
#2721 [GH-ISSUE #4605] supertuxkart: cannot see controller without netlink
Closed
#2716 [GH-ISSUE #4604] brave: program takes a long time to open
Closed
#2718 [GH-ISSUE #4603] Feature Request: Logind conditional
Closed
#2714 [GH-ISSUE #4589] Can't find libstdc++.so.6 due to private-etc and private-lib in aria2c.profile
Closed
#2710 [GH-ISSUE #4578] PATH_MAX is undeclared on musl libc
Closed
#2712 [GH-ISSUE #4577] Broken link to building profiles
Closed
#2711 [GH-ISSUE #4584] Latest version of Nheko is broken under firejail
Closed
#2707 [GH-ISSUE #4568] Firefox profile missing when using profile-sync-daemon
Closed
#2708 [GH-ISSUE #4576] Requesting rework of geekbench.profile
Closed
#2706 [GH-ISSUE #4563] Is it possible for Firejail to work with Snaps? [Ubuntu 21.10 ships firefox as snap]
Closed
#2704 [GH-ISSUE #4555] Evince does not support .cbz format with certain plugin
Closed
#2705 [GH-ISSUE #4558] --tracelog and --trace override /etc/ld.so.preload inside the sandbox
Closed
#2703 [GH-ISSUE #4552] Firejail for only Zoom, nothing else
Closed
#2702 [GH-ISSUE #4550] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /run/firejail/appimage/.appimage-8934/chrome-sandbox is owned by root and has m…
Closed
#2698 [GH-ISSUE #4545] Error fcopy: invalid ownership for file /etc/resolv.conf (systemd-resolved)
Closed
#2699 [GH-ISSUE #4540] [INFO] gitconsensus
Closed
#2696 [GH-ISSUE #4539] List of deprecated profiles
Closed
#2697 [GH-ISSUE #4528] nogroups kills ALSA audio in mpv.profile and vlc.profile
Closed
#2694 [GH-ISSUE #4527] Error: .asoundrc is a symbolic link pointing to a file outside home directory
Closed
#2692 [GH-ISSUE #4518] Musixmatch can not run under firejail
Closed
#2693 [GH-ISSUE #4523] No webcams in Zoom
Closed
#2689 [GH-ISSUE #4511] telegram-desktop: program does not shutdown
Closed
#2691 [GH-ISSUE #4516] Error fcopy: invalid ownership for file /usr/local/bin/foo
Closed
#2687 [GH-ISSUE #4508] telegram.profile breaks download, open links und tray icon
Closed
#2686 [GH-ISSUE #4509] Nextcloud profile broken - needs 3D and system tray access
Closed
#2688 [GH-ISSUE #4506] Freetube does not start
Closed
#2683 [GH-ISSUE #4494] skypeforlinux - systray icon not shown
Closed
#2684 [GH-ISSUE #4488] telegram-desktop cannot start
Closed
#2680 [GH-ISSUE #4480] can't lock mbox file with evolution
Closed
#2681 [GH-ISSUE #4482] It seems that 8d3d67e8960f87a7592bc3a1623f27b45a52edb5 breaks Firefox
Closed
#2682 [GH-ISSUE #4483] mpv requires whitelisting /usr/share/pipewire
Closed
#2677 [GH-ISSUE #4478] I can't write in /usr
Closed
#2678 [GH-ISSUE #4469] Need help to fix the profile for celluloid!
Closed
#2676 [GH-ISSUE #4460] --build clears the environment
Closed
#2674 [GH-ISSUE #4465] [Website] remove trackers and embeds and make the site legal in the EU
Closed
#2675 [GH-ISSUE #4454] Merge disable-passwordmgr.inc in disable-common.inc or disable-programs.inc
Closed
#2673 [GH-ISSUE #4437] steam-controller not working in steam.profile
Closed
#2668 [GH-ISSUE #4428] vscodium: crashes due to seccomp
Closed
#2669 [GH-ISSUE #4429] Add new blacklist "${HOME}/Private" to disable-common
Closed
#2670 [GH-ISSUE #4430] Discord doesn't start
Closed
#2667 [GH-ISSUE #4423] profile request for Fwknop
Closed
#2665 [GH-ISSUE #4425] Firefox Profile Question
Closed
#2666 [GH-ISSUE #4424] firejail strace method for private-lib needed
Closed
#2662 [GH-ISSUE #4421] Fix new profiles after [no]deny / [no]allow revert
Closed
#2664 [GH-ISSUE #4418] nosound in firefox
Closed
#2659 [GH-ISSUE #4417] Brave stopped working
Closed
#2660 [GH-ISSUE #4415] steam: cannot launch games (seccomp)
Closed
#2661 [GH-ISSUE #4416] kmail.profile broken due to wildcard
Closed
#2656 [GH-ISSUE #4409] Add Microsoft Edge (Beta/Dev channels)
Closed
#2657 [GH-ISSUE #4411] superuser in titlebar of various apps
Closed
#2658 [GH-ISSUE #4414] Can't open atril from within calibre
Closed
#2653 [GH-ISSUE #4406] Electron apps segfault in libglib when trying to upload files
Closed
#2654 [GH-ISSUE #4402] Add profile for Morty
Closed
#2655 [GH-ISSUE #4408] vscode: crashes without seccomp !chroot
Closed
#2652 [GH-ISSUE #4397] question about jailcheck/configuration
Closed
#2650 [GH-ISSUE #4395] Firejail rejects empty arguments
Closed
#2651 [GH-ISSUE #4396] tracelog causes anki to segfault
Closed
#2647 [GH-ISSUE #4394] tmpfs doesn't mount in home directory
Closed
#2648 [GH-ISSUE #4393] BUG// apparmor protection failed
Closed
#2649 [GH-ISSUE #4387] Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument Error: proc 22812 cannot sync with peer: unexpected EOF
Closed
#2645 [GH-ISSUE #4382] Error chown: fs_logger.c:117 fs_logger_change_owner: Read-only file system
Closed
#2646 [GH-ISSUE #4381] regression in 0.9.64.2: private-tmp whitelists .X11-unix, but makes it read-only
Closed
#2644 [GH-ISSUE #4383] move noblacklist ${HOME}/.bogofilter to email-common.profile for claws-mail (and other mailers)
Closed
#2641 [GH-ISSUE #4378] Telegram 2.8.0 not working
Closed
#2643 [GH-ISSUE #4380] Tor Browser with 0.9.66
Closed
#2638 [GH-ISSUE #4367] gimp 2.10.22-3: gegl:introspect broken
Closed
#2639 [GH-ISSUE #4372] qpdfview launches fine but hangs on open file
Closed
#2640 [GH-ISSUE #4377] telegram-desktop 2.8.2 not starting using firejail-git
Closed
#2635 [GH-ISSUE #4363] minecraft-launcher not running with firejail
Closed
#2636 [GH-ISSUE #4366] Steam Proton (Experimental) doesn't work, even under an empty profile
Closed
#2637 [GH-ISSUE #4364] Build from git master broken
Closed
#2632 [GH-ISSUE #4362] Firefox can't access sndio sound server
Closed
#2633 [GH-ISSUE #4357] no sound with different user in firefox inside firejail
Closed
#2634 [GH-ISSUE #4361] Allow firefox to use sndio sound system
Closed
#2631 [GH-ISSUE #4351] Sandboxed application can't find program in $PATH
Closed
#2627 [GH-ISSUE #4346] Issue with engrampa
Closed
#2628 [GH-ISSUE #4339] Enhancement hardened internet sandbox needed
Closed
#2626 [GH-ISSUE #4341] Problems Firejailing Discord on Linux Mint
Closed
#2624 [GH-ISSUE #4329] Slack (Arch Linux AUR) doesn't work with default firejail configuration
Closed
#2625 [GH-ISSUE #4331] blacklisting ${HOME}/.netrc blocks internet access for SRBMiner 0.7.5+
Closed
#2621 [GH-ISSUE #4321] Yarn profile causing error
Closed
#2622 [GH-ISSUE #4324] Access to CEC Adapter blocked by kodi.profile
Closed
#2620 [GH-ISSUE #4328] Seccomp list output goes to stdout instead of stderr
Closed
#2617 [GH-ISSUE #4310] Invalid whitelist path /local
Closed
#2618 [GH-ISSUE #4305] Officially deprecate follow-symlink-as-user
Closed
#2619 [GH-ISSUE #4306] firejail took over the default gateway IP
Closed
#2615 [GH-ISSUE #4304] Add new commands to vim syntax
Closed
#2613 [GH-ISSUE #4298] [meta] Avoid merging PRs that break CI
Closed
#2611 [GH-ISSUE #4296] private-dev customization
Closed
#2612 [GH-ISSUE #4297] CI is broken (yet again)
Closed
#2609 [GH-ISSUE #4294] Firejail broke latest Bitwarden by blocking network access
Closed
#2608 [GH-ISSUE #4292] Problems with Cinelerra - AppImage
Closed
#2605 [GH-ISSUE #4282] chromium: Unable to open X display (missing whitelist)
Closed
#2606 [GH-ISSUE #4285] whitelist + private logic changed after #4229
Closed
#2602 [GH-ISSUE #4274] gcc -fanalyzer warnings (GCC 11)
Closed
#2604 [GH-ISSUE #4279] firefox: keepassxc browser integration not working correctly (even with fixes from #3952)
Closed
#2599 [GH-ISSUE #4267] Landlock support mainlined in 5.13
Closed
#2600 [GH-ISSUE #4268] Conflict with jailtest utility
Closed
#2601 [GH-ISSUE #4270] CPU hotplug (cpuhp) process running libreoffice as root
Closed
#2597 [GH-ISSUE #4263] discord logs out if opens twice.
Closed
#2598 [GH-ISSUE #4265] Open file dialog in Telegram
Closed
#2593 [GH-ISSUE #4249] Profile for Firefox on Ramdisk
Closed
#2594 [GH-ISSUE #4252] Question... how to run Snaps on Firejail (Arch)
Closed
#2595 [GH-ISSUE #4256] CI broken (again)
Closed
#2590 [GH-ISSUE #4238] how to start to use "firejail firefox"?
Closed
#2591 [GH-ISSUE #4237] Steam wont launch in firejail using Sea Island GPU(AMD) with vulkan(RADV) support enabled
Closed
#2592 [GH-ISSUE #4241] wireshark: Error: You do not have permission to capture on device
Closed
#2587 [GH-ISSUE #4224] Firefox des not start anymore
Closed
#2588 [GH-ISSUE #4235] firecfg does not work with symlinks (discord.desktop)
Closed
#2589 [GH-ISSUE #4236] Discord doesn't detect webcam with firejail
Closed
#2584 [GH-ISSUE #4218] Digikam - unable to customize toolbars
Closed
#2585 [GH-ISSUE #4220] vlc broken - ubuntu focal
Closed
#2586 [GH-ISSUE #4214] Obsidian appimage wont start.
Closed
#2581 [GH-ISSUE #4211] Bug: Keyboard input doesn't work in VS Code when configured with desktop integration via: "sudo firecfg". Works upon "sudo firecfg --clean".
Closed
#2582 [GH-ISSUE #4212] Invalid --env setting, Failed to compile git version on Arch Linux with --enable-apparmor
Closed
#2583 [GH-ISSUE #4213] librewolf: cannot communicate with keepassxc
Closed
#2578 [GH-ISSUE #4208] Issue introduced in glibc 2.33 could lead to perpetual spin in firejail arp code
Closed
#2579 [GH-ISSUE #4206] [NOT SURE IF BUG] multiple instances of same application started via "firejail --private $PROG" not isolated but share data
Closed
#2580 [GH-ISSUE #4210] "Warning: cannot find /var/run/utmp" but looks for "/dev/null/utmp" instead
Closed
#2576 [GH-ISSUE #4194] cannot access whitelisted directories in Thunderbird Ubuntu 20.04
Closed
#2572 [GH-ISSUE #4187] Issue with printing evince
Closed
#2573 [GH-ISSUE #4191] A question about one program starting another program
Closed
#2574 [GH-ISSUE #4190] brave profile blocks Tor
Closed
#2569 [GH-ISSUE #4186] Enhancement starting firejail before runit,openrc,sysinitv and systemd service, and sandboxing early startup process.
Closed
#2570 [GH-ISSUE #4184] telegram-desktop 2.7.1 is not starting with telegram-desktop.profile
Closed
#2571 [GH-ISSUE #4185] Enhancement. we need secure memory zone for started apps
Closed
#2566 [GH-ISSUE #4181] mumble: program does not start (no3d)
Closed
#2567 [GH-ISSUE #4182] Evolution 3.38.4 wont start using default profile
Closed
#2568 [GH-ISSUE #4183] vscodium: missing profile redirect for codium
Closed
#2563 [GH-ISSUE #4173] gnome-calculator hangs with 100% CPU
Closed
#2565 [GH-ISSUE #4177] Document how to enable browser access to native Gnome connector (extensions.gnome.org)
Closed
#2564 [GH-ISSUE #4175] Discord Canary profile doesn't work FireJail using its own profile
Closed
#2560 [GH-ISSUE #4166] npm and pip profiles
Closed
#2561 [GH-ISSUE #4168] Error: invalid --debug command line option if quiet-by-default is set in firejail.config
Closed
#2562 [GH-ISSUE #4171] chromium: firejail erases javascript whitelist
Closed
#2557 [GH-ISSUE #4158] Dunst notifications with Signal-Desktop not working
Closed
#2558 [GH-ISSUE #4160] Firejail blocks sound/music when using cmus
Closed
#2559 [GH-ISSUE #4162] Firejail the whole operating system
Closed
#2554 [GH-ISSUE #4153] Help me?
Closed
#2556 [GH-ISSUE #4157] [Feature] Should rmenv GitHub auth tokens
Closed
#2555 [GH-ISSUE #4152] libreoffice: $HOME/.config/libreoffice needs to be whitelisted
Closed
#2553 [GH-ISSUE #4151] Unset TMP if it doesn't exist inside of sandbox
Closed
#2551 [GH-ISSUE #4150] Dropbox needs access to python
Closed
#2552 [GH-ISSUE #4147] Thunderbird in non-default location won't start
Closed
#2548 [GH-ISSUE #4142] Feedreader not working properly with Firejail's Sandbox
Closed
#2549 [GH-ISSUE #4146] firefox profile cannot run Emacs because /usr/share/emacs is not whitelisted
Closed
#2550 [GH-ISSUE #4145] firejail doesn't work automatically with gnome-books
Closed
#2545 [GH-ISSUE #4127] [SOLVED] Firefox has different audio backend when started with custom profile
Closed
#2547 [GH-ISSUE #4132] Can't start newest slack
Closed
#2546 [GH-ISSUE #4136] --shell=none does not work
Closed
#2542 [GH-ISSUE #4118] Discord Game Activity
Closed
#2543 [GH-ISSUE #4120] How to allow access to other home directories?
Closed
#2541 [GH-ISSUE #4113] File Roller on the cinnamon desktop doesn't work
Closed
#2539 [GH-ISSUE #4114] Apparmor and Firejail - Sandboxing not working properly
Closed
#2540 [GH-ISSUE #4115] nheko: program does not work properly
Closed
#2538 [GH-ISSUE #4109] Pixel Saver / Unite and similar gnome extensions problem
Closed
#2536 [GH-ISSUE #4106] [Question] Security advantage of private-tmp for the default firefox profile
Closed
#2537 [GH-ISSUE #4107] evolution - gpg card
Closed
#2533 [GH-ISSUE #4103] Can't combine private-home and whitelist for Firefox
Closed
#2530 [GH-ISSUE #4087] chromium: child processes escape the network namespace sandbox
Closed
#2531 [GH-ISSUE #4093] darktable needs read access to liblua*
Closed
#2532 [GH-ISSUE #4088] [profile bug] eo-common and net none
Closed
#2529 [GH-ISSUE #4081] Having blacklist violation for Dolphin
Closed
#2527 [GH-ISSUE #4086] firejail prevents Firefox from deactivating screen dimming during video watch
Closed
#2528 [GH-ISSUE #4078] Document that private-etc and private-bin always accumulate
Closed
#2526 [GH-ISSUE #4067] Running the program many times
Closed
#2524 [GH-ISSUE #4073] Flameshot escapes firejail
Closed
#2522 [GH-ISSUE #4066] [profile bug] atril doesn't open comic archives
Closed
#2523 [GH-ISSUE #4059] firejail.config not found after following git instructions on the source .tarball
Closed
#2518 [GH-ISSUE #4055] Wiki FAQ request: comparison with bubblewrap
Closed
#2519 [GH-ISSUE #4050] question regarding running "firejail firefox"
Closed
#2520 [GH-ISSUE #4054] Remove link from Wordpress site
Closed
#2516 [GH-ISSUE #4046] Wordpress connotations
Closed
#2517 [GH-ISSUE #4047] GitHub discussions
Closed
#2512 [GH-ISSUE #4034] Any way to know we are inside Firejail or not?
Closed
#2513 [GH-ISSUE #4044] skypeforlinux fails to start on Arch Linux
Closed
#2510 [GH-ISSUE #4027] firejail prevent my firefox from login to "Ask Fedora" site !
Closed
#2511 [GH-ISSUE #4032] Firetools "Process Tree"-tab empty once again
Closed
#2507 [GH-ISSUE #4026] --private and $HOME
Closed
#2508 [GH-ISSUE #4020] Revisit profiles allowing netlink protocol
Closed
#2503 [GH-ISSUE #4013] nixnote2: Could not create AF_NETLINK socket
Closed
#2504 [GH-ISSUE #4017] new protocol list behaviour needs to be announced somewhere so users can adjust their local overrides
Closed
#2505 [GH-ISSUE #4014] Installation problem: trying to overwrite '/etc/firejail/0ad.profile'
Closed
#2500 [GH-ISSUE #4012] join-or-start doesn't work with okular
Closed
#2501 [GH-ISSUE #4011] Support. How to install firejail on Debian so that it does not interfere with any programs?
Closed
#2502 [GH-ISSUE #4006] zoom: cannot save chat logs
Closed
#2497 [GH-ISSUE #3996] celluloid: error while loading shared libraries: liblua5.2.so.5.2
Closed
#2498 [GH-ISSUE #3999] Firejail usage
Closed
#2499 [GH-ISSUE #3992] Enhancement adding lowlevel new sandbox feature "landlock"
Closed
#2494 [GH-ISSUE #3987] cannot confine using apparmor on Arch linux LTS kernel
Closed
#2495 [GH-ISSUE #3991] private-etc doesn't allow subdirs
Closed
#2496 [GH-ISSUE #3989] First link to Firefox Opens New Window Instead of New Tab
Closed
#2491 [GH-ISSUE #3981] Wayland Only: ibus failed to work in some programs even with --noprofile
Closed
#2492 [GH-ISSUE #3982] thunderbird: cannot open links in firefox (and vice-versa)
Closed
#2493 [GH-ISSUE #3986] CodeQL warnings
Closed
#2488 [GH-ISSUE #3979] KMail profile in 0.9.64.4 has multiple fatal errors
Closed
#2489 [GH-ISSUE #3978] android-studio: cannot create the directory
Closed
#2490 [GH-ISSUE #3980] private-lib: can we mount instead of copy?
Closed
#2487 [GH-ISSUE #3976] jitsi-meet-desktop not properly starting
Closed
#2485 [GH-ISSUE #3977] Mistake
Closed
#2486 [GH-ISSUE #3975] Running xpdf in friejail
Closed
#2482 [GH-ISSUE #3971] mpv no longer uses user config
Closed
#2483 [GH-ISSUE #3973] Is this a bug or intended or a bug ??
Closed
#2484 [GH-ISSUE #3972] Add sara LSM library for W^X protection
Closed
#2480 [GH-ISSUE #3968] chromium: save location bypass and code execution
Closed
#2481 [GH-ISSUE #3965] firejail fails to start if iBus is not in use, but .config/ibus/bus/* exists.
Closed
#2477 [GH-ISSUE #3962] firefox: program does not work due to whitelist-runuser-common
Closed
#2478 [GH-ISSUE #3960] Patches from Jolla
Closed
#2476 [GH-ISSUE #3959] faccessat2 syscalls support required for glibc 2.33
Closed
#2473 [GH-ISSUE #3957] Error: execute permission denied for /usr/local/bin/firefox
Closed
#2474 [GH-ISSUE #3958] firejail hangs with net parameter
Closed
#2470 [GH-ISSUE #3952] firefox: cannot communicate with keepassxc
Closed
#2471 [GH-ISSUE #3953] xwallaper fail to set wallpaper
Closed
#2467 [GH-ISSUE #3949] firejail not terminated after browser is killed
Closed
#2468 [GH-ISSUE #3948] firejail --join=foobar fails with Error: cannot read /proc file
Closed
#2469 [GH-ISSUE #3945] It seems some capabilities are missing
Closed
#2465 [GH-ISSUE #3941] keepassxc: cannot communicate with ungoogled-chromium
Closed
#2466 [GH-ISSUE #3943] Parent is shutting down, bye... AppImage unmounted
Closed
#2461 [GH-ISSUE #3938] vlc: no video playback (seccomp)
Closed
#2463 [GH-ISSUE #3939] brave: u2f does not work
Closed
#2462 [GH-ISSUE #3940] brave: u2f does not work
Closed
#2458 [GH-ISSUE #3937] dolphin: cannot start keepassxc
Closed
#2459 [GH-ISSUE #3933] different seccomp behavior with and without arguments
Closed
#2460 [GH-ISSUE #3928] CI seems broken, unsure on how to proceed.
Closed
#2455 [GH-ISSUE #3925] telegram-desktop launch browser for open URL (after update to 0.9.64.2)
Closed
#2456 [GH-ISSUE #3927] [INFO] Whitelist ssh_config
Closed
#2452 [GH-ISSUE #3912] Chrome not working due to symlink.
Closed
#2453 [GH-ISSUE #3914] Redirect profiles without .local
Closed
#2454 [GH-ISSUE #3911] firecfg breaking firejail on the command line
Closed
#2449 [GH-ISSUE #3907] Bibletime profile does not work, should add a new whitelist
Closed
#2448 [GH-ISSUE #3904] VScode can't execute certain script when seccom is enabled
Closed
#2446 [GH-ISSUE #3905] nginx cant start in firejail version 0.9.63
Closed
#2445 [GH-ISSUE #3898] Appimage fails to run
Closed
#2443 [GH-ISSUE #3894] newsboat unable to launch default browser
Closed
#2440 [GH-ISSUE #3884] ssh profile blocks access to ssh-agent with non-default socket location
Closed
#2441 [GH-ISSUE #3891] How to allow firefox (or any sandbox) to access the pulseaudio process?
Closed
#2442 [GH-ISSUE #3883] Getting "Permission denied" when running Electron apps with --no-sandbox
Closed
#2437 [GH-ISSUE #3878] umask always 0002
Closed
#2439 [GH-ISSUE #3881] discord: cannot open links in the browser
Closed
#2438 [GH-ISSUE #3877] Using firejail with private /home with a folder on /home mount point but outside of users folders
Closed
#2434 [GH-ISSUE #3871] vscodium: missing profile redirect: vscodium was renamed to codium
Closed
#2435 [GH-ISSUE #3872] Screen sharing configuration on wayland
Closed
#2436 [GH-ISSUE #3874] What's are currently the best ways to configure apps to run sandboxed with firejail? (Modified .desktop files can change after updates)
Closed
#2432 [GH-ISSUE #3868] Error getpwuid: main.c:237 init_cfg: Success (keepassxc/signal/joplin)
Closed
#2433 [GH-ISSUE #3865] obs: program does not start
Closed
#2428 [GH-ISSUE #3860] Video Tutorial
Closed
#2429 [GH-ISSUE #3861] firejail --list shows nothing
Closed
#2430 [GH-ISSUE #3858] Unable to start Firefox v84.0.1 on Debian 10 (Buster)
Closed
#2425 [GH-ISSUE #3857] [Question] Is it possible to modify the profile while firejail is running?
Closed
#2426 [GH-ISSUE #3856] Jackbox games broken under firejail
Closed
#2427 [GH-ISSUE #3855] "caps.drop all" fails to run commands which have capabilities set (was: node does not want to run (but the same binary renamed works))
Closed
#2422 [GH-ISSUE #3851] Compiled-in environment/arg limits causing issues
Closed
#2424 [GH-ISSUE #3846] Not able to use netns configuration directive in .profile or .local files
Closed
#2421 [GH-ISSUE #3844] firejail --private hanging
Closed
#2420 [GH-ISSUE #3842] Cannot launch Teams on POP!_OS 20.10
Closed
#2418 [GH-ISSUE #3841] Permission denied - runnig is as a normal user [SOLVED]
Closed
#2416 [GH-ISSUE #3838] --x11=none --netns=isolated invalidly errors on the abstract X11 socket being accessible
Closed
#2413 [GH-ISSUE #3836] what about snap app ?
Closed
#2414 [GH-ISSUE #3837] firefox: firefox -p fails to launch (seccomp)
Closed
#2410 [GH-ISSUE #3831] Question to bug #2101
Closed
#2411 [GH-ISSUE #3823] Unable to start hexchat with firejail
Closed
#2412 [GH-ISSUE #3833] archivers: issues due limiting file system access
Closed
#2408 [GH-ISSUE #3815] Question: AppImage trust
Closed
#2409 [GH-ISSUE #3817] playonlinux in firejail - internet connection issues?
Closed
#2404 [GH-ISSUE #3805] telegram-desktop launch browser for open URL problem in openSUSE
Closed
#2405 [GH-ISSUE #3809] Relationship between disable-mnt and disable-write.inc
Closed
#2406 [GH-ISSUE #3806] Refactor electron.profile and electron based programs
Closed
#2401 [GH-ISSUE #3804] Blacklist .ssh directory by default
Closed
#2402 [GH-ISSUE #3800] "firejail playonlinux" starts GUI but not installed programme
Closed
#2403 [GH-ISSUE #3801] --get outputs empty file when using --chroot
Closed
#2399 [GH-ISSUE #3797] Get ride of all these u2f and drm issues
Closed
#2400 [GH-ISSUE #3799] Viber appimage pausing firejail execution asking to replace mimeapps.list 'overriding mode 0664'
Closed
#2395 [GH-ISSUE #3794] Trouble running Firefox Portable Dev Edition in firejail
Closed
#2396 [GH-ISSUE #3796] firefox: YubiKey WebAuthn does not work
Closed
#2397 [GH-ISSUE #3795] teams: program does not start (seccomp/tracelog)
Closed
#2392 [GH-ISSUE #3792] MTP Android files can be copied outside firejail in Thunar file manager.
Closed
#2393 [GH-ISSUE #3793] running wine in firejail (--private option)
Closed
#2394 [GH-ISSUE #3790] xfce4-screenshooter - profile broken by memory-deny-write-execute
Closed
#2389 [GH-ISSUE #3788] No sound with pulseaudio and private home
Closed
#2390 [GH-ISSUE #3789] Two firejail related scripts.
Closed
#2391 [GH-ISSUE #3787] [Question] Can an app read the username of the user's home dir on linux?
Closed
#2386 [GH-ISSUE #3784] Error ioctl: interface.c:302 net_if_mac: Cannot assign requested address
Closed
#2387 [GH-ISSUE #3785] Allowing calling specific apps outside the sandbox or with a different firejail profile
Closed
#2388 [GH-ISSUE #3786] rhythmbox profile does not support viewing/loading files from cdrom
Closed
#2383 [GH-ISSUE #3782] Man pages have #ifdefs in them
Closed
#2384 [GH-ISSUE #3783] google-chrome: hardware acceleration is broken (intel/wayland ozone) (seccomp)
Closed
#2380 [GH-ISSUE #3776] ffmpeg profile breaks jellyfin transcoding
Closed
#2381 [GH-ISSUE #3780] whois profile block hostname resolution via getaddrinfo (Name or service not known)
Closed
#2382 [GH-ISSUE #3777] lyx: program does not start (private-etc)
Closed
#2378 [GH-ISSUE #3773] Interferes with firefox loading webpages
Closed
#2379 [GH-ISSUE #3774] Tray-icon researches
Closed
#2377 [GH-ISSUE #3775] zathura does not work with ipc-namespace
Closed
#2375 [GH-ISSUE #3767] firefox: keepassxc browser extension fails due to whitelist-runuser-common
Closed
#2374 [GH-ISSUE #3770] xournal.profile: liblua.so.5.4: cannot open shared object file: Permission denied
Closed
#2373 [GH-ISSUE #3759] thunderbird: cannot open links in Firefox: "Your Firefox profile cannot be loaded"
Closed
#2371 [GH-ISSUE #3765] Spotify 1.1.42.622 Hangs on Arch Linux
Closed
#2372 [GH-ISSUE #3761] w3m with w3m-img installed does not display images when on virtual console/framebuffer
Closed
#2368 [GH-ISSUE #3755] signal-desktop no longer works with notify-send?
Closed
#2370 [GH-ISSUE #3756] Finally Viber has an appimage
Closed
#2369 [GH-ISSUE #3758] library libgtk3-nocsd cannot be preloaded
Closed
#2366 [GH-ISSUE #3753] [Feature] different profiles/behavior per user?
Closed
#2367 [GH-ISSUE #3754] Can't run Discord with Linux-Hardened kernel
Closed
#2362 [GH-ISSUE #3744] zoom: program does not start (missing whitelist)
Closed
#2363 [GH-ISSUE #3745] Public gpg key & Signature
Closed
#2364 [GH-ISSUE #3743] Lost email in claws-mail
Closed
#2360 [GH-ISSUE #3741] Error: failed to run /run/firejail/lib/fcopy
Closed
#2361 [GH-ISSUE #3739] Steam doesn't work with symlinked steamfolder
Closed
#2356 [GH-ISSUE #3736] Add alsaequal (Equalizer for alsa) to whitelist-common.inc
Closed
#2358 [GH-ISSUE #3737] There is no sound in telegram via alsa (needs "alsa" and "group" for the "private-etc" option).
Closed
#2353 [GH-ISSUE #3733] telegram.profile need netlink protocol
Closed
#2354 [GH-ISSUE #3732] firefox: cannot use fcitx IME (dbus)
Closed
#2355 [GH-ISSUE #3731] Is it possible through firejail to make available what the launched user is not available?
Closed
#2351 [GH-ISSUE #3730] Is it unsafe if I run Firejail with --no-sandbox?
Closed
#2352 [GH-ISSUE #3729] "Process Tree"-tab in firetools is empty - firejail seems to be responsible
Closed
#2350 [GH-ISSUE #3728] Don't correct fonts and theme styles in openSUSE KDE
Closed
#2348 [GH-ISSUE #3726] zoom: program does not start (private-etc)
Closed
#2349 [GH-ISSUE #3725] Firefox widevinecdm crashes (e.g. Amazon Prime Video)
Closed
#2344 [GH-ISSUE #3722] Filezilla profile does not allow to open HOME/.ssh folder for using keys in OpenSSH/SFTP connections
Closed
#2345 [GH-ISSUE #3724] [abrt] firejail: iopl(): faudit killed by SIGSYS
Closed
#2346 [GH-ISSUE #3723] Default minetest profile doesn't work
Closed
#2341 [GH-ISSUE #3720] Question about --dns option
Closed
#2343 [GH-ISSUE #3721] Travis CI
Closed
#2342 [GH-ISSUE #3718] KDE Kontact: configuring Google calender, tasks and Contacts not possible
Closed
#2339 [GH-ISSUE #3714] How would it be possible to have specified commands run automatically with firejail? (e.g. youtube-dl becomes firejail youtube-dl)
Closed
#2340 [GH-ISSUE #3713] keepassxc: issues with browser extension and tray icon (dbus)
Closed
#2336 [GH-ISSUE #3711] zoom profile: can't access webcam
Closed
#2335 [GH-ISSUE #3712] 'make test' errors on tests not included in release tarball
Closed
#2337 [GH-ISSUE #3709] Tor doesn't launch with Brave browser.
Closed
#2332 [GH-ISSUE #3706] Does sandboxing with firejail works with spack package manager applications?
Closed
#2334 [GH-ISSUE #3707] qBittorrent tray icon missing from notification panel when running it with firejail
Closed
#2331 [GH-ISSUE #3701] Firefox native messaging regression in 0.9.62.4 -> 0.9.64rc1
Closed
#2329 [GH-ISSUE #3697] Need help for spectacle's profile
Closed
#2330 [GH-ISSUE #3699] Firefox can't inhibit screensavers/screen blanking
Closed
#2328 [GH-ISSUE #3695] --private-home
Closed
#2326 [GH-ISSUE #3696] Next release (0.9.64.2 / 0.9.66)
Closed
#2327 [GH-ISSUE #3693] Kate - Read/Write problems in /home/ (ignores overrides?)
Closed
#2325 [GH-ISSUE #3689] iceweasel: DBus user socket not found (Parabola OpenRC)
Closed
#2323 [GH-ISSUE #3690] test failure: mkdir.exp
Closed
#2322 [GH-ISSUE #3687] start-tor-browser doesn't open with any profile
Closed
#2320 [GH-ISSUE #3686] mpsyt: mpv needs lua
Closed
#2317 [GH-ISSUE #3682] No blu-ray playback with vlc using libaacs
Closed
#2318 [GH-ISSUE #3681] Widevine/DRM broken with firejail 0.9.64 in browsers
Closed
#2314 [GH-ISSUE #3678] Error: too long environment variables, please use --rmenv
Closed
#2316 [GH-ISSUE #3680] firefox: does not start due to dpkg error (Linux Mint)
Closed
#2315 [GH-ISSUE #3677] Disable user-defined profile
Closed
#2312 [GH-ISSUE #3673] bug? --rmenv seems to fire after check for length of environment variables, which makes long variables impossible to remove from firejail side
Closed
#2313 [GH-ISSUE #3669] skypeforlinux logs out every time, even without profile
Closed
#2309 [GH-ISSUE #3666] Torbrowser-launcher.profile doesn't launch without certain flags disabled
Closed
#2310 [GH-ISSUE #3665] With firecfg, how do I configure specific applications to go through firejail?
Closed
#2305 [GH-ISSUE #3663] Unable to whitelist steamapps when using --private
Closed
#2307 [GH-ISSUE #3661] Error w/o 'gawk' and no apparmor on Ubuntu
Closed
#2302 [GH-ISSUE #3659] AppArmor profile fails to load with AppArmor 3.0.0 installed
Closed
#2301 [GH-ISSUE #3654] Firejail crashing with SELinux support enabled
Closed
#2300 [GH-ISSUE #3648] Regression: Error: no such executable /usr/bin/git
Closed
#2296 [GH-ISSUE #3646] web browsers have no internet connection (resolv.conf)
Closed
#2297 [GH-ISSUE #3645] Unable to watch shows on ctv.ca and globaltv.com using firejail
Closed
#2294 [GH-ISSUE #3644] nvidia: opengl errors with nvidia proprietary driver due to "nogroups"
Closed
#2293 [GH-ISSUE #3643] Firejail profile preventing flameshot from starting
Closed
#2295 [GH-ISSUE #3641] Cannot run DB_Browser_for_SQLite--x86_64.appimage under firejail
Closed
#2290 [GH-ISSUE #3638] Why are all the $HOME dirs and files visible in Telegram and not jailed?
Closed
#2291 [GH-ISSUE #3640] Gimp - add note how to enable scanning (xsane)
Closed
#2292 [GH-ISSUE #3639] 'less' does not work
Closed
#2287 [GH-ISSUE #3635] [mpv] "Running subprocess failed: init" when trying to execute script in ~/bin
Closed
#2288 [GH-ISSUE #3637] Firejail not loading certain profiles automatically
Closed
#2289 [GH-ISSUE #3636] transmission-daemon fills log with error
Closed
#2286 [GH-ISSUE #3634] Discord 0.0.12 not starting
Closed
#2285 [GH-ISSUE #3633] chromium-privacy-browser: program does not start
Closed
#2281 [GH-ISSUE #3629] Problem Apparmor with Brave
Closed
#2278 [GH-ISSUE #3626] Firefox is already running, but is not responding.
Closed
#2280 [GH-ISSUE #3628] "Cannot alocate memory" error when trying to copy/paste in MPV
Closed
#2275 [GH-ISSUE #3620] Hardcoded tc command is not found on openSUSE
Closed
#2276 [GH-ISSUE #3623] build: remove src/man/preproc from Makefile
Closed
#2277 [GH-ISSUE #3625] hedgewars crashes without access to liblua
Closed
#2272 [GH-ISSUE #3616] Can't use newsboat through torsocks
Closed
#2273 [GH-ISSUE #3617] MAC Address --mac should be able to be changed/spoofed without the need for --net
Closed
#2274 [GH-ISSUE #3618] Must-fix bugs for release 0.9.64
Closed
#2271 [GH-ISSUE #3613] Disabling /dev/snd/ with private-dev?
Closed
#2269 [GH-ISSUE #3615] Opening up x-terminal-emulator with --noprofile exits the jail
Closed
#2270 [GH-ISSUE #3614] telegram.profile needs netlink protocol
Closed
#2266 [GH-ISSUE #3612] join-or-start can break
Closed
#2267 [GH-ISSUE #3610] Toggle Network
Closed
#2263 [GH-ISSUE #3608] claws-mail.profile had to be altered
Closed
#2264 [GH-ISSUE #3606] Default DNS in .profile
Closed
#2265 [GH-ISSUE #3609] firefox: program does not open (seccomp)
Closed
#2262 [GH-ISSUE #3602] Wiki: x11 guide
Closed
#2259 [GH-ISSUE #3600] is there virtual memory option ?
Closed
#2257 [GH-ISSUE #3601] Improving symlink invocation?
Closed
#2258 [GH-ISSUE #3599] Telegram Question about the privacy of multiple accounts
Closed
#2254 [GH-ISSUE #3597] Firefox kfmclient crash
Closed
#2255 [GH-ISSUE #3598] Adding binaries outside standard "bin dirs" ala private-bin?
Closed
#2256 [GH-ISSUE #3596] smplayer: cannot play video with mpv as backend on Arch
Closed
#2253 [GH-ISSUE #3595] ledger-live-desktop: program does not start (AppImage)
Closed
#2252 [GH-ISSUE #3593] Some errors in Telegram
Closed
#2251 [GH-ISSUE #3591] firejail breaks haskell development tools cabal and stack
Closed
#2249 [GH-ISSUE #3589] Discord wont open when executed outside the pkg manager one
Closed
#2248 [GH-ISSUE #3585] Firejail 0.9.62.2 apparmor profile parser error
Closed
#2245 [GH-ISSUE #3582] How to install with apt-get without interaction
Closed
#2246 [GH-ISSUE #3581] Blacklisting /media/ except for one folder
Closed
#2247 [GH-ISSUE #3584] Disable the access to /run/firejail/mnt/devlog
Closed
#2242 [GH-ISSUE #3579] JDownloader: cannot open links in firejailed Firefox
Closed
#2243 [GH-ISSUE #3580] Question: Firefox - How do i allow an external storage path?
Closed
#2244 [GH-ISSUE #3578] Error: no suitable /path/JDownloader2 executable found
Closed
#2239 [GH-ISSUE #3570] No history, bookmarks etc. preserved in lynx browser
Closed
#2241 [GH-ISSUE #3575] New release on Monday (Aug 10): CVE fixes
Closed
#2236 [GH-ISSUE #3568] How to block internet access while retain connection to host native X11
Closed
#2238 [GH-ISSUE #3565] /bin/bash: ./Telegram/Telegram: Permission denied
Closed
#2233 [GH-ISSUE #3557] firefox dbus restriction (not a bug but a question)
Closed
#2234 [GH-ISSUE #3562] Allow gajim to access GPG keys
Closed
#2235 [GH-ISSUE #3563] docs: manpage warnings: cannot adjust line
Closed
#2232 [GH-ISSUE #3552] Does changing $PATH affect the security?
Closed
#2230 [GH-ISSUE #3554] mpv: lua plugins cannot load shared libraries
Closed
#2231 [GH-ISSUE #3551] private-tmp in meld breaks diff view
Closed
#2227 [GH-ISSUE #3545] vscode: need help blocking spying
Closed
#2229 [GH-ISSUE #3546] Error mounting appimage: No such device
Closed
#2224 [GH-ISSUE #3541] Font styles unreadable in dark themes
Closed
#2225 [GH-ISSUE #3540] Signal-desktop icon in mate notification tray not displayed
Closed
#2226 [GH-ISSUE #3544] Firetools dark theme
Closed
#2222 [GH-ISSUE #3536] Custom/local applications doesn't start
Closed
#2221 [GH-ISSUE #3534] How to use "passwd" in a firejail login shell?
Closed
#2220 [GH-ISSUE #3530] disable-shell.inc breaks AppImages
Closed
#2218 [GH-ISSUE #3528] discord profile does not work when user is using the fish shell
Closed
#2219 [GH-ISSUE #3531] mathematica profile
Closed
#2215 [GH-ISSUE #3527] [Question] SkypeforLinux - or General .deb Security
Closed
#2216 [GH-ISSUE #3523] No more way to specify custom configure options when building deb?
Closed
#2217 [GH-ISSUE #3524] Arch build breaking due to pandoc
Closed
#2214 [GH-ISSUE #3522] integrate join(-or-start) with dbus options
Closed
#2212 [GH-ISSUE #3514] Need a little help regarding vmware profile
Closed
#2213 [GH-ISSUE #3515] [Reminder] Add xdg-dbus-proxy as dependency on next release
Closed
#2211 [GH-ISSUE #3510] Audacity not working.
Closed
#2209 [GH-ISSUE #3512] add Asbru Connection Manager profile
Closed
#2207 [GH-ISSUE #3508] No sound with steam games using FMOD
Closed
#2208 [GH-ISSUE #3509] firejail with wine
Closed
#2206 [GH-ISSUE #3507] Firefox does not work with Firejail on Mint 20
Closed
#2204 [GH-ISSUE #3504] Wiki: Creating overrides
Closed
#2200 [GH-ISSUE #3500] Running firejail with timeout causes SIGTTOU
Closed
#2201 [GH-ISSUE #3498] audit.log did not print when --seccomp-error-action is EPERM
Closed
#2202 [GH-ISSUE #3501] noroot in Kodi's profile causing black/frozen screen
Closed
#2197 [GH-ISSUE #3495] Tutanota-desktop difficult to integrate
Closed
#2198 [GH-ISSUE #3494] firefox: no internet with whitelist-var-common.inc (resolv.conf)
Closed
#2194 [GH-ISSUE #3485] [Solved] Impossible to inclure tutanota-desktop-linux.AppImage in a sandbox with firejail
Closed
#2195 [GH-ISSUE #3488] Seccomp error action not working
Closed
#2191 [GH-ISSUE #3484] PulseAudio not working in --chroot
Closed
#2192 [GH-ISSUE #3483] Lutris and steam issue
Closed
#2193 [GH-ISSUE #3482] Unable to launch Firefox for SSO from Zoom profile
Closed
#2190 [GH-ISSUE #3481] pandoc does not have required access to /etc/texmf
Closed
#2188 [GH-ISSUE #3480] PyCharm requires ${HOME}/.cache/ mounted exec
Closed
#2185 [GH-ISSUE #3477] slack-desktop 4.4.3 not starting
Closed
#2186 [GH-ISSUE #3478] evolution: cannot modify/create lock file on Unix mbox spool files
Closed
#2187 [GH-ISSUE #3476] With seccomp installed, child process exit successfully but parent process would not exit.
Closed
#2182 [GH-ISSUE #3473] zathura and mpv (maybe others as well) "fstat: fs.c:497 fs_remount_simple"
Closed
#2183 [GH-ISSUE #3474] Riot-desktop does not launch
Closed
#2184 [GH-ISSUE #3475] enable firejail with chroot allow SFTP without chroot
Closed
#2179 [GH-ISSUE #3468] Interfering with Itch.io game
Closed
#2181 [GH-ISSUE #3466] [Question] About sandbox "X11"
Closed
#2176 [GH-ISSUE #3462] Installation fails if /etc/firejail/login.users exists
Closed
#2177 [GH-ISSUE #3465] Notification from Firefox add-on become of lower resolution & can not induced system sound notification.
Closed
#2178 [GH-ISSUE #3464] Atom 1.48.0 breaks with Firejail 0.9.58.2
Closed
#2175 [GH-ISSUE #3457] Warning & errors in terminal when firejail browsers
Closed
#2173 [GH-ISSUE #3458] Thunderbird sandbox by Firejail remain active even after close/quit Thunderbird
Closed
#2174 [GH-ISSUE #3461] Joplin AppImage does not run with firejail
Closed
#2170 [GH-ISSUE #3453] [Question not a bug] About Firefox under firejail
Closed
#2172 [GH-ISSUE #3454] Emacs configuration is mounted as read only
Closed
#2171 [GH-ISSUE #3456] jitsi-meet-electron AppImage not launched if run with Firejail !
Closed
#2169 [GH-ISSUE #3452] need help using github-markdown on wiki page
Closed
#2167 [GH-ISSUE #3449] Consider adding "Allow Python" to Steam.profile so Blender runs
Closed
#2168 [GH-ISSUE #3451] firejail.config defaults for cgroup/restricted-network and Debian bug 916920
Closed
#2165 [GH-ISSUE #3447] Replace whitelist and blacklist commands with better terms
Closed
#2164 [GH-ISSUE #3448] --private-bin=something does not seem to work
Closed
#2166 [GH-ISSUE #3446] wine registry does not save changes
Closed
#2161 [GH-ISSUE #3439] How to block all internet except 127.0.0.1 localhost
Closed
#2162 [GH-ISSUE #3443] Wiki: Using firejail from git
Closed
#2163 [GH-ISSUE #3441] surf browser from suckless doesn't start
Closed
#2158 [GH-ISSUE #3432] apparmor breaks dbus-*=filter
Closed
#2160 [GH-ISSUE #3434] Default shell is guessed from $SHELL, despite manpage specifying /bin/bash
Closed
#2159 [GH-ISSUE #3436] Sound only working with one program at a time with ALSA
Closed
#2157 [GH-ISSUE #3431] Version 0.9.62 forces Dropbox to load in firejail
Closed
#2155 [GH-ISSUE #3428] Zoom does not work with zoom.profile; stuck at "connecting"
Closed
#2156 [GH-ISSUE #3429] Firejail should report which profile it can't load in an include chain
Closed
#2152 [GH-ISSUE #3426] Feature request: Allow bind in non-root mode
Closed
#2154 [GH-ISSUE #3425] I feel like I don't know anything.
Closed
#2153 [GH-ISSUE #3427] Can we have an option to block access to 127.0.0.1 and/or other internal only IP addresses?
Closed
#2149 [GH-ISSUE #3423] seccomp is breaking wire-desktop
Closed
#2151 [GH-ISSUE #3421] Whitelisted FUSE mounted directory can not be accessed
Closed
#2147 [GH-ISSUE #3420] Firefox doesn't start on Ubuntu 20.04
Closed
#2148 [GH-ISSUE #3417] seccomp.block-secondary
Closed
#2146 [GH-ISSUE #3419] Does "seccomp.drop=all" works
Closed
#2143 [GH-ISSUE #3413] u2f key is not detected in the browser
Closed
#2144 [GH-ISSUE #3415] Unetbootin + Firejail ???
Closed
#2145 [GH-ISSUE #3416] Busybox
Closed
#2140 [GH-ISSUE #3408] Allow --dbus-user=none on the command line for profiles with dbus-user filter
Closed
#2141 [GH-ISSUE #3407] Firefox save file dialog not showing
Closed
#2138 [GH-ISSUE #3402] implement xdg-dbus-proxy --log / log denied D-Bus access tries
Closed
#2139 [GH-ISSUE #3404] Teams doesn't start because of the apparmor profile
Closed
#2137 [GH-ISSUE #3403] gitlab CI broken
Closed
#2134 [GH-ISSUE #3400] [dbus] Eye of GNOME won't open
Closed
#2135 [GH-ISSUE #3399] [dbus] LibreOffice's menubar has disappeared
Closed
#2136 [GH-ISSUE #3398] Libreoffice menubar has
Closed
#2131 [GH-ISSUE #3393] seccomp filter are generated multible times
Closed
#2132 [GH-ISSUE #3392] qtox is missing from system tray
Closed
#2133 [GH-ISSUE #3396] Vim contrib files do not follow the DESTDIR option in make install
Closed
#2128 [GH-ISSUE #3388] Use /usr/etc/login.defs after checking for /etc/login.defs
Closed
#2129 [GH-ISSUE #3389] Zeal profile not working
Closed
#2130 [GH-ISSUE #3391] vlc: front end does not appear after launch
Closed
#2125 [GH-ISSUE #3383] Error: too long environment variables in vifm's subshell
Closed
#2126 [GH-ISSUE #3384] Akondai issues
Closed
#2127 [GH-ISSUE #3385] gnome-contacts doesn't work, fixed with ignore no3d
Closed
#2119 [GH-ISSUE #3377] build: gcc10 static analyzer warnings
Closed
#2120 [GH-ISSUE #3376] steam: cannot connect to the internet (ca-certificates)
Closed
#2121 [GH-ISSUE #3374] Everdo appimage can't start with Firejail
Closed
#2116 [GH-ISSUE #3369] No Audio in Zoom
Closed
#2117 [GH-ISSUE #3372] Game clone hero refuses to run
Closed
#2118 [GH-ISSUE #3371] Support simplification: improving --debug and stdout
Closed
#2113 [GH-ISSUE #3368] Nicotine does not start
Closed
#2114 [GH-ISSUE #3363] dolphin: allow lua for playing videos with mpv
Closed
#2115 [GH-ISSUE #3366] GitHub truncates the /etc/firejail dir
Closed
#2110 [GH-ISSUE #3358] Useless lines in disable-common.inc
Closed
#2111 [GH-ISSUE #3360] Cannot start Libreoffice with the latest Firejail
Closed
#2112 [GH-ISSUE #3361] jdownloader profile doesn't work
Closed
#2107 [GH-ISSUE #3356] Terminal control codes in progress messages should be optional
Closed
#2106 [GH-ISSUE #3353] Cannot get everything read-only but /tmp and a single directory
Closed
#2101 [GH-ISSUE #3349] Wiki: Restrict D-Bus
Closed
#2102 [GH-ISSUE #3350] Error: too many environment variables
Closed
#2103 [GH-ISSUE #3351] Can not use custom mplayer profile without whitelisting directory of each video file
Closed
#2098 [GH-ISSUE #3346] support mkdir in ${RUNUSER}
Closed
#2099 [GH-ISSUE #3344] Warning: cannot open source file /usr/local/lib/firejail/seccomp, file not copied
Closed
#2097 [GH-ISSUE #3343] rambox: fails to start
Closed
#2095 [GH-ISSUE #3341] build from git master broken with 0f18c1b
Closed
#2096 [GH-ISSUE #3342] Permission denied when using terminal inside dolphin / kate
Closed
#2094 [GH-ISSUE #3333] Creating temporary filesystem from shell fails
Closed
#2089 [GH-ISSUE #3330] Best practice for AppImage profiles
Closed
#2090 [GH-ISSUE #3332] firejail container with --chroot?
Closed
#2088 [GH-ISSUE #3328] Discord won't launch with default profile
Closed
#2086 [GH-ISSUE #3323] Can't open links from hexchat
Closed
#2087 [GH-ISSUE #3321] Bitwarden appimage not working with Bitwarden profile
Closed
#2084 [GH-ISSUE #3318] ungoogled-chromium: Error: no suitable /opt/ungoogled-chromium executable found
Closed
#2083 [GH-ISSUE #3316] dropbox breaks the jail
Closed
#2085 [GH-ISSUE #3320] Build fails on Ubuntu 16.04 LTS with commit ab62720
Closed
#2081 [GH-ISSUE #3314] keepassxc: ssh-agent feature does not work
Closed
#2082 [GH-ISSUE #3312] newsbeuter doesn´t trigger browser when pressing "o" when using firejail
Closed
#2080 [GH-ISSUE #3313] join broken with seccomp since 88eadbf
Closed
#2077 [GH-ISSUE #3308] Question on private-bin & Hyperlinking
Closed
#2078 [GH-ISSUE #3311] Teams and Firefox
Closed
#2079 [GH-ISSUE #3309] firecfg manpage
Closed
#2075 [GH-ISSUE #3306] many builtin profiles use netfilter with system net namespace
Closed
#2076 [GH-ISSUE #3307] Fedora 31 Silverblue
Closed
#2071 [GH-ISSUE #3299] Firefox is broken on Ubuntu 20.04 Focal
Closed
#2072 [GH-ISSUE #3302] Tor Browser exits during startup
Closed
#2068 [GH-ISSUE #3291] thunderbird: harden rules that allow Firefox to open links
Closed
#2070 [GH-ISSUE #3295] Can't run screen in firejail. It drops with "Cannot find terminfo entry for 'xterm-color'"
Closed
#2065 [GH-ISSUE #3288] mpv: failure with gpu/vdpau options (AMD gpu with mesa drivers)
Closed
#2066 [GH-ISSUE #3289] I need a FireJail profile for Mate-Terminal
Closed
#2067 [GH-ISSUE #3290] error "Firefox is already running but is not responding" when using firefox wayland
Closed
#2063 [GH-ISSUE #3284] UIM input method switching not working with firefox
Closed
#2062 [GH-ISSUE #3285] nslookup apparmor denied
Closed
#2064 [GH-ISSUE #3287] Audacious & Audacity freeze, works with "ignore memory-deny-write-execute"
Closed
#2059 [GH-ISSUE #3281] ERROR: ld.so: object '/run/firejail/lib/libpostexecseccomp.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
Closed
#2060 [GH-ISSUE #3283] Viber - how to disable clipboard?
Closed
#2056 [GH-ISSUE #3279] Teamspeak3 doesn't work
Closed
#2057 [GH-ISSUE #3277] Pull request #3268 broke firejail
Closed
#2058 [GH-ISSUE #3280] Zathura exits on startup
Closed
#2054 [GH-ISSUE #3272] Zoom: cannot signin with sso
Closed
#2055 [GH-ISSUE #3274] firejail netns netstat shows /tmp/.X11-unix/X0
Closed
#2051 [GH-ISSUE #3267] Steam freezes on start
Closed
#2052 [GH-ISSUE #3266] VPN connection for Firefox and Thunderbird in Firejail
Closed
#2047 [GH-ISSUE #3262] keepassxc: cannot access NTFS mountpoints in /storage (private-etc)
Closed
#2048 [GH-ISSUE #3263] nosound should blacklist ${RUNUSER}/pulse
Closed
#2049 [GH-ISSUE #3264] FIREJAIL_PROFILE_PATH or similar firejail.config setting
Closed
#2044 [GH-ISSUE #3260] systray icon and dialog window (discord) but maybe others.
Closed
#2045 [GH-ISSUE #3261] Question: Whats the best way to update?
Closed
#2046 [GH-ISSUE #3258] vscode: cannot isolate sandboxes (RUNUSER socket)
Closed
#2041 [GH-ISSUE #3252] Thunderbird not opening pdf with jailed MasterpdfEditor
Closed
#2042 [GH-ISSUE #3254] seccomp with filter based on flags argument of syscall
Closed
#2038 [GH-ISSUE #3249] settings in default.profile and disable-common.inc that break AppImages
Closed
#2040 [GH-ISSUE #3248] Using Thunderbird with a profile location other than default
Closed
#2039 [GH-ISSUE #3250] conky needs lua
Closed
#2035 [GH-ISSUE #3245] How to blacklist specific drive or partition
Closed
#2036 [GH-ISSUE #3247] discord 0.10 seccomp
Closed
#2037 [GH-ISSUE #3244] firefox silenium
Closed
#2032 [GH-ISSUE #3237] kernel.yama.ptrace_scope = 2|3 breaks --build if strace is installed
Closed
#2033 [GH-ISSUE #3238] tor browser fails with netns
Closed
#2034 [GH-ISSUE #3240] "firejail --appimage": does it really need to be executable?
Closed
#2031 [GH-ISSUE #3235] Firejail stopped working with Opera.
Closed
#2029 [GH-ISSUE #3233] firejail file fails due to linker unable to find libseccomp.so.2
Closed
#2028 [GH-ISSUE #3228] chromium: "Just Read" extension does not work anymore
Closed
#2026 [GH-ISSUE #3232] multi user dota2 in fedora with glXChooseVisual failed
Closed
#2027 [GH-ISSUE #3230] Yet another symlink question
Closed
#2024 [GH-ISSUE #3227] firefox: libGL error: MESA-LOADER: failed to retrieve device information (AppArmor)
Closed
#2023 [GH-ISSUE #3225] youtube-dl abruptly terminates on firejail 0.9.60-1 without saying anything; works with --noprofile; Fedora 30; youtube-dl version 2020.01.24
Closed
#2020 [GH-ISSUE #3222] allow firejail home tmp overlay to be fuse mounted outside
Closed
#2021 [GH-ISSUE #3223] Chrome GPU crashes and reverts to software with screen tearing
Closed
#2019 [GH-ISSUE #3219] Crashes with an AMD GPU with Mesa >= 19.3.4 and seccomp
Closed
#2018 [GH-ISSUE #3221] openshot.profile needs update for openshot 2.5.0
Closed
#2014 [GH-ISSUE #3218] "Warning: cannot find home directory" and no sandboxing when homedir is /home/x/y
Closed
#2015 [GH-ISSUE #3216] Problem running Cura-4.4.1.appimage with Firejail
Closed
#2016 [GH-ISSUE #3217] --private creates empty dirs on $HOME
Closed
#2011 [GH-ISSUE #3214] [Question] How to disable firejail temporarily?
Closed
#2012 [GH-ISSUE #3213] [Question] How to use firejail only for certain apps?
Closed
#2013 [GH-ISSUE #3215] Clicking an URL in Dino launches Firefox with new profile
Closed
#2008 [GH-ISSUE #3212] Cannot open /etc/firejail/kate.profile with kate
Closed
#2010 [GH-ISSUE #3211] --x11= and 777 permissions on new socket vs. other users
Closed
#2006 [GH-ISSUE #3206] Can applications still take a screenshot if the application is sanboxed?
Closed
#2005 [GH-ISSUE #3205] Cannot open downloaded file in external program from Firefox
Closed
#2007 [GH-ISSUE #3204] Simplescreenrecorder does not work
Closed
#2002 [GH-ISSUE #3203] Deepin-Screen-Recorder does not work as not started firejailed by default
Closed
#2003 [GH-ISSUE #3202] Dino does not open images in image viewer (gwenview)
Closed
#2004 [GH-ISSUE #3201] How to make applications have access to a virtual filepath (like flatpak does)
Closed
#2001 [GH-ISSUE #3198] nano [ magic_load() failed: No such file or directory ]
Closed
#1999 [GH-ISSUE #3200] firefox: keepassxc browser addon: Key exchange not successful
Closed
#2000 [GH-ISSUE #3199] --private=subdir of encrypted dir does not work
Closed
#1996 [GH-ISSUE #3192] zathura fails without /etc/ld.so.cache
Closed
#1997 [GH-ISSUE #3197] difference with LXC
Closed
#1998 [GH-ISSUE #3196] Running "firejail --join=" does not work
Closed
#1993 [GH-ISSUE #3185] allowing fscrypt files
Closed
#1994 [GH-ISSUE #3189] Sharing data through /run subdirs
Closed
#1995 [GH-ISSUE #3191] How to configure applications to automatically go through firejail?
Closed
#1991 [GH-ISSUE #3179] firecfg and .desktop, the third.
Closed
#1992 [GH-ISSUE #3184] access to the system DBus
Closed
#1990 [GH-ISSUE #3175] udiskie fails to open drive with seccomp blocking request_key
Closed
#1987 [GH-ISSUE #3171] [profile] firefox on 0.9.62 with sway/voidlinux won't start
Closed
#1988 [GH-ISSUE #3174] Travis CI fail: error: comparison between signed and unsigned integer expressions
Closed
#1989 [GH-ISSUE #3173] Directory read-only even after noblacklist/whitelist
Closed
#1984 [GH-ISSUE #3165] Bad quality audio with --noprofile and PCSX2
Closed
#1986 [GH-ISSUE #3169] groups.keep
Closed
#1985 [GH-ISSUE #3170] firefox: Yubikey is not detected if plugged in after launching (private-dev)
Closed
#1983 [GH-ISSUE #3164] end of python2
Closed
#1981 [GH-ISSUE #3157] ffmpeg 4.2.2 does not work with the included firejail profile
Closed
#1982 [GH-ISSUE #3158] firejail torbrowser - no videos on many websites
Closed
#1978 [GH-ISSUE #3147] ffmpeg.profile needs ld.so.cache on arch linux
Closed
#1979 [GH-ISSUE #3148] firejail allows wlr-screencopy by default
Closed
#1980 [GH-ISSUE #3153] Whois not working
Closed
#1977 [GH-ISSUE #3146] Immutable ~/.mozilla with persistent ~/Downloads
Closed
#1975 [GH-ISSUE #3144] Avoiding indirect GLX for sandboxed Wine app
Closed
#1976 [GH-ISSUE #3145] Handle "non-standard" login.defs paths better
Closed
#1972 [GH-ISSUE #3141] Keepass: synchronization broken
Closed
#1973 [GH-ISSUE #3142] RPC connection
Closed
#1974 [GH-ISSUE #3140] Problem with firefox nightly auto-update
Closed
#1969 [GH-ISSUE #3138] tvbrowser updates every time
Closed
#1970 [GH-ISSUE #3139] How to download a file and save it in --private mode
Closed
#1971 [GH-ISSUE #3137] firejail firefox & spotify
Closed
#1966 [GH-ISSUE #3135] Concise command output for documentation purpose
Closed
#1968 [GH-ISSUE #3133] Dealing with symlinked ~/.cache
Closed
#1964 [GH-ISSUE #3130] firejail randomly elevates itself from standard user to root
Closed
#1965 [GH-ISSUE #3132] [Feature?] Force process to spend most of its time in swap (zram, cgroups)
Closed
#1963 [GH-ISSUE #3129] midori.profile: ad-blocker not working properly
Closed
#1960 [GH-ISSUE #3126] cannot combine --private with --private=
Closed
#1962 [GH-ISSUE #3125] no way to selectively disable quiet-by-default in firejail.config
Closed
#1961 [GH-ISSUE #3127] Failed to use AppImage binary with firejail: Cannot mount AppImage, please check your FUSE setup.
Closed
#1957 [GH-ISSUE #3122] firejail sylpheed doesn´t work properly
Closed
#1958 [GH-ISSUE #3121] evince.profile issues (Gentoo)
Closed
#1959 [GH-ISSUE #3124] Digikam broken
Closed
#1954 [GH-ISSUE #3117] celluloid: Failed to create DBus connection
Closed
#1956 [GH-ISSUE #3119] Strange pathname behaviour
Closed
#1955 [GH-ISSUE #3118] Can't load libstdc++.so.6 due to private-etc (Gentoo)
Closed
#1951 [GH-ISSUE #3116] --audit and shell=none
Closed
#1952 [GH-ISSUE #3112] Pavucontrol error while closing
Closed
#1948 [GH-ISSUE #3110] mupdf: profile does not work for mupdf-gl
Closed
#1949 [GH-ISSUE #3109] VLC xdg-screensaver access
Closed
#1950 [GH-ISSUE #3107] whitelist-usr-share-common.inc breakage
Closed
#1947 [GH-ISSUE #3105] allow-ruby.inc missing
Closed
#1946 [GH-ISSUE #3104] firejail gedit doesn´t work anymore
Closed
#1943 [GH-ISSUE #3100] Ctrl+c on terminal program mpsyt causes unclean termination
Closed
#1941 [GH-ISSUE #3095] Firecfg CLI archivers - missing and/or broken on Arch makepkg
Closed
#1939 [GH-ISSUE #3099] sort.py breaks on older python3 versions
Closed
#1940 [GH-ISSUE #3096] running virt-manager within firejail
Closed
#1938 [GH-ISSUE #3092] firefox: u2f does not work if plugged in after launching (private-dev)
Closed
#1936 [GH-ISSUE #3089] commits/changes to backport/cherry-pick to 0.9.62
Closed
#1937 [GH-ISSUE #3090] popcorn-time won't start with firejail (help needed)
Closed
#1933 [GH-ISSUE #3082] Firejail safe enough to deliberately execute malware ?
Closed
#1935 [GH-ISSUE #3084] firejail appimage. But Black Screen Reboot.
Closed
#1931 [GH-ISSUE #3079] noroot option is not available
Closed
#1930 [GH-ISSUE #3078] Firejail and the reboot command
Closed
#1929 [GH-ISSUE #3075] configure script breaks
Closed
#1927 [GH-ISSUE #3074] KDE apps causing seccomp violations (name_to_handle_at)?
Closed
#1924 [GH-ISSUE #3071] Allow "$HOME" along with "${HOME}" in profiles or signal error
Closed
#1925 [GH-ISSUE #3072] Question about OverlayFS
Closed
#1921 [GH-ISSUE #3069] firejail firefox: Permission denied
Closed
#1922 [GH-ISSUE #3070] make install-strip broken
Closed
#1923 [GH-ISSUE #3068] Problems with kernel 5.4 and firejail
Closed
#1918 [GH-ISSUE #3063] Virtualbox "Effective UID is not root"
Closed
#1920 [GH-ISSUE #3067] bin bash + not a directory - firejail is shutting down
Closed
#1919 [GH-ISSUE #3066] Monitor network connection attempts with firejail/firemon
Closed
#1915 [GH-ISSUE #3052] electron-mail won't work with firejail unless I specify --no-profile
Closed
#1916 [GH-ISSUE #3049] Steam issue with internal browser
Closed
#1917 [GH-ISSUE #3050] Opera FireJail-profile network problem
Closed
#1914 [GH-ISSUE #3047] Need help for Waterofx.profile (Firejail)
Closed
#1912 [GH-ISSUE #3046] Does firejail worsen security?
Closed
#1913 [GH-ISSUE #3048] Need help for Opera Firejail Profile
Closed
#1911 [GH-ISSUE #3043] --apparmor breaks ./configure scripts created by autotools
Closed
#1909 [GH-ISSUE #3042] Add an option to kill all the processes in containers when the initial process finishes
Closed
#1906 [GH-ISSUE #3040] profiles for the WPS office
Closed
#1908 [GH-ISSUE #3039] Cant run firejail firefox
Closed
#1905 [GH-ISSUE #3038] dig fails on Ubuntu 16.04 LTS, possibly others
Closed
#1903 [GH-ISSUE #3034] Vivaldi Error messages
Closed
#1904 [GH-ISSUE #3036] pkill ps aux ·| rg fire
Closed
#1900 [GH-ISSUE #3033] DNS over HTTPS (DoH)
Closed
#1901 [GH-ISSUE #3031] Telegram desktop does not open links in browser (seccomp problem?)
Closed
#1902 [GH-ISSUE #3030] Dia not working
Closed
#1897 [GH-ISSUE #3029] Drop legacy Skype profile
Closed
#1898 [GH-ISSUE #3026] Configuring network interface with DHCP
Closed
#1899 [GH-ISSUE #3027] --x11 not working with chroot
Closed
#1894 [GH-ISSUE #3024] media support unavailable since update to Vivaldi 2.9
Closed
#1896 [GH-ISSUE #3025] Fedora silverblue flatpak of firejail
Closed
#1895 [GH-ISSUE #3023] AppImage doesn't seem to work (ImageMagick)
Closed
#1891 [GH-ISSUE #3018] Cannot start sandbox when installing Firejail with Stow
Closed
#1892 [GH-ISSUE #3022] After Update Firejail cannot Launch Vivaldi Browser
Closed
#1893 [GH-ISSUE #3020] Cannot run Icecat installed with Guix
Closed
#1888 [GH-ISSUE #3017] socket proxy 4/5 support
Closed
#1890 [GH-ISSUE #3016] [feature request] Exclude certain programs with firecfg?
Closed
#1889 [GH-ISSUE #3015] Slack Desktop 4.1.1 cannot open external links
Closed
#1885 [GH-ISSUE #3012] 'noroot' in dolphin.profile breaks mpv vulkan renderer
Closed
#1886 [GH-ISSUE #3013] waterfox: there are new executable names
Closed
#1887 [GH-ISSUE #3009] Franz 5.4.0 not working with seccomp
Closed
#1882 [GH-ISSUE #3007] Firenvim extension to firefox
Closed
#1884 [GH-ISSUE #3008] KVM on Android Studio
Closed
#1883 [GH-ISSUE #3006] Firecfg and Cinnamon desktop crashes apps
Closed
#1879 [GH-ISSUE #3001] firejail --get and --put fail on filenames containing brackets
Closed
#1880 [GH-ISSUE #3003] Last version of slack-desktop do not run anymore
Closed
#1878 [GH-ISSUE #2997] Visual Studio Code not working under Archlinux
Closed
#1876 [GH-ISSUE #2996] ebook-viewer (calibre): program does not start
Closed
#1877 [GH-ISSUE #2995] Epiphany needs bwrap
Closed
#1874 [GH-ISSUE #2994] firefox: certificate error: MOZILLA_PKIX_ERROR_MITM_DETECTED
Closed
#1873 [GH-ISSUE #2993] skypeforlinux not working
Closed
#1875 [GH-ISSUE #2991] Electron+AppImage config directory whitelist by default?
Closed
#1870 [GH-ISSUE #2989] k3b needs access to /usr/bin/cdrecord
Closed
#1871 [GH-ISSUE #2990] zathura: printing not possible
Closed
#1872 [GH-ISSUE #2988] Is there any deep reason to do privatelib for strings?
Closed
#1867 [GH-ISSUE #2986] FireFox pipe error: Broken pipe and Decode error
Closed
#1868 [GH-ISSUE #2987] Issues with using Firefox addon VideoDownloadHelper's "companion app"
Closed
#1864 [GH-ISSUE #2980] Evince crashes when 2-page side-by-side is chosen
Closed
#1865 [GH-ISSUE #2983] SSH creates core dumps while using seccomp
Closed
#1862 [GH-ISSUE #2979] firejail --build=FILE output
Closed
#1863 [GH-ISSUE #2976] migrate from wordpress to hugo
Closed
#1858 [GH-ISSUE #2970] ping broken
Closed
#1859 [GH-ISSUE #2975] Opensuse Tumbleweed firejail Error: cannot create /run/firejail/profile/12562
Closed
#1860 [GH-ISSUE #2974] meld.profile missing access to dconf
Closed
#1855 [GH-ISSUE #2969] whitelist/blacklist nesting + private-bin
Closed
#1856 [GH-ISSUE #2968] using --private=homedir and --private-cache, doesn't do --private-cache
Closed
#1857 [GH-ISSUE #2967] Inkscape cannot export GIMP .xcf files
Closed
#1852 [GH-ISSUE #2966] firejail should follow symlinks for private-etc?
Closed
#1853 [GH-ISSUE #2961] Firefox and Thunderbird jails share some settings, if the other jail is "running"
Closed
#1854 [GH-ISSUE #2963] Apparmor integration, most applications crash.
Closed
#1849 [GH-ISSUE #2958] Firejail isn't used if Libreoffice was started using "libreoffice"
Closed
#1850 [GH-ISSUE #2959] Firejail sandbox can't access vulkan
Closed
#1851 [GH-ISSUE #2956] No sound in firefox until started without firejail once.
Closed
#1848 [GH-ISSUE #2954] Can access to localhost be allowed with net none
Closed
#1846 [GH-ISSUE #2955] Limiting RAM with --rlimit-as
Closed
#1847 [GH-ISSUE #2953] Need help for plasma browser integration
Closed
#1845 [GH-ISSUE #2952] chromium and custom URL protocol handler in KDE
Closed
#1843 [GH-ISSUE #2951] Steam not running
Closed
#1844 [GH-ISSUE #2950] Having some problems regarding sandboxing
Closed
#1842 [GH-ISSUE #2948] /usr/local/bin/dirname apparmor issue
Closed
#1840 [GH-ISSUE #2946] Electron & Chromium
Closed
#1841 [GH-ISSUE #2947] libpostexecseccomp.so in /run/firejail/lib/libpostexecseccomp.so apparmor issue
Closed
#1837 [GH-ISSUE #2943] chromium: program does not start (snap)
Closed
#1838 [GH-ISSUE #2944] Firejail breaks Brave browser default sandboxing
Closed
#1839 [GH-ISSUE #2945] Signal 1.27 Fails to Start
Closed
#1835 [GH-ISSUE #2938] Allow binaries to run in ${HOME}/bin/** while having noexec ${HOME}
Closed
#1836 [GH-ISSUE #2941] gnome-schedule is broken
Closed
#1834 [GH-ISSUE #2942] tar profile needs firejail in private-bin for xz support
Closed
#1832 [GH-ISSUE #2934] join fails with private-bin and an alternate (non-bash/sh) shell as default
Closed
#1833 [GH-ISSUE #2936] Firefox and Thunderbird profiles broken
Closed
#1831 [GH-ISSUE #2933] skypeforlinux 8.51.0.86 now requires SYS_ADMIN, SYS_CHROOT capabilities
Closed
#1828 [GH-ISSUE #2932] Can Firejail put a sandbox around TOR or can it help keep me secure online some other way?
Closed
#1827 [GH-ISSUE #2924] Multiple bugs due to old version (Linux Mint)
Closed
#1826 [GH-ISSUE #2925] make rpms broken on fedora 30
Closed
#1825 [GH-ISSUE #2923] include on the commandline
Closed
#1822 [GH-ISSUE #2917] Standalone firejail
Closed
#1823 [GH-ISSUE #2922] firemon --nowrap name
Closed
#1824 [GH-ISSUE #2918] Requesting support for FreeTube AppImage
Closed
#1819 [GH-ISSUE #2912] Skypeforlinux 8.51.0.72 crashes on startup since it's not permitted to use the chroot syscall
Closed
#1820 [GH-ISSUE #2914] Command "firejail --seccomp skypeforlinux" used to work until skype's rpm update to 8.51.0.72-1.x86_64.rpm
Closed
#1821 [GH-ISSUE #2916] private does not see my new folder
Closed
#1816 [GH-ISSUE #2908] Plugins support
Closed
#1817 [GH-ISSUE #2910] [ssh profiles] Cannot perform git operation via SSH
Closed
#1818 [GH-ISSUE #2906] How to make firejail run with executable/custom scripts in a folder?
Closed
#1813 [GH-ISSUE #2899] keepassxc: db is not locked after resume from lockscreen / sleep (dbus)
Closed
#1814 [GH-ISSUE #2905] Potential leakage in quiet option
Closed
#1815 [GH-ISSUE #2901] [Teamspeak 3] crashes on opening options window if seccomp is enabled
Closed
#1811 [GH-ISSUE #2895] leave Github
Closed
#1807 [GH-ISSUE #2892] clicking url in thunderbird email message launches firefox with non-default profile
Closed
#1808 [GH-ISSUE #2894] Using aria2c with firejail makes it fail to download anything: -> [SocketCore.cc:1018] errorCode=1 SSL/TLS handshake failure: unable to get local issuer certificate
Closed
#1809 [GH-ISSUE #2893] Adding 'apparmor' to dolphin.profile to mitigate KDE vulnerability?
Closed
#1804 [GH-ISSUE #2888] Warning - networking feature is disabled in Firejail configuration file @ Opera
Closed
#1805 [GH-ISSUE #2891] firefox access to gpg-agent-browser.socket
Closed
#1806 [GH-ISSUE #2889] transmission-remote-gtk libcanberra issue - fails to start
Closed
#1802 [GH-ISSUE #2880] What to do when executable is already in /usr/local/bin?
Closed
#1803 [GH-ISSUE #2887] firefox addon mailvelope not work w/ firejail
Closed
#1798 [GH-ISSUE #2878] Discord fails to load using --profile=
Closed
#1799 [GH-ISSUE #2876] silence --x11=xorg when using --quiet
Closed
#1796 [GH-ISSUE #2873] keepassxc: cannot save database file (whitelisting issue)
Closed
#1795 [GH-ISSUE #2875] Pidgin: fcitx input method switching only works with private-bin
Closed
#1792 [GH-ISSUE #2872] /dev/fd symlink is missing when using private-dev
Closed
#1794 [GH-ISSUE #2868] Virtualbox not able to write to /dev/vbox*
Closed
#1789 [GH-ISSUE #2867] Can't seem to stop .Xauthority or .asound from being created/copied
Closed
#1790 [GH-ISSUE #2865] Redundant Makefile targets?
Closed
#1791 [GH-ISSUE #2866] new version of Slack Desktop (4.0) not working
Closed
#1788 [GH-ISSUE #2862] Tor exited during startup.
Closed
#1786 [GH-ISSUE #2863] Tor Browser profile for Whonix / tb-updater
Closed
#1787 [GH-ISSUE #2864] profiles not found in /etc/firejail
Closed
#1783 [GH-ISSUE #2859] Problem with Spotify
Closed
#1784 [GH-ISSUE #2854] Standard notes not working
Closed
#1785 [GH-ISSUE #2860] seccomp causes steam (and other) games to freeze
Closed
#1780 [GH-ISSUE #2852] Can't start qpdfview
Closed
#1781 [GH-ISSUE #2853] Can't use 'less' on many files in own home directory - is that normal?
Closed
#1778 [GH-ISSUE #2846] Wiki: Guidelines
Closed
#1779 [GH-ISSUE #2841] Firejail breaks fcitx input on Firefox
Closed
#1777 [GH-ISSUE #2842] Appimage support does not send all appimage environment variables to AppRun
Closed
#1776 [GH-ISSUE #2840] memory-deny-write-execute breaks several applications
Closed
#1774 [GH-ISSUE #2838] mpv: no-cache causes slow OSD
Closed
#1775 [GH-ISSUE #2839] Duplicate directories in file dialog
Closed
#1772 [GH-ISSUE #2831] Unable to firejail tutanota desktop client appimage
Closed
#1771 [GH-ISSUE #2833] mpv (w/ ytdl) fails, but ytdl works standalone
Closed
#1773 [GH-ISSUE #2834] qpdfview profile broken
Closed
#1768 [GH-ISSUE #2826] Gajim profile not working
Closed
#1769 [GH-ISSUE #2829] Local option for firecfg.config
Closed
#1765 [GH-ISSUE #2821] /usr/bin/riot-desktop: line 3: 8 Trace/breakpoint trap (core dumped) electron /usr/lib/riot/ "$@"
Closed
#1767 [GH-ISSUE #2820] fcopy size limit is not adjustable
Closed
#1762 [GH-ISSUE #2812] Error: no suitable firefox executable found
Closed
#1763 [GH-ISSUE #2811] I can't open a libreoffice document from either thunderbird or firefox
Closed
#1764 [GH-ISSUE #2813] firejail help for novice
Closed
#1761 [GH-ISSUE #2808] KDE Plasma 5.16: file pickers and Dolphin require access to ${HOME}/.config/kioslaverc
Closed
#1758 [GH-ISSUE #2807] Document broken options order for appimage
Closed
#1756 [GH-ISSUE #2804] kdialog doesn't work with Firejail
Closed
#1757 [GH-ISSUE #2805] net none in udiskie profile is causing dbus errors
Closed
#1753 [GH-ISSUE #2799] --overlay-named exits with error as of linux 5.1.15 (overlayfs)
Closed
#1754 [GH-ISSUE #2798] Firejail is almost broken on fedora silverblue
Closed
#1755 [GH-ISSUE #2801] String overflow warning with gcc 9.1 on Arch Linux
Closed
#1750 [GH-ISSUE #2795] Firefox cannot open mailto links
Closed
#1751 [GH-ISSUE #2793] Disable firetunnel support at build time?
Closed
#1752 [GH-ISSUE #2794] Wiki: Frequently Asked Questions
Closed
#1749 [GH-ISSUE #2790] Thoughts on tightening SSH profiles with nodbus
Closed
#1747 [GH-ISSUE #2792] Wiki: Frequently Asked Questions
Closed
#1748 [GH-ISSUE #2791] Build issues on Fedora
Closed
#1744 [GH-ISSUE #2786] private-gnupg?
Closed
#1745 [GH-ISSUE #2782] Cannot start any programs anymore
Closed
#1746 [GH-ISSUE #2787] x11 xorg doesn't seem to respect the quiet option
Closed
#1741 [GH-ISSUE #2777] How to automatically open PDF viewer firejailed when opening a pdf file?
Closed
#1742 [GH-ISSUE #2772] "private-cache" in aria2c.profile breaks lutris/winetricks installs
Closed
#1743 [GH-ISSUE #2776] Running firejail with --x11 as different user - how?
Closed
#1739 [GH-ISSUE #2770] How to change meaning of novideo and nosound in .local profile?
Closed
#1740 [GH-ISSUE #2767] qTox: hangs after launch in Arch Linux due to memory-deny-write-execute
Closed
#1735 [GH-ISSUE #2765] Steam on Fedora fails to open with firejail
Closed
#1737 [GH-ISSUE #2762] Symlink for newsboat
Closed
#1733 [GH-ISSUE #2758] Firejail does not work with a custom hosts file
Closed
#1734 [GH-ISSUE #2761] Versions dont look right
Closed
#1732 [GH-ISSUE #2760] Spotify on Fedora fails to open (no sse2 support)
Closed
#1729 [GH-ISSUE #2755] Wiki: Sandboxing Binary Software
Closed
#1730 [GH-ISSUE #2750] [suggestion] allow ssh to use netcat to connect to Tor onion services
Closed
#1731 [GH-ISSUE #2752] Run Firefox on remote X11 server without X11 forwarding
Closed
#1728 [GH-ISSUE #2748] Wiki: Creating Profiles
Closed
#1727 [GH-ISSUE #2749] Wiki: Home
Closed
#1723 [GH-ISSUE #2743] Print better error in the case of ownership issues
Closed
#1725 [GH-ISSUE #2739] Add automated CI checks and git hooks
Closed
#1724 [GH-ISSUE #2744] Firefox doesn't work with W^X enforced by firejail
Closed
#1720 [GH-ISSUE #2733] [question] - running firefox with profile in RAM
Closed
#1721 [GH-ISSUE #2738] [Enhancement] syscall script
Closed
#1722 [GH-ISSUE #2731] Profiles for Adobe products missing
Closed
#1718 [GH-ISSUE #2728] Installing some Linux packages in overlayFS?
Closed
#1719 [GH-ISSUE #2730] Provide template for profile creation
Closed
#1714 [GH-ISSUE #2723] Use wildcards for handling paths in /dev
Closed
#1715 [GH-ISSUE #2725] --timeout results in approximately 2 seconds of latency for all executions
Closed
#1716 [GH-ISSUE #2726] obs: program does not start (private-bin)
Closed
#1711 [GH-ISSUE #2720] keepassxc: cannot open URL links in firefox
Closed
#1712 [GH-ISSUE #2722] Starting syncthing throws message "Firefox profile cannot be loaded..."
Closed
#1713 [GH-ISSUE #2721] Is it possible to create a new file virutal filesystem and isolate it from the main operating system?
Closed
#1710 [GH-ISSUE #2718] seccomp bypass when joining existing jail
Closed
#1708 [GH-ISSUE #2713] Switch from Wordpress site to Github Pages
Closed
#1709 [GH-ISSUE #2717] Github wiki for FAQs/tips?
Closed
#1707 [GH-ISSUE #2711] What is the correct way to pass /tmp/.X11-unix into a chroot?
Closed
#1705 [GH-ISSUE #2709] [help-me-plz] how to install an application and run it with firejail without harming my system
Closed
#1706 [GH-ISSUE #2707] can setup an application
Closed
#1702 [GH-ISSUE #2703] Firefox is Working Only in Noprofile mode, is this normal? "New User"
Closed
#1703 [GH-ISSUE #2702] SELinux denials under Fedora 30 every sandbox start
Closed
#1704 [GH-ISSUE #2706] Can't get tor-browser to run with Firejail
Closed
#1701 [GH-ISSUE #2699] Error: no suitable proxychains4 executable found
Closed
#1699 [GH-ISSUE #2700] firemon error: recv: No buffer space available
Closed
#1700 [GH-ISSUE #2698] firejailed ssh tunnel not authenticated
Closed
#1696 [GH-ISSUE #2695] reboot works with --seccomp
Closed
#1697 [GH-ISSUE #2696] O_PATH undeclared (CentOS 6)
Closed
#1698 [GH-ISSUE #2693] Signal-desktop cannot run in chroot as user (due to some chroot magic)
Closed
#1693 [GH-ISSUE #2692] Atom ain't sandboxed
Closed
#1694 [GH-ISSUE #2689] [Feature request] Integrate hardened_malloc When Available on System
Closed
#1690 [GH-ISSUE #2683] How can I allow dbus but not net (gimp profile)
Closed
#1691 [GH-ISSUE #2685] Firefox 66: can't save downloaded files due to unwriteable /tmp/user/$UID
Closed
#1687 [GH-ISSUE #2678] Firefox Nightly could not load profile
Closed
#1688 [GH-ISSUE #2675] Using the overlay option
Closed
#1684 [GH-ISSUE #2671] Error: --shell=none configured, but no program specified
Closed
#1685 [GH-ISSUE #2669] Remove the need for QTWEBENGINE_DISABLE_SANDBOX=1 (appimage)
Closed
#1686 [GH-ISSUE #2670] How to automatically get the applications to point to firejail after installation
Closed
#1681 [GH-ISSUE #2666] Why there are no profiles for pip and npm?
Closed
#1682 [GH-ISSUE #2667] playonlinux + wine + firejail
Closed
#1683 [GH-ISSUE #2668] Error: cannot detect login user
Closed
#1678 [GH-ISSUE #2665] Malware can bypass host's firewall using firejail --net=...
Closed
#1679 [GH-ISSUE #2663] ${HOME}/.git-credentials is not covered by default
Closed
#1680 [GH-ISSUE #2664] Broken commit !!
Closed
#1676 [GH-ISSUE #2662] 'sudo firejail --apparmor' = Root shell
Closed
#1677 [GH-ISSUE #2661] Fedora 30 Compilation Errors
Closed
#1675 [GH-ISSUE #2658] Gimp not working
Closed
#1672 [GH-ISSUE #2655] gajim doesn't let open images
Closed
#1673 [GH-ISSUE #2653] Error when running aa-enforce firejail-default
Closed
#1674 [GH-ISSUE #2657] Dropbox will not start with default profile Kubuntu Ubunutu 18.10 firejail version 0.9.54
Closed
#1671 [GH-ISSUE #2643] Run "WineHQ" profile before launch WineHQ for 1st time or run this profile after 1st launch of WineHQ
Closed
#1670 [GH-ISSUE #2644] Allow ~/VirtualBox VMs/shared for all the apps
Closed
#1669 [GH-ISSUE #2645] firefox passf plugin not working
Closed
#1666 [GH-ISSUE #2642] Does "q4wine" need to be sandboxed by Firejail if "WineHQ" is already sandboxed by Firejail
Closed
#1667 [GH-ISSUE #2637] undocumented location of a profile files
Closed
#1668 [GH-ISSUE #2638] Why? Warning: networking feature is disabled in Firejail configuration file
Closed
#1663 [GH-ISSUE #2629] Question about Desktop Integration
Closed
#1664 [GH-ISSUE #2623] /dev/null created with wrong permissions
Closed
#1662 [GH-ISSUE #2621] Evince crashes when 2-page side-by-side is chosen
Closed
#1660 [GH-ISSUE #2618] How to create multiple firejail chroot folders
Closed
#1659 [GH-ISSUE #2616] Firefox 66 is using chroot. Ubuntu 16.04 with seccomp enabled will break firefox.
Closed
#1657 [GH-ISSUE #2617] ElectronMail cannot read or write config files
Closed
#1658 [GH-ISSUE #2613] How to stop the specific sandbox (other than send SIGTERM to sandbox)?
Closed
#1654 [GH-ISSUE #2612] Tray icons (appindicator) are empty in Gnome for Electron apps
Closed
#1655 [GH-ISSUE #2610] No /etc/firejail directory created
Closed
#1656 [GH-ISSUE #2609] vlc whitelist
Closed
#1651 [GH-ISSUE #2608] Cannot start LibreOffice when already started
Closed
#1652 [GH-ISSUE #2605] Slack now performs log in only via browser
Closed
#1653 [GH-ISSUE #2607] [feature request] profiles that execute code (e.g. for dynamic soft-coded directories)
Closed
#1650 [GH-ISSUE #2593] Extra character in error output
Closed
#1648 [GH-ISSUE #2597] ubuntu 18:10 snap apps dissapeared from search after firejail set up
Closed
#1649 [GH-ISSUE #2591] Seahorse isn't firejailed, but still launches.
Closed
#1645 [GH-ISSUE #2579] Running firejail in Docker
Closed
#1647 [GH-ISSUE #2590] interaction between --dns option and overlayfs
Closed
#1646 [GH-ISSUE #2589] Compare to nsjail
Closed
#1642 [GH-ISSUE #2550] Pidgin lags in firejail
Closed
#1643 [GH-ISSUE #2578] Trust Certificates
Closed
#1644 [GH-ISSUE #2551] Firefox-developer desktop launches regular firefox
Closed
#1640 [GH-ISSUE #2547] Discord issues returned
Closed
#1641 [GH-ISSUE #2543] 'firejail --list' does not list sandboxes started with '--x11=none'
Closed
#1639 [GH-ISSUE #2548] Flameshot raw screenshot issue
Closed
#1636 [GH-ISSUE #2538] firejail-default apparmor profile breaks code-oss
Closed
#1637 [GH-ISSUE #2531] firefox: "browser-disable-u2f no" does not enable u2f
Closed
#1638 [GH-ISSUE #2519] Many firejails aren't whitelisting /home/downloads/
Closed
#1635 [GH-ISSUE #2514] [Info] seccomp enhancements in Linux 5.0
Closed
#1633 [GH-ISSUE #2513] firejail doesn't detach
Closed
#1634 [GH-ISSUE #2518] noexec ${HOME} breaks Discord
Closed
#1631 [GH-ISSUE #2505] new *-common includes
Closed
#1632 [GH-ISSUE #2506] firefox-common.profile: seccomp instead of seccomp.drop ?
Closed
#1627 [GH-ISSUE #2503] How to install deb packages inside chroot firejail
Closed
#1629 [GH-ISSUE #2496] memory-deny-write-execute: also block memfd_create?
Closed
#1624 [GH-ISSUE #2480] read-write does not work after read-only
Closed
#1626 [GH-ISSUE #2477] Can you install applications within a firejail, kinda like chroot?
Closed
#1623 [GH-ISSUE #2472] How is pulseaudio working for FJ urers
Closed
#1621 [GH-ISSUE #2471] sandbox selected applications upon startup
Closed
#1622 [GH-ISSUE #2449] Torbrowser won't launch in Firejail: OSError: [Errno 13] Permission denied
Closed
#1619 [GH-ISSUE #2447] mpv: nvdec HW decoder cannot load even with --noprofile
Closed
#1620 [GH-ISSUE #2448] Steam profile blocks gamepad (dualshock 3)
Closed
#1618 [GH-ISSUE #2446] new and unknown programs
Closed
#1615 [GH-ISSUE #2432] DBUS firejail. Solved but need an "expert" opinion
Closed
#1617 [GH-ISSUE #2434] Firejail only runs as root? OpenSuse
Closed
#1613 [GH-ISSUE #2429] [Tor Browser] ‘./Browser/execdesktop’: No such file or directory
Closed
#1614 [GH-ISSUE #2417] browsers: undocumented ?BROWSER_DISABLE_U2F conditional
Closed
#1612 [GH-ISSUE #2419] whitelist and noblacklist seems to have no effect
Closed
#1609 [GH-ISSUE #2413] Warnings in firejail
Closed
#1611 [GH-ISSUE #2414] Feh: Standard config does not allow internet access
Closed
#1606 [GH-ISSUE #2411] How to allow kate to edit files in .config ?
Closed
#1607 [GH-ISSUE #2410] Firecfg claims "symlinks were created", though none working
Closed
#1608 [GH-ISSUE #2408] chromium: cannot launch without --password-store=basic
Closed
#1603 [GH-ISSUE #2407] Unknown or unsupported transport “DBUS_SESSION_BUS_ADDRESS=unix”
Closed
#1604 [GH-ISSUE #2406] Duplicate bookmarks in Firefox
Closed
#1605 [GH-ISSUE #2405] Script to spoof Opera browser
Closed
#1602 [GH-ISSUE #2401] CVE-2019-5736
Closed
#1600 [GH-ISSUE #2400] Restrict SFTP access to user's $HOME directory (or use blacklist)
Closed
#1601 [GH-ISSUE #2404] How to enable list command by firejailed program (jedit)
Closed
#1597 [GH-ISSUE #2399] Flameshot - error while loading shared libraries
Closed
#1598 [GH-ISSUE #2397] Nix, snap, appimage support
Closed
#1599 [GH-ISSUE #2396] Creating a firejail group for the firejail binary no longer works
Closed
#1595 [GH-ISSUE #2395] claws-mail: nosound and GTK menu lag
Closed
#1594 [GH-ISSUE #2393] thunderbird startup problems with firejail
Closed
#1596 [GH-ISSUE #2389] Chrome 72 filling up .xsession-errors while watching YouTube with Firejail
Closed
#1593 [GH-ISSUE #2388] Retain firejail-local AppArmor customizations
Closed
#1591 [GH-ISSUE #2387] RTNETLINK error using "--net" option
Closed
#1592 [GH-ISSUE #2385] Firefox cannot play Netflix videos if started in firejail
Closed
#1588 [GH-ISSUE #2380] firejail 0.9.58 breaks many programs (execute permission denied)
Closed
#1589 [GH-ISSUE #2383] Issue with Streaming / Streamed YouTube Videos
Closed
#1590 [GH-ISSUE #2381] print.c:209:20: warning: duplicated 'if' condition [-Wduplicated-cond]
Closed
#1585 [GH-ISSUE #2379] Bitmessage not starting with Firejail
Closed
#1587 [GH-ISSUE #2378] firejail 0.9.58 and youtube-dl issue
Closed
#1586 [GH-ISSUE #2377] cliqz.profile need to be revised
Closed
#1582 [GH-ISSUE #2376] Automatic renaming of sandbox is unexpected
Closed
#1583 [GH-ISSUE #2375] LD_PRELOAD failed to map segment from shared object
Closed
#1584 [GH-ISSUE #2374] qtox no sound with firejail
Closed
#1579 [GH-ISSUE #2370] Suggestion for basic usage documentation
Closed
#1580 [GH-ISSUE #2371] Making cgroup feature configurable in firejail.config
Closed
#1581 [GH-ISSUE #2369] qBittorrent: menu items that open external apps do not work
Closed
#1576 [GH-ISSUE #2368] ark, private-tmp and browsers
Closed
#1577 [GH-ISSUE #2365] Debian thunderbird - gpp-agent not working togehter
Closed
#1578 [GH-ISSUE #2367] Firefox won't start
Closed
#1573 [GH-ISSUE #2361] "desktop.profile"
Closed
#1574 [GH-ISSUE #2364] apparmor bash shell gives weird message
Closed
#1575 [GH-ISSUE #2363] Skypeforlinux requires ignore noexec /tmp
Closed
#1570 [GH-ISSUE #2357] trap: thunderbird using default-profile + archiving mails to external folder/device does delete them finally
Closed
#1571 [GH-ISSUE #2360] Can RPMs or DEBs be installed and tested in --private Firejails?
Closed
#1572 [GH-ISSUE #2359] Support subpaths in macros (like ${PICTURES}/Screenshots)
Closed
#1569 [GH-ISSUE #2355] chromium/firefox: file open dialog takes 5 seconds to list the files (dbus)
Closed
#1567 [GH-ISSUE #2348] Dolphin SMB integration does not function if "protocol" filter is enabled
Closed
#1568 [GH-ISSUE #2351] OpenGL does not work even with --noprofile (NixOS)
Closed
#1564 [GH-ISSUE #2343] Dropping 'mincore' syscall breaks several apps
Closed
#1565 [GH-ISSUE #2345] Request: Profile for Mellowplayer
Closed
#1566 [GH-ISSUE #2346] why is {PICTURES}/folder not working?
Closed
#1563 [GH-ISSUE #2339] Is it possible to run multiple firejailed torbrowser instances?
Closed
#1561 [GH-ISSUE #2341] LTS build out of mainline sources
Closed
#1562 [GH-ISSUE #2342] Regression: Relative profile include silently ignored
Closed
#1560 [GH-ISSUE #2336] JDownloader: cannot execute web browser
Closed
#1558 [GH-ISSUE #2335] private-opt and private-srv problem
Closed
#1559 [GH-ISSUE #2337] chromium: "Open in Firefox" addon does not work
Closed
#1556 [GH-ISSUE #2333] Weird issue with mpv and mpsyt
Closed
#1557 [GH-ISSUE #2330] Can't get Libreoffice to start on Kbuntu 18.04
Closed
#1554 [GH-ISSUE #2326] Enable apparmor specific aplication profile use
Closed
#1552 [GH-ISSUE #2329] Cannot access symlinked config files
Closed
#1553 [GH-ISSUE #2325] chromium: segfault due to "Check failed: ChrootToSafeEmptyDir()"
Closed
#1549 [GH-ISSUE #2323] Firefox Private Window allowing access to home entire folder in Kubuntu 18.04
Closed
#1550 [GH-ISSUE #2324] Firefox using 100% CPU with firejail when downloading files
Closed
#1548 [GH-ISSUE #2321] netfilter-default in firejail.config does not appear to be working
Closed
#1546 [GH-ISSUE #2318] firejail crashes xreader in Mint 18.3
Closed
#1547 [GH-ISSUE #2320] On code tests, why make install?
Closed
#1543 [GH-ISSUE #2314] Fail to open firefox in firejail: Error send: arp.c:182 arp_check: Invalid argument
Closed
#1544 [GH-ISSUE #2317] Cherrytree should not connect to any network
Closed
#1545 [GH-ISSUE #2316] The arguments --tracelog and --trace stay hanging if I use them with discord
Closed
#1542 [GH-ISSUE #2311] keepassxc: cannot open attachments in kate
Closed
#1540 [GH-ISSUE #2310] Can't create run directory without suid-root
Closed
#1541 [GH-ISSUE #2312] Youtube videos not playing with firejail
Closed
#1537 [GH-ISSUE #2309] emacs: File error: Opening input file, Decryption failed, No secret key
Closed
#1539 [GH-ISSUE #2306] Gwenview and baloo blacklist violation
Closed
#1534 [GH-ISSUE #2305] Does --appimage use the default profile under /firejail/etc?
Closed
#1535 [GH-ISSUE #2302] Qutebrowser 1.5.2 (latest) not working with seccomp.drop name_to_handle_at
Closed
#1536 [GH-ISSUE #2304] Some Security Questions Regarding Firejail
Closed
#1531 [GH-ISSUE #2296] join option doesn't apply seccomp filter
Closed
#1532 [GH-ISSUE #2301] File transfer fails on large files
Closed
#1533 [GH-ISSUE #2300] Brave not saving settings
Closed
#1528 [GH-ISSUE #2291] Firejail Apparmor Support Not Working (Even Though it's Been Enable During BUILD)
Closed
#1530 [GH-ISSUE #2290] Error running Franz appimage
Closed
#1529 [GH-ISSUE #2292] Spotify doesn't launch on Arch Linux
Closed
#1525 [GH-ISSUE #2289] keepassxc: QXcbConnection: Could not connect to display :0.0 (MX Linux)
Closed
#1526 [GH-ISSUE #2287] restrict KDE sockets better
Closed
#1527 [GH-ISSUE #2288] Crash in tor browser
Closed
#1522 [GH-ISSUE #2283] "firejail --help" behavior after clean installation
Closed
#1523 [GH-ISSUE #2284] firejail always detects a sandbox when running under WSL
Closed
#1524 [GH-ISSUE #2286] dnscrypt-proxy does not start because of authorization problem
Closed
#1519 [GH-ISSUE #2273] Add UrbanTerror and/or quake mod games to profiles.
Closed
#1521 [GH-ISSUE #2282] Can't access /mnt despite ignore disable-mnt and whitelists
Closed
#1516 [GH-ISSUE #2267] Why does calling getpgrp(2) from a sandboxed process return 0?
Closed
#1517 [GH-ISSUE #2269] For --private-tmp expose /tmp/.X11-unix as read-only
Closed
#1518 [GH-ISSUE #2270] Memory Limit
Closed
#1513 [GH-ISSUE #2262] local/python for mpv and youtube-dl
Closed
#1514 [GH-ISSUE #2263] Issue with Steam again
Closed
#1515 [GH-ISSUE #2264] Pinta starts without menus
Closed
#1511 [GH-ISSUE #2258] google-chrome: program does not start
Closed
#1510 [GH-ISSUE #2261] Flameshot not working
Closed
#1512 [GH-ISSUE #2259] Whitelisting results in fs_private: Read-only file system
Closed
#1507 [GH-ISSUE #2257] profiles not copied to etc when doing src install on fedora
Closed
#1509 [GH-ISSUE #2252] More complete documentation for -c option
Closed
#1504 [GH-ISSUE #2242] Arch linux needs extra options in gpg profile
Closed
#1505 [GH-ISSUE #2239] Debian based distributions need writable-var in tar.profile
Closed
#1506 [GH-ISSUE #2248] Question: Firejail vs using Apparmor only? What are some the advantages
Closed
#1501 [GH-ISSUE #2234] Firejailed APPs are not seeing my Network
Closed
#1502 [GH-ISSUE #2233] [Question] How secure is WINE with the defualt profile?
Closed
#1498 [GH-ISSUE #2229] Cross Compiling Difficulty
Closed
#1500 [GH-ISSUE #2230] transfer.sh wil be shutdown on 30th November
Closed
#1496 [GH-ISSUE #2226] Execute firecfg on every change?
Closed
#1497 [GH-ISSUE #2228] Cannot open hyperlink with Firefox using Libreoffice Calc
Closed
#1495 [GH-ISSUE #2225] unable to authorize user to use firejail
Closed
#1492 [GH-ISSUE #2222] DNS-Crypt local proxy (127.0.0.1) and --net=eth0
Closed
#1493 [GH-ISSUE #2224] Errors with Wine running Papers Please
Closed
#1494 [GH-ISSUE #2223] errors/troubles with x11
Closed
#1489 [GH-ISSUE #2220] Firejail passing MIT COOKIE on cmd line - visible in ps -auxw?
Closed
#1490 [GH-ISSUE #2219] [Documentation] How to utilize FireJail with Wine
Closed
#1491 [GH-ISSUE #2221] Why does firejail need to alter /etc/X11/Xwrapper.config allowed_users=console?
Closed
#1486 [GH-ISSUE #2215] [Question] Do Apps Automatically use FireJail when Configured?
Closed
#1487 [GH-ISSUE #2216] Warnings with firefox and firejail
Closed
#1488 [GH-ISSUE #2217] More Portable Like MultiloginApp please
Closed
#1485 [GH-ISSUE #2211] chromium: program does not start on 0.9.56
Closed
#1484 [GH-ISSUE #2212] firefox: cannot create crash dump and send crash report after crash
Closed
#1483 [GH-ISSUE #2214] LibreOffice won't start on Parrot 4.3
Closed
#1480 [GH-ISSUE #2208] Consider migrating from Travis-CI to Github Actions
Closed
#1481 [GH-ISSUE #2210] Custom profile gives 'no such file or directory' error for existing script
Closed
#1482 [GH-ISSUE #2209] Firejail breaks gajim
Closed
#1478 [GH-ISSUE #2205] Program in X11 sandbox can kill host X session
Closed
#1477 [GH-ISSUE #2206] Firejail "breaks" ranger
Closed
#1479 [GH-ISSUE #2207] private-bin broken in weird case
Closed
#1474 [GH-ISSUE #2203] Consider keeping /dev/input/js0 (joystick device) with --private-dev
Closed
#1475 [GH-ISSUE #2204] Error: --net and --net=none are mutually exclusive
Closed
#1471 [GH-ISSUE #2200] --read-only recursiveness does not cross filesystem boundaries
Closed
#1472 [GH-ISSUE #2197] debug-syscalls, debug-errnos, ... don't work any more
Closed
#1473 [GH-ISSUE #2196] Firefox 62.0.3 doesn't close properly
Closed
#1468 [GH-ISSUE #2188] disable-mnt is unintuitive and complicated, suggesting removal or alteration
Closed
#1469 [GH-ISSUE #2194] add nou2f to all profiles with private-dev
Closed
#1470 [GH-ISSUE #2195] Chromium sys_chroot and sys_admin permissions
Closed
#1465 [GH-ISSUE #2175] How do I install 'Firetools'
Closed
#1466 [GH-ISSUE #2176] sshd works within chroot, but not firejail chroot
Closed
#1467 [GH-ISSUE #2187] Allow subdirectories in private-etc
Closed
#1462 [GH-ISSUE #2154] Split up disable-mnt
Closed
#1463 [GH-ISSUE #2160] file profile not working with 'private-bin file'
Closed
#1461 [GH-ISSUE #2151] Use ${CFG} in all profiles instead of hardcoded paths
Closed
#1459 [GH-ISSUE #2150] --build should not assume that firejail's default profile dir is /etc/firejail
Closed
#1460 [GH-ISSUE #2153] noinclude directive
Closed
#1456 [GH-ISSUE #2148] firejail should never fail to find its helper binaries for arbitrary install paths
Closed
#1457 [GH-ISSUE #2147] Allow persistent cache of appimage desktop integration prompt
Closed
#1458 [GH-ISSUE #2149] Firefox cannot use profiles under /media with the default profile regardless of whitelisting.
Closed
#1455 [GH-ISSUE #2146] Question: how can I blacklist /home for Firefox?
Closed
#1453 [GH-ISSUE #2145] Question : browser configured with proxy
Closed
#1454 [GH-ISSUE #2143] Harden against thumbnailer exploits etc.
Closed
#1450 [GH-ISSUE #2142] Firefox 61.0.1.glibc2.7 Appimage with multi-process windows enabled does not successfully load pages
Closed
#1451 [GH-ISSUE #2139] Allow for --join to wait until sandbox is ready instead of dying when its not.
Closed
#1447 [GH-ISSUE #2135] [Feature] Manage Proxies
Closed
#1448 [GH-ISSUE #2136] Firejail 0.9.56 + TorBrowserBundle 8.0.2 Doesnt start inside Whonix
Closed
#1449 [GH-ISSUE #2137] Browser trouble - whitelisting ${HOME}-directories issue
Closed
#1444 [GH-ISSUE #2132] vlc: why is $(DOCUMENTS) blacklisted?
Closed
#1445 [GH-ISSUE #2134] Firefox 62.0.3 on Ubuntu 18.04 with PPA-Version 0.9.56-1
Closed
#1446 [GH-ISSUE #2129] Discord fails to open with ENOTFOUND discordapp.com
Closed
#1441 [GH-ISSUE #2125] sysconfdir not configurable when --prefix=/usr
Closed
#1442 [GH-ISSUE #2128] Jailing system services
Closed
#1443 [GH-ISSUE #2126] Problem with running 'wine' on different user, can't connect to X display
Closed
#1439 [GH-ISSUE #2121] man-pages not readable while less firejailed and man app-armored
Closed
#1438 [GH-ISSUE #2122] FAQ link in readme
Closed
#1440 [GH-ISSUE #2124] mpv gpu output not working
Closed
#1435 [GH-ISSUE #2118] Firejail - Apparmor problem with missing slash
Closed
#1436 [GH-ISSUE #2120] nonewprivs exceptions?
Closed
#1437 [GH-ISSUE #2119] Running any GOG game under Firejail is extremely awkward
Closed
#1433 [GH-ISSUE #2117] this code is definitely wrong
Closed
#1434 [GH-ISSUE #2116] firejail AppArmor profile doesn't work
Closed
#1429 [GH-ISSUE #2111] Way to prevent nodbus
Closed
#1430 [GH-ISSUE #2113] Custom pulseaudio client.conf issue, firejail being started as non-root
Closed
#1431 [GH-ISSUE #2112] VS Code cannot perform remote git operations
Closed
#1426 [GH-ISSUE #2109] Firefox and native messaging
Closed
#1428 [GH-ISSUE #2110] Tor Browser stopped working with firejail after a major update
Closed
#1427 [GH-ISSUE #2108] Tor Browser fails with curernt tor profile
Closed
#1425 [GH-ISSUE #2107] Firejail with iptables for LAN only doesn't work
Closed
#1423 [GH-ISSUE #2106] OpenGL on Radeon needs /usr/lib/llvm/, which is blacklisted in disable-devel.inc
Closed
#1424 [GH-ISSUE #2103] Windows apps installed with Proton don't work (sound issue) [but do work with native Wine]
Closed
#1420 [GH-ISSUE #2100] seccomp filtering not working with chroot
Closed
#1421 [GH-ISSUE #2101] Firejail breaks evince printing
Closed
#1422 [GH-ISSUE #2102] No menu in libreoffice
Closed
#1418 [GH-ISSUE #2098] Spotify: D-Bus functionality
Closed
#1419 [GH-ISSUE #2097] firecfg: allow for ignoring specific apps
Closed
#1417 [GH-ISSUE #2099] Question : firejail and Xephyr
Closed
#1414 [GH-ISSUE #2090] Our documentation
Closed
#1416 [GH-ISSUE #2089] Have firecfg install to ${HOME}/bin instead of /usr/local/bin?
Closed
#1415 [GH-ISSUE #2095] A simple tool for profile/policies creation
Closed
#1411 [GH-ISSUE #2088] Allow system users to use firejail if listed in firejail.users
Closed
#1412 [GH-ISSUE #2087] Qutebrowser (qtwebengine) needs llvm whitelist
Closed
#1413 [GH-ISSUE #2086] Pale Moon 28 doesn't start
Closed
#1408 [GH-ISSUE #2085] Virtual environements
Closed
#1409 [GH-ISSUE #2084] AppArmor not working in OpenSuse
Closed
#1410 [GH-ISSUE #2083] --build broken
Closed
#1407 [GH-ISSUE #2082] Properties and owner of /run/firejail ?
Closed
#1405 [GH-ISSUE #2078] FIrejail in openSUSE Leap15
Closed
#1406 [GH-ISSUE #2080] Spotify, Arch: ERROR: ld.so: object 'libcurl.so.3' from LD_PRELOAD
Closed
#1402 [GH-ISSUE #2074] Variables like ${DOWNLOADS} don't seem to work with blacklist
Closed
#1403 [GH-ISSUE #2075] Weechat /exec fails with default weechat.profile
Closed
#1404 [GH-ISSUE #2077] Discord won't launch
Closed
#1399 [GH-ISSUE #2071] [bug] Whitelisting a file leads to inability to write to it
Closed
#1400 [GH-ISSUE #2072] Nvida drivers using firejail
Closed
#1401 [GH-ISSUE #2073] How does Firejail compared to Sandboxie
Closed
#1396 [GH-ISSUE #2068] Pure computation in a specific folder?
Closed
#1397 [GH-ISSUE #2069] Feature request: Scanning application to determine if it 'misbehaves'
Closed
#1398 [GH-ISSUE #2070] [Proposal] Convert all profiles to a whitelist model
Closed
#1394 [GH-ISSUE #2065] Freedesktop dirs whitelisting works from profile but not command line
Closed
#1395 [GH-ISSUE #2066] Tor Browser cannot execute with "noroot" and "nogroups" profile
Closed
#1390 [GH-ISSUE #2062] keepassxc: single-instance option does not work (private-tmp)
Closed
#1392 [GH-ISSUE #2064] Bugs rpm package heikoada/firejail - Fedora 28
Closed
#1391 [GH-ISSUE #2061] [cosmetic] --netfilter6= and restricted-network yes
Closed
#1388 [GH-ISSUE #2051] wire-desktop
Closed
#1389 [GH-ISSUE #2059] Bug: Cannot whitelist home folders correctly
Closed
#1386 [GH-ISSUE #2048] Evince can't open annotations
Closed
#1384 [GH-ISSUE #2050] Android Studio Invalid Config Path
Closed
#1385 [GH-ISSUE #2047] Thunderbird-Chromium Issue
Closed
#1383 [GH-ISSUE #2044] 0.9.54 does not ARM cross-compile anymore (seccomp) [yocto]
Closed
#1381 [GH-ISSUE #2045] Profile autodetection fails when path contains spaces
Closed
#1379 [GH-ISSUE #2041] [enhancement] Allow whitelisting arbitrary directories
Closed
#1378 [GH-ISSUE #2043] No ALSA sound in Chromium due to "nogroup" setting.
Closed
#1377 [GH-ISSUE #2039] [enhancement] Allow more fine-grained ignore predicates
Closed
#1376 [GH-ISSUE #2040] Cannot access profile file
Closed
#1375 [GH-ISSUE #2038] Just updating firejail on Fedora 28
Closed
#1374 [GH-ISSUE #2037] Machine-ID breaks Pulseaudio
Closed
#1373 [GH-ISSUE #2035] Firejail 0.9.54 and pulseaudio 12: Edge case with no sound
Closed
#1369 [GH-ISSUE #2032] Run program with the tun0 interface
Closed
#1370 [GH-ISSUE #2034] Slack profile does not allow to use microphone
Closed
#1367 [GH-ISSUE #2029] Possible conflict with noexec and whitelist
Closed
#1368 [GH-ISSUE #2028] Chrome native notifications are broken
Closed
#1366 [GH-ISSUE #2030] Snapper - **/.snapshots
Closed
#1365 [GH-ISSUE #2026] Firejail breaks Gnome Shell connector
Closed
#1363 [GH-ISSUE #2024] New profile for Gradio
Closed
#1364 [GH-ISSUE #2027] Can't run firefox, chromium through firejail.
Closed
#1360 [GH-ISSUE #2021] gdb does not work with --allow-debuggers and kernel >= 4.9
Closed
#1361 [GH-ISSUE #2019] [Request] Profile for gradio
Closed
#1362 [GH-ISSUE #2023] Cannot whitelist path in /run
Closed
#1357 [GH-ISSUE #2018] Cannot run Geary 0.12.2-1
Closed
#1358 [GH-ISSUE #2016] New inox fixes
Closed
#1354 [GH-ISSUE #2011] invalid whitelist path if /var/tmp is symlink to /tmp
Closed
#1355 [GH-ISSUE #2013] profile weechat broken
Closed
#1356 [GH-ISSUE #2014] dnscrypt-proxy and systemd's DynamicUser concept
Closed
#1352 [GH-ISSUE #2006] globals.local included twice in profiles using x-common.profile format
Closed
#1353 [GH-ISSUE #2009] Maximum profile include level was reached
Closed
#1350 [GH-ISSUE #2004] [Question] Does Firejail "sudo" commands effective in this special case ?
Closed
#1348 [GH-ISSUE #2002] [Feature request] Make settings in firejail.config ignorable in profiles
Closed
#1349 [GH-ISSUE #2005] [question] opening a PDF from within firefox using atril used to work, then stopped working
Closed
#1345 [GH-ISSUE #1994] Krita profile broken on archinux
Closed
#1346 [GH-ISSUE #1995] Adding a global modifier (net=eth0) to all firejails
Closed
#1347 [GH-ISSUE #2001] Ark does not open zip files
Closed
#1342 [GH-ISSUE #1993] private-dev and /dev/shm
Closed
#1343 [GH-ISSUE #1991] webcam works in Firefox although --private-dev was set
Closed
#1344 [GH-ISSUE #1992] 0.9.55 regression
Closed
#1341 [GH-ISSUE #1990] firefox: Yubikey u2f does not work if plugged in after launching (private-dev)
Closed
#1339 [GH-ISSUE #1988] Profile option to access files in CLI arguments
Closed
#1340 [GH-ISSUE #1989] gpg-agent errors
Closed
#1338 [GH-ISSUE #1985] Thunderbird folder whitelisted in Chrome and Firefox
Closed
#1336 [GH-ISSUE #1987] Question: benefits of running Firejail with AppArmor?
Closed
#1337 [GH-ISSUE #1986] fontforge profile broken
Closed
#1333 [GH-ISSUE #1982] [ Information ] Linux Mint 19 “Tara” Cinnamon – BETA Release
Closed
#1335 [GH-ISSUE #1984] Firejail 0.9.55 & pulseaudio 11.99.1 (mpv profile fix / llvm )
Closed
#1331 [GH-ISSUE #1979] [SOLVED] firejail runs sandbox for app that I didn't set to run in firejail
Closed
#1332 [GH-ISSUE #1981] Apparmor dbus confinement not working?
Closed
#1330 [GH-ISSUE #1980] firejail prevents id.fedoraproject.org redirection in firefox
Closed
#1329 [GH-ISSUE #1975] cannot open local profile file
Closed
#1328 [GH-ISSUE #1974] Xed as default editor using FileZilla doesn't work i.c.m firejail
Closed
#1327 [GH-ISSUE #1978] Add support for ipvlan interfaces
Closed
#1324 [GH-ISSUE #1973] [information] Scenario of an attack
Closed
#1325 [GH-ISSUE #1972] [SOLVED] running chromium from snap in Firejail
Closed
#1326 [GH-ISSUE #1971] "namespace support is disabled" in 0.9.54
Closed
#1321 [GH-ISSUE #1968] No sound output from Firefox after upgrading Firejail to 0.9.54
Closed
#1322 [GH-ISSUE #1970] Chrome - TwitterDeck
Closed
#1318 [GH-ISSUE #1965] Apparmor causing Firefox Quantum: Gecko_IOThread segfault
Closed
#1319 [GH-ISSUE #1964] UID_MIN evaluation at runtime
Closed
#1320 [GH-ISSUE #1966] Integrate TorJail
Closed
#1317 [GH-ISSUE #1963] 0.9.54 no work?
Closed
#1315 [GH-ISSUE #1961] --allusers not working with vlc.profile after upgrading 0.9.52 -> 0.9.54
Closed
#1316 [GH-ISSUE #1962] Firefox doesn't load pages, crashes on Ubuntu 16.04 and 18.04 LTS
Closed
#1312 [GH-ISSUE #1959] Tor browser s profile need an update for using with ubuntu 16.04?
Closed
#1313 [GH-ISSUE #1960] Cruzin' the net with --net=none
Closed
#1314 [GH-ISSUE #1957] Should we update travis to something never than Ubuntu trusty?
Closed
#1311 [GH-ISSUE #1956] Having trouble getting firejail to work in a Docker container
Closed
#1309 [GH-ISSUE #1955] firejailed thunderbird fails to open links in firejailed chromium
Closed
#1310 [GH-ISSUE #1953] Krita crashes after splash screen when run with firejail
Closed
#1307 [GH-ISSUE #1952] Discord.profile won't launch
Closed
#1308 [GH-ISSUE #1951] Firejail breaks enigmail in Thunderbird
Closed
#1303 [GH-ISSUE #1948] 0.9.54 compilation fails on RasPi 2
Closed
#1304 [GH-ISSUE #1949] [ENHANCEMENT] make "firejail --list" more readable
Closed
#1305 [GH-ISSUE #1947] Firefox exit code question
Closed
#1302 [GH-ISSUE #1946] Firejail versions 0.9.54~rc1_1 & 0.9.54~rc2_1 are causing Mozilla Thunderbird to crash
Closed
#1301 [GH-ISSUE #1945] mpv: OpenGL doesn't work with the proprietary Nvidia driver
Closed
#1300 [GH-ISSUE #1944] Krita isn't working
Closed
#1299 [GH-ISSUE #1942] Firefox 60 no menu with Firejail 0.9.54~rc2
Closed
#1297 [GH-ISSUE #1940] White screen after upgrade to Firefox 60
Closed
#1298 [GH-ISSUE #1941] Includes missing from firejail apparmor profile
Closed
#1296 [GH-ISSUE #1937] Firefox 60 does not close
Closed
#1294 [GH-ISSUE #1939] Firefox version 60 breaks completely with the default Firejail profile or any profile containing seccomp.
Closed
#1293 [GH-ISSUE #1931] Blender with AMD GPU fails under firejail
Closed
#1291 [GH-ISSUE #1929] FJ + Thunderbird + GPG + Keycard
Closed
#1292 [GH-ISSUE #1930] Tor and Pale Moon Browsers hang and won't display.
Closed
#1290 [GH-ISSUE #1928] Hide firejail --list from firejail --list?
Closed
#1288 [GH-ISSUE #1927] firejail --list is empty, but firemon shows firejail processes
Closed
#1287 [GH-ISSUE #1925] Allow folder from USB device mounted in /mnt/
Closed
#1286 [GH-ISSUE #1921] few questions about firejail
Closed
#1285 [GH-ISSUE #1920] Lists of libraries for private-lib
Closed
#1282 [GH-ISSUE #1912] Ping replies going to wrong jails
Closed
#1283 [GH-ISSUE #1917] LibreOffice won't start on Ubuntu 18.04
Closed
#1284 [GH-ISSUE #1913] chrome flash problem
Closed
#1281 [GH-ISSUE #1908] Error installing and running services in sudo firejail no profile overlay
Closed
#1279 [GH-ISSUE #1902] firecfg and user restrictions
Closed
#1280 [GH-ISSUE #1907] Define specific overlay directory in argument
Closed
#1276 [GH-ISSUE #1901] Prevent starting programs in non-sandboxed mode from within a firejail sandbox
Closed
#1277 [GH-ISSUE #1899] Bug: waterfox can't close
Closed
#1278 [GH-ISSUE #1897] Compilation fails on alpine linux
Closed
#1273 [GH-ISSUE #1895] Zathura dbus issue
Closed
#1274 [GH-ISSUE #1896] zoom: attachments/calls/preferences
Closed
#1275 [GH-ISSUE #1893] Lobase failing again :(
Closed
#1270 [GH-ISSUE #1889] ExpressVPN internet issues (resolv.conf)
Closed
#1271 [GH-ISSUE #1885] Google-chrome does not open anymore.
Closed
#1267 [GH-ISSUE #1879] Lighter profile for cinelerra
Closed
#1269 [GH-ISSUE #1883] Firejailing Darkest Dungeon loses all controls (keyboard and mouse)
Closed
#1266 [GH-ISSUE #1877] CRONTABS for user
Closed
#1264 [GH-ISSUE #1876] Bus error with firecfg
Closed
#1265 [GH-ISSUE #1878] Coyim
Closed
#1261 [GH-ISSUE #1871] Allow symlinked /opt
Closed
#1262 [GH-ISSUE #1869] atool private-etc issue
Closed
#1263 [GH-ISSUE #1872] Spotify with ALSA cannot play songs under firejail
Closed
#1258 [GH-ISSUE #1858] advice for scripted w3m
Closed
#1259 [GH-ISSUE #1857] Allow machine-id for bibletime.profile
Closed
#1260 [GH-ISSUE #1866] conky issues
Closed
#1256 [GH-ISSUE #1856] Error clone: main.c:2488 main: Operation not permitted
Closed
#1257 [GH-ISSUE #1850] BleachBit not opening in firejail
Closed
#1255 [GH-ISSUE #1855] transmission-gtk freezes on opening GTK dialogs (mprotect syscall gets blocked)
Closed
#1254 [GH-ISSUE #1846] Allow to compile firejail non-setuid
Closed
#1252 [GH-ISSUE #1847] Firefox 60.0b (dev edition) can't display webpages when 'seccomp' or 'shell none' enabled
Closed
#1253 [GH-ISSUE #1845] firejailed editor can't use sudoedit
Closed
#1250 [GH-ISSUE #1842] https://firejail.wordpress.com/support/#userns outdated
Closed
#1251 [GH-ISSUE #1844] Support wireguard interfaces on firejail's --net option
Closed
#1249 [GH-ISSUE #1841] gnome-calculator's private-lib looks broken
Closed
#1246 [GH-ISSUE #1838] Winetricks problem
Closed
#1248 [GH-ISSUE #1836] Keyboard input doesn't work
Closed
#1247 [GH-ISSUE #1839] F1 2017 doesn't start - Firejail is more than likely to be the barrier
Closed
#1243 [GH-ISSUE #1832] Routing setup for three jails, one of has two tun interfaces inside, the others are connected to it via <br> interfaces
Closed
#1244 [GH-ISSUE #1833] Bug at thunderbird-beta
Closed
#1245 [GH-ISSUE #1834] Add support for blender-2.8
Closed
#1240 [GH-ISSUE #1824] Is there way to start few applications in single x11 sandbox?
Closed
#1241 [GH-ISSUE #1823] disable-devel.inc does not blacklist python and node
Closed
#1242 [GH-ISSUE #1826] Youtube video won't start with google-chrome if firejailed
Closed
#1237 [GH-ISSUE #1819] unexpected behavior when jails have the same name ?
Closed
#1238 [GH-ISSUE #1818] private-lib doesn't work with Palemoon & Firefox
Closed
#1239 [GH-ISSUE #1822] Recalibration of D-Bus access
Closed
#1236 [GH-ISSUE #1817] Error running ssh commands with arguments
Closed
#1234 [GH-ISSUE #1815] Not able to make file transfer work
Closed
#1235 [GH-ISSUE #1816] Add a libreoffice-base profile
Closed
#1231 [GH-ISSUE #1812] What is the best way to move a file outside a private jail ?
Closed
#1232 [GH-ISSUE #1813] [private-dev] xsession-errors log is chowned by root
Closed
#1230 [GH-ISSUE #1811] Can't start google chrome with firejail in debian stretch
Closed
#1228 [GH-ISSUE #1810] Firefox and Chromiun not taking input and not appearning in firejail --list
Closed
#1229 [GH-ISSUE #1808] Viewnior will not run with memory-deny-write-execute
Closed
#1225 [GH-ISSUE #1805] QtWebEngine crash (in Anki)
Closed
#1226 [GH-ISSUE #1804] Cannot launch Evince from command line
Closed
#1227 [GH-ISSUE #1807] Arch-Linux - 'steam-native' doesn't read /etc/firejail/steam.profile
Closed
#1222 [GH-ISSUE #1800] Gentoo portage "emerge" cant find what it just downloaded with wget
Closed
#1223 [GH-ISSUE #1801] The "less" command can't view files when run as root, using firejail.
Closed
#1224 [GH-ISSUE #1803] memory-deny-write-execute causing hangs and crashes on Arch and derivatives
Closed
#1219 [GH-ISSUE #1798] hidepid prevents me from viewing firejail-started processes in e.g. htop
Closed
#1220 [GH-ISSUE #1797] Bug: brave doesnt open
Closed
#1221 [GH-ISSUE #1799] Dropbox, multiple issues
Closed
#1216 [GH-ISSUE #1796] smartgit blacklist
Closed
#1218 [GH-ISSUE #1795] allow read acces ${HOME}.cache/kioexec/krun/ for webbrowsers
Closed
#1217 [GH-ISSUE #1794] Add falkon browser profile
Closed
#1214 [GH-ISSUE #1792] Brackets (adobe editor) can not launch
Closed
#1213 [GH-ISSUE #1791] keepassxc: cannot open database (memory-deny-write-execute)
Closed
#1212 [GH-ISSUE #1789] Konsole forgets theme
Closed
#1210 [GH-ISSUE #1788] transmission-qt theme is strange with firejail
Closed
#1211 [GH-ISSUE #1790] How best to whitelist/noblacklist a deep directory?
Closed
#1208 [GH-ISSUE #1785] Better output options for the tracelog (e.g. console, logfile, journald)
Closed
#1207 [GH-ISSUE #1784] KDEinit could not launch '/use/local/bin/kate'
Closed
#1204 [GH-ISSUE #1778] Unable to whitelist /dev/stdin unless there's a pseudo-terminal
Closed
#1205 [GH-ISSUE #1782] Make ~/.bashrc read only?
Closed
#1206 [GH-ISSUE #1781] Unable to build profile for mono binaries run by binfmt-support
Closed
#1202 [GH-ISSUE #1772] qbittorrent: no authentication protocol supported
Closed
#1203 [GH-ISSUE #1773] rewrite browser profiles with redirections
Closed
#1201 [GH-ISSUE #1771] [firefox] noroot makes youtube fullscreen hang
Closed
#1198 [GH-ISSUE #1769] How to globally block networking, camera, microphone, etc. and allow by exception?
Closed
#1199 [GH-ISSUE #1770] Most part of messangers can't open links in browsers other than firefox
Closed
#1200 [GH-ISSUE #1768] Spotify on Gentoo fails to open
Closed
#1196 [GH-ISSUE #1767] private-etc line breaks graphics driver in Firefox and Tor browser
Closed
#1197 [GH-ISSUE #1765] Firefox 60+ fails to run content processes
Closed
#1195 [GH-ISSUE #1760] Dropbox startup fails because of missing library when started directly with firejail
Closed
#1192 [GH-ISSUE #1756] Okular fails to start in 0.9.52
Closed
#1193 [GH-ISSUE #1759] Requesting help regarding SoulseekQT profile
Closed
#1194 [GH-ISSUE #1757] Cleaning named overlay
Closed
#1189 [GH-ISSUE #1753] Firefox video hangup when switched to full screen
Closed
#1190 [GH-ISSUE #1755] Various Issues
Closed
#1191 [GH-ISSUE #1754] cannot start hexchat
Closed
#1186 [GH-ISSUE #1749] Thunderbird fails to execute child process (Operation not permitted)
Closed
#1187 [GH-ISSUE #1752] spectre
Closed
#1188 [GH-ISSUE #1750] Building from git broken on Arch Linux after recent apparmor-related commits
Closed
#1183 [GH-ISSUE #1746] Building rpm - what's going wrong?
Closed
#1184 [GH-ISSUE #1747] Enable crontab
Closed
#1185 [GH-ISSUE #1748] google-play-music-desktop-player symlink: error while loading shared libraries: libnode.so
Closed
#1180 [GH-ISSUE #1742] DNS over ipv6 not working
Closed
#1182 [GH-ISSUE #1743] Can't combine --private with --whitelist
Closed
#1177 [GH-ISSUE #1740] skypeforlinux hangs with white non-responsive window, firejail 0.9.52
Closed
#1178 [GH-ISSUE #1737] Add support for syscalls 329-332 (pkey_mprotect, pkey_alloc, pkey_free, statx)
Closed
#1179 [GH-ISSUE #1739] Firefox 59.0b1, pulseaudio
Closed
#1175 [GH-ISSUE #1735] New (detailed) firejail tutorial available - fact check review appreciated
Closed
#1176 [GH-ISSUE #1736] transmission-qt freezes on opening dialogs
Closed
#1171 [GH-ISSUE #1730] skypeforlinux not starting with firejail 0.9.50 on ubuntu
Closed
#1172 [GH-ISSUE #1731] unbound: error with DNSSEC validation enabled
Closed
#1173 [GH-ISSUE #1732] Getting Error: "/etc/rc?.d" is an invalid filename when including disable-common.inc in the firejail profile
Closed
#1170 [GH-ISSUE #1728] No window bar options using gimp
Closed
#1168 [GH-ISSUE #1727] sandbox /tmp
Closed
#1169 [GH-ISSUE #1729] Frequent permission errors with firejail
Closed
#1167 [GH-ISSUE #1725] SSH fails, can't access /dev/null
Closed
#1165 [GH-ISSUE #1726] [Info] What is the point of jailing ssh?
Closed
#1166 [GH-ISSUE #1724] Can't access internet with Tor Browser
Closed
#1162 [GH-ISSUE #1721] Firejail does not work with an ipv6-only interface
Closed
#1164 [GH-ISSUE #1722] Provide a way to specify DNSv6, for ex. --dns6
Closed
#1163 [GH-ISSUE #1723] ktorrent 5.1.0 doesn't run with firejail 0.9.52
Closed
#1159 [GH-ISSUE #1720] Dropping Firejail privileges with services not running as root?
Closed
#1160 [GH-ISSUE #1718] Hexchat links do not open in chromium
Closed
#1161 [GH-ISSUE #1719] whitelisting subpath of blacklisted path
Closed
#1157 [GH-ISSUE #1712] Intel/AMD CPU security flaws
Closed
#1158 [GH-ISSUE #1716] Firefox: access ~/Downloads folder if using --private-home
Closed
#1156 [GH-ISSUE #1717] [INFO] How exactly does one use --private-lib?
Closed
#1153 [GH-ISSUE #1709] Viber profile report error!
Closed
#1154 [GH-ISSUE #1711] Evince does not run due to --private-lib configuration option
Closed
#1155 [GH-ISSUE #1707] Import profile's while ignoring others
Closed
#1151 [GH-ISSUE #1703] Couldn't start 'libreoffice' in Debian Testing
Closed
#1152 [GH-ISSUE #1702] Couldn't start 'minetest' in Debian Testing
Closed
#1148 [GH-ISSUE #1698] Override globals.local while respecting default firefox.profile?
Closed
#1149 [GH-ISSUE #1695] [Teamspeak 3] the application crashes on opening the options window
Closed
#1147 [GH-ISSUE #1699] Can't launch qBittorrent and okular with firejail aymore
Closed
#1144 [GH-ISSUE #1692] /usr/bin/string cannot read /proc/*/environ
Closed
#1145 [GH-ISSUE #1694] Jack audio does not work with private-dev
Closed
#1146 [GH-ISSUE #1693] please add basilisk browser
Closed
#1141 [GH-ISSUE #1686] Thunderbird not start with .icedove folder - Debian 9
Closed
#1142 [GH-ISSUE #1688] Add private-etc services to steam.profile
Closed
#1143 [GH-ISSUE #1690] firejail 0.9.52 breaks qbittorrent 4.0.3 (qt5-base 5.10.0)
Closed
#1138 [GH-ISSUE #1683] Jailed node js development environment
Closed
#1139 [GH-ISSUE #1684] Add Figaro's Password Manager 2 to disable-passwdmgr.inc
Closed
#1140 [GH-ISSUE #1685] firemon and proc hidepid not working for regular user
Closed
#1136 [GH-ISSUE #1678] Disable noroot at chrom* (including iridium and inox flavours)
Closed
#1137 [GH-ISSUE #1682] Firejail doesn't pass env TMPDIR variable after update to 0.9.52
Closed
#1135 [GH-ISSUE #1680] Opengl error with wine.profile
Closed
#1134 [GH-ISSUE #1675] Is there a command to activate single profile or selected profiles ??
Closed
#1132 [GH-ISSUE #1674] skypeforlinux 8.13.76.4 segfaults with skypeforlinux profile
Closed
#1133 [GH-ISSUE #1677] Make firejail print to stderr by default (instead of stdout)
Closed
#1131 [GH-ISSUE #1673] Cannot start with firejail by default
Closed
#1130 [GH-ISSUE #1671] Unable to open Spotify
Closed
#1126 [GH-ISSUE #1668] Firefox needs dbus which conflicts with --net=vnet0
Closed
#1127 [GH-ISSUE #1670] Error: cannot create ~/.local/application directory
Closed
#1128 [GH-ISSUE #1669] Firejail breaks the network environment when sandboxing network
Closed
#1123 [GH-ISSUE #1665] Qbittorrent doesn't remember torrents after restart
Closed
#1125 [GH-ISSUE #1667] Running unjailed programs from within jail
Closed
#1124 [GH-ISSUE #1663] Qupzilla crashes when run with firejail
Closed
#1121 [GH-ISSUE #1660] firefox profile leaking filesystem access
Closed
#1122 [GH-ISSUE #1661] fetchmail.profile fails when local delivery to port 25 is needed (netfilter doesn't work)
Closed
#1120 [GH-ISSUE #1659] Profile needed for MasterPDFeditor
Closed
#1118 [GH-ISSUE #1656] Starting different firejailed Firefox versions
Closed
#1119 [GH-ISSUE #1655] firefox '<url>' no longer works?
Closed
#1115 [GH-ISSUE #1654] zathura fails to start with default zathura.profile
Closed
#1116 [GH-ISSUE #1653] Thunderbird(Enigmail) not find GnuPG
Closed
#1113 [GH-ISSUE #1651] Dropbox failed to start after update the firejail new built yesterday
Closed
#1112 [GH-ISSUE #1650] Whitelist/Backlist with subfolders (mount points - ZFS)
Closed
#1111 [GH-ISSUE #1649] Folder /files is Accessible in Chrome
Closed
#1110 [GH-ISSUE #1645] Cannot open files from EncFS
Closed
#1108 [GH-ISSUE #1646] Add p11-kit support
Closed
#1109 [GH-ISSUE #1648] Mutt cannot get to the email user file
Closed
#1105 [GH-ISSUE #1644] strange nested loop in firejail 0.9.50 when trying to use it as login-shell
Closed
#1106 [GH-ISSUE #1641] request, add new browsers
Closed
#1107 [GH-ISSUE #1642] [Question] Does 'netfilter=filename' affect the system firewall, eg UFW
Closed
#1102 [GH-ISSUE #1638] If ~/Downloads exists XDG_DOWNLOAD_DIR isn't taken into account
Closed
#1103 [GH-ISSUE #1639] Chroot -- /etc/resolv.conf file as symlink being rejected
Closed
#1104 [GH-ISSUE #1640] valgrind not working inside firejail
Closed
#1099 [GH-ISSUE #1636] Make Firejail available through composer by adding composer.json file (in all branches)
Closed
#1100 [GH-ISSUE #1635] Allow passing in a netfilter configuration via the command line
Closed
#1101 [GH-ISSUE #1634] About commenting private-etc in steam.profile
Closed
#1096 [GH-ISSUE #1632] private-bin and symlinks to non-standard paths
Closed
#1097 [GH-ISSUE #1631] Qt5 do not inherit GTK theme when in a GTK environment [0.9.50]
Closed
#1098 [GH-ISSUE #1633] keepassxc: program does not start (private-etc machine-id)
Closed
#1094 [GH-ISSUE #1630] dropbox: program cannot update itself
Closed
#1095 [GH-ISSUE #1629] okular: printing is broken
Closed
#1093 [GH-ISSUE #1628] Should noexec ${HOME} be changed to noexec ${HOME}/* ?
Closed
#1090 [GH-ISSUE #1626] Is it possible to run an appimage game with firejail and save the game data?
Closed
#1092 [GH-ISSUE #1625] firefox: cannot communicate with enpass
Closed
#1091 [GH-ISSUE #1627] Will there be a config file for firejail?
Closed
#1089 [GH-ISSUE #1622] Lists in syscall.c don’t get defined in some cases, compilation error
Closed
#1087 [GH-ISSUE #1623] Firejail failed Firefox Couldn't load XPCOM.
Closed
#1088 [GH-ISSUE #1624] Software not supported for /31 networks
Closed
#1084 [GH-ISSUE #1619] Firejail breaks media controls in Plasma taskbar
Closed
#1085 [GH-ISSUE #1621] NetworkManager DNS update overrides --dns option
Closed
#1083 [GH-ISSUE #1616] Firejail breaks the ssh-agent launch semantics
Closed
#1082 [GH-ISSUE #1618] VLC: machine-id breaks PulseAudio
Closed
#1081 [GH-ISSUE #1615] Enabling AppArmor support for Chrome disables hardware accelerated rendering
Closed
#1079 [GH-ISSUE #1611] version 50.1 and 50.3(artful deb) won't connect to internet in Ubuntu 17.10
Closed
#1080 [GH-ISSUE #1612] Desktop integration does not work with Google Play Music desktop player profile
Closed
#1078 [GH-ISSUE #1614] Support time based restriction limits
Closed
#1075 [GH-ISSUE #1609] Mousepad can't access its preferences
Closed
#1076 [GH-ISSUE #1608] noexec ignored
Closed
#1077 [GH-ISSUE #1610] Allow blocking gpg agent
Closed
#1072 [GH-ISSUE #1607] w3m can't load webpages without disabling 'private-etc'
Closed
#1074 [GH-ISSUE #1605] keepassxc: Challenge-Response field is greyed out unless 'private-dev' and 'protocol' are disabled
Closed
#1073 [GH-ISSUE #1606] youtube-dl domain name resolution does not work if --external-downloader is used
Closed
#1071 [GH-ISSUE #1601] Unable to save files to symlinked Downloads directory
Closed
#1069 [GH-ISSUE #1602] private-lib must be disabled for hexchat to start
Closed
#1070 [GH-ISSUE #1603] Allow nesting of sandboxes
Closed
#1068 [GH-ISSUE #1600] Is there a recommended workaround for using wlan interfaces with firejail?
Closed
#1066 [GH-ISSUE #1598] Bug in mate-calc.profile
Closed
#1067 [GH-ISSUE #1599] sandbox escapes with kdeinit
Closed
#1063 [GH-ISSUE #1594] Problem with private-tmp in okular and libreoffice profiles
Closed
#1064 [GH-ISSUE #1595] Execute commands
Closed
#1065 [GH-ISSUE #1597] Unable to load opensc-pkcs11.so into Firefox
Closed
#1060 [GH-ISSUE #1592] FireJail Idea
Closed
#1061 [GH-ISSUE #1590] error with private-tmp & /tmp as tmpfs
Closed
#1062 [GH-ISSUE #1591] firejail firefox has no DNS in some? setups
Closed
#1059 [GH-ISSUE #1588] Configurable location for Overlay Directories
Closed
#1058 [GH-ISSUE #1589] Firejail still running after closing Firefox
Closed
#1057 [GH-ISSUE #1586] gnome-ring can't interact with dring
Closed
#1054 [GH-ISSUE #1583] rpm build fails : missing firejail-config manpage
Closed
#1055 [GH-ISSUE #1584] Firefox Nightly breaks out of firejail(-0.9.50,-0.9.51)
Closed
#1056 [GH-ISSUE #1585] Regression: Decrypting inside the jail using gpg-agent running outside the jail with cached password doesn't work anymore
Closed
#1051 [GH-ISSUE #1579] Keyboard blocked on Ubuntu 17.10 beta
Closed
#1052 [GH-ISSUE #1580] Firejail doesn't work with wine+steam on Arch
Closed
#1053 [GH-ISSUE #1581] Authentication in Firefox does not work
Closed
#1050 [GH-ISSUE #1575] Firejail causes "Couldn't Initialize the Render Device." error when I try to launch a particular game from Steam
Closed
#1048 [GH-ISSUE #1578] What happened to the remote desktop feature & tutorial?
Closed
#1049 [GH-ISSUE #1576] Warning messages while using and upon closing Firefox
Closed
#1047 [GH-ISSUE #1572] allow writable-run-user in profiles
Closed
#1045 [GH-ISSUE #1574] firecfg: Remove DBusActivatable from .desktop files
Closed
#1046 [GH-ISSUE #1570] Avoid 'exo-open' on xfce desktop
Closed
#1042 [GH-ISSUE #1568] Unable to start Xfce with latest firejail (Arch Linux)
Closed
#1043 [GH-ISSUE #1569] Why do we have blacklist, noblacklist, and whitelist in the same profile?
Closed
#1044 [GH-ISSUE #1567] What happened to the smtube profile?
Closed
#1039 [GH-ISSUE #1564] Firetools GUI incorrectly reporting Seccomp & Protocols as disabled
Closed
#1040 [GH-ISSUE #1566] build failure on alpine linux (musl libc) aarch64
Closed
#1041 [GH-ISSUE #1563] X11 Xephyr resize windows
Closed
#1038 [GH-ISSUE #1562] blacklist clipboard history file
Closed
#1036 [GH-ISSUE #1559] sudo firecfg : Add profiles in ~/.config/firejail
Closed
#1037 [GH-ISSUE #1560] Cannot open files from sshfs
Closed
#1033 [GH-ISSUE #1557] profile request
Closed
#1034 [GH-ISSUE #1553] private-dev disables access for U2F
Closed
#1035 [GH-ISSUE #1556] Running Virtualbox with seccomp?
Closed
#1030 [GH-ISSUE #1547] Too restrictive blacklisting for systemd-resolved, unable to browse the web due to broken resolv.conf symlink
Closed
#1032 [GH-ISSUE #1546] Cannot authenticate SSH with smartcard though gpg-agent because of /run/user/UID/gnupg blacklist
Closed
#1031 [GH-ISSUE #1550] Firefox no longer works after update--works again when downgraded
Closed
#1029 [GH-ISSUE #1541] seccomp: kmail started to freeze with seccomp and tracelog
Closed
#1027 [GH-ISSUE #1545] Launch app outside Firejail without re-configuring?
Closed
#1028 [GH-ISSUE #1543] SSH can't start with default profile if there are system-wide configs in /etc/ssh/ssh_config.d/
Closed
#1025 [GH-ISSUE #1539] New namespace setup time
Closed
#1026 [GH-ISSUE #1540] All qt5 progragems should whitelist common theming engines
Closed
#1024 [GH-ISSUE #1537] gitg not showing diff
Closed
#1023 [GH-ISSUE #1534] nginx problem in 0.9.50
Closed
#1022 [GH-ISSUE #1531] fcopy: Failure to copy file when uid != root
Closed
#1021 [GH-ISSUE #1535] Tor Browser won't open
Closed
#1019 [GH-ISSUE #1525] Please add a .sig file
Closed
#1020 [GH-ISSUE #1529] remount pulseaudio noexec
Closed
#1018 [GH-ISSUE #1527] caps.keep broken on the commandline?
Closed
#1017 [GH-ISSUE #1521] Unable to run a C executable in firejail: Permission denied error.
Closed
#1016 [GH-ISSUE #1520] Firejail MySQL
Closed
#1015 [GH-ISSUE #1522] Errors about elevating to root
Closed
#1013 [GH-ISSUE #1514] Invalid argument on Libreoffice's Appimage Recipe
Closed
#1014 [GH-ISSUE #1518] ControlSocket failed behaviour with ssh
Closed
#1012 [GH-ISSUE #1516] Can't start yandex-browser with firejail
Closed
#1009 [GH-ISSUE #1513] [Spotify] Blacklisting too restrictive - firejail 0.9.48
Closed
#1010 [GH-ISSUE #1509] Thunderbird profile and localhost emails
Closed
#1011 [GH-ISSUE #1510] Question: ‘program.local’ ‘global.local’ and ‘program.profile’?
Closed
#1006 [GH-ISSUE #1506] Cannot run qutebrowser with Firejail due to "No module named PyQt5.QtSql"
Closed
#1007 [GH-ISSUE #1508] Hexchat notification sounds are not played.
Closed
#1008 [GH-ISSUE #1507] Slack notification sounds are not played.
Closed
#1005 [GH-ISSUE #1505] Gnome-terminal stops working after stopping xpra
Closed
#1003 [GH-ISSUE #1502] test suite errors
Closed
#1004 [GH-ISSUE #1504] build failure on some architectures
Closed
#1000 [GH-ISSUE #1497] Question regarding specific case where qutebrowser can launch without access to ~/.local and ~/.cache
Closed
#1001 [GH-ISSUE #1499] Setting DISPLAY in --env setting does not work
Closed
#1002 [GH-ISSUE #1498] Atril doesn't launch anymore in firejail, but there's a workaround
Closed
#999 [GH-ISSUE #1490] Better way to investigate syscalls
Closed
#997 [GH-ISSUE #1491] How to simulate the installation of programs?
Closed
#998 [GH-ISSUE #1492] Xonotic doesn't launch with firejail
Closed
#994 [GH-ISSUE #1487] Firefox + Firejail + AppArmor (+ encrypted home directory) seem not to work together
Closed
#995 [GH-ISSUE #1486] xpra window isn't displaying / xpra-extra-params broken in firejail-git
Closed
#996 [GH-ISSUE #1481] Claws-mail doesn't open external links in Vivaldi browser
Closed
#993 [GH-ISSUE #1479] Feature: switch/config option to block secondary architectures
Closed
#992 [GH-ISSUE #1480] firecfg error if /usr/local/bin does not exist
Closed
#991 [GH-ISSUE #1478] Question regarding symlinks and firejail
Closed
#988 [GH-ISSUE #1476] What is the syntax for hosts-file in profiles ?
Closed
#990 [GH-ISSUE #1474] whitelist /dev/serial
Closed
#985 [GH-ISSUE #1470] No sound in Firefox (with apulse)
Closed
#987 [GH-ISSUE #1467] Can't access computer:/// from PCMan File Manager
Closed
#986 [GH-ISSUE #1464] Cannot execute file with .sh extension in /usr/bin
Closed
#982 [GH-ISSUE #1462] Unable to --join to -x11 firefox
Closed
#984 [GH-ISSUE #1463] wrong/corrupted tray icon running telegram in ubuntu with lxpanel / openbox
Closed
#983 [GH-ISSUE #1459] Mutt fails to read mail attachments (using lynx / gnu highlight)
Closed
#979 [GH-ISSUE #1456] improve exception handling / dynamic filter customization
Closed
#980 [GH-ISSUE #1458] option output=logfile mangles screen display for ncurses programs (ie. mutt)
Closed
#981 [GH-ISSUE #1457] Unable to write mail in mutt (using emacsclient)
Closed
#976 [GH-ISSUE #1450] firecfg incompletely installing
Closed
#977 [GH-ISSUE #1454] mutt crashes when using t-prot
Closed
#978 [GH-ISSUE #1455] improve debug messages
Closed
#975 [GH-ISSUE #1441] Whitelist isn't really a whitelist...?
Closed
#973 [GH-ISSUE #1446] Allow private-dev to accept aditional devices
Closed
#974 [GH-ISSUE #1447] Feature: allow any syscall to be blacklisted with aid of LD_PRELOAD library
Closed
#971 [GH-ISSUE #1440] What's the difference between --chroot= and --private= ?
Closed
#972 [GH-ISSUE #1434] app local profiles should be placed before global local profiles
Closed
#970 [GH-ISSUE #1439] Supplementary groups not working
Closed
#967 [GH-ISSUE #1425] [profile request] rambox
Closed
#968 [GH-ISSUE #1429] private-bin needs to understand filenames by absolute paths (even with restriction to {/usr{/local,},}/{s,}bin)
Closed
#969 [GH-ISSUE #1422] mutt + gpg indefinitely hangs
Closed
#964 [GH-ISSUE #1418] Websocket and Firejail
Closed
#965 [GH-ISSUE #1419] Archive Managers can't acces network folders
Closed
#966 [GH-ISSUE #1420] dropbox can't start: permission denied to ~/.dropbox-dist
Closed
#962 [GH-ISSUE #1417] Feature: Easier alternative to list of syscalls for --seccomp: add pre-defined syscall groups
Closed
#963 [GH-ISSUE #1414] Firefox Nightly broken due to firejail's seccomp
Closed
#961 [GH-ISSUE #1413] noroot not effective with ssh?
Closed
#958 [GH-ISSUE #1406] ARP cache pollution when using net namespaces.
Closed
#959 [GH-ISSUE #1404] xpra-extra-params throws an error
Closed
#960 [GH-ISSUE #1405] Firejail X11 sandboxing unusable with latest xpra
Closed
#955 [GH-ISSUE #1400] Xpra killing emacs daemon on exit
Closed
#956 [GH-ISSUE #1398] Allow custom temporary (--private) profile
Closed
#957 [GH-ISSUE #1401] How to use input methods with graphical isolation?
Closed
#952 [GH-ISSUE #1396] Steam is unable to use its internal web browser
Closed
#953 [GH-ISSUE #1392] Okular plays sound despite the --nosound argument
Closed
#954 [GH-ISSUE #1395] Wire Webapp Unable to Complete Loading in Firefox
Closed
#949 [GH-ISSUE #1388] 2 gotchas with whitelist (ending / and origin dir of a symlinked file)
Closed
#950 [GH-ISSUE #1391] Okular won't start the second instance - can't open more than one pdf file at the same time
Closed
#951 [GH-ISSUE #1387] Firejail with systemd daemon
Closed
#946 [GH-ISSUE #1384] Not working in LXC (Proxmox VE); Error: "cannot establish communication with the parent"
Closed
#948 [GH-ISSUE #1385] Can't killall firejailed chromium
Closed
#947 [GH-ISSUE #1386] xdg-open not working for opening links from firejailed pidgin in firejailed chromium
Closed
#943 [GH-ISSUE #1381] firefox: Yubico u2f token is not detected (private-dev)
Closed
#944 [GH-ISSUE #1382] firetools_0.9.46.deb depends on libqt4-svg
Closed
#945 [GH-ISSUE #1383] Programs with periods in their name fail to use their profile when run via symlink method
Closed
#942 [GH-ISSUE #1375] invalid --output=logfile command line option
Closed
#941 [GH-ISSUE #1378] /usr/bin/dbus-launch inhibits --x11 server exit. Blacklisting it seems to fix it.
Closed
#937 [GH-ISSUE #1371] seccomp and ignore
Closed
#938 [GH-ISSUE #1368] Allow Xephyr server dimensions as a command or profile option.
Closed
#939 [GH-ISSUE #1370] keepassxc: typo in keepassxc.profile
Closed
#935 [GH-ISSUE #1364] Cannot run palemoon in firejail
Closed
#934 [GH-ISSUE #1366] seccomp.keep and seccomp
Closed
#936 [GH-ISSUE #1362] google-chrome profiles not working with plugins
Closed
#932 [GH-ISSUE #1353] Whitelist not working?
Closed
#933 [GH-ISSUE #1355] "Firefox is not currently set as your default browser"
Closed
#931 [GH-ISSUE #1356] Typo in geary profile
Closed
#928 [GH-ISSUE #1351] Increased cpu usage on certain webpages which contain gifs on qutebrowser, luakit
Closed
#930 [GH-ISSUE #1352] What is a security purpose of fairjail?
Closed
#925 [GH-ISSUE #1347] Implications of CONFIG_USER_NS
Closed
#926 [GH-ISSUE #1349] Profiles missing in firecfg.config
Closed
#927 [GH-ISSUE #1348] Disallowing fchmod is incompatible with --nogroups in 0.9.46 and later
Closed
#922 [GH-ISSUE #1344] Firefox and thunderbird are starting as root
Closed
#923 [GH-ISSUE #1346] private-bin and shells
Closed
#924 [GH-ISSUE #1342] firejail {--tree|--list} not listing anything
Closed
#920 [GH-ISSUE #1340] Chromium trying to open another instance if opened in firejail
Closed
#921 [GH-ISSUE #1339] Stopping alias
Closed
#919 [GH-ISSUE #1341] Can not show html-mails in Claws-Mail
Closed
#917 [GH-ISSUE #1337] Possible to set runtime limit?
Closed
#918 [GH-ISSUE #1338] Firefox within firejail interfering with pulseaudio
Closed
#915 [GH-ISSUE #1334] private-tmp option in chromium.profile causes URLs to be opened in new Chromium window, potentially corrupts chromium profile and browsing history
Closed
#913 [GH-ISSUE #1335] Included firefox profile does not whitelist all the okular config files
Closed
#914 [GH-ISSUE #1333] typo in qpdfview profile
Closed
#912 [GH-ISSUE #1332] private-etc with custom files
Closed
#910 [GH-ISSUE #1331] Firefox crash
Closed
#911 [GH-ISSUE #1330] Included ktorrent profile whitelists wrong config files
Closed
#909 [GH-ISSUE #1329] Build failure: userfaultfd syscall
Closed
#908 [GH-ISSUE #1327] firejail 0.9.46 private-etc broken?
Closed
#907 [GH-ISSUE #1328] firejail 0.9.46 private-bin breaks with no errors or warnings
Closed
#905 [GH-ISSUE #1326] firejail-0.9.46-1 cannot use firejail as shell
Closed
#906 [GH-ISSUE #1324] seccomp.keep fails on Arch
Closed
#904 [GH-ISSUE #1325] Bug in disable-programs.inc
Closed
#903 [GH-ISSUE #1321] keepassx segfault
Closed
#901 [GH-ISSUE #1323] Digikam profile
Closed
#902 [GH-ISSUE #1320] 0.9.44.10 -> 0.9.46: libstdc++.so cannot be loaded
Closed
#898 [GH-ISSUE #1316] trouble with firemon --x11 from scripts.
Closed
#899 [GH-ISSUE #1318] [INFORMATION] Need review about article
Closed
#900 [GH-ISSUE #1319] [DOC] Firefox doesn’t open in a new sandbox...
Closed
#895 [GH-ISSUE #1312] No sound in Firefox
Closed
#896 [GH-ISSUE #1314] Tutorial / script for firejail Tor bridgers to make feature more accessible
Closed
#897 [GH-ISSUE #1313] Also read /etc/hosts when using the firejail hosts-file option
Closed
#892 [GH-ISSUE #1309] Pushing changes/limitations upstream
Closed
#893 [GH-ISSUE #1310] Seccomp execve - Operation not permitted launching an app
Closed
#894 [GH-ISSUE #1311] Thunar won't start with basic command 'firejail thunar' (actually, it starts, but not sandboxed)
Closed
#891 [GH-ISSUE #1306] spotify: Failed to load libGL.so.1
Closed
#890 [GH-ISSUE #1305] Custom include for dns option
Closed
#889 [GH-ISSUE #1308] Information in window title that program is running firejailed?
Closed
#886 [GH-ISSUE #1303] Using private command doesn't use '.local's, uses main profile.
Closed
#887 [GH-ISSUE #1301] Spotify takes too long to open in firejail 0.9.46
Closed
#888 [GH-ISSUE #1302] Firejail causes ibus not to work in Qt applications
Closed
#883 [GH-ISSUE #1298] Update to 0.9.46-2~0ubuntu16.04.0 has broken all browsers...
Closed
#884 [GH-ISSUE #1299] ssh fails when used with Kerberos
Closed
#885 [GH-ISSUE #1300] Gnome-calculator not working in firejail 0.9.46
Closed
#881 [GH-ISSUE #1294] Seamonkey fails
Closed
#882 [GH-ISSUE #1293] add me
Closed
#880 [GH-ISSUE #1292] Provided clementine profile causes library scanning to fail
Closed
#879 [GH-ISSUE #1289] firejail doesn't exit automatically when running firefox
Closed
#877 [GH-ISSUE #1290] console switching, xpra crashes
Closed
#878 [GH-ISSUE #1291] qupzilla.profile includes files which do not exist
Closed
#876 [GH-ISSUE #1285] Unable to create a profile containing "overlay-tmpfs"
Closed
#874 [GH-ISSUE #1286] private-dev for firefox/chrome
Closed
#875 [GH-ISSUE #1287] Firefox crashes with ipc-namespace (or something related)
Closed
#872 [GH-ISSUE #1280] steam.profile update breaks steam
Closed
#871 [GH-ISSUE #1281] [firecfg 0.9.46] non-admin users can't fix their desktop files
Closed
#873 [GH-ISSUE #1282] support xonsh as the login shell
Closed
#869 [GH-ISSUE #1276] 0.9.46 Breaks Profile Links
Closed
#870 [GH-ISSUE #1275] Startup given processes automatically in firejail
Closed
#868 [GH-ISSUE #1277] Garbled VLC menus?
Closed
#865 [GH-ISSUE #1274] (firefox:5): dconf-CRITICAL
Closed
#866 [GH-ISSUE #1273] cannot find group id
Closed
#867 [GH-ISSUE #1272] Can't run firefox with firejail outside of /usr/bin
Closed
#862 [GH-ISSUE #1268] After using firecfg there are lot's of GIMP errors when launching it
Closed
#863 [GH-ISSUE #1267] Firejail profile for eye of gnome breaks steam screenshots images
Closed
#864 [GH-ISSUE #1271] new profiles
Closed
#861 [GH-ISSUE #1261] File Manager Sandboxing
Closed
#859 [GH-ISSUE #1259] mpv profile not working with if creating /usr/local/bin/mpv wrapper
Closed
#860 [GH-ISSUE #1264] Firejail in PHP exec() results in "Error: user .config directory is not owned by the current user"
Closed
#856 [GH-ISSUE #1256] More reliable alternative to /usr/local/bin
Closed
#857 [GH-ISSUE #1257] How do I allow qutebrowser to access its external editor (URxvt with Vim)?
Closed
#858 [GH-ISSUE #1258] new profile
Closed
#853 [GH-ISSUE #1251] Question: "apocalypse" settings for chromium
Closed
#854 [GH-ISSUE #1255] Modify whitelist's behaviour
Closed
#855 [GH-ISSUE #1250] Question regarding whitelisting a specific file inside a blacklisted directory.
Closed
#851 [GH-ISSUE #1248] Chromium video calling doesn't work (e.g. Hangouts)
Closed
#852 [GH-ISSUE #1249] Typo in user instructions in some profile files
Closed
#847 [GH-ISSUE #1246] grsec: user can not create network interfaces
Closed
#848 [GH-ISSUE #1244] Using --trace to generate initial profiles
Closed
#849 [GH-ISSUE #1245] new profiles
Closed
#844 [GH-ISSUE #1243] Error fcopy: invalid file
Closed
#845 [GH-ISSUE #1241] Despite firejail workin on firefox I can acces all files on my hard disk from the browser
Closed
#846 [GH-ISSUE #1240] Firejail and Steam Games
Closed
#841 [GH-ISSUE #1238] default bind mounts and noexec option
Closed
#843 [GH-ISSUE #1237] Pulseaudio 10.0 with Firefox not working with 0.9.44.10 on PCLinuxOS KDE 64-bit
Closed
#838 [GH-ISSUE #1233] --no3d in virtual machines?
Closed
#839 [GH-ISSUE #1235] Using both noblacklist and read-only on the same folder
Closed
#840 [GH-ISSUE #1234] Support whitelisting in overlayfs
Closed
#837 [GH-ISSUE #1230] sftp problem
Closed
#835 [GH-ISSUE #1227] How secure is firejail for unknown programs?
Closed
#836 [GH-ISSUE #1231] Feature Request: Per profile 'disable-mnt'
Closed
#832 [GH-ISSUE #1217] Use curly-brackets in filename instead of ()
Closed
#833 [GH-ISSUE #1218] Running x9 csgo processes sandboxed
Closed
#834 [GH-ISSUE #1216] Unable to build master
Closed
#829 [GH-ISSUE #1212] feature request, 'xephyr-extra-params -dpi' option
Closed
#831 [GH-ISSUE #1215] Nylas Mail Profile
Closed
#830 [GH-ISSUE #1213] Exceptions to blacklists and 'noexec {HOME}'
Closed
#828 [GH-ISSUE #1211] enhacement
Closed
#826 [GH-ISSUE #1210] Experience in running Firejail inside a Docker container?
Closed
#827 [GH-ISSUE #1206] Small question regarding dns setting in profile files.
Closed
#825 [GH-ISSUE #1204] Keyboard doesn't work with Chrome browser/Firefox (firejail version 0.9.46~rc1, Ubuntu Gnome 17.04)
Closed
#823 [GH-ISSUE #1203] '--quiet' not suppressing all informational messages
Closed
#824 [GH-ISSUE #1202] Error in Ubuntu Gnome 17.04 (firejail version 0.9.46~rc1)
Closed
#820 [GH-ISSUE #1197] --x11=xorg couldn't query Security extension
Closed
#821 [GH-ISSUE #1199] Where is Downloads folder for --private option?
Closed
#822 [GH-ISSUE #1200] Is there a point in --net=<ethernet_interface> if you don't use X11 sandboxing?
Closed
#819 [GH-ISSUE #1193] palemoon fails too
Closed
#817 [GH-ISSUE #1192] vivaldi fail
Closed
#818 [GH-ISSUE #1196] application window greys out
Closed
#815 [GH-ISSUE #1187] Add missing negator instructions
Closed
#816 [GH-ISSUE #1189] [Question?] Modifying Brave profile to allow built-in password manager (keyring-dependent) to actually work
Closed
#814 [GH-ISSUE #1191] OpenGL failure on Fedora due to SElinux
Closed
#811 [GH-ISSUE #1183] enhacement: fix these cve
Closed
#812 [GH-ISSUE #1185] systemd/firejail interaction
Closed
#813 [GH-ISSUE #1180] Whitelists not working?
Closed
#810 [GH-ISSUE #1179] vlc profile fail
Closed
#808 [GH-ISSUE #1178] question: how can i sandbox a DE
Closed
#809 [GH-ISSUE #1176] Firejail app cannot communicate with my Yubikey
Closed
#806 [GH-ISSUE #1175] Pulseaudio issue (no sound) when running Firefox in Firejail
Closed
#807 [GH-ISSUE #1173] Firefox can't save bookmarks
Closed
#805 [GH-ISSUE #1172] --private=directory and pulseaudio (steam, alsa underruns)
Closed
#804 [GH-ISSUE #1171] leftovers from 'tmpfs on ~/.cache' in /etc/firejail/firejail.config
Closed
#802 [GH-ISSUE #1170] removed man firejail-config still referenced in firejail.config
Closed
#803 [GH-ISSUE #1169] Using --private-bin with iceweasel (information) ?
Closed
#800 [GH-ISSUE #1168] Setting rlimit-fsize to 4GB fails
Closed
#801 [GH-ISSUE #1162] Vivaldi doesn't play livestream
Closed
#799 [GH-ISSUE #1167] Midori profile broken on Arch
Closed
#796 [GH-ISSUE #1161] Pale Moon profile invalid, line 30 being the problem
Closed
#797 [GH-ISSUE #1158] Root priv esc via tmpfs TOCTOU
Closed
#798 [GH-ISSUE #1160] [Information] Firejail + Tor
Closed
#793 [GH-ISSUE #1157] Closing a window using xpra sandboxing crashes the entire X server
Closed
#794 [GH-ISSUE #1148] nogroups option and man page
Closed
#795 [GH-ISSUE #1150] terminix renamed to tilix
Closed
#792 [GH-ISSUE #1144] Whitelist symlinkeddir of origin
Closed
#791 [GH-ISSUE #1142] Ability to use a proxy.
Closed
#790 [GH-ISSUE #1143] Failure to firejail a custom AppImage
Closed
#787 [GH-ISSUE #1140] Strange error when I use firejail with $HOME/.local for prefix
Closed
#788 [GH-ISSUE #1141] tmpfs on top of ~/.cache directory by default
Closed
#784 [GH-ISSUE #1136] wine speed in firejail
Closed
#785 [GH-ISSUE #1138] CentOS: private-tmp problems
Closed
#783 [GH-ISSUE #1135] Possibility to override whitelist defined in system-wide profile
Closed
#781 [GH-ISSUE #1134] [Solved] Virtualbox error in Manjaro: "Effective UID is not root"
Closed
#782 [GH-ISSUE #1133] [discussion] allow to specify full path to the binary in private-bin
Closed
#779 [GH-ISSUE #1131] Error: cannot access profile file
Closed
#780 [GH-ISSUE #1132] [bug?] private-bin brakes sound (pulseaudio) support
Closed
#775 [GH-ISSUE #1129] [bug] Changed behaviour of private-bin (resulting in broken apps)
Closed
#776 [GH-ISSUE #1128] processes not terminated properly
Closed
#777 [GH-ISSUE #1127] --whitelist=~/.bashrc temporarily overwrites .bashrc
Closed
#774 [GH-ISSUE #1125] default-policy.conf to select whitelisting (isolated operation) or blacklisting (integated operation)
Closed
#773 [GH-ISSUE #1126] --netfilter example not in effect
Closed
#772 [GH-ISSUE #1123] allow --net only for sandboxes started (or configured) by root
Closed
#769 [GH-ISSUE #1120] Keepass section in browser profiles
Closed
#770 [GH-ISSUE #1121] Persistent sandboxes
Closed
#771 [GH-ISSUE #1122] $HOME not set properly with --user option
Closed
#766 [GH-ISSUE #1116] Failing to get X11 sandboxing working on Arch
Closed
#767 [GH-ISSUE #1119] overiding disable-common.local in selected profiles?
Closed
#765 [GH-ISSUE #1114] Warnings still displayed despite of --quiet
Closed
#763 [GH-ISSUE #1115] better self-explaining options (than --private)
Closed
#762 [GH-ISSUE #1112] Question: How can i fix this profile?
Closed
#760 [GH-ISSUE #1110] Brave profile broken
Closed
#761 [GH-ISSUE #1111] Arch users, --dns= required for Firefox to connect to internet for wired interfaces?
Closed
#758 [GH-ISSUE #1109] Qemu Woes
Closed
#759 [GH-ISSUE #1105] Arbitrary command line arguments in profile files?
Closed
#757 [GH-ISSUE #1107] Temporary specific folders
Closed
#756 [GH-ISSUE #1102] Error: cannot access AppImage file
Closed
#754 [GH-ISSUE #1104] Does Firejail protect against ASLR bypasses?
Closed
#755 [GH-ISSUE #1101] Latest firefox doesn't work with firejail
Closed
#753 [GH-ISSUE #1097] chromium: Do different tabs run in separate sandboxes?
Closed
#752 [GH-ISSUE #1098] Cannot whitelist symlinks that point outside home directory
Closed
#751 [GH-ISSUE #1096] Firefox 51.0 segfaults with --private-dev option
Closed
#748 [GH-ISSUE #1094] [Feature request] Provide easier way to install without root.
Closed
#749 [GH-ISSUE #1093] Question: firejail + proxychains/torsocks
Closed
#750 [GH-ISSUE #1095] Firefox extension accessing non-whitelisted folder
Closed
#747 [GH-ISSUE #1090] Weird issue with Audacious and Firefox with --private=directory
Closed
#745 [GH-ISSUE #1092] request: a profile for amule
Closed
#746 [GH-ISSUE #1091] A question about noroot and seccomp with >3.5 kernels
Closed
#742 [GH-ISSUE #1086] Default ssh profile prevents ProxyJump
Closed
#743 [GH-ISSUE #1088] Sandboxed daemon cannot mmap to kernel
Closed
#744 [GH-ISSUE #1087] --private combined with --hostname and GUI app
Closed
#739 [GH-ISSUE #1085] option to expose only whitelisted ip:port:protocol into the sandbox
Closed
#740 [GH-ISSUE #1084] firejail X window ID should be unique
Closed
#741 [GH-ISSUE #1083] Xephyr can't see abstract socket for outer X server when sandboxed
Closed
#738 [GH-ISSUE #1080] Owlboy: Unable to detect controllers
Closed
#737 [GH-ISSUE #1082] Why are root-owned files owned by uid 65534 inside sandboxes?
Closed
#736 [GH-ISSUE #1081] firecfg --fix does not ensure that ~/.local/share/applications exists
Closed
#734 [GH-ISSUE #1077] hide new userspace warning with --quiet
Closed
#735 [GH-ISSUE #1076] Cannot ping my machine when I use --ip option
Closed
#733 [GH-ISSUE #1078] Issue whitelisting or noblacklisting home dir
Closed
#732 [GH-ISSUE #1075] RFC: --x11=xvfb mode
Closed
#730 [GH-ISSUE #1074] Gnome-mplayer profile issue with private-bin
Closed
#731 [GH-ISSUE #1073] Ability to disable process namespaces
Closed
#727 [GH-ISSUE #1071] Per directory overlayfs filesystems?
Closed
#728 [GH-ISSUE #1070] firejail not launching Firefox
Closed
#729 [GH-ISSUE #1072] --no-tmpfs option?
Closed
#725 [GH-ISSUE #1067] copr repo for firetools
Closed
#726 [GH-ISSUE #1066] Trying to run firejail on Heroku (existing sandbox was detected)
Closed
#724 [GH-ISSUE #1069] Arch Warning: noroot option is not available
Closed
#721 [GH-ISSUE #1065] --x11=xorg "unable to open display" but runs anyway
Closed
#722 [GH-ISSUE #1063] bindmount for /etc/hosts without root
Closed
#723 [GH-ISSUE #1059] Firejailed Gajim doesn't start on Debian 9
Closed
#718 [GH-ISSUE #1058] Feature request: join network namespace created by 'ip netns create'
Closed
#719 [GH-ISSUE #1055] Firefox Developer Version - 52.0a2 (2017-01-16) (64-bit) not setting as default browser
Closed
#720 [GH-ISSUE #1057] Firefox without Sound, Qmmp don't play an song
Closed
#717 [GH-ISSUE #1050] VLC audio issue on the latest release 0.9.44.6.
Closed
#715 [GH-ISSUE #1051] Firejail prevents qbittorrent from accessing tun0 network interface
Closed
#716 [GH-ISSUE #1054] No sound using pulseaudio after 0.9.44.6 update
Closed
#714 [GH-ISSUE #1048] Firefox freezes when opened with many tabs
Closed
#712 [GH-ISSUE #1049] LTS version missing features and profiles?
Closed
#713 [GH-ISSUE #1047] SSH login: Permission denied error
Closed
#709 [GH-ISSUE #1046] rules: Firejail is preventing epiphany from "installing" web applications
Closed
#710 [GH-ISSUE #1045] GPU acceleration not working out of the box anymore with vglusers
Closed
#711 [GH-ISSUE #1043] $HOME is wrong under some situations
Closed
#706 [GH-ISSUE #1040] Application (web browser) freeze when streaming Silverlight video from within an OverlayFS
Closed
#707 [GH-ISSUE #1042] [Patch] On including <sys/sysmacros.h>
Closed
#704 [GH-ISSUE #1032] 0.9.45 (git HEAD): "Error mount bind ld.so.preload"
Closed
#705 [GH-ISSUE #1039] ASSERT_PERMS_FD should use fstat() rather than stat()
Closed
#703 [GH-ISSUE #1038] Profiles: QuiteRSS is unable to start browser
Closed
#702 [GH-ISSUE #1030] Issue: please fix the RSS feed on the wordpress site.
Closed
#700 [GH-ISSUE #1029] giving lxc a restricted x server or wayland session?
Closed
#701 [GH-ISSUE #1031] Bug: I've found a working exploit against firejail
Closed
#699 [GH-ISSUE #1022] hybrid isolation approaches
Closed
#697 [GH-ISSUE #1028] ~/.config/pulse cannot be whitelisted (always overriden unless nosound)
Closed
#698 [GH-ISSUE #1023] Root shell via --bandwidth and --shell
Closed
#695 [GH-ISSUE #1018] Issue with --noblacklist having no effect
Closed
#696 [GH-ISSUE #1019] private-dev not working?
Closed
#694 [GH-ISSUE #1020] local root firejail ??
Closed
#691 [GH-ISSUE #1014] Running steam in firejail shows the login window with the copy of the background
Closed
#692 [GH-ISSUE #1016] firejail --x11=xpra doesn't attach with firefox
Closed
#693 [GH-ISSUE #1015] Firejail prevents printing in AppArmored applications
Closed
#688 [GH-ISSUE #1011] Creation of blacklisted or read-only files
Closed
#689 [GH-ISSUE #1012] gpg.profile prevents adding ppa
Closed
#690 [GH-ISSUE #1013] "Error mkdir" appears inconsistently
Closed
#686 [GH-ISSUE #1005] little scripts to copy/paste and resize firejail --x11
Closed
#687 [GH-ISSUE #1008] Can't run Chromium in firejail with --overlay-tmpfs option
Closed
#685 [GH-ISSUE #1007] pass proper DPI to xpra and xephyr
Closed
#683 [GH-ISSUE #1003] New profiles
Closed
#684 [GH-ISSUE #1001] blacklist /mnt by default
Closed
#679 [GH-ISSUE #999] Fails to build with mtune=native (haswell), or -O3
Closed
#680 [GH-ISSUE #998] gui isolation through wayland
Closed
#681 [GH-ISSUE #997] Can't use firejail for Counter-Strike (CSGO)
Closed
#678 [GH-ISSUE #995] Thunderbird accesses ~/.mozilla even when blacklisted
Closed
#676 [GH-ISSUE #992] SDL error when trying to run certain games in steam
Closed
#677 [GH-ISSUE #996] Firefox and libGL problem
Closed
#673 [GH-ISSUE #987] firejail-default is not added into .deb and is not installed with deb installation
Closed
#675 [GH-ISSUE #989] Move profiles into a separate repo and use as submodule
Closed
#674 [GH-ISSUE #986] Find out which Qubes components can be reused in firejail
Closed
#672 [GH-ISSUE #984] Blacklist /etc/firejail?
Closed
#670 [GH-ISSUE #983] Support the standard Unix SHELL environment variable
Closed
#671 [GH-ISSUE #985] Document the high-level architecture of firejail
Closed
#667 [GH-ISSUE #980] A GUI tool to create profiles
Closed
#668 [GH-ISSUE #982] Consider using CMake as a build system
Closed
#669 [GH-ISSUE #981] Build and publish binaries automatically using CI
Closed
#665 [GH-ISSUE #975] Steam doesn't start on Ubuntu 16.04
Closed
#666 [GH-ISSUE #976] Feature request: Integrate with kafel seccomp-bpf configuration language
Closed
#664 [GH-ISSUE #977] dbus filter
Closed
#663 [GH-ISSUE #974] gateway in sandbox depends on --net parameters order
Closed
#661 [GH-ISSUE #972] security profile is being read twice under certain circumstances
Closed
#662 [GH-ISSUE #973] Why not a profile for Tor Messenger
Closed
#659 [GH-ISSUE #969] Unable to override PS1 (command prompt)
Closed
#660 [GH-ISSUE #970] firejail allows R/W files outside of the sandbox when run without arguments
Closed
#655 [GH-ISSUE #965] GTK 3 theme in Xephyr sandbox?
Closed
#656 [GH-ISSUE #968] 'configuration file should be owned by root' error
Closed
#657 [GH-ISSUE #966] after updating firejail screen and tmux terminal mixer cease to work
Closed
#654 [GH-ISSUE #959] Firefox blacklist violation for fontconfig
Closed
#652 [GH-ISSUE #964] Set FIREJAIL_PROMPT enabled by default?
Closed
#653 [GH-ISSUE #961] Whitelisting folder?
Closed
#649 [GH-ISSUE #955] Spoof D-Bus machine-id
Closed
#650 [GH-ISSUE #958] Qutebrowser fails to load with qutebrowser.conf profile and webengine backend
Closed
#651 [GH-ISSUE #956] Reverse scrolling not working in firejail
Closed
#648 [GH-ISSUE #952] firecfg enhancements
Closed
#647 [GH-ISSUE #954] Questions regarding inheritance
Closed
#646 [GH-ISSUE #950] Add KDE's konsole to blacklisted terminal emulators
Closed
#643 [GH-ISSUE #944] firejailed ssh tunnel?
Closed
#644 [GH-ISSUE #947] Chromium 'Save as' doesn't work with --net on KDE
Closed
#645 [GH-ISSUE #948] gajim.profile fix
Closed
#640 [GH-ISSUE #940] Implement SandboxIE features
Closed
#641 [GH-ISSUE #942] If name of the sandbox isn't defined...
Closed
#642 [GH-ISSUE #939] Isolate IPC
Closed
#638 [GH-ISSUE #935] firecfg options
Closed
#639 [GH-ISSUE #937] Whitelisted keepassx in web browser profiles
Closed
#637 [GH-ISSUE #938] atom profile breaks git integration
Closed
#634 [GH-ISSUE #934] evince starts service outside of sandbox
Closed
#636 [GH-ISSUE #932] Quiet-by-default seems to be broken
Closed
#635 [GH-ISSUE #933] fseccomp Error with --chroot option
Closed
#631 [GH-ISSUE #930] Atril doesn't work with --net=none
Closed
#632 [GH-ISSUE #929] noroot missing in some profiles
Closed
#633 [GH-ISSUE #931] Option to start new sandbox from another sandbox
Closed
#628 [GH-ISSUE #927] have systemd apply firejail
Closed
#629 [GH-ISSUE #928] Services preventing firejail from stopping
Closed
#630 [GH-ISSUE #926] private-bin fails when executing binaries in /usr/lib
Closed
#626 [GH-ISSUE #925] mkdeb.sh fails
Closed
#627 [GH-ISSUE #921] enable /home/share
Closed
#625 [GH-ISSUE #922] firejail --seccomp opera' fails with setuid sandbox is not running as root (...) Failed to move to new namespace'
Closed
#622 [GH-ISSUE #917] Applications opening as superuser mode
Closed
#623 [GH-ISSUE #919] Disable warning for disabled networking
Closed
#624 [GH-ISSUE #918] seccomp: document logging and audit.d
Closed
#619 [GH-ISSUE #915] --net=eth0 only works as root
Closed
#620 [GH-ISSUE #913] launching non-existing command - should be verbose
Closed
#621 [GH-ISSUE #914] Support private /opt
Closed
#616 [GH-ISSUE #909] "--allow-debuggers" always fails
Closed
#617 [GH-ISSUE #911] Read files from system
Closed
#618 [GH-ISSUE #910] Support symlinks for --private-home
Closed
#613 [GH-ISSUE #906] Open Folder/File not working in Deluge under KDE4
Closed
#614 [GH-ISSUE #908] Thunderbird: Okular can't open PDF files
Closed
#610 [GH-ISSUE #904] vlc segfault on debian jessie
Closed
#612 [GH-ISSUE #905] Opening links in external applications under firejailed Firefox
Closed
#607 [GH-ISSUE #896] Firefox doesn't accept SSL certificates anymore
Closed
#608 [GH-ISSUE #902] Wrong icons in Firefox when firejailed under KDE 4
Closed
#609 [GH-ISSUE #897] Blacklist ecryptfs-utils specific files
Closed
#604 [GH-ISSUE #894] Ansible role for Firejail
Closed
#605 [GH-ISSUE #892] Ability to turn off pid namespacing?
Closed
#602 [GH-ISSUE #889] {,/usr}/sbin warnings are shown with --quiet
Closed
#603 [GH-ISSUE #888] "firejail --get" always fails
Closed
#601 [GH-ISSUE #887] restricted shell bug
Closed
#600 [GH-ISSUE #883] claws-mail.profile doesn't allow attaching to existing session
Closed
#598 [GH-ISSUE #884] slack.profile does not allow opening URLs in messages
Closed
#599 [GH-ISSUE #886] /run/firejail/mnt doesn't get created, hence all firejails fail
Closed
#595 [GH-ISSUE #879] Can't run any OpenGL apps using nvidia drivers
Closed
#596 [GH-ISSUE #882] cp -a --parents with --private-etc
Closed
#594 [GH-ISSUE #877] "firejail --chroot=/" destroys resolv.conf
Closed
#592 [GH-ISSUE #876] Question: why when running as root does it mount over /dev/shm
Closed
#593 [GH-ISSUE #875] Warnings with --x11=xorg
Closed
#590 [GH-ISSUE #868] Wine profile (included in default Firejail installation) may be too restrictive
Closed
#591 [GH-ISSUE #869] Can you use dirtycow to break out of firejail? [ QUESTION]
Closed
#589 [GH-ISSUE #873] Use of systemcalls
Closed
#588 [GH-ISSUE #863] private-bin: use actual files instead of symbolic links
Closed
#587 [GH-ISSUE #864] Typo in etc/disable-devel.inc
Closed
#586 [GH-ISSUE #862] Need a way to write to /sys/fs/cgroup inside firejailed process
Closed
#583 [GH-ISSUE #858] What does "shell none" do
Closed
#584 [GH-ISSUE #861] Support AppImage type 2 image format
Closed
#585 [GH-ISSUE #855] Block access to dbus
Closed
#582 [GH-ISSUE #849] Hyperlinks with a "&" character get a slash prefix
Closed
#580 [GH-ISSUE #853] Enhacement: Add this information to readme
Closed
#581 [GH-ISSUE #850] Cherrytree doesn't find its database anymore
Closed
#577 [GH-ISSUE #848] Suggest: Extra profiles
Closed
#578 [GH-ISSUE #846] whitelist qt5 webkit
Closed
#579 [GH-ISSUE #847] New profiles
Closed
#576 [GH-ISSUE #844] vlc is not starting - read-only file system
Closed
#574 [GH-ISSUE #845] LibreOffice doesn't start
Closed
#575 [GH-ISSUE #843] Keepass doesn't start
Closed
#573 [GH-ISSUE #841] nvidia driver and noroot setting
Closed
#571 [GH-ISSUE #840] Window title on mate-desktop says "as superuser"
Closed
#570 [GH-ISSUE #837] relax ptrace + seccomp restrictions on 4.8 kernel?
Closed
#568 [GH-ISSUE #839] Conflict with read-only and noexec
Closed
#565 [GH-ISSUE #833] read-only behaves inconsistently
Closed
#567 [GH-ISSUE #834] enhancement: support user wildcards in login.users
Closed
#564 [GH-ISSUE #831] private-etc invalid
Closed
#562 [GH-ISSUE #827] new xpra version loads very slowly
Closed
#563 [GH-ISSUE #832] private-tmp for sysutils
Closed
#559 [GH-ISSUE #824] firefox: error while loading shared libraries: libstdc++.so.6
Closed
#560 [GH-ISSUE #825] Profile requests
Closed
#561 [GH-ISSUE #823] Enhacement: some profiles
Closed
#556 [GH-ISSUE #820] dnscrypt-proxy.profile fails with private-dev option enabled
Closed
#557 [GH-ISSUE #818] qt config whitelist-common
Closed
#558 [GH-ISSUE #821] dnscrypt-proxy --version gives "invalid .Xauthority file" error
Closed
#553 [GH-ISSUE #817] Cannot use mlocate within Firejail
Closed
#554 [GH-ISSUE #814] Issue with private-bin option in version 0.9.42
Closed
#555 [GH-ISSUE #816] allow-debuggers: Also allow access to /usr/lib/debug
Closed
#550 [GH-ISSUE #812] [Request] New profiles
Closed
#551 [GH-ISSUE #811] Support portals
Closed
#552 [GH-ISSUE #810] disable-common.inc noblacklist bug
Closed
#547 [GH-ISSUE #806] Accessing home directory of another user
Closed
#548 [GH-ISSUE #807] Support for custom veth interface names for --net=bridge_interface
Closed
#549 [GH-ISSUE #804] [Bug] Firejail 0.9.42 and grsecurity
Closed
#544 [GH-ISSUE #801] [enhancement] Document abstract sockets and what to do about them
Closed
#546 [GH-ISSUE #803] Error with make deb
Closed
#545 [GH-ISSUE #802] Breakout through terminal
Closed
#543 [GH-ISSUE #799] Firefox's native Widevine Content Decryption Module doesn't work in firejail
Closed
#541 [GH-ISSUE #800] Add an upload command to add a file from the host to a container
Closed
#542 [GH-ISSUE #797] telegram xpra fail
Closed
#538 [GH-ISSUE #794] Tighter profiles
Closed
#539 [GH-ISSUE #796] Jail escape through DBus
Closed
#540 [GH-ISSUE #795] Document blacklist-nolog
Closed
#535 [GH-ISSUE #792] Support for scripting in firemon
Closed
#536 [GH-ISSUE #793] Overhaul of Profiles
Closed
#537 [GH-ISSUE #791] warzone2100 profile
Closed
#532 [GH-ISSUE #787] Whitelisted directory belongs to uid 65534 within jail
Closed
#533 [GH-ISSUE #786] configuration file should be owned by root
Closed
#534 [GH-ISSUE #789] Backgrounding fetchmail in script
Closed
#531 [GH-ISSUE #784] single instance applications - possible security breach
Closed
#529 [GH-ISSUE #785] User is missing one of the groups
Closed
#530 [GH-ISSUE #783] Add copy command to Filesystem category in profile
Closed
#526 [GH-ISSUE #781] Accept /mnt in --whitelist option
Closed
#527 [GH-ISSUE #779] Steam profile blocks access to xboxdrv gamepads
Closed
#528 [GH-ISSUE #780] Error: cannot switch euid to root
Closed
#524 [GH-ISSUE #778] Cannot Start /usr/local/bin/<prog> Using private-bin Profiles (v0.9.42 Regression)
Closed
#525 [GH-ISSUE #777] no man entry for private-template
Closed
#523 [GH-ISSUE #775] Little inconsistencies in 0.9.43 release notes
Closed
#522 [GH-ISSUE #772] --enable-apparmor option is lost with make deb
Closed
#520 [GH-ISSUE #774] false alarm
Closed
#521 [GH-ISSUE #770] [enhancement] Redesign of private-tmp
Closed
#519 [GH-ISSUE #767] --x11=xpra still has full access to host X server
Closed
#517 [GH-ISSUE #765] read_pid ignores trailing alphabetical characters
Closed
#518 [GH-ISSUE #768] xpra initialization error
Closed
#514 [GH-ISSUE #764] python-wand not starting with /sbin blacklisted
Closed
#515 [GH-ISSUE #760] Invalid line in profile
Closed
#516 [GH-ISSUE #762] firejail not exiting
Closed
#513 [GH-ISSUE #756] Lintian warning when building firejail from source
Closed
#511 [GH-ISSUE #759] DNS Rebinding protection?
Closed
#512 [GH-ISSUE #754] Firejail.service
Closed
#510 [GH-ISSUE #749] 0.9.42~rc2: Runtime Errors
Closed
#509 [GH-ISSUE #750] NFS support: firejail --private issue "cannot transfer .Xauthority"
Closed
#508 [GH-ISSUE #748] Closing firejail-xpra window causes X Server crash.
Closed
#505 [GH-ISSUE #747] xrandr works on xephyr
Closed
#506 [GH-ISSUE #745] blocking the mic and webcam?
Closed
#507 [GH-ISSUE #746] strange xpra error.
Closed
#503 [GH-ISSUE #744] blacklisting a symbolic link causes firejail to fail on jessie/armhf
Closed
#502 [GH-ISSUE #741] Whitelisting symlink doesn't work
Closed
#504 [GH-ISSUE #740] X11 isolation in profile
Closed
#501 [GH-ISSUE #737] lots of terms in disabled common. regexp?
Closed
#499 [GH-ISSUE #739] Invalid whitelist path
Closed
#500 [GH-ISSUE #738] Consider improving the documentation of --whitelist
Closed
#496 [GH-ISSUE #736] what to do if --x11 wont work, and which browser?
Closed
#497 [GH-ISSUE #732] New profiles
Closed
#498 [GH-ISSUE #733] how are unix sockets handled outside of the whitelist?
Closed
#493 [GH-ISSUE #731] Kernel fix found for known problem, "Cannot install new software while Firejail is running"
Closed
#495 [GH-ISSUE #730] Wishlist: easier way to allow additional system calls
Closed
#491 [GH-ISSUE #721] chroot fs implementation
Closed
#492 [GH-ISSUE #720] HOME environment variable not adjusted when using --user
Closed
#490 [GH-ISSUE #725] Firejailed processes not always close properly
Closed
#489 [GH-ISSUE #719] Restricted shell status
Closed
#487 [GH-ISSUE #715] forum for firejail? is this it?
Closed
#488 [GH-ISSUE #718] thunderbird use "wrong" pdf viewer
Closed
#484 [GH-ISSUE #712] Test for shell interpreter inside chroot is wrong
Closed
#485 [GH-ISSUE #708] Option to disable warnings/errors in production environments
Closed
#486 [GH-ISSUE #710] Question about PS1 / PROMPT_COMMAND
Closed
#481 [GH-ISSUE #705] "make deb" fails
Closed
#482 [GH-ISSUE #707] Typo in --version output
Closed
#483 [GH-ISSUE #706] When we use the --private-dev option with the --chroot option, the /dev/log socket is missing
Closed
#479 [GH-ISSUE #704] Login shells through FireJail - Interpreter initialization files are never read
Closed
#480 [GH-ISSUE #703] When using non-default shell, FireJail shouldn't throw an error if Bash is missing inside the chroot
Closed
#478 [GH-ISSUE #700] whitelisting /home/myuser not possible
Closed
#477 [GH-ISSUE #699] Modifying firefox install dir inside jail but not outside
Closed
#475 [GH-ISSUE #697] question / discussion: would wayland eliminate the need for --x11?
Closed
#476 [GH-ISSUE #698] Whitelisting /var is broken
Closed
#472 [GH-ISSUE #693] --x11=xpra prevents the jailed program to output to stdout/stderr
Closed
#473 [GH-ISSUE #692] Running docker via firejail
Closed
#474 [GH-ISSUE #690] Profile for symlinked programs
Closed
#470 [GH-ISSUE #685] --overlay creates files owned by root. Should it?
Closed
#471 [GH-ISSUE #686] detecting malware?
Closed
#469 [GH-ISSUE #688] Typo in README.md
Closed
#467 [GH-ISSUE #682] File /etc/apparmor.d/firejail-default is allways generated
Closed
#468 [GH-ISSUE #683] dns issue with network manager
Closed
#466 [GH-ISSUE #680] Build failure
Closed
#463 [GH-ISSUE #678] --private-bin does not warn for non-existing programmes
Closed
#465 [GH-ISSUE #677] --blacklist=/proc does not blacklist all of /proc
Closed
#464 [GH-ISSUE #676] Closing Xephyr window when exiting?
Closed
#460 [GH-ISSUE #674] Software using libstdc++ breakage on Gentoo (and probably some another distros)
Closed
#461 [GH-ISSUE #675] A basic comprehension question
Closed
#462 [GH-ISSUE #671] No need to open xephyr/xpra window when under --audit
Closed
#459 [GH-ISSUE #669] Is it possible to avoid remounting /proc on an individual basis?
Closed
#457 [GH-ISSUE #670] --audit does not warn about --x11 used without --net
Closed
#458 [GH-ISSUE #667] Firecfg does not work for programmes in /usr/local/bin
Closed
#456 [GH-ISSUE #656] Viability of use with skype4linux alpha?
Closed
#454 [GH-ISSUE #666] --trace breaks tar unpacking
Closed
#455 [GH-ISSUE #655] Comparison with minijail
Closed
#451 [GH-ISSUE #651] allow "join sandbox_name" in .profile
Closed
#452 [GH-ISSUE #650] Cyberfox
Closed
#453 [GH-ISSUE #649] xpra apps sometimes dont attach
Closed
#449 [GH-ISSUE #647] [0.9.42-rc1] build failure on non-x86
Closed
#450 [GH-ISSUE #645] "netfilter" enabled by default
Closed
#448 [GH-ISSUE #648] xpra persists after firejailed app is quit
Closed
#445 [GH-ISSUE #641] Idea: Adaptive file access rights
Closed
#446 [GH-ISSUE #642] Tor browser returns fatal error if using firejail and Tor's meek protocol
Closed
#447 [GH-ISSUE #644] weechat.profile - duplicate "netfilter" entires
Closed
#444 [GH-ISSUE #637] Missing .gnomerc in disable-common.inc
Closed
#441 [GH-ISSUE #635] make read-write opposite of read-only
Closed
#439 [GH-ISSUE #636] Do not print anything in --quiet mode
Closed
#440 [GH-ISSUE #633] failed to start xpra on Arch Linux
Closed
#438 [GH-ISSUE #630] Core Infrastructure Initiative (CII) Best Practices
Closed
#436 [GH-ISSUE #631] Firefox hardware acceleration?
Closed
#437 [GH-ISSUE #632] the ‘nice’ option is ignored when joining
Closed
#433 [GH-ISSUE #627] Expand the directories that are possible for whitelisting
Closed
#434 [GH-ISSUE #625] Thunderbird Won't Open Full URL (Only Resource Name)
Closed
#435 [GH-ISSUE #623] protocol unix makes netfilter useless... right?
Closed
#432 [GH-ISSUE #619] single files binding
Closed
#430 [GH-ISSUE #615] PulseAudio 8.0 and Firejail do not work toghether
Closed
#431 [GH-ISSUE #618] "Seccomp.keep chroot" exits with error
Closed
#427 [GH-ISSUE #610] x11 support prerequisites are not fullfilled in some cases
Closed
#428 [GH-ISSUE #611] Build error due to Telegram.profile
Closed
#429 [GH-ISSUE #612] cannot stat '.etc/Telegram.profile': No such file or directory
Closed
#424 [GH-ISSUE #608] whitelist and private-dev combination
Closed
#425 [GH-ISSUE #607] A question which I couldn't find in the FAQ
Closed
#426 [GH-ISSUE #609] nosound causes private-dev
Closed
#421 [GH-ISSUE #606] telegram 0.9.56 run failure under firejail/commit 74a9ffe66e0f4e41bccea80783c5ac946c3ac51e
Closed
#422 [GH-ISSUE #605] telegram run failure under firejail
Closed
#423 [GH-ISSUE #604] touch/mkfile profile option (like mkdir)
Closed
#420 [GH-ISSUE #594] Document how much secure it really is
Closed
#418 [GH-ISSUE #600] Causes mate-volume-control to segfault and audio issues
Closed
#419 [GH-ISSUE #595] Firejail needs root to display version(?!)
Closed
#416 [GH-ISSUE #593] Limit the memory size used by the jailed process
Closed
#417 [GH-ISSUE #592] Kill the jailed process by a timer
Closed
#415 [GH-ISSUE #590] Support for File Managers
Closed
#414 [GH-ISSUE #589] xpra and private-dev
Closed
#412 [GH-ISSUE #588] support home directory outside of /home
Closed
#413 [GH-ISSUE #587] Xephyr fails with chroot and net
Closed
#409 [GH-ISSUE #583] How to hide entire home directory except number of subdirectories
Closed
#410 [GH-ISSUE #578] Thought: blacklist all .files and folders by default.
Closed
#411 [GH-ISSUE #581] Firejail and firefox-esr
Closed
#408 [GH-ISSUE #573] Using Firejail by Default
Closed
#406 [GH-ISSUE #574] Workaround to allow user management with kernels prior to 3.18 when firejail running?
Closed
#407 [GH-ISSUE #576] LibreOffice profile?
Closed
#403 [GH-ISSUE #571] PulseAudio support is broken when client.conf is a link
Closed
#404 [GH-ISSUE #572] strace new features relevant?
Closed
#405 [GH-ISSUE #570] X11 Sandboxing security
Closed
#400 [GH-ISSUE #569] Is it possible to have proper support for systemd-resolved?
Closed
#402 [GH-ISSUE #566] Per-app security restrictions inside a named Firejail sandbox
Closed
#401 [GH-ISSUE #567] Allow running even when global config file is missing
Closed
#399 [GH-ISSUE #562] Can't launch LibreOffice with --net=none
Closed
#397 [GH-ISSUE #565] Some firejailed processes join an unsandboxed parent instance
Closed
#398 [GH-ISSUE #563] "Open destination folder" doesn't work in qBittorrent with private-bin
Closed
#394 [GH-ISSUE #560] Missing environment variables in AppImage support
Closed
#395 [GH-ISSUE #559] [CentOS 7.2]Running Firejail 0.9.40 causes /etc/passwd, /etc/group and /etc/gshadow to be locked making useradd, userdel and gpasswd unusable. Kernel 3.10
Closed
#396 [GH-ISSUE #561] --trace does not work with --appimage
Closed
#393 [GH-ISSUE #557] Preventing mouse pointer being locked into firejail Xephyr?
Closed
#391 [GH-ISSUE #555] When opened with Firejail, Thunderbird will not open links in default web browser.
Closed
#392 [GH-ISSUE #556] 0.9.38-1~bpo: firejail cannot handle /etc/skel/.bashrc as symlink
Closed
#390 [GH-ISSUE #554] Firejail security features limited with Chromium based browsers?
Closed
#389 [GH-ISSUE #553] bug with private-bin and /usr/local/bin
Closed
#388 [GH-ISSUE #552] freshplayerplugin Flash causing graphics glitching under firejail
Closed
#385 [GH-ISSUE #550] firejail x11 and openbox
Closed
#386 [GH-ISSUE #551] midori - no gui after upgrade firejail 0.9.40
Closed
#387 [GH-ISSUE #549] xephyr and keyboard layout
Closed
#382 [GH-ISSUE #546] Using both --net=none and --overlay-tmpfs => no access to X11
Closed
#383 [GH-ISSUE #548] PulseAudio/Sound is broken when running Chromium
Closed
#384 [GH-ISSUE #547] Ubuntu 16.04 -- No sound
Closed
#379 [GH-ISSUE #543] Start signing commits with GPG?
Closed
#380 [GH-ISSUE #545] --quiet flag not working?
Closed
#381 [GH-ISSUE #544] make it clear that --x11 does not block child processes from communicating with parent X server
Closed
#378 [GH-ISSUE #541] Allow firejail to use an anonymous bridge
Closed
#376 [GH-ISSUE #532] howto disable network share
Closed
#377 [GH-ISSUE #535] firefox freez on ubuntu 16.04
Closed
#374 [GH-ISSUE #529] firecfg: where located/installed?
Closed
#373 [GH-ISSUE #531] polly - not running under firejail control ?
Closed
#375 [GH-ISSUE #530] Error mkdir:fs_private(324): File exists
Closed
#370 [GH-ISSUE #527] Firejail does not work with OrbitalApps portable applications
Closed
#371 [GH-ISSUE #528] security issues disclosure
Closed
#372 [GH-ISSUE #525] --read-only=~ does not work and does not fail-fast
Closed
#367 [GH-ISSUE #522] Can profiles remember custom parameters?
Closed
#368 [GH-ISSUE #523] Crash Pulseaudio
Closed
#369 [GH-ISSUE #524] unable to firejail chrome when using profile-sync-daemon
Closed
#366 [GH-ISSUE #516] Create empty private /etc?
Closed
#364 [GH-ISSUE #514] Error: cannot open display: :0
Closed
#365 [GH-ISSUE #520] Please add .asc file for firejail-0.9.40-rc1
Closed
#363 [GH-ISSUE #511] Permit disabling/whitelisting features system-wide
Closed
#361 [GH-ISSUE #512] manual pages
Closed
#362 [GH-ISSUE #513] the UID and GID change to root in the sandbox after firejail exit
Closed
#358 [GH-ISSUE #509] --trace creates /etc/ld.so.preload
Closed
#359 [GH-ISSUE #508] Improve Icedove/Thunderbird profile to work with Unix Mailspool account (Unable to create lock file)
Closed
#357 [GH-ISSUE #507] Question on Thunderbird to open links by deafult browser
Closed
#356 [GH-ISSUE #506] --ignore=net does not work. Should it?
Closed
#354 [GH-ISSUE #501] private-bin does not act as a blacklist
Closed
#352 [GH-ISSUE #503] Mounted partitions not invisible
Closed
#353 [GH-ISSUE #500] test/fs/private-whitelist.exp (ERROR 4)
Closed
#349 [GH-ISSUE #498] "generic.profile" vs "default.profile" ambiguity
Closed
#350 [GH-ISSUE #496] Question: Where do tracelog messages go?
Closed
#351 [GH-ISSUE #497] Using Firejail with HTML5 xpra client
Closed
#346 [GH-ISSUE #494] Firejail broken in Debian sid
Closed
#348 [GH-ISSUE #489] Firejail reports error 'parent is shutting down, bye' when trying to run ubuntu-clock-app.clock snap package on Ubuntu 16.04
Closed
#347 [GH-ISSUE #493] freshly installed debian sid - firejail not working
Closed
#343 [GH-ISSUE #487] Question: Whitelisting devices
Closed
#344 [GH-ISSUE #483] private dir owner
Closed
#345 [GH-ISSUE #484] noblacklistfor process child
Closed
#342 [GH-ISSUE #482] private-dev breaks gpg?
Closed
#340 [GH-ISSUE #480] Moving veth in new network namespace and setting default gateway
Closed
#341 [GH-ISSUE #481] Firejail fails to launch several applications after system update
Closed
#339 [GH-ISSUE #477] Able to set negative niceness for a process as a regular user with firejail
Closed
#337 [GH-ISSUE #475] mpv unable to use youtube-dl with icecat profile
Closed
#338 [GH-ISSUE #472] Can escape jail with mate-terminal
Closed
#335 [GH-ISSUE #471] Can access children of blacklisted directories by moving directories around outside jail
Closed
#334 [GH-ISSUE #470] Can read/write children of blacklisted directories by moving directories around outside jail
Closed
#336 [GH-ISSUE #469] Is there a way to make private-etc /etc writeable?
Closed
#331 [GH-ISSUE #465] cherrytree.profile error
Closed
#332 [GH-ISSUE #467] keep sound with --private-dev
Closed
#333 [GH-ISSUE #464] firejail detects existing sandbox in lxc
Closed
#330 [GH-ISSUE #462] Is it possible to run a separate instance of pulseaudio inside the sandbox, using xpra to "hear its sounds"?
Closed
#328 [GH-ISSUE #461] more on writable-etc/writable-var
Closed
#329 [GH-ISSUE #463] Is "--noroot" implicitly at odds with "--chroot"?
Closed
#326 [GH-ISSUE #460] LD_PRELOAD and Firejail
Closed
#327 [GH-ISSUE #458] "--net=none" equivalent for profiles
Closed
#324 [GH-ISSUE #455] Add debug message
Closed
#322 [GH-ISSUE #452] Warning: failed to unmount /sys
Closed
#323 [GH-ISSUE #448] Building on ARM
Closed
#319 [GH-ISSUE #446] Tightening the wine.profile
Closed
#320 [GH-ISSUE #447] whitelist and mkdir uncertainty
Closed
#321 [GH-ISSUE #445] Add support for globbing in private-bin and private-etc
Closed
#316 [GH-ISSUE #440] Unexpected behavior with Steam
Closed
#317 [GH-ISSUE #437] Using mkdeb to build firejail
Closed
#318 [GH-ISSUE #441] Writable /etc and /var
Closed
#313 [GH-ISSUE #431] Increase delay before issuing SIGKILL on shutdown?
Closed
#315 [GH-ISSUE #435] unable to delete created symlink when closing Google Earth
Closed
#310 [GH-ISSUE #429] fshaper.sh syntax error when issued by firejail
Closed
#311 [GH-ISSUE #430] System sound quits after playing video w/ Firefox
Closed
#312 [GH-ISSUE #426] Possibility to use files that aren't in /etc for --private-etc
Closed
#309 [GH-ISSUE #424] Isolation Visual Indicator
Closed
#307 [GH-ISSUE #423] firejail shutdown does not pass SIGNAL to children
Closed
#308 [GH-ISSUE #425] Security Implications for User namespaces
Closed
#304 [GH-ISSUE #421] okular and gwenview profiles
Closed
#305 [GH-ISSUE #422] private-bin doesn't use /usr/local/bin
Closed
#306 [GH-ISSUE #420] xpra-winswitch trouble
Closed
#301 [GH-ISSUE #419] Splitting --no-sound into --no-speaker and --no-microphone
Closed
#303 [GH-ISSUE #417] Cleanup environment variables
Closed
#302 [GH-ISSUE #418] dnsmasq profile
Closed
#298 [GH-ISSUE #413] existing sandbox issue with tor-browser
Closed
#299 [GH-ISSUE #414] Profiles don't take arguments to --net
Closed
#297 [GH-ISSUE #408] firecfg.config location
Closed
#296 [GH-ISSUE #410] IBUS-WARNING
Closed
#295 [GH-ISSUE #411] INFO: Limitation of supported options on GRsec
Closed
#292 [GH-ISSUE #404] Improved strace syscall editing instructions
Closed
#294 [GH-ISSUE #407] Created firejail ansible playbook
Closed
#289 [GH-ISSUE #402] Add recursive read-only option
Closed
#290 [GH-ISSUE #400] Chromium Fails To Start When Chromium AppArmor Profile Is Enforced
Closed
#291 [GH-ISSUE #401] Apparmor + firejail = Warning: an existing sandbox was detected (+ problem with --force)
Closed
#287 [GH-ISSUE #398] Firejail + AppArmor Permanently Resets/Ignores/Breaks FIrefox Profile .mozilla
Closed
#288 [GH-ISSUE #397] Make all programs start with firejail automatically
Closed
#286 [GH-ISSUE #399] cannot switch euid to root
Closed
#283 [GH-ISSUE #394] bug with permissions
Closed
#285 [GH-ISSUE #395] Tightening the Thunderbird profile
Closed
#284 [GH-ISSUE #396] AppArmor'd evince fails to open X display with firejail --net=none
Closed
#280 [GH-ISSUE #389] Add feature to control/restrict communications through DBus
Closed
#281 [GH-ISSUE #393] Firejail with steam makes idle master python version non working
Closed
#282 [GH-ISSUE #390] possible seccomp filter mistake (moved to PR)
Closed
#277 [GH-ISSUE #386] Whitelisting doesn't work if whitelisted path is a symlink
Closed
#278 [GH-ISSUE #388] Firetools is displaying a 'terminal' icon, to the right of the Firefox icon. Any ideas as to why?
Closed
#279 [GH-ISSUE #385] [typo] src/man/firecfg.txt uses FIREMON instead of FIRECFG
Closed
#274 [GH-ISSUE #382] links with "&" are truncated
Closed
#275 [GH-ISSUE #384] wine doesn't like whitelist
Closed
#276 [GH-ISSUE #383] Firefox doesn't recognize when network settings have changed
Closed
#271 [GH-ISSUE #379] Could you add Profiles for Libreoffice and wps-office?
Closed
#272 [GH-ISSUE #381] disable-devel.inc missing in the generic.profile
Closed
#273 [GH-ISSUE #380] Programs start without sandbox if /proc is mounted with hidepid
Closed
#268 [GH-ISSUE #376] –caps.keep and --user
Closed
#270 [GH-ISSUE #375] Arch Linux: firejail --x11 kills X server on exit
Closed
#269 [GH-ISSUE #377] --quiet doesn't hide everything
Closed
#267 [GH-ISSUE #373] MTU: issues for jail and host
Closed
#265 [GH-ISSUE #372] Sandboxes connected to a bridge, how to connect the bridge to the Internet?
Closed
#266 [GH-ISSUE #374] Losing internet access on blacklist /var
Closed
#264 [GH-ISSUE #367] Parse /etc/login.def for UID_MIN
Closed
#262 [GH-ISSUE #370] Firefox can't find its profile after creating symlink for running sandboxed in new session
Closed
#263 [GH-ISSUE #369] src/man/firejail-config.txt is missing, causing a make error when building from git
Closed
#259 [GH-ISSUE #362] seccomp, --user, caps, setcap not working together
Closed
#260 [GH-ISSUE #364] PulseAudio Isolation
Closed
#261 [GH-ISSUE #366] SlimJet Browser
Closed
#258 [GH-ISSUE #361] PulseAudio-related hangs under 'firejail --overlay-tmpfs' sandbox
Closed
#256 [GH-ISSUE #359] firefox: program is automatically started outside of firejail (KDE Plasma)
Closed
#257 [GH-ISSUE #360] CentOS 7: Cannot mount a new user namespace. Unshare: Invalid argument
Closed
#253 [GH-ISSUE #357] Firejail Breaking Firefox Menu, Wiping All Settings, And Breaking Audio in FF & Chromium
Closed
#254 [GH-ISSUE #356] Firejail cannot launch if ~/.asoundrc is a symlink
Closed
#255 [GH-ISSUE #358] Firejail discards exit code
Closed
#251 [GH-ISSUE #354] how to blacklist everything?
Closed
#252 [GH-ISSUE #355] pavucontrol broken unless I run it within firejail
Closed
#250 [GH-ISSUE #353] Setting not being remembered for Chromium
Closed
#247 [GH-ISSUE #351] private-dev breaks global /dev/pts mountpoint
Closed
#248 [GH-ISSUE #352] Firefox High Security Mode + Pipelight
Closed
#249 [GH-ISSUE #350] Firefox thinks I'm in another timezone!
Closed
#246 [GH-ISSUE #347] dnsmasq doesn't start
Closed
#244 [GH-ISSUE #348] Cppcheck static code analysis
Closed
#245 [GH-ISSUE #344] ipc-namespace in profile
Closed
#242 [GH-ISSUE #342] Tor Browser profile inclusion
Closed
#243 [GH-ISSUE #341] rpmlint error "missing-call-to-setgroups-before-setuid"
Closed
#241 [GH-ISSUE #343] --blacklist=~/.mozilla warns of invalid file
Closed
#239 [GH-ISSUE #339] scp / sftp does not work while firejail as a shell
Closed
#240 [GH-ISSUE #338] Permission denied vs. Not found
Closed
#238 [GH-ISSUE #336] GUI option to keep files
Closed
#235 [GH-ISSUE #334] [enhancement] Mount options for private-*
Closed
#236 [GH-ISSUE #335] make whitelist file names a bit more permissive (allowed characters)
Closed
#237 [GH-ISSUE #333] [enhancement] Better handle symlinks in /usr/bin
Closed
#234 [GH-ISSUE #332] /run/firejail
Closed
#232 [GH-ISSUE #330] firejail massive breach? Or just a missuse case?
Closed
#233 [GH-ISSUE #331] [enhancement] Add private-lib option which limits the libraries available to the program
Closed
#231 [GH-ISSUE #328] How to easily use private-bin
Closed
#229 [GH-ISSUE #329] security breach?
Closed
#230 [GH-ISSUE #327] Network namespace slows Firefox to a crawl
Closed
#226 [GH-ISSUE #325] Firejail and recording software
Closed
#227 [GH-ISSUE #326] Vim has wrong CWD when run inside Firejail with the "tracelog" option
Closed
#228 [GH-ISSUE #324] Polari support
Closed
#224 [GH-ISSUE #320] mpd problems
Closed
#225 [GH-ISSUE #321] EncFS integration
Closed
#223 [GH-ISSUE #322] X-server de-isolation (reverse to #57)
Closed
#221 [GH-ISSUE #313] Firejail and libpng / setjmp(png_jmpbuf) (cannot save PNG)
Closed
#222 [GH-ISSUE #316] Creating folder copy
Closed
#220 [GH-ISSUE #318] firejail is losing shell special characters in args
Closed
#217 [GH-ISSUE #311] Protecting data files, not on /home, from ransomware coming through browser
Closed
#218 [GH-ISSUE #310] ecryptfs integration
Closed
#219 [GH-ISSUE #312] name2pid does not handle spaces
Closed
#215 [GH-ISSUE #309] Error: line 2 in the custom profile is invalid
Closed
#214 [GH-ISSUE #307] do not allow to start with incompatible settings: whitelist and private
Closed
#216 [GH-ISSUE #308] --name option no longer works
Closed
#213 [GH-ISSUE #305] make mkdir recursive
Closed
#211 [GH-ISSUE #303] Suggestion: possible to have some indication on program window that it's sandboxed?
Closed
#212 [GH-ISSUE #306] security: wrong behaviour of firejail for an empty whitelist
Closed
#209 [GH-ISSUE #296] Various issues with building RPM files
Closed
#210 [GH-ISSUE #301] Question: How do I launch a local command in user home when --private is used?
Closed
#208 [GH-ISSUE #298] [spotify] When never run without being firejailed, “remember me” doesn't work (directories under $HOME on whitelist cannot be created when not existent)
Closed
#207 [GH-ISSUE #294] PPA for ubuntu/debian packages
Closed
#205 [GH-ISSUE #291] 32-bit firejail allows 64-bit executable, bypassing --seccomp limitations
Closed
#206 [GH-ISSUE #295] Syncthing
Closed
#204 [GH-ISSUE #287] How to work with symlinks?
Closed
#202 [GH-ISSUE #290] firejail allows regular users to assign arbitrary address (IP, MAC) on any network interface
Closed
#203 [GH-ISSUE #288] Man firejail-profile to disable default profile incorrect information "--noroot" instead of correct "--noprofile"
Closed
#201 [GH-ISSUE #286] Where is private-home? LOL
Closed
#199 [GH-ISSUE #284] Cannot run lxterminal
Closed
#200 [GH-ISSUE #285] Firefox and Thunderbird profiles not loaded in latest Firejail version in Ubuntu
Closed
#196 [GH-ISSUE #283] Set niceness
Closed
#197 [GH-ISSUE #281] window title
Closed
#198 [GH-ISSUE #282] Chromium profile: whitelist pki
Closed
#195 [GH-ISSUE #279] [Firefox] Video playback not starting
Closed
#193 [GH-ISSUE #280] read-only whitelists
Closed
#194 [GH-ISSUE #278] unexpected behaviour of whitelist on filesystem different from the one of $HOME
Closed
#191 [GH-ISSUE #277] add support for symlinks as /home and /home/user
Closed
#192 [GH-ISSUE #273] SSH login into firejail shell broken
Closed
#190 [GH-ISSUE #276] Unexpected behaviour of --whiltelist option when no whitelisted files exist
Closed
#189 [GH-ISSUE #271] Allow Spaces in Directory Paths
Closed
#188 [GH-ISSUE #266] Using systemd-resolved causes DNS to not work
Closed
#187 [GH-ISSUE #270] adduser doesn't work while firejail in use
Closed
#185 [GH-ISSUE #261] On older kernels, file blacklisted in running jail can't be removed (from outside of jail)
Closed
#186 [GH-ISSUE #263] --overlay mode has empty home dir
Closed
#184 [GH-ISSUE #260] Minor: News timeline on Wordpress
Closed
#181 [GH-ISSUE #259] Write Freedesktop directories, blacklist the rest
Closed
#183 [GH-ISSUE #258] (as superuser) in title bar
Closed
#182 [GH-ISSUE #256] Defunct orphans never reaped
Closed
#178 [GH-ISSUE #254] [Discuss] Improve profiles
Closed
#179 [GH-ISSUE #252] Tightening unbound and dnscrypt-proxy profiles
Closed
#180 [GH-ISSUE #253] Block port access
Closed
#177 [GH-ISSUE #247] Fails if whitelisting a directrory that contains whitelisted file or symlink target
Closed
#175 [GH-ISSUE #249] firejail --zsh complains about insecure directories
Closed
#176 [GH-ISSUE #248] Whitelist ~/.cache/fontconfig/ by default
Closed
#173 [GH-ISSUE #246] No audio when using firejail firefox.
Closed
#174 [GH-ISSUE #242] Change window title in sandbox
Closed
#172 [GH-ISSUE #245] blacklist not working with /run/user/*/gvfs
Closed
#171 [GH-ISSUE #239] Re-attach to an overlay after the sandbox is closed
Closed
#169 [GH-ISSUE #241] Start application with *firejail --seccomp* or not?
Closed
#170 [GH-ISSUE #240] Jail "escape" with xfce4-terminal?
Closed
#168 [GH-ISSUE #235] Make debugging easier
Closed
#166 [GH-ISSUE #238] CentOS 6 support?
Closed
#167 [GH-ISSUE #237] Recent build regressions
Closed
#165 [GH-ISSUE #232] Please add ~/.config/fontconfig to whitelist
Closed
#163 [GH-ISSUE #234] firejail desktop integration
Closed
#164 [GH-ISSUE #233] Invalid path $DOWNLOADS - problem with international characters
Closed
#162 [GH-ISSUE #229] Proper chroot support for graphical apps
Closed
#161 [GH-ISSUE #230] firefox profile and adobe apps
Closed
#160 [GH-ISSUE #231] Faster exit
Closed
#159 [GH-ISSUE #226] Symlinks break applications or firejail
Closed
#157 [GH-ISSUE #228] read-only of PATH and LD_LIBRARY_PATH is incomplete
Closed
#158 [GH-ISSUE #225] [rfe] add option to blacklist all ~/.* directories
Closed
#156 [GH-ISSUE #223] Signature file on sourceforge.net specifies wrong hash
Closed
#154 [GH-ISSUE #222] make install creates files with wrong permissions when using non-standard umask
Closed
#155 [GH-ISSUE #221] a kmail profile
Closed
#151 [GH-ISSUE #218] Whitelisting a folder is a bit tricky
Closed
#152 [GH-ISSUE #219] [minor bug] tray icon bug for some KDE apps
Closed
#153 [GH-ISSUE #220] [bug] sound conflict with firefox, with firejail and apparmor
Closed
#149 [GH-ISSUE #216] whitelist globbing
Closed
#148 [GH-ISSUE #215] starting/stopping a jail with --net=br0 causes network hiccups
Closed
#150 [GH-ISSUE #212] Not really an issue - just letting netblue30 know that Skype-pulseaudio issue is resolved in latest release
Closed
#145 [GH-ISSUE #209] documentation should reference nsenter
Closed
#146 [GH-ISSUE #211] ARGV0 support
Closed
#147 [GH-ISSUE #208] option to change user
Closed
#142 [GH-ISSUE #206] firejail --tracelog creates empty ld.so.preload file in systems etc folder
Closed
#143 [GH-ISSUE #207] Firejail cannot handle special characters, shutsdown
Closed
#144 [GH-ISSUE #205] Verifying game cache integrity in Steam deletes game files
Closed
#139 [GH-ISSUE #201] protocol.c:168:3 error: 'EM_ARM' undeclared (first use in this function)
Closed
#141 [GH-ISSUE #204] Detached PGP signatures
Closed
#140 [GH-ISSUE #203] Question about shell=none
Closed
#136 [GH-ISSUE #200] grsecurity + firejail + ALSA + firefox is not working
Closed
#137 [GH-ISSUE #199] Small mistake in the manual
Closed
#138 [GH-ISSUE #197] Chromium fails to open with latest git
Closed
#135 [GH-ISSUE #195] License
Closed
#133 [GH-ISSUE #191] Using two different and separate sandboxes
Closed
#134 [GH-ISSUE #192] --net=eth0 does not assign ipv6
Closed
#130 [GH-ISSUE #190] Firefox profile 'inaccessible' after commit ac39cb31334c7951a97c4fc9b295c39924cd7427
Closed
#131 [GH-ISSUE #189] Run Firejail in Docker container
Closed
#132 [GH-ISSUE #188] program can't create whitelisted file
Closed
#127 [GH-ISSUE #182] Add options in profile files
Closed
#128 [GH-ISSUE #183] Pentadactylrc file is emptied
Closed
#129 [GH-ISSUE #184] firejail prevents "w" from showing the user logged in
Closed
#125 [GH-ISSUE #178] How to use Unbound profile
Closed
#126 [GH-ISSUE #176] Google-Chrome-Stable does not launch
Closed
#124 [GH-ISSUE #181] profile configuration - path - special character
Closed
#121 [GH-ISSUE #175] using links in sandboxed firefox
Closed
#122 [GH-ISSUE #172] consider blacklisting lldb
Closed
#123 [GH-ISSUE #173] idea: implement a pseudo variable "global" for profiles
Closed
#120 [GH-ISSUE #170] blacklist /usr/local/etc/firejail/
Closed
#118 [GH-ISSUE #168] firefox crash - apparmor or protocol entry in the profile
Closed
#119 [GH-ISSUE #171] blacklist glob doesn't affect dotfiles
Closed
#117 [GH-ISSUE #166] firejail ignores shell escaping
Closed
#115 [GH-ISSUE #167] manpage says /var is writable, but it's not
Closed
#116 [GH-ISSUE #165] make dist misses mketc.sh
Closed
#114 [GH-ISSUE #162] Problems with private mode on Gentoo hardened
Closed
#113 [GH-ISSUE #163] Hexchat no write access
Closed
#112 [GH-ISSUE #164] PortableApp bug
Closed
#109 [GH-ISSUE #160] Tor profile
Closed
#110 [GH-ISSUE #159] Bitlbee profile
Closed
#111 [GH-ISSUE #158] read-only/whitelist bug
Closed
#106 [GH-ISSUE #155] [0.9.34] download folder not detected in non english systems [bug]
Closed
#107 [GH-ISSUE #157] opsec: Wipe tmpfs on program exit
Closed
#108 [GH-ISSUE #156] firejail profile for steam
Closed
#103 [GH-ISSUE #153] UTMP_FILE redefined
Closed
#104 [GH-ISSUE #152] Logging for violations of blacklisted directories
Closed
#105 [GH-ISSUE #154] firejail fails when homedir is /home/u/user and whitelist is used
Closed
#101 [GH-ISSUE #151] Disabled network in overlay mode.
Closed
#102 [GH-ISSUE #149] Restrictive umask breaks subdirectory whitelisting
Closed
#100 [GH-ISSUE #147] Skype deletes pulseaudio shm files
Closed
#98 [GH-ISSUE #143] Don't leak user/group information
Closed
#97 [GH-ISSUE #146] Consider whitelisting ~/.config/user-dirs.dirs
Closed
#99 [GH-ISSUE #144] Whitelisting a symlink that is in a subdirectory doesn't work
Closed
#94 [GH-ISSUE #141] Firejail with grsecurity
Closed
#96 [GH-ISSUE #140] Can't set --defaultgw while using --interface option
Closed
#95 [GH-ISSUE #142] Add option to disable access to local network
Closed
#91 [GH-ISSUE #139] Blacklisted directories/files disabled (mounted) multiple times instead of once
Closed
#92 [GH-ISSUE #138] invalid
Closed
#93 [GH-ISSUE #137] --whitelist='/tmp/some_directory' doesn't work in combination with --private
Closed
#88 [GH-ISSUE #136] Need To Allow Process Fork Whitelisting
Closed
#90 [GH-ISSUE #133] make install puts files in /etc instead of $prefix/etc
Closed
#89 [GH-ISSUE #132] firefox default profile minor issue
Closed
#87 [GH-ISSUE #127] Prebuilt binaries
Closed
#85 [GH-ISSUE #128] Whitelisting symbolic links whitelists the source file but not the symlink
Closed
#86 [GH-ISSUE #131] Set different rights on folders
Closed
#82 [GH-ISSUE #126] With v. 0.9.34 services don't start anymore
Closed
#83 [GH-ISSUE #125] Firefox - cached site preview images disappear after each restart!
Closed
#84 [GH-ISSUE #124] Thunderbird and OpenPGP
Closed
#80 [GH-ISSUE #121] Can't whitelist subdirectories
Closed
#81 [GH-ISSUE #123] Most KDE4 apps don't work?
Closed
#79 [GH-ISSUE #122] --tmpfs=/tmp broken
Closed
#76 [GH-ISSUE #120] Add --noblacklist option to command line
Closed
#77 [GH-ISSUE #119] Private /tmp
Closed
#78 [GH-ISSUE #118] Chromium profile broken under current git
Closed
#75 [GH-ISSUE #116] Unable to use ibus-daemon in firejail
Closed
#73 [GH-ISSUE #117] profile.c b0rked logic
Closed
#74 [GH-ISSUE #115] Whitelist "~/.fonts" ?
Closed
#71 [GH-ISSUE #111] Protect shell startup files
Closed
#72 [GH-ISSUE #114] Firefox-developer/aurora with Conkeror - chrome.css are blocked
Closed
#70 [GH-ISSUE #112] Please blacklist ${HOME}/.config/VirtualBox
Closed
#67 [GH-ISSUE #110] Whitelist scripts to be executed
Closed
#68 [GH-ISSUE #109] firejail 0.9.32 fails to execute tor browser with --detach argument
Closed
#65 [GH-ISSUE #106] Support for port number in --dns option
Closed
#66 [GH-ISSUE #107] Support to change netfilter configuration at runtime
Closed
#64 [GH-ISSUE #105] Symlink handling
Closed
#63 [GH-ISSUE #103] Firejail documentation a bit unclear/inconsistent
Closed
#61 [GH-ISSUE #104] build error: output.c:91:40: error: ‘LIBDIR’ undeclared (first use in this function)
Closed
#62 [GH-ISSUE #101] Firefox profile: should whitelist ~/.gtkrc-2.0
Closed
#58 [GH-ISSUE #99] Please add an Profile for Skype
Closed
#59 [GH-ISSUE #98] firejail --list and --tree do not show all sandboxed process names
Closed
#60 [GH-ISSUE #97] --shell=none breaks program arguments
Closed
#57 [GH-ISSUE #94] add an --ignore option
Closed
#56 [GH-ISSUE #95] mounted devices inaccessible
Closed
#55 [GH-ISSUE #93] Some missing copyright headers
Closed
#52 [GH-ISSUE #90] Compilation error without HAVE_SECCOMP
Closed
#53 [GH-ISSUE #92] debian package build does'nt work
Closed
#54 [GH-ISSUE #91] build: add support for musl libc
Closed
#49 [GH-ISSUE #84] Option to only set the "name" of the jail
Closed
#50 [GH-ISSUE #86] Can't run 32 bit executable on a 64 bit kernel if seccomp filter is enabled
Closed
#51 [GH-ISSUE #87] Blacklist based seccomp filter can be bypassed on x86_64 using x32 syscall
Closed
#48 [GH-ISSUE #82] Add -quiet option so as to capture clean output from child process
Closed
#46 [GH-ISSUE #80] Move away from SourceForge
Closed
#47 [GH-ISSUE #83] Best Way to Launch External Files from Firefox? (SPICE, javaws)
Closed
#45 [GH-ISSUE #74] Error: Access was denied while trying to open files in your profile directory.
Closed
#43 [GH-ISSUE #75] Steam and Seccomp
Closed
#44 [GH-ISSUE #76] shell scripting firejail a.k.a. add rss feed from firefox to liferea when both run sandboxed
Closed
#41 [GH-ISSUE #71] GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
Closed
#42 [GH-ISSUE #72] Cannot blacklist /sbin and /usr/sbin
Closed
#40 [GH-ISSUE #70] Firejail crashes pulseaudio / pavucontrol
Closed
#39 [GH-ISSUE #67] --private fails on linux-ck kernel (Arch Linux)
Closed
#38 [GH-ISSUE #68] Warning: /sbin and /usr/sbin not blacklisted
Closed
#37 [GH-ISSUE #69] Unable to output sound with PulseAudio 7.0
Closed
#35 [GH-ISSUE #64] --private-home fails on paths with special characters
Closed
#36 [GH-ISSUE #63] Blacklisted by default!
Closed
#34 [GH-ISSUE #65] Copying Data out of Private Jails
Closed
#32 [GH-ISSUE #61] Write-protect profiles directories
Closed
#33 [GH-ISSUE #62] Completion of error handling
Closed
#29 [GH-ISSUE #57] Implement X11 isolation
Closed
#28 [GH-ISSUE #58] Firejailed Gwenview cannot open filenames with blanks
Closed
#30 [GH-ISSUE #56] cryptsetup issue
Closed
#27 [GH-ISSUE #49] Question: can firejail restrict the amount of RAM a program is using?
Closed
#25 [GH-ISSUE #54] noblacklist
Closed
#26 [GH-ISSUE #50] Better control of blacklisting needed
Closed
#22 [GH-ISSUE #44] PulseAudio sandboxing
Closed
#23 [GH-ISSUE #47] Arch non-issues and issues
Closed
#24 [GH-ISSUE #45] Use generic.profile by default
Closed
#21 [GH-ISSUE #39] Wine multiarch support
Closed
#19 [GH-ISSUE #37] Ampersands are not handled correctly when passed to "bash -c"
Closed
#20 [GH-ISSUE #40] Support files in current directory and paths with private.keep
Closed
#16 [GH-ISSUE #36] Support for symlink to firejail binary
Closed
#18 [GH-ISSUE #31] --noroot does not allow to start urxvt/rxvt-unicode
Closed
#17 [GH-ISSUE #25] loop devices
Closed
#14 [GH-ISSUE #14] Pointer used before checking for null in netfilter.c
Closed
#15 [GH-ISSUE #15] Add --private-home as an alternate name for --private.keep
Closed
#13 [GH-ISSUE #22] Firefox crashes with default profile if Zotero addon is enabled
Closed
#10 [GH-ISSUE #12] Android
Closed
#11 [GH-ISSUE #10] Import revision history from sourceforge
Closed
#12 [GH-ISSUE #11] --overlay not working for me on Arch Linux
Closed
#9 [GH-ISSUE #9] Warning: user namespaces not available in the current kernel.
Closed
#7 [GH-ISSUE #8] LD_LIBRARY_PATH unset in firejail environment
Closed
#8 [GH-ISSUE #7] Option to disable suid calls, except to firejail
Closed
#5 [GH-ISSUE #6] Cannot blacklist ${HOME}/.config/firejail
Closed
#6 [GH-ISSUE #5] Whitelist /media directory
Closed
#4 [GH-ISSUE #4] Have include directives in profiles understand ${HOME} and/or relative paths
Closed
#1 [GH-ISSUE #1] Modify seccomp arguments in profile config for more flexibility
Closed
#2 [GH-ISSUE #2] Minor man page fixes/suggestions
Closed
#3 [GH-ISSUE #3] seccomp always blocks syscall=45 (recvfrom)
6348 issues created by 1 user
Opened
#1 [GH-ISSUE #1] Modify seccomp arguments in profile config for more flexibility
Opened
#2 [GH-ISSUE #2] Minor man page fixes/suggestions
Opened
#3 [GH-ISSUE #3] seccomp always blocks syscall=45 (recvfrom)
Opened
#4 [GH-ISSUE #4] Have include directives in profiles understand ${HOME} and/or relative paths
Opened
#5 [GH-ISSUE #6] Cannot blacklist ${HOME}/.config/firejail
Opened
#6 [GH-ISSUE #5] Whitelist /media directory
Opened
#7 [GH-ISSUE #8] LD_LIBRARY_PATH unset in firejail environment
Opened
#8 [GH-ISSUE #7] Option to disable suid calls, except to firejail
Opened
#9 [GH-ISSUE #9] Warning: user namespaces not available in the current kernel.
Opened
#10 [GH-ISSUE #12] Android
Opened
#11 [GH-ISSUE #10] Import revision history from sourceforge
Opened
#12 [GH-ISSUE #11] --overlay not working for me on Arch Linux
Opened
#13 [GH-ISSUE #22] Firefox crashes with default profile if Zotero addon is enabled
Opened
#14 [GH-ISSUE #14] Pointer used before checking for null in netfilter.c
Opened
#15 [GH-ISSUE #15] Add --private-home as an alternate name for --private.keep
Opened
#16 [GH-ISSUE #36] Support for symlink to firejail binary
Opened
#17 [GH-ISSUE #25] loop devices
Opened
#18 [GH-ISSUE #31] --noroot does not allow to start urxvt/rxvt-unicode
Opened
#19 [GH-ISSUE #37] Ampersands are not handled correctly when passed to "bash -c"
Opened
#20 [GH-ISSUE #40] Support files in current directory and paths with private.keep
Opened
#21 [GH-ISSUE #39] Wine multiarch support
Opened
#22 [GH-ISSUE #44] PulseAudio sandboxing
Opened
#23 [GH-ISSUE #47] Arch non-issues and issues
Opened
#24 [GH-ISSUE #45] Use generic.profile by default
Opened
#25 [GH-ISSUE #54] noblacklist
Opened
#26 [GH-ISSUE #50] Better control of blacklisting needed
Opened
#27 [GH-ISSUE #49] Question: can firejail restrict the amount of RAM a program is using?
Opened
#28 [GH-ISSUE #58] Firejailed Gwenview cannot open filenames with blanks
Opened
#29 [GH-ISSUE #57] Implement X11 isolation
Opened
#30 [GH-ISSUE #56] cryptsetup issue
Opened
#31 [GH-ISSUE #59] OpenVPN integration
Opened
#32 [GH-ISSUE #61] Write-protect profiles directories
Opened
#33 [GH-ISSUE #62] Completion of error handling
Opened
#34 [GH-ISSUE #65] Copying Data out of Private Jails
Opened
#35 [GH-ISSUE #64] --private-home fails on paths with special characters
Opened
#36 [GH-ISSUE #63] Blacklisted by default!
Opened
#37 [GH-ISSUE #69] Unable to output sound with PulseAudio 7.0
Opened
#38 [GH-ISSUE #68] Warning: /sbin and /usr/sbin not blacklisted
Opened
#39 [GH-ISSUE #67] --private fails on linux-ck kernel (Arch Linux)
Opened
#40 [GH-ISSUE #70] Firejail crashes pulseaudio / pavucontrol
Opened
#41 [GH-ISSUE #71] GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
Opened
#42 [GH-ISSUE #72] Cannot blacklist /sbin and /usr/sbin
Opened
#43 [GH-ISSUE #75] Steam and Seccomp
Opened
#44 [GH-ISSUE #76] shell scripting firejail a.k.a. add rss feed from firefox to liferea when both run sandboxed
Opened
#45 [GH-ISSUE #74] Error: Access was denied while trying to open files in your profile directory.
Opened
#46 [GH-ISSUE #80] Move away from SourceForge
Opened
#47 [GH-ISSUE #83] Best Way to Launch External Files from Firefox? (SPICE, javaws)
Opened
#48 [GH-ISSUE #82] Add -quiet option so as to capture clean output from child process
Opened
#49 [GH-ISSUE #84] Option to only set the "name" of the jail
Opened
#50 [GH-ISSUE #86] Can't run 32 bit executable on a 64 bit kernel if seccomp filter is enabled
Opened
#51 [GH-ISSUE #87] Blacklist based seccomp filter can be bypassed on x86_64 using x32 syscall
Opened
#52 [GH-ISSUE #90] Compilation error without HAVE_SECCOMP
Opened
#53 [GH-ISSUE #92] debian package build does'nt work
Opened
#54 [GH-ISSUE #91] build: add support for musl libc
Opened
#55 [GH-ISSUE #93] Some missing copyright headers
Opened
#56 [GH-ISSUE #95] mounted devices inaccessible
Opened
#57 [GH-ISSUE #94] add an --ignore option
Opened
#58 [GH-ISSUE #99] Please add an Profile for Skype
Opened
#59 [GH-ISSUE #98] firejail --list and --tree do not show all sandboxed process names
Opened
#60 [GH-ISSUE #97] --shell=none breaks program arguments
Opened
#61 [GH-ISSUE #104] build error: output.c:91:40: error: ‘LIBDIR’ undeclared (first use in this function)
Opened
#62 [GH-ISSUE #101] Firefox profile: should whitelist ~/.gtkrc-2.0
Opened
#63 [GH-ISSUE #103] Firejail documentation a bit unclear/inconsistent
Opened
#64 [GH-ISSUE #105] Symlink handling
Opened
#65 [GH-ISSUE #106] Support for port number in --dns option
Opened
#66 [GH-ISSUE #107] Support to change netfilter configuration at runtime
Opened
#67 [GH-ISSUE #110] Whitelist scripts to be executed
Opened
#68 [GH-ISSUE #109] firejail 0.9.32 fails to execute tor browser with --detach argument
Opened
#69 [GH-ISSUE #108] Support for --net=local
Opened
#70 [GH-ISSUE #112] Please blacklist ${HOME}/.config/VirtualBox
Opened
#71 [GH-ISSUE #111] Protect shell startup files
Opened
#72 [GH-ISSUE #114] Firefox-developer/aurora with Conkeror - chrome.css are blocked
Opened
#73 [GH-ISSUE #117] profile.c b0rked logic
Opened
#74 [GH-ISSUE #115] Whitelist "~/.fonts" ?
Opened
#75 [GH-ISSUE #116] Unable to use ibus-daemon in firejail
Opened
#76 [GH-ISSUE #120] Add --noblacklist option to command line
Opened
#77 [GH-ISSUE #119] Private /tmp
Opened
#78 [GH-ISSUE #118] Chromium profile broken under current git
Opened
#79 [GH-ISSUE #122] --tmpfs=/tmp broken
Opened
#80 [GH-ISSUE #121] Can't whitelist subdirectories
Opened
#81 [GH-ISSUE #123] Most KDE4 apps don't work?
Opened
#82 [GH-ISSUE #126] With v. 0.9.34 services don't start anymore
Opened
#83 [GH-ISSUE #125] Firefox - cached site preview images disappear after each restart!
Opened
#84 [GH-ISSUE #124] Thunderbird and OpenPGP
Opened
#85 [GH-ISSUE #128] Whitelisting symbolic links whitelists the source file but not the symlink
Opened
#86 [GH-ISSUE #131] Set different rights on folders
Opened
#87 [GH-ISSUE #127] Prebuilt binaries
Opened
#88 [GH-ISSUE #136] Need To Allow Process Fork Whitelisting
Opened
#89 [GH-ISSUE #132] firefox default profile minor issue
Opened
#90 [GH-ISSUE #133] make install puts files in /etc instead of $prefix/etc
Opened
#91 [GH-ISSUE #139] Blacklisted directories/files disabled (mounted) multiple times instead of once
Opened
#92 [GH-ISSUE #138] invalid
Opened
#93 [GH-ISSUE #137] --whitelist='/tmp/some_directory' doesn't work in combination with --private
Opened
#94 [GH-ISSUE #141] Firejail with grsecurity
Opened
#95 [GH-ISSUE #142] Add option to disable access to local network
Opened
#96 [GH-ISSUE #140] Can't set --defaultgw while using --interface option
Opened
#97 [GH-ISSUE #146] Consider whitelisting ~/.config/user-dirs.dirs
Opened
#98 [GH-ISSUE #143] Don't leak user/group information
Opened
#99 [GH-ISSUE #144] Whitelisting a symlink that is in a subdirectory doesn't work
Opened
#100 [GH-ISSUE #147] Skype deletes pulseaudio shm files
Opened
#101 [GH-ISSUE #151] Disabled network in overlay mode.
Opened
#102 [GH-ISSUE #149] Restrictive umask breaks subdirectory whitelisting
Opened
#103 [GH-ISSUE #153] UTMP_FILE redefined
Opened
#104 [GH-ISSUE #152] Logging for violations of blacklisted directories
Opened
#105 [GH-ISSUE #154] firejail fails when homedir is /home/u/user and whitelist is used
Opened
#106 [GH-ISSUE #155] [0.9.34] download folder not detected in non english systems [bug]
Opened
#107 [GH-ISSUE #157] opsec: Wipe tmpfs on program exit
Opened
#108 [GH-ISSUE #156] firejail profile for steam
Opened
#109 [GH-ISSUE #160] Tor profile
Opened
#110 [GH-ISSUE #159] Bitlbee profile
Opened
#111 [GH-ISSUE #158] read-only/whitelist bug
Opened
#112 [GH-ISSUE #164] PortableApp bug
Opened
#113 [GH-ISSUE #163] Hexchat no write access
Opened
#114 [GH-ISSUE #162] Problems with private mode on Gentoo hardened
Opened
#115 [GH-ISSUE #167] manpage says /var is writable, but it's not
Opened
#116 [GH-ISSUE #165] make dist misses mketc.sh
Opened
#117 [GH-ISSUE #166] firejail ignores shell escaping
Opened
#118 [GH-ISSUE #168] firefox crash - apparmor or protocol entry in the profile
Opened
#119 [GH-ISSUE #171] blacklist glob doesn't affect dotfiles
Opened
#120 [GH-ISSUE #170] blacklist /usr/local/etc/firejail/
Opened
#121 [GH-ISSUE #175] using links in sandboxed firefox
Opened
#122 [GH-ISSUE #172] consider blacklisting lldb
Opened
#123 [GH-ISSUE #173] idea: implement a pseudo variable "global" for profiles
Opened
#124 [GH-ISSUE #181] profile configuration - path - special character
Opened
#125 [GH-ISSUE #178] How to use Unbound profile
Opened
#126 [GH-ISSUE #176] Google-Chrome-Stable does not launch
Opened
#127 [GH-ISSUE #182] Add options in profile files
Opened
#128 [GH-ISSUE #183] Pentadactylrc file is emptied
Opened
#129 [GH-ISSUE #184] firejail prevents "w" from showing the user logged in
Opened
#130 [GH-ISSUE #190] Firefox profile 'inaccessible' after commit ac39cb31334c7951a97c4fc9b295c39924cd7427
Opened
#131 [GH-ISSUE #189] Run Firejail in Docker container
Opened
#132 [GH-ISSUE #188] program can't create whitelisted file
Opened
#133 [GH-ISSUE #191] Using two different and separate sandboxes
Opened
#134 [GH-ISSUE #192] --net=eth0 does not assign ipv6
Opened
#135 [GH-ISSUE #195] License
Opened
#136 [GH-ISSUE #200] grsecurity + firejail + ALSA + firefox is not working
Opened
#137 [GH-ISSUE #199] Small mistake in the manual
Opened
#138 [GH-ISSUE #197] Chromium fails to open with latest git
Opened
#139 [GH-ISSUE #201] protocol.c:168:3 error: 'EM_ARM' undeclared (first use in this function)
Opened
#140 [GH-ISSUE #203] Question about shell=none
Opened
#141 [GH-ISSUE #204] Detached PGP signatures
Opened
#142 [GH-ISSUE #206] firejail --tracelog creates empty ld.so.preload file in systems etc folder
Opened
#143 [GH-ISSUE #207] Firejail cannot handle special characters, shutsdown
Opened
#144 [GH-ISSUE #205] Verifying game cache integrity in Steam deletes game files
Opened
#145 [GH-ISSUE #209] documentation should reference nsenter
Opened
#146 [GH-ISSUE #211] ARGV0 support
Opened
#147 [GH-ISSUE #208] option to change user
Opened
#148 [GH-ISSUE #215] starting/stopping a jail with --net=br0 causes network hiccups
Opened
#149 [GH-ISSUE #216] whitelist globbing
Opened
#150 [GH-ISSUE #212] Not really an issue - just letting netblue30 know that Skype-pulseaudio issue is resolved in latest release
Opened
#151 [GH-ISSUE #218] Whitelisting a folder is a bit tricky
Opened
#152 [GH-ISSUE #219] [minor bug] tray icon bug for some KDE apps
Opened
#153 [GH-ISSUE #220] [bug] sound conflict with firefox, with firejail and apparmor
Opened
#154 [GH-ISSUE #222] make install creates files with wrong permissions when using non-standard umask
Opened
#155 [GH-ISSUE #221] a kmail profile
Opened
#156 [GH-ISSUE #223] Signature file on sourceforge.net specifies wrong hash
Opened
#157 [GH-ISSUE #228] read-only of PATH and LD_LIBRARY_PATH is incomplete
Opened
#158 [GH-ISSUE #225] [rfe] add option to blacklist all ~/.* directories
Opened
#159 [GH-ISSUE #226] Symlinks break applications or firejail
Opened
#160 [GH-ISSUE #231] Faster exit
Opened
#161 [GH-ISSUE #230] firefox profile and adobe apps
Opened
#162 [GH-ISSUE #229] Proper chroot support for graphical apps
Opened
#163 [GH-ISSUE #234] firejail desktop integration
Opened
#164 [GH-ISSUE #233] Invalid path $DOWNLOADS - problem with international characters
Opened
#165 [GH-ISSUE #232] Please add ~/.config/fontconfig to whitelist
Opened
#166 [GH-ISSUE #238] CentOS 6 support?
Opened
#167 [GH-ISSUE #237] Recent build regressions
Opened
#168 [GH-ISSUE #235] Make debugging easier
Opened
#169 [GH-ISSUE #241] Start application with *firejail --seccomp* or not?
Opened
#170 [GH-ISSUE #240] Jail "escape" with xfce4-terminal?
Opened
#171 [GH-ISSUE #239] Re-attach to an overlay after the sandbox is closed
Opened
#172 [GH-ISSUE #245] blacklist not working with /run/user/*/gvfs
Opened
#173 [GH-ISSUE #246] No audio when using firejail firefox.
Opened
#174 [GH-ISSUE #242] Change window title in sandbox
Opened
#175 [GH-ISSUE #249] firejail --zsh complains about insecure directories
Opened
#176 [GH-ISSUE #248] Whitelist ~/.cache/fontconfig/ by default
Opened
#177 [GH-ISSUE #247] Fails if whitelisting a directrory that contains whitelisted file or symlink target
Opened
#178 [GH-ISSUE #254] [Discuss] Improve profiles
Opened
#179 [GH-ISSUE #252] Tightening unbound and dnscrypt-proxy profiles
Opened
#180 [GH-ISSUE #253] Block port access
Opened
#181 [GH-ISSUE #259] Write Freedesktop directories, blacklist the rest
Opened
#182 [GH-ISSUE #256] Defunct orphans never reaped
Opened
#183 [GH-ISSUE #258] (as superuser) in title bar
Opened
#184 [GH-ISSUE #260] Minor: News timeline on Wordpress
Opened
#185 [GH-ISSUE #261] On older kernels, file blacklisted in running jail can't be removed (from outside of jail)
Opened
#186 [GH-ISSUE #263] --overlay mode has empty home dir
Opened
#187 [GH-ISSUE #270] adduser doesn't work while firejail in use
Opened
#188 [GH-ISSUE #266] Using systemd-resolved causes DNS to not work
Opened
#189 [GH-ISSUE #271] Allow Spaces in Directory Paths
Opened
#190 [GH-ISSUE #276] Unexpected behaviour of --whiltelist option when no whitelisted files exist
Opened
#191 [GH-ISSUE #277] add support for symlinks as /home and /home/user
Opened
#192 [GH-ISSUE #273] SSH login into firejail shell broken
Opened
#193 [GH-ISSUE #280] read-only whitelists
Opened
#194 [GH-ISSUE #278] unexpected behaviour of whitelist on filesystem different from the one of $HOME
Opened
#195 [GH-ISSUE #279] [Firefox] Video playback not starting
Opened
#196 [GH-ISSUE #283] Set niceness
Opened
#197 [GH-ISSUE #281] window title
Opened
#198 [GH-ISSUE #282] Chromium profile: whitelist pki
Opened
#199 [GH-ISSUE #284] Cannot run lxterminal
Opened
#200 [GH-ISSUE #285] Firefox and Thunderbird profiles not loaded in latest Firejail version in Ubuntu
Opened
#201 [GH-ISSUE #286] Where is private-home? LOL
Opened
#202 [GH-ISSUE #290] firejail allows regular users to assign arbitrary address (IP, MAC) on any network interface
Opened
#203 [GH-ISSUE #288] Man firejail-profile to disable default profile incorrect information "--noroot" instead of correct "--noprofile"
Opened
#204 [GH-ISSUE #287] How to work with symlinks?
Opened
#205 [GH-ISSUE #291] 32-bit firejail allows 64-bit executable, bypassing --seccomp limitations
Opened
#206 [GH-ISSUE #295] Syncthing
Opened
#207 [GH-ISSUE #294] PPA for ubuntu/debian packages
Opened
#208 [GH-ISSUE #298] [spotify] When never run without being firejailed, “remember me” doesn't work (directories under $HOME on whitelist cannot be created when not existent)
Opened
#209 [GH-ISSUE #296] Various issues with building RPM files
Opened
#210 [GH-ISSUE #301] Question: How do I launch a local command in user home when --private is used?
Opened
#211 [GH-ISSUE #303] Suggestion: possible to have some indication on program window that it's sandboxed?
Opened
#212 [GH-ISSUE #306] security: wrong behaviour of firejail for an empty whitelist
Opened
#213 [GH-ISSUE #305] make mkdir recursive
Opened
#214 [GH-ISSUE #307] do not allow to start with incompatible settings: whitelist and private
Opened
#215 [GH-ISSUE #309] Error: line 2 in the custom profile is invalid
Opened
#216 [GH-ISSUE #308] --name option no longer works
Opened
#217 [GH-ISSUE #311] Protecting data files, not on /home, from ransomware coming through browser
Opened
#218 [GH-ISSUE #310] ecryptfs integration
Opened
#219 [GH-ISSUE #312] name2pid does not handle spaces
Opened
#220 [GH-ISSUE #318] firejail is losing shell special characters in args
Opened
#221 [GH-ISSUE #313] Firejail and libpng / setjmp(png_jmpbuf) (cannot save PNG)
Opened
#222 [GH-ISSUE #316] Creating folder copy
Opened
#223 [GH-ISSUE #322] X-server de-isolation (reverse to #57)
Opened
#224 [GH-ISSUE #320] mpd problems
Opened
#225 [GH-ISSUE #321] EncFS integration
Opened
#226 [GH-ISSUE #325] Firejail and recording software
Opened
#227 [GH-ISSUE #326] Vim has wrong CWD when run inside Firejail with the "tracelog" option
Opened
#228 [GH-ISSUE #324] Polari support
Opened
#229 [GH-ISSUE #329] security breach?
Opened
#230 [GH-ISSUE #327] Network namespace slows Firefox to a crawl
Opened
#231 [GH-ISSUE #328] How to easily use private-bin
Opened
#232 [GH-ISSUE #330] firejail massive breach? Or just a missuse case?
Opened
#233 [GH-ISSUE #331] [enhancement] Add private-lib option which limits the libraries available to the program
Opened
#234 [GH-ISSUE #332] /run/firejail
Opened
#235 [GH-ISSUE #334] [enhancement] Mount options for private-*
Opened
#236 [GH-ISSUE #335] make whitelist file names a bit more permissive (allowed characters)
Opened
#237 [GH-ISSUE #333] [enhancement] Better handle symlinks in /usr/bin
Opened
#238 [GH-ISSUE #336] GUI option to keep files
Opened
#239 [GH-ISSUE #339] scp / sftp does not work while firejail as a shell
Opened
#240 [GH-ISSUE #338] Permission denied vs. Not found
Opened
#241 [GH-ISSUE #343] --blacklist=~/.mozilla warns of invalid file
Opened
#242 [GH-ISSUE #342] Tor Browser profile inclusion
Opened
#243 [GH-ISSUE #341] rpmlint error "missing-call-to-setgroups-before-setuid"
Opened
#244 [GH-ISSUE #348] Cppcheck static code analysis
Opened
#245 [GH-ISSUE #344] ipc-namespace in profile
Opened
#246 [GH-ISSUE #347] dnsmasq doesn't start
Opened
#247 [GH-ISSUE #351] private-dev breaks global /dev/pts mountpoint
Opened
#248 [GH-ISSUE #352] Firefox High Security Mode + Pipelight
Opened
#249 [GH-ISSUE #350] Firefox thinks I'm in another timezone!
Opened
#250 [GH-ISSUE #353] Setting not being remembered for Chromium
Opened
#251 [GH-ISSUE #354] how to blacklist everything?
Opened
#252 [GH-ISSUE #355] pavucontrol broken unless I run it within firejail
Opened
#253 [GH-ISSUE #357] Firejail Breaking Firefox Menu, Wiping All Settings, And Breaking Audio in FF & Chromium
Opened
#254 [GH-ISSUE #356] Firejail cannot launch if ~/.asoundrc is a symlink
Opened
#255 [GH-ISSUE #358] Firejail discards exit code
Opened
#256 [GH-ISSUE #359] firefox: program is automatically started outside of firejail (KDE Plasma)
Opened
#257 [GH-ISSUE #360] CentOS 7: Cannot mount a new user namespace. Unshare: Invalid argument
Opened
#258 [GH-ISSUE #361] PulseAudio-related hangs under 'firejail --overlay-tmpfs' sandbox
Opened
#259 [GH-ISSUE #362] seccomp, --user, caps, setcap not working together
Opened
#260 [GH-ISSUE #364] PulseAudio Isolation
Opened
#261 [GH-ISSUE #366] SlimJet Browser
Opened
#262 [GH-ISSUE #370] Firefox can't find its profile after creating symlink for running sandboxed in new session
Opened
#263 [GH-ISSUE #369] src/man/firejail-config.txt is missing, causing a make error when building from git
Opened
#264 [GH-ISSUE #367] Parse /etc/login.def for UID_MIN
Opened
#265 [GH-ISSUE #372] Sandboxes connected to a bridge, how to connect the bridge to the Internet?
Opened
#266 [GH-ISSUE #374] Losing internet access on blacklist /var
Opened
#267 [GH-ISSUE #373] MTU: issues for jail and host
Opened
#268 [GH-ISSUE #376] –caps.keep and --user
Opened
#269 [GH-ISSUE #377] --quiet doesn't hide everything
Opened
#270 [GH-ISSUE #375] Arch Linux: firejail --x11 kills X server on exit
Opened
#271 [GH-ISSUE #379] Could you add Profiles for Libreoffice and wps-office?
Opened
#272 [GH-ISSUE #381] disable-devel.inc missing in the generic.profile
Opened
#273 [GH-ISSUE #380] Programs start without sandbox if /proc is mounted with hidepid
Opened
#274 [GH-ISSUE #382] links with "&" are truncated
Opened
#275 [GH-ISSUE #384] wine doesn't like whitelist
Opened
#276 [GH-ISSUE #383] Firefox doesn't recognize when network settings have changed
Opened
#277 [GH-ISSUE #386] Whitelisting doesn't work if whitelisted path is a symlink
Opened
#278 [GH-ISSUE #388] Firetools is displaying a 'terminal' icon, to the right of the Firefox icon. Any ideas as to why?
Opened
#279 [GH-ISSUE #385] [typo] src/man/firecfg.txt uses FIREMON instead of FIRECFG
Opened
#280 [GH-ISSUE #389] Add feature to control/restrict communications through DBus
Opened
#281 [GH-ISSUE #393] Firejail with steam makes idle master python version non working
Opened
#282 [GH-ISSUE #390] possible seccomp filter mistake (moved to PR)
Opened
#283 [GH-ISSUE #394] bug with permissions
Opened
#284 [GH-ISSUE #396] AppArmor'd evince fails to open X display with firejail --net=none
Opened
#285 [GH-ISSUE #395] Tightening the Thunderbird profile
Opened
#286 [GH-ISSUE #399] cannot switch euid to root
Opened
#287 [GH-ISSUE #398] Firejail + AppArmor Permanently Resets/Ignores/Breaks FIrefox Profile .mozilla
Opened
#288 [GH-ISSUE #397] Make all programs start with firejail automatically
Opened
#289 [GH-ISSUE #402] Add recursive read-only option
Opened
#290 [GH-ISSUE #400] Chromium Fails To Start When Chromium AppArmor Profile Is Enforced
Opened
#291 [GH-ISSUE #401] Apparmor + firejail = Warning: an existing sandbox was detected (+ problem with --force)
Opened
#292 [GH-ISSUE #404] Improved strace syscall editing instructions
Opened
#293 [GH-ISSUE #403] Change iptables rules
Opened
#294 [GH-ISSUE #407] Created firejail ansible playbook
Opened
#295 [GH-ISSUE #411] INFO: Limitation of supported options on GRsec
Opened
#296 [GH-ISSUE #410] IBUS-WARNING
Opened
#297 [GH-ISSUE #408] firecfg.config location
Opened
#298 [GH-ISSUE #413] existing sandbox issue with tor-browser
Opened
#299 [GH-ISSUE #414] Profiles don't take arguments to --net
Opened
#300 [GH-ISSUE #412] firetools: merge containers with drag and drop
Opened
#301 [GH-ISSUE #419] Splitting --no-sound into --no-speaker and --no-microphone
Opened
#302 [GH-ISSUE #418] dnsmasq profile
Opened
#303 [GH-ISSUE #417] Cleanup environment variables
Opened
#304 [GH-ISSUE #421] okular and gwenview profiles
Opened
#305 [GH-ISSUE #422] private-bin doesn't use /usr/local/bin
Opened
#306 [GH-ISSUE #420] xpra-winswitch trouble
Opened
#307 [GH-ISSUE #423] firejail shutdown does not pass SIGNAL to children
Opened
#308 [GH-ISSUE #425] Security Implications for User namespaces
Opened
#309 [GH-ISSUE #424] Isolation Visual Indicator
Opened
#310 [GH-ISSUE #429] fshaper.sh syntax error when issued by firejail
Opened
#311 [GH-ISSUE #430] System sound quits after playing video w/ Firefox
Opened
#312 [GH-ISSUE #426] Possibility to use files that aren't in /etc for --private-etc
Opened
#313 [GH-ISSUE #431] Increase delay before issuing SIGKILL on shutdown?
Opened
#314 [GH-ISSUE #433] Desktop notifications for blacklist violations
Opened
#315 [GH-ISSUE #435] unable to delete created symlink when closing Google Earth
Opened
#316 [GH-ISSUE #440] Unexpected behavior with Steam
Opened
#317 [GH-ISSUE #437] Using mkdeb to build firejail
Opened
#318 [GH-ISSUE #441] Writable /etc and /var
Opened
#319 [GH-ISSUE #446] Tightening the wine.profile
Opened
#320 [GH-ISSUE #447] whitelist and mkdir uncertainty
Opened
#321 [GH-ISSUE #445] Add support for globbing in private-bin and private-etc
Opened
#322 [GH-ISSUE #452] Warning: failed to unmount /sys
Opened
#323 [GH-ISSUE #448] Building on ARM
Opened
#324 [GH-ISSUE #455] Add debug message
Opened
#325 [GH-ISSUE #459] Patch to bind user home directories
Opened
#326 [GH-ISSUE #460] LD_PRELOAD and Firejail
Opened
#327 [GH-ISSUE #458] "--net=none" equivalent for profiles
Opened
#328 [GH-ISSUE #461] more on writable-etc/writable-var
Opened
#329 [GH-ISSUE #463] Is "--noroot" implicitly at odds with "--chroot"?
Opened
#330 [GH-ISSUE #462] Is it possible to run a separate instance of pulseaudio inside the sandbox, using xpra to "hear its sounds"?
Opened
#331 [GH-ISSUE #465] cherrytree.profile error
Opened
#332 [GH-ISSUE #467] keep sound with --private-dev
Opened
#333 [GH-ISSUE #464] firejail detects existing sandbox in lxc
Opened
#334 [GH-ISSUE #470] Can read/write children of blacklisted directories by moving directories around outside jail
Opened
#335 [GH-ISSUE #471] Can access children of blacklisted directories by moving directories around outside jail
Opened
#336 [GH-ISSUE #469] Is there a way to make private-etc /etc writeable?
Opened
#337 [GH-ISSUE #475] mpv unable to use youtube-dl with icecat profile
Opened
#338 [GH-ISSUE #472] Can escape jail with mate-terminal
Opened
#339 [GH-ISSUE #477] Able to set negative niceness for a process as a regular user with firejail
Opened
#340 [GH-ISSUE #480] Moving veth in new network namespace and setting default gateway
Opened
#341 [GH-ISSUE #481] Firejail fails to launch several applications after system update
Opened
#342 [GH-ISSUE #482] private-dev breaks gpg?
Opened
#343 [GH-ISSUE #487] Question: Whitelisting devices
Opened
#344 [GH-ISSUE #483] private dir owner
Opened
#345 [GH-ISSUE #484] noblacklistfor process child
Opened
#346 [GH-ISSUE #494] Firejail broken in Debian sid
Opened
#347 [GH-ISSUE #493] freshly installed debian sid - firejail not working
Opened
#348 [GH-ISSUE #489] Firejail reports error 'parent is shutting down, bye' when trying to run ubuntu-clock-app.clock snap package on Ubuntu 16.04
Opened
#349 [GH-ISSUE #498] "generic.profile" vs "default.profile" ambiguity
Opened
#350 [GH-ISSUE #496] Question: Where do tracelog messages go?
Opened
#351 [GH-ISSUE #497] Using Firejail with HTML5 xpra client
Opened
#352 [GH-ISSUE #503] Mounted partitions not invisible
Opened
#353 [GH-ISSUE #500] test/fs/private-whitelist.exp (ERROR 4)
Opened
#354 [GH-ISSUE #501] private-bin does not act as a blacklist
Opened
#355 [GH-ISSUE #504] Should ~/.local/share/ be blacklisted?
Opened
#356 [GH-ISSUE #506] --ignore=net does not work. Should it?
Opened
#357 [GH-ISSUE #507] Question on Thunderbird to open links by deafult browser
Opened
#358 [GH-ISSUE #509] --trace creates /etc/ld.so.preload
Opened
#359 [GH-ISSUE #508] Improve Icedove/Thunderbird profile to work with Unix Mailspool account (Unable to create lock file)
Opened
#360 [GH-ISSUE #510] Use privilege separation
Opened
#361 [GH-ISSUE #512] manual pages
Opened
#362 [GH-ISSUE #513] the UID and GID change to root in the sandbox after firejail exit
Opened
#363 [GH-ISSUE #511] Permit disabling/whitelisting features system-wide
Opened
#364 [GH-ISSUE #514] Error: cannot open display: :0
Opened
#365 [GH-ISSUE #520] Please add .asc file for firejail-0.9.40-rc1
Opened
#366 [GH-ISSUE #516] Create empty private /etc?
Opened
#367 [GH-ISSUE #522] Can profiles remember custom parameters?
Opened
#368 [GH-ISSUE #523] Crash Pulseaudio
Opened
#369 [GH-ISSUE #524] unable to firejail chrome when using profile-sync-daemon
Opened
#370 [GH-ISSUE #527] Firejail does not work with OrbitalApps portable applications
Opened
#371 [GH-ISSUE #528] security issues disclosure
Opened
#372 [GH-ISSUE #525] --read-only=~ does not work and does not fail-fast
Opened
#373 [GH-ISSUE #531] polly - not running under firejail control ?
Opened
#374 [GH-ISSUE #529] firecfg: where located/installed?
Opened
#375 [GH-ISSUE #530] Error mkdir:fs_private(324): File exists
Opened
#376 [GH-ISSUE #532] howto disable network share
Opened
#377 [GH-ISSUE #535] firefox freez on ubuntu 16.04
Opened
#378 [GH-ISSUE #541] Allow firejail to use an anonymous bridge
Opened
#379 [GH-ISSUE #543] Start signing commits with GPG?
Opened
#380 [GH-ISSUE #545] --quiet flag not working?
Opened
#381 [GH-ISSUE #544] make it clear that --x11 does not block child processes from communicating with parent X server
Opened
#382 [GH-ISSUE #546] Using both --net=none and --overlay-tmpfs => no access to X11
Opened
#383 [GH-ISSUE #548] PulseAudio/Sound is broken when running Chromium
Opened
#384 [GH-ISSUE #547] Ubuntu 16.04 -- No sound
Opened
#385 [GH-ISSUE #550] firejail x11 and openbox
Opened
#386 [GH-ISSUE #551] midori - no gui after upgrade firejail 0.9.40
Opened
#387 [GH-ISSUE #549] xephyr and keyboard layout
Opened
#388 [GH-ISSUE #552] freshplayerplugin Flash causing graphics glitching under firejail
Opened
#389 [GH-ISSUE #553] bug with private-bin and /usr/local/bin
Opened
#390 [GH-ISSUE #554] Firejail security features limited with Chromium based browsers?
Opened
#391 [GH-ISSUE #555] When opened with Firejail, Thunderbird will not open links in default web browser.
Opened
#392 [GH-ISSUE #556] 0.9.38-1~bpo: firejail cannot handle /etc/skel/.bashrc as symlink
Opened
#393 [GH-ISSUE #557] Preventing mouse pointer being locked into firejail Xephyr?
Opened
#394 [GH-ISSUE #560] Missing environment variables in AppImage support
Opened
#395 [GH-ISSUE #559] [CentOS 7.2]Running Firejail 0.9.40 causes /etc/passwd, /etc/group and /etc/gshadow to be locked making useradd, userdel and gpasswd unusable. Kernel 3.10
Opened
#396 [GH-ISSUE #561] --trace does not work with --appimage
Opened
#397 [GH-ISSUE #565] Some firejailed processes join an unsandboxed parent instance
Opened
#398 [GH-ISSUE #563] "Open destination folder" doesn't work in qBittorrent with private-bin
Opened
#399 [GH-ISSUE #562] Can't launch LibreOffice with --net=none
Opened
#400 [GH-ISSUE #569] Is it possible to have proper support for systemd-resolved?
Opened
#401 [GH-ISSUE #567] Allow running even when global config file is missing
Opened
#402 [GH-ISSUE #566] Per-app security restrictions inside a named Firejail sandbox
Opened
#403 [GH-ISSUE #571] PulseAudio support is broken when client.conf is a link
Opened
#404 [GH-ISSUE #572] strace new features relevant?
Opened
#405 [GH-ISSUE #570] X11 Sandboxing security
Opened
#406 [GH-ISSUE #574] Workaround to allow user management with kernels prior to 3.18 when firejail running?
Opened
#407 [GH-ISSUE #576] LibreOffice profile?
Opened
#408 [GH-ISSUE #573] Using Firejail by Default
Opened
#409 [GH-ISSUE #583] How to hide entire home directory except number of subdirectories
Opened
#410 [GH-ISSUE #578] Thought: blacklist all .files and folders by default.
Opened
#411 [GH-ISSUE #581] Firejail and firefox-esr
Opened
#412 [GH-ISSUE #588] support home directory outside of /home
Opened
#413 [GH-ISSUE #587] Xephyr fails with chroot and net
Opened
#414 [GH-ISSUE #589] xpra and private-dev
Opened
#415 [GH-ISSUE #590] Support for File Managers
Opened
#416 [GH-ISSUE #593] Limit the memory size used by the jailed process
Opened
#417 [GH-ISSUE #592] Kill the jailed process by a timer
Opened
#418 [GH-ISSUE #600] Causes mate-volume-control to segfault and audio issues
Opened
#419 [GH-ISSUE #595] Firejail needs root to display version(?!)
Opened
#420 [GH-ISSUE #594] Document how much secure it really is
Opened
#421 [GH-ISSUE #606] telegram 0.9.56 run failure under firejail/commit 74a9ffe66e0f4e41bccea80783c5ac946c3ac51e
Opened
#422 [GH-ISSUE #605] telegram run failure under firejail
Opened
#423 [GH-ISSUE #604] touch/mkfile profile option (like mkdir)
Opened
#424 [GH-ISSUE #608] whitelist and private-dev combination
Opened
#425 [GH-ISSUE #607] A question which I couldn't find in the FAQ
Opened
#426 [GH-ISSUE #609] nosound causes private-dev
Opened
#427 [GH-ISSUE #610] x11 support prerequisites are not fullfilled in some cases
Opened
#428 [GH-ISSUE #611] Build error due to Telegram.profile
Opened
#429 [GH-ISSUE #612] cannot stat '.etc/Telegram.profile': No such file or directory
Opened
#430 [GH-ISSUE #615] PulseAudio 8.0 and Firejail do not work toghether
Opened
#431 [GH-ISSUE #618] "Seccomp.keep chroot" exits with error
Opened
#432 [GH-ISSUE #619] single files binding
Opened
#433 [GH-ISSUE #627] Expand the directories that are possible for whitelisting
Opened
#434 [GH-ISSUE #625] Thunderbird Won't Open Full URL (Only Resource Name)
Opened
#435 [GH-ISSUE #623] protocol unix makes netfilter useless... right?
Opened
#436 [GH-ISSUE #631] Firefox hardware acceleration?
Opened
#437 [GH-ISSUE #632] the ‘nice’ option is ignored when joining
Opened
#438 [GH-ISSUE #630] Core Infrastructure Initiative (CII) Best Practices
Opened
#439 [GH-ISSUE #636] Do not print anything in --quiet mode
Opened
#440 [GH-ISSUE #633] failed to start xpra on Arch Linux
Opened
#441 [GH-ISSUE #635] make read-write opposite of read-only
Opened
#442 [GH-ISSUE #639] allow empty --protocol= list
Opened
#443 [GH-ISSUE #640] Grafics acceleration with --x11=xpra
Opened
#444 [GH-ISSUE #637] Missing .gnomerc in disable-common.inc
Opened
#445 [GH-ISSUE #641] Idea: Adaptive file access rights
Opened
#446 [GH-ISSUE #642] Tor browser returns fatal error if using firejail and Tor's meek protocol
Opened
#447 [GH-ISSUE #644] weechat.profile - duplicate "netfilter" entires
Opened
#448 [GH-ISSUE #648] xpra persists after firejailed app is quit
Opened
#449 [GH-ISSUE #647] [0.9.42-rc1] build failure on non-x86
Opened
#450 [GH-ISSUE #645] "netfilter" enabled by default
Opened
#451 [GH-ISSUE #651] allow "join sandbox_name" in .profile
Opened
#452 [GH-ISSUE #650] Cyberfox
Opened
#453 [GH-ISSUE #649] xpra apps sometimes dont attach
Opened
#454 [GH-ISSUE #666] --trace breaks tar unpacking
Opened
#455 [GH-ISSUE #655] Comparison with minijail
Opened
#456 [GH-ISSUE #656] Viability of use with skype4linux alpha?
Opened
#457 [GH-ISSUE #670] --audit does not warn about --x11 used without --net
Opened
#458 [GH-ISSUE #667] Firecfg does not work for programmes in /usr/local/bin
Opened
#459 [GH-ISSUE #669] Is it possible to avoid remounting /proc on an individual basis?
Opened
#460 [GH-ISSUE #674] Software using libstdc++ breakage on Gentoo (and probably some another distros)
Opened
#461 [GH-ISSUE #675] A basic comprehension question
Opened
#462 [GH-ISSUE #671] No need to open xephyr/xpra window when under --audit
Opened
#463 [GH-ISSUE #678] --private-bin does not warn for non-existing programmes
Opened
#464 [GH-ISSUE #676] Closing Xephyr window when exiting?
Opened
#465 [GH-ISSUE #677] --blacklist=/proc does not blacklist all of /proc
Opened
#466 [GH-ISSUE #680] Build failure
Opened
#467 [GH-ISSUE #682] File /etc/apparmor.d/firejail-default is allways generated
Opened
#468 [GH-ISSUE #683] dns issue with network manager
Opened
#469 [GH-ISSUE #688] Typo in README.md
Opened
#470 [GH-ISSUE #685] --overlay creates files owned by root. Should it?
Opened
#471 [GH-ISSUE #686] detecting malware?
Opened
#472 [GH-ISSUE #693] --x11=xpra prevents the jailed program to output to stdout/stderr
Opened
#473 [GH-ISSUE #692] Running docker via firejail
Opened
#474 [GH-ISSUE #690] Profile for symlinked programs
Opened
#475 [GH-ISSUE #697] question / discussion: would wayland eliminate the need for --x11?
Opened
#476 [GH-ISSUE #698] Whitelisting /var is broken
Opened
#477 [GH-ISSUE #699] Modifying firefox install dir inside jail but not outside
Opened
#478 [GH-ISSUE #700] whitelisting /home/myuser not possible
Opened
#479 [GH-ISSUE #704] Login shells through FireJail - Interpreter initialization files are never read
Opened
#480 [GH-ISSUE #703] When using non-default shell, FireJail shouldn't throw an error if Bash is missing inside the chroot
Opened
#481 [GH-ISSUE #705] "make deb" fails
Opened
#482 [GH-ISSUE #707] Typo in --version output
Opened
#483 [GH-ISSUE #706] When we use the --private-dev option with the --chroot option, the /dev/log socket is missing
Opened
#484 [GH-ISSUE #712] Test for shell interpreter inside chroot is wrong
Opened
#485 [GH-ISSUE #708] Option to disable warnings/errors in production environments
Opened
#486 [GH-ISSUE #710] Question about PS1 / PROMPT_COMMAND
Opened
#487 [GH-ISSUE #715] forum for firejail? is this it?
Opened
#488 [GH-ISSUE #718] thunderbird use "wrong" pdf viewer
Opened
#489 [GH-ISSUE #719] Restricted shell status
Opened
#490 [GH-ISSUE #725] Firejailed processes not always close properly
Opened
#491 [GH-ISSUE #721] chroot fs implementation
Opened
#492 [GH-ISSUE #720] HOME environment variable not adjusted when using --user
Opened
#493 [GH-ISSUE #731] Kernel fix found for known problem, "Cannot install new software while Firejail is running"
Opened
#494 [GH-ISSUE #726] Option inconsistency: relative/absolute paths
Opened
#495 [GH-ISSUE #730] Wishlist: easier way to allow additional system calls
Opened
#496 [GH-ISSUE #736] what to do if --x11 wont work, and which browser?
Opened
#497 [GH-ISSUE #732] New profiles
Opened
#498 [GH-ISSUE #733] how are unix sockets handled outside of the whitelist?
Opened
#499 [GH-ISSUE #739] Invalid whitelist path
Opened
#500 [GH-ISSUE #738] Consider improving the documentation of --whitelist
Opened
#501 [GH-ISSUE #737] lots of terms in disabled common. regexp?
Opened
#502 [GH-ISSUE #741] Whitelisting symlink doesn't work
Opened
#503 [GH-ISSUE #744] blacklisting a symbolic link causes firejail to fail on jessie/armhf
Opened
#504 [GH-ISSUE #740] X11 isolation in profile
Opened
#505 [GH-ISSUE #747] xrandr works on xephyr
Opened
#506 [GH-ISSUE #745] blocking the mic and webcam?
Opened
#507 [GH-ISSUE #746] strange xpra error.
Opened
#508 [GH-ISSUE #748] Closing firejail-xpra window causes X Server crash.
Opened
#509 [GH-ISSUE #750] NFS support: firejail --private issue "cannot transfer .Xauthority"
Opened
#510 [GH-ISSUE #749] 0.9.42~rc2: Runtime Errors
Opened
#511 [GH-ISSUE #759] DNS Rebinding protection?
Opened
#512 [GH-ISSUE #754] Firejail.service
Opened
#513 [GH-ISSUE #756] Lintian warning when building firejail from source
Opened
#514 [GH-ISSUE #764] python-wand not starting with /sbin blacklisted
Opened
#515 [GH-ISSUE #760] Invalid line in profile
Opened
#516 [GH-ISSUE #762] firejail not exiting
Opened
#517 [GH-ISSUE #765] read_pid ignores trailing alphabetical characters
Opened
#518 [GH-ISSUE #768] xpra initialization error
Opened
#519 [GH-ISSUE #767] --x11=xpra still has full access to host X server
Opened
#520 [GH-ISSUE #774] false alarm
Opened
#521 [GH-ISSUE #770] [enhancement] Redesign of private-tmp
Opened
#522 [GH-ISSUE #772] --enable-apparmor option is lost with make deb
Opened
#523 [GH-ISSUE #775] Little inconsistencies in 0.9.43 release notes
Opened
#524 [GH-ISSUE #778] Cannot Start /usr/local/bin/<prog> Using private-bin Profiles (v0.9.42 Regression)
Opened
#525 [GH-ISSUE #777] no man entry for private-template
Opened
#526 [GH-ISSUE #781] Accept /mnt in --whitelist option
Opened
#527 [GH-ISSUE #779] Steam profile blocks access to xboxdrv gamepads
Opened
#528 [GH-ISSUE #780] Error: cannot switch euid to root
Opened
#529 [GH-ISSUE #785] User is missing one of the groups
Opened
#530 [GH-ISSUE #783] Add copy command to Filesystem category in profile
Opened
#531 [GH-ISSUE #784] single instance applications - possible security breach
Opened
#532 [GH-ISSUE #787] Whitelisted directory belongs to uid 65534 within jail
Opened
#533 [GH-ISSUE #786] configuration file should be owned by root
Opened
#534 [GH-ISSUE #789] Backgrounding fetchmail in script
Opened
#535 [GH-ISSUE #792] Support for scripting in firemon
Opened
#536 [GH-ISSUE #793] Overhaul of Profiles
Opened
#537 [GH-ISSUE #791] warzone2100 profile
Opened
#538 [GH-ISSUE #794] Tighter profiles
Opened
#539 [GH-ISSUE #796] Jail escape through DBus
Opened
#540 [GH-ISSUE #795] Document blacklist-nolog
Opened
#541 [GH-ISSUE #800] Add an upload command to add a file from the host to a container
Opened
#542 [GH-ISSUE #797] telegram xpra fail
Opened
#543 [GH-ISSUE #799] Firefox's native Widevine Content Decryption Module doesn't work in firejail
Opened
#544 [GH-ISSUE #801] [enhancement] Document abstract sockets and what to do about them
Opened
#545 [GH-ISSUE #802] Breakout through terminal
Opened
#546 [GH-ISSUE #803] Error with make deb
Opened
#547 [GH-ISSUE #806] Accessing home directory of another user
Opened
#548 [GH-ISSUE #807] Support for custom veth interface names for --net=bridge_interface
Opened
#549 [GH-ISSUE #804] [Bug] Firejail 0.9.42 and grsecurity
Opened
#550 [GH-ISSUE #812] [Request] New profiles
Opened
#551 [GH-ISSUE #811] Support portals
Opened
#552 [GH-ISSUE #810] disable-common.inc noblacklist bug
Opened
#553 [GH-ISSUE #817] Cannot use mlocate within Firejail
Opened
#554 [GH-ISSUE #814] Issue with private-bin option in version 0.9.42
Opened
#555 [GH-ISSUE #816] allow-debuggers: Also allow access to /usr/lib/debug
Opened
#556 [GH-ISSUE #820] dnscrypt-proxy.profile fails with private-dev option enabled
Opened
#557 [GH-ISSUE #818] qt config whitelist-common
Opened
#558 [GH-ISSUE #821] dnscrypt-proxy --version gives "invalid .Xauthority file" error
Opened
#559 [GH-ISSUE #824] firefox: error while loading shared libraries: libstdc++.so.6
Opened
#560 [GH-ISSUE #825] Profile requests
Opened
#561 [GH-ISSUE #823] Enhacement: some profiles
Opened
#562 [GH-ISSUE #827] new xpra version loads very slowly
Opened
#563 [GH-ISSUE #832] private-tmp for sysutils
Opened
#564 [GH-ISSUE #831] private-etc invalid
Opened
#565 [GH-ISSUE #833] read-only behaves inconsistently
Opened
#566 [GH-ISSUE #836] vlc: program does not start with --started-from-file
Opened
#567 [GH-ISSUE #834] enhancement: support user wildcards in login.users
Opened
#568 [GH-ISSUE #839] Conflict with read-only and noexec
Opened
#569 [GH-ISSUE #838] Whitelist only specified input files
Opened
#570 [GH-ISSUE #837] relax ptrace + seccomp restrictions on 4.8 kernel?
Opened
#571 [GH-ISSUE #840] Window title on mate-desktop says "as superuser"
Opened
#572 [GH-ISSUE #842] profile for building software and running test suites ?
Opened
#573 [GH-ISSUE #841] nvidia driver and noroot setting
Opened
#574 [GH-ISSUE #845] LibreOffice doesn't start
Opened
#575 [GH-ISSUE #843] Keepass doesn't start
Opened
#576 [GH-ISSUE #844] vlc is not starting - read-only file system
Opened
#577 [GH-ISSUE #848] Suggest: Extra profiles
Opened
#578 [GH-ISSUE #846] whitelist qt5 webkit
Opened
#579 [GH-ISSUE #847] New profiles
Opened
#580 [GH-ISSUE #853] Enhacement: Add this information to readme
Opened
#581 [GH-ISSUE #850] Cherrytree doesn't find its database anymore
Opened
#582 [GH-ISSUE #849] Hyperlinks with a "&" character get a slash prefix
Opened
#583 [GH-ISSUE #858] What does "shell none" do
Opened
#584 [GH-ISSUE #861] Support AppImage type 2 image format
Opened
#585 [GH-ISSUE #855] Block access to dbus
Opened
#586 [GH-ISSUE #862] Need a way to write to /sys/fs/cgroup inside firejailed process
Opened
#587 [GH-ISSUE #864] Typo in etc/disable-devel.inc
Opened
#588 [GH-ISSUE #863] private-bin: use actual files instead of symbolic links
Opened
#589 [GH-ISSUE #873] Use of systemcalls
Opened
#590 [GH-ISSUE #868] Wine profile (included in default Firejail installation) may be too restrictive
Opened
#591 [GH-ISSUE #869] Can you use dirtycow to break out of firejail? [ QUESTION]
Opened
#592 [GH-ISSUE #876] Question: why when running as root does it mount over /dev/shm
Opened
#593 [GH-ISSUE #875] Warnings with --x11=xorg
Opened
#594 [GH-ISSUE #877] "firejail --chroot=/" destroys resolv.conf
Opened
#595 [GH-ISSUE #879] Can't run any OpenGL apps using nvidia drivers
Opened
#596 [GH-ISSUE #882] cp -a --parents with --private-etc
Opened
#597 [GH-ISSUE #880] --overlayfs problem: user directory not recognize
Opened
#598 [GH-ISSUE #884] slack.profile does not allow opening URLs in messages
Opened
#599 [GH-ISSUE #886] /run/firejail/mnt doesn't get created, hence all firejails fail
Opened
#600 [GH-ISSUE #883] claws-mail.profile doesn't allow attaching to existing session
Opened
#601 [GH-ISSUE #887] restricted shell bug
Opened
#602 [GH-ISSUE #889] {,/usr}/sbin warnings are shown with --quiet
Opened
#603 [GH-ISSUE #888] "firejail --get" always fails
Opened
#604 [GH-ISSUE #894] Ansible role for Firejail
Opened
#605 [GH-ISSUE #892] Ability to turn off pid namespacing?
Opened
#606 [GH-ISSUE #895] IPv6 nameservers
Opened
#607 [GH-ISSUE #896] Firefox doesn't accept SSL certificates anymore
Opened
#608 [GH-ISSUE #902] Wrong icons in Firefox when firejailed under KDE 4
Opened
#609 [GH-ISSUE #897] Blacklist ecryptfs-utils specific files
Opened
#610 [GH-ISSUE #904] vlc segfault on debian jessie
Opened
#611 [GH-ISSUE #903] mkdir in profile does not respect --private=<directory>
Opened
#612 [GH-ISSUE #905] Opening links in external applications under firejailed Firefox
Opened
#613 [GH-ISSUE #906] Open Folder/File not working in Deluge under KDE4
Opened
#614 [GH-ISSUE #908] Thunderbird: Okular can't open PDF files
Opened
#615 [GH-ISSUE #907] firejail --join does not inherit environment
Opened
#616 [GH-ISSUE #909] "--allow-debuggers" always fails
Opened
#617 [GH-ISSUE #911] Read files from system
Opened
#618 [GH-ISSUE #910] Support symlinks for --private-home
Opened
#619 [GH-ISSUE #915] --net=eth0 only works as root
Opened
#620 [GH-ISSUE #913] launching non-existing command - should be verbose
Opened
#621 [GH-ISSUE #914] Support private /opt
Opened
#622 [GH-ISSUE #917] Applications opening as superuser mode
Opened
#623 [GH-ISSUE #919] Disable warning for disabled networking
Opened
#624 [GH-ISSUE #918] seccomp: document logging and audit.d
Opened
#625 [GH-ISSUE #922] firejail --seccomp opera' fails with setuid sandbox is not running as root (...) Failed to move to new namespace'
Opened
#626 [GH-ISSUE #925] mkdeb.sh fails
Opened
#627 [GH-ISSUE #921] enable /home/share
Opened
#628 [GH-ISSUE #927] have systemd apply firejail
Opened
#629 [GH-ISSUE #928] Services preventing firejail from stopping
Opened
#630 [GH-ISSUE #926] private-bin fails when executing binaries in /usr/lib
Opened
#631 [GH-ISSUE #930] Atril doesn't work with --net=none
Opened
#632 [GH-ISSUE #929] noroot missing in some profiles
Opened
#633 [GH-ISSUE #931] Option to start new sandbox from another sandbox
Opened
#634 [GH-ISSUE #934] evince starts service outside of sandbox
Opened
#635 [GH-ISSUE #933] fseccomp Error with --chroot option
Opened
#636 [GH-ISSUE #932] Quiet-by-default seems to be broken
Opened
#637 [GH-ISSUE #938] atom profile breaks git integration
Opened
#638 [GH-ISSUE #935] firecfg options
Opened
#639 [GH-ISSUE #937] Whitelisted keepassx in web browser profiles
Opened
#640 [GH-ISSUE #940] Implement SandboxIE features
Opened
#641 [GH-ISSUE #942] If name of the sandbox isn't defined...
Opened
#642 [GH-ISSUE #939] Isolate IPC
Opened
#643 [GH-ISSUE #944] firejailed ssh tunnel?
Opened
#644 [GH-ISSUE #947] Chromium 'Save as' doesn't work with --net on KDE
Opened
#645 [GH-ISSUE #948] gajim.profile fix
Opened
#646 [GH-ISSUE #950] Add KDE's konsole to blacklisted terminal emulators
Opened
#647 [GH-ISSUE #954] Questions regarding inheritance
Opened
#648 [GH-ISSUE #952] firecfg enhancements
Opened
#649 [GH-ISSUE #955] Spoof D-Bus machine-id
Opened
#650 [GH-ISSUE #958] Qutebrowser fails to load with qutebrowser.conf profile and webengine backend
Opened
#651 [GH-ISSUE #956] Reverse scrolling not working in firejail
Opened
#652 [GH-ISSUE #964] Set FIREJAIL_PROMPT enabled by default?
Opened
#653 [GH-ISSUE #961] Whitelisting folder?
Opened
#654 [GH-ISSUE #959] Firefox blacklist violation for fontconfig
Opened
#655 [GH-ISSUE #965] GTK 3 theme in Xephyr sandbox?
Opened
#656 [GH-ISSUE #968] 'configuration file should be owned by root' error
Opened
#657 [GH-ISSUE #966] after updating firejail screen and tmux terminal mixer cease to work
Opened
#658 [GH-ISSUE #971] ld.so.preload issue when running x32 apps on x64 host
Opened
#659 [GH-ISSUE #969] Unable to override PS1 (command prompt)
Opened
#660 [GH-ISSUE #970] firejail allows R/W files outside of the sandbox when run without arguments
Opened
#661 [GH-ISSUE #972] security profile is being read twice under certain circumstances
Opened
#662 [GH-ISSUE #973] Why not a profile for Tor Messenger
Opened
#663 [GH-ISSUE #974] gateway in sandbox depends on --net parameters order
Opened
#664 [GH-ISSUE #977] dbus filter
Opened
#665 [GH-ISSUE #975] Steam doesn't start on Ubuntu 16.04
Opened
#666 [GH-ISSUE #976] Feature request: Integrate with kafel seccomp-bpf configuration language
Opened
#667 [GH-ISSUE #980] A GUI tool to create profiles
Opened
#668 [GH-ISSUE #982] Consider using CMake as a build system
Opened
#669 [GH-ISSUE #981] Build and publish binaries automatically using CI
Opened
#670 [GH-ISSUE #983] Support the standard Unix SHELL environment variable
Opened
#671 [GH-ISSUE #985] Document the high-level architecture of firejail
Opened
#672 [GH-ISSUE #984] Blacklist /etc/firejail?
Opened
#673 [GH-ISSUE #987] firejail-default is not added into .deb and is not installed with deb installation
Opened
#674 [GH-ISSUE #986] Find out which Qubes components can be reused in firejail
Opened
#675 [GH-ISSUE #989] Move profiles into a separate repo and use as submodule
Opened
#676 [GH-ISSUE #992] SDL error when trying to run certain games in steam
Opened
#677 [GH-ISSUE #996] Firefox and libGL problem
Opened
#678 [GH-ISSUE #995] Thunderbird accesses ~/.mozilla even when blacklisted
Opened
#679 [GH-ISSUE #999] Fails to build with mtune=native (haswell), or -O3
Opened
#680 [GH-ISSUE #998] gui isolation through wayland
Opened
#681 [GH-ISSUE #997] Can't use firejail for Counter-Strike (CSGO)
Opened
#682 [GH-ISSUE #1000] support all user readable directories (except cfg.homedir) in --private-home
Opened
#683 [GH-ISSUE #1003] New profiles
Opened
#684 [GH-ISSUE #1001] blacklist /mnt by default
Opened
#685 [GH-ISSUE #1007] pass proper DPI to xpra and xephyr
Opened
#686 [GH-ISSUE #1005] little scripts to copy/paste and resize firejail --x11
Opened
#687 [GH-ISSUE #1008] Can't run Chromium in firejail with --overlay-tmpfs option
Opened
#688 [GH-ISSUE #1011] Creation of blacklisted or read-only files
Opened
#689 [GH-ISSUE #1012] gpg.profile prevents adding ppa
Opened
#690 [GH-ISSUE #1013] "Error mkdir" appears inconsistently
Opened
#691 [GH-ISSUE #1014] Running steam in firejail shows the login window with the copy of the background
Opened
#692 [GH-ISSUE #1016] firejail --x11=xpra doesn't attach with firefox
Opened
#693 [GH-ISSUE #1015] Firejail prevents printing in AppArmored applications
Opened
#694 [GH-ISSUE #1020] local root firejail ??
Opened
#695 [GH-ISSUE #1018] Issue with --noblacklist having no effect
Opened
#696 [GH-ISSUE #1019] private-dev not working?
Opened
#697 [GH-ISSUE #1028] ~/.config/pulse cannot be whitelisted (always overriden unless nosound)
Opened
#698 [GH-ISSUE #1023] Root shell via --bandwidth and --shell
Opened
#699 [GH-ISSUE #1022] hybrid isolation approaches
Opened
#700 [GH-ISSUE #1029] giving lxc a restricted x server or wayland session?
Opened
#701 [GH-ISSUE #1031] Bug: I've found a working exploit against firejail
Opened
#702 [GH-ISSUE #1030] Issue: please fix the RSS feed on the wordpress site.
Opened
#703 [GH-ISSUE #1038] Profiles: QuiteRSS is unable to start browser
Opened
#704 [GH-ISSUE #1032] 0.9.45 (git HEAD): "Error mount bind ld.so.preload"
Opened
#705 [GH-ISSUE #1039] ASSERT_PERMS_FD should use fstat() rather than stat()
Opened
#706 [GH-ISSUE #1040] Application (web browser) freeze when streaming Silverlight video from within an OverlayFS
Opened
#707 [GH-ISSUE #1042] [Patch] On including <sys/sysmacros.h>
Opened
#708 [GH-ISSUE #1041] Ability to launch an entire xsession from lightdm?
Opened
#709 [GH-ISSUE #1046] rules: Firejail is preventing epiphany from "installing" web applications
Opened
#710 [GH-ISSUE #1045] GPU acceleration not working out of the box anymore with vglusers
Opened
#711 [GH-ISSUE #1043] $HOME is wrong under some situations
Opened
#712 [GH-ISSUE #1049] LTS version missing features and profiles?
Opened
#713 [GH-ISSUE #1047] SSH login: Permission denied error
Opened
#714 [GH-ISSUE #1048] Firefox freezes when opened with many tabs
Opened
#715 [GH-ISSUE #1051] Firejail prevents qbittorrent from accessing tun0 network interface
Opened
#716 [GH-ISSUE #1054] No sound using pulseaudio after 0.9.44.6 update
Opened
#717 [GH-ISSUE #1050] VLC audio issue on the latest release 0.9.44.6.
Opened
#718 [GH-ISSUE #1058] Feature request: join network namespace created by 'ip netns create'
Opened
#719 [GH-ISSUE #1055] Firefox Developer Version - 52.0a2 (2017-01-16) (64-bit) not setting as default browser
Opened
#720 [GH-ISSUE #1057] Firefox without Sound, Qmmp don't play an song
Opened
#721 [GH-ISSUE #1065] --x11=xorg "unable to open display" but runs anyway
Opened
#722 [GH-ISSUE #1063] bindmount for /etc/hosts without root
Opened
#723 [GH-ISSUE #1059] Firejailed Gajim doesn't start on Debian 9
Opened
#724 [GH-ISSUE #1069] Arch Warning: noroot option is not available
Opened
#725 [GH-ISSUE #1067] copr repo for firetools
Opened
#726 [GH-ISSUE #1066] Trying to run firejail on Heroku (existing sandbox was detected)
Opened
#727 [GH-ISSUE #1071] Per directory overlayfs filesystems?
Opened
#728 [GH-ISSUE #1070] firejail not launching Firefox
Opened
#729 [GH-ISSUE #1072] --no-tmpfs option?
Opened
#730 [GH-ISSUE #1074] Gnome-mplayer profile issue with private-bin
Opened
#731 [GH-ISSUE #1073] Ability to disable process namespaces
Opened
#732 [GH-ISSUE #1075] RFC: --x11=xvfb mode
Opened
#733 [GH-ISSUE #1078] Issue whitelisting or noblacklisting home dir
Opened
#734 [GH-ISSUE #1077] hide new userspace warning with --quiet
Opened
#735 [GH-ISSUE #1076] Cannot ping my machine when I use --ip option
Opened
#736 [GH-ISSUE #1081] firecfg --fix does not ensure that ~/.local/share/applications exists
Opened
#737 [GH-ISSUE #1082] Why are root-owned files owned by uid 65534 inside sandboxes?
Opened
#738 [GH-ISSUE #1080] Owlboy: Unable to detect controllers
Opened
#739 [GH-ISSUE #1085] option to expose only whitelisted ip:port:protocol into the sandbox
Opened
#740 [GH-ISSUE #1084] firejail X window ID should be unique
Opened
#741 [GH-ISSUE #1083] Xephyr can't see abstract socket for outer X server when sandboxed
Opened
#742 [GH-ISSUE #1086] Default ssh profile prevents ProxyJump
Opened
#743 [GH-ISSUE #1088] Sandboxed daemon cannot mmap to kernel
Opened
#744 [GH-ISSUE #1087] --private combined with --hostname and GUI app
Opened
#745 [GH-ISSUE #1092] request: a profile for amule
Opened
#746 [GH-ISSUE #1091] A question about noroot and seccomp with >3.5 kernels
Opened
#747 [GH-ISSUE #1090] Weird issue with Audacious and Firefox with --private=directory
Opened
#748 [GH-ISSUE #1094] [Feature request] Provide easier way to install without root.
Opened
#749 [GH-ISSUE #1093] Question: firejail + proxychains/torsocks
Opened
#750 [GH-ISSUE #1095] Firefox extension accessing non-whitelisted folder
Opened
#751 [GH-ISSUE #1096] Firefox 51.0 segfaults with --private-dev option
Opened
#752 [GH-ISSUE #1098] Cannot whitelist symlinks that point outside home directory
Opened
#753 [GH-ISSUE #1097] chromium: Do different tabs run in separate sandboxes?
Opened
#754 [GH-ISSUE #1104] Does Firejail protect against ASLR bypasses?
Opened
#755 [GH-ISSUE #1101] Latest firefox doesn't work with firejail
Opened
#756 [GH-ISSUE #1102] Error: cannot access AppImage file
Opened
#757 [GH-ISSUE #1107] Temporary specific folders
Opened
#758 [GH-ISSUE #1109] Qemu Woes
Opened
#759 [GH-ISSUE #1105] Arbitrary command line arguments in profile files?
Opened
#760 [GH-ISSUE #1110] Brave profile broken
Opened
#761 [GH-ISSUE #1111] Arch users, --dns= required for Firefox to connect to internet for wired interfaces?
Opened
#762 [GH-ISSUE #1112] Question: How can i fix this profile?
Opened
#763 [GH-ISSUE #1115] better self-explaining options (than --private)
Opened
#764 [GH-ISSUE #1113] suspend a jail
Opened
#765 [GH-ISSUE #1114] Warnings still displayed despite of --quiet
Opened
#766 [GH-ISSUE #1116] Failing to get X11 sandboxing working on Arch
Opened
#767 [GH-ISSUE #1119] overiding disable-common.local in selected profiles?
Opened
#768 [GH-ISSUE #1117] --no-join (option to disallow firejail --join)
Opened
#769 [GH-ISSUE #1120] Keepass section in browser profiles
Opened
#770 [GH-ISSUE #1121] Persistent sandboxes
Opened
#771 [GH-ISSUE #1122] $HOME not set properly with --user option
Opened
#772 [GH-ISSUE #1123] allow --net only for sandboxes started (or configured) by root
Opened
#773 [GH-ISSUE #1126] --netfilter example not in effect
Opened
#774 [GH-ISSUE #1125] default-policy.conf to select whitelisting (isolated operation) or blacklisting (integated operation)
Opened
#775 [GH-ISSUE #1129] [bug] Changed behaviour of private-bin (resulting in broken apps)
Opened
#776 [GH-ISSUE #1128] processes not terminated properly
Opened
#777 [GH-ISSUE #1127] --whitelist=~/.bashrc temporarily overwrites .bashrc
Opened
#778 [GH-ISSUE #1130] mkdir and whitelist enhancements
Opened
#779 [GH-ISSUE #1131] Error: cannot access profile file
Opened
#780 [GH-ISSUE #1132] [bug?] private-bin brakes sound (pulseaudio) support
Opened
#781 [GH-ISSUE #1134] [Solved] Virtualbox error in Manjaro: "Effective UID is not root"
Opened
#782 [GH-ISSUE #1133] [discussion] allow to specify full path to the binary in private-bin
Opened
#783 [GH-ISSUE #1135] Possibility to override whitelist defined in system-wide profile
Opened
#784 [GH-ISSUE #1136] wine speed in firejail
Opened
#785 [GH-ISSUE #1138] CentOS: private-tmp problems
Opened
#786 [GH-ISSUE #1137] Chrome applications (including electron) that use system tray sets empty tray icon when private-tmp is active
Opened
#787 [GH-ISSUE #1140] Strange error when I use firejail with $HOME/.local for prefix
Opened
#788 [GH-ISSUE #1141] tmpfs on top of ~/.cache directory by default
Opened
#789 [GH-ISSUE #1139] Profile requests
Opened
#790 [GH-ISSUE #1143] Failure to firejail a custom AppImage
Opened
#791 [GH-ISSUE #1142] Ability to use a proxy.
Opened
#792 [GH-ISSUE #1144] Whitelist symlinkeddir of origin
Opened
#793 [GH-ISSUE #1157] Closing a window using xpra sandboxing crashes the entire X server
Opened
#794 [GH-ISSUE #1148] nogroups option and man page
Opened
#795 [GH-ISSUE #1150] terminix renamed to tilix
Opened
#796 [GH-ISSUE #1161] Pale Moon profile invalid, line 30 being the problem
Opened
#797 [GH-ISSUE #1158] Root priv esc via tmpfs TOCTOU
Opened
#798 [GH-ISSUE #1160] [Information] Firejail + Tor
Opened
#799 [GH-ISSUE #1167] Midori profile broken on Arch
Opened
#800 [GH-ISSUE #1168] Setting rlimit-fsize to 4GB fails
Opened
#801 [GH-ISSUE #1162] Vivaldi doesn't play livestream
Opened
#802 [GH-ISSUE #1170] removed man firejail-config still referenced in firejail.config
Opened
#803 [GH-ISSUE #1169] Using --private-bin with iceweasel (information) ?
Opened
#804 [GH-ISSUE #1171] leftovers from 'tmpfs on ~/.cache' in /etc/firejail/firejail.config
Opened
#805 [GH-ISSUE #1172] --private=directory and pulseaudio (steam, alsa underruns)
Opened
#806 [GH-ISSUE #1175] Pulseaudio issue (no sound) when running Firefox in Firejail
Opened
#807 [GH-ISSUE #1173] Firefox can't save bookmarks
Opened
#808 [GH-ISSUE #1178] question: how can i sandbox a DE
Opened
#809 [GH-ISSUE #1176] Firejail app cannot communicate with my Yubikey
Opened
#810 [GH-ISSUE #1179] vlc profile fail
Opened
#811 [GH-ISSUE #1183] enhacement: fix these cve
Opened
#812 [GH-ISSUE #1185] systemd/firejail interaction
Opened
#813 [GH-ISSUE #1180] Whitelists not working?
Opened
#814 [GH-ISSUE #1191] OpenGL failure on Fedora due to SElinux
Opened
#815 [GH-ISSUE #1187] Add missing negator instructions
Opened
#816 [GH-ISSUE #1189] [Question?] Modifying Brave profile to allow built-in password manager (keyring-dependent) to actually work
Opened
#817 [GH-ISSUE #1192] vivaldi fail
Opened
#818 [GH-ISSUE #1196] application window greys out
Opened
#819 [GH-ISSUE #1193] palemoon fails too
Opened
#820 [GH-ISSUE #1197] --x11=xorg couldn't query Security extension
Opened
#821 [GH-ISSUE #1199] Where is Downloads folder for --private option?
Opened
#822 [GH-ISSUE #1200] Is there a point in --net=<ethernet_interface> if you don't use X11 sandboxing?
Opened
#823 [GH-ISSUE #1203] '--quiet' not suppressing all informational messages
Opened
#824 [GH-ISSUE #1202] Error in Ubuntu Gnome 17.04 (firejail version 0.9.46~rc1)
Opened
#825 [GH-ISSUE #1204] Keyboard doesn't work with Chrome browser/Firefox (firejail version 0.9.46~rc1, Ubuntu Gnome 17.04)
Opened
#826 [GH-ISSUE #1210] Experience in running Firejail inside a Docker container?
Opened
#827 [GH-ISSUE #1206] Small question regarding dns setting in profile files.
Opened
#828 [GH-ISSUE #1211] enhacement
Opened
#829 [GH-ISSUE #1212] feature request, 'xephyr-extra-params -dpi' option
Opened
#830 [GH-ISSUE #1213] Exceptions to blacklists and 'noexec {HOME}'
Opened
#831 [GH-ISSUE #1215] Nylas Mail Profile
Opened
#832 [GH-ISSUE #1217] Use curly-brackets in filename instead of ()
Opened
#833 [GH-ISSUE #1218] Running x9 csgo processes sandboxed
Opened
#834 [GH-ISSUE #1216] Unable to build master
Opened
#835 [GH-ISSUE #1227] How secure is firejail for unknown programs?
Opened
#836 [GH-ISSUE #1231] Feature Request: Per profile 'disable-mnt'
Opened
#837 [GH-ISSUE #1230] sftp problem
Opened
#838 [GH-ISSUE #1233] --no3d in virtual machines?
Opened
#839 [GH-ISSUE #1235] Using both noblacklist and read-only on the same folder
Opened
#840 [GH-ISSUE #1234] Support whitelisting in overlayfs
Opened
#841 [GH-ISSUE #1238] default bind mounts and noexec option
Opened
#842 [GH-ISSUE #1236] cannot use a bridge that has no IP address
Opened
#843 [GH-ISSUE #1237] Pulseaudio 10.0 with Firefox not working with 0.9.44.10 on PCLinuxOS KDE 64-bit
Opened
#844 [GH-ISSUE #1243] Error fcopy: invalid file
Opened
#845 [GH-ISSUE #1241] Despite firejail workin on firefox I can acces all files on my hard disk from the browser
Opened
#846 [GH-ISSUE #1240] Firejail and Steam Games
Opened
#847 [GH-ISSUE #1246] grsec: user can not create network interfaces
Opened
#848 [GH-ISSUE #1244] Using --trace to generate initial profiles
Opened
#849 [GH-ISSUE #1245] new profiles
Opened
#850 [GH-ISSUE #1247] Missing: --default-gw6
Opened
#851 [GH-ISSUE #1248] Chromium video calling doesn't work (e.g. Hangouts)
Opened
#852 [GH-ISSUE #1249] Typo in user instructions in some profile files
Opened
#853 [GH-ISSUE #1251] Question: "apocalypse" settings for chromium
Opened
#854 [GH-ISSUE #1255] Modify whitelist's behaviour
Opened
#855 [GH-ISSUE #1250] Question regarding whitelisting a specific file inside a blacklisted directory.
Opened
#856 [GH-ISSUE #1256] More reliable alternative to /usr/local/bin
Opened
#857 [GH-ISSUE #1257] How do I allow qutebrowser to access its external editor (URxvt with Vim)?
Opened
#858 [GH-ISSUE #1258] new profile
Opened
#859 [GH-ISSUE #1259] mpv profile not working with if creating /usr/local/bin/mpv wrapper
Opened
#860 [GH-ISSUE #1264] Firejail in PHP exec() results in "Error: user .config directory is not owned by the current user"
Opened
#861 [GH-ISSUE #1261] File Manager Sandboxing
Opened
#862 [GH-ISSUE #1268] After using firecfg there are lot's of GIMP errors when launching it
Opened
#863 [GH-ISSUE #1267] Firejail profile for eye of gnome breaks steam screenshots images
Opened
#864 [GH-ISSUE #1271] new profiles
Opened
#865 [GH-ISSUE #1274] (firefox:5): dconf-CRITICAL
Opened
#866 [GH-ISSUE #1273] cannot find group id
Opened
#867 [GH-ISSUE #1272] Can't run firefox with firejail outside of /usr/bin
Opened
#868 [GH-ISSUE #1277] Garbled VLC menus?
Opened
#869 [GH-ISSUE #1276] 0.9.46 Breaks Profile Links
Opened
#870 [GH-ISSUE #1275] Startup given processes automatically in firejail
Opened
#871 [GH-ISSUE #1281] [firecfg 0.9.46] non-admin users can't fix their desktop files
Opened
#872 [GH-ISSUE #1280] steam.profile update breaks steam
Opened
#873 [GH-ISSUE #1282] support xonsh as the login shell
Opened
#874 [GH-ISSUE #1286] private-dev for firefox/chrome
Opened
#875 [GH-ISSUE #1287] Firefox crashes with ipc-namespace (or something related)
Opened
#876 [GH-ISSUE #1285] Unable to create a profile containing "overlay-tmpfs"
Opened
#877 [GH-ISSUE #1290] console switching, xpra crashes
Opened
#878 [GH-ISSUE #1291] qupzilla.profile includes files which do not exist
Opened
#879 [GH-ISSUE #1289] firejail doesn't exit automatically when running firefox
Opened
#880 [GH-ISSUE #1292] Provided clementine profile causes library scanning to fail
Opened
#881 [GH-ISSUE #1294] Seamonkey fails
Opened
#882 [GH-ISSUE #1293] add me
Opened
#883 [GH-ISSUE #1298] Update to 0.9.46-2~0ubuntu16.04.0 has broken all browsers...
Opened
#884 [GH-ISSUE #1299] ssh fails when used with Kerberos
Opened
#885 [GH-ISSUE #1300] Gnome-calculator not working in firejail 0.9.46
Opened
#886 [GH-ISSUE #1303] Using private command doesn't use '.local's, uses main profile.
Opened
#887 [GH-ISSUE #1301] Spotify takes too long to open in firejail 0.9.46
Opened
#888 [GH-ISSUE #1302] Firejail causes ibus not to work in Qt applications
Opened
#889 [GH-ISSUE #1308] Information in window title that program is running firejailed?
Opened
#890 [GH-ISSUE #1305] Custom include for dns option
Opened
#891 [GH-ISSUE #1306] spotify: Failed to load libGL.so.1
Opened
#892 [GH-ISSUE #1309] Pushing changes/limitations upstream
Opened
#893 [GH-ISSUE #1310] Seccomp execve - Operation not permitted launching an app
Opened
#894 [GH-ISSUE #1311] Thunar won't start with basic command 'firejail thunar' (actually, it starts, but not sandboxed)
Opened
#895 [GH-ISSUE #1312] No sound in Firefox
Opened
#896 [GH-ISSUE #1314] Tutorial / script for firejail Tor bridgers to make feature more accessible
Opened
#897 [GH-ISSUE #1313] Also read /etc/hosts when using the firejail hosts-file option
Opened
#898 [GH-ISSUE #1316] trouble with firemon --x11 from scripts.
Opened
#899 [GH-ISSUE #1318] [INFORMATION] Need review about article
Opened
#900 [GH-ISSUE #1319] [DOC] Firefox doesn’t open in a new sandbox...
Opened
#901 [GH-ISSUE #1323] Digikam profile
Opened
#902 [GH-ISSUE #1320] 0.9.44.10 -> 0.9.46: libstdc++.so cannot be loaded
Opened
#903 [GH-ISSUE #1321] keepassx segfault
Opened
#904 [GH-ISSUE #1325] Bug in disable-programs.inc
Opened
#905 [GH-ISSUE #1326] firejail-0.9.46-1 cannot use firejail as shell
Opened
#906 [GH-ISSUE #1324] seccomp.keep fails on Arch
Opened
#907 [GH-ISSUE #1328] firejail 0.9.46 private-bin breaks with no errors or warnings
Opened
#908 [GH-ISSUE #1327] firejail 0.9.46 private-etc broken?
Opened
#909 [GH-ISSUE #1329] Build failure: userfaultfd syscall
Opened
#910 [GH-ISSUE #1331] Firefox crash
Opened
#911 [GH-ISSUE #1330] Included ktorrent profile whitelists wrong config files
Opened
#912 [GH-ISSUE #1332] private-etc with custom files
Opened
#913 [GH-ISSUE #1335] Included firefox profile does not whitelist all the okular config files
Opened
#914 [GH-ISSUE #1333] typo in qpdfview profile
Opened
#915 [GH-ISSUE #1334] private-tmp option in chromium.profile causes URLs to be opened in new Chromium window, potentially corrupts chromium profile and browsing history
Opened
#916 [GH-ISSUE #1336] Taking XAUTHORITY out of --x11=xorg sandbox?
Opened
#917 [GH-ISSUE #1337] Possible to set runtime limit?
Opened
#918 [GH-ISSUE #1338] Firefox within firejail interfering with pulseaudio
Opened
#919 [GH-ISSUE #1341] Can not show html-mails in Claws-Mail
Opened
#920 [GH-ISSUE #1340] Chromium trying to open another instance if opened in firejail
Opened
#921 [GH-ISSUE #1339] Stopping alias
Opened
#922 [GH-ISSUE #1344] Firefox and thunderbird are starting as root
Opened
#923 [GH-ISSUE #1346] private-bin and shells
Opened
#924 [GH-ISSUE #1342] firejail {--tree|--list} not listing anything
Opened
#925 [GH-ISSUE #1347] Implications of CONFIG_USER_NS
Opened
#926 [GH-ISSUE #1349] Profiles missing in firecfg.config
Opened
#927 [GH-ISSUE #1348] Disallowing fchmod is incompatible with --nogroups in 0.9.46 and later
Opened
#928 [GH-ISSUE #1351] Increased cpu usage on certain webpages which contain gifs on qutebrowser, luakit
Opened
#929 [GH-ISSUE #1350] Don't overwrite window title when attaching to xpra display
Opened
#930 [GH-ISSUE #1352] What is a security purpose of fairjail?
Opened
#931 [GH-ISSUE #1356] Typo in geary profile
Opened
#932 [GH-ISSUE #1353] Whitelist not working?
Opened
#933 [GH-ISSUE #1355] "Firefox is not currently set as your default browser"
Opened
#934 [GH-ISSUE #1366] seccomp.keep and seccomp
Opened
#935 [GH-ISSUE #1364] Cannot run palemoon in firejail
Opened
#936 [GH-ISSUE #1362] google-chrome profiles not working with plugins
Opened
#937 [GH-ISSUE #1371] seccomp and ignore
Opened
#938 [GH-ISSUE #1368] Allow Xephyr server dimensions as a command or profile option.
Opened
#939 [GH-ISSUE #1370] keepassxc: typo in keepassxc.profile
Opened
#940 [GH-ISSUE #1376] Grsecurity, Firejail and Bridge Networking
Opened
#941 [GH-ISSUE #1378] /usr/bin/dbus-launch inhibits --x11 server exit. Blacklisting it seems to fix it.
Opened
#942 [GH-ISSUE #1375] invalid --output=logfile command line option
Opened
#943 [GH-ISSUE #1381] firefox: Yubico u2f token is not detected (private-dev)
Opened
#944 [GH-ISSUE #1382] firetools_0.9.46.deb depends on libqt4-svg
Opened
#945 [GH-ISSUE #1383] Programs with periods in their name fail to use their profile when run via symlink method
Opened
#946 [GH-ISSUE #1384] Not working in LXC (Proxmox VE); Error: "cannot establish communication with the parent"
Opened
#947 [GH-ISSUE #1386] xdg-open not working for opening links from firejailed pidgin in firejailed chromium
Opened
#948 [GH-ISSUE #1385] Can't killall firejailed chromium
Opened
#949 [GH-ISSUE #1388] 2 gotchas with whitelist (ending / and origin dir of a symlinked file)
Opened
#950 [GH-ISSUE #1391] Okular won't start the second instance - can't open more than one pdf file at the same time
Opened
#951 [GH-ISSUE #1387] Firejail with systemd daemon
Opened
#952 [GH-ISSUE #1396] Steam is unable to use its internal web browser
Opened
#953 [GH-ISSUE #1392] Okular plays sound despite the --nosound argument
Opened
#954 [GH-ISSUE #1395] Wire Webapp Unable to Complete Loading in Firefox
Opened
#955 [GH-ISSUE #1400] Xpra killing emacs daemon on exit
Opened
#956 [GH-ISSUE #1398] Allow custom temporary (--private) profile
Opened
#957 [GH-ISSUE #1401] How to use input methods with graphical isolation?
Opened
#958 [GH-ISSUE #1406] ARP cache pollution when using net namespaces.
Opened
#959 [GH-ISSUE #1404] xpra-extra-params throws an error
Opened
#960 [GH-ISSUE #1405] Firejail X11 sandboxing unusable with latest xpra
Opened
#961 [GH-ISSUE #1413] noroot not effective with ssh?
Opened
#962 [GH-ISSUE #1417] Feature: Easier alternative to list of syscalls for --seccomp: add pre-defined syscall groups
Opened
#963 [GH-ISSUE #1414] Firefox Nightly broken due to firejail's seccomp
Opened
#964 [GH-ISSUE #1418] Websocket and Firejail
Opened
#965 [GH-ISSUE #1419] Archive Managers can't acces network folders
Opened
#966 [GH-ISSUE #1420] dropbox can't start: permission denied to ~/.dropbox-dist
Opened
#967 [GH-ISSUE #1425] [profile request] rambox
Opened
#968 [GH-ISSUE #1429] private-bin needs to understand filenames by absolute paths (even with restriction to {/usr{/local,},}/{s,}bin)
Opened
#969 [GH-ISSUE #1422] mutt + gpg indefinitely hangs
Opened
#970 [GH-ISSUE #1439] Supplementary groups not working
Opened
#971 [GH-ISSUE #1440] What's the difference between --chroot= and --private= ?
Opened
#972 [GH-ISSUE #1434] app local profiles should be placed before global local profiles
Opened
#973 [GH-ISSUE #1446] Allow private-dev to accept aditional devices
Opened
#974 [GH-ISSUE #1447] Feature: allow any syscall to be blacklisted with aid of LD_PRELOAD library
Opened
#975 [GH-ISSUE #1441] Whitelist isn't really a whitelist...?
Opened
#976 [GH-ISSUE #1450] firecfg incompletely installing
Opened
#977 [GH-ISSUE #1454] mutt crashes when using t-prot
Opened
#978 [GH-ISSUE #1455] improve debug messages
Opened
#979 [GH-ISSUE #1456] improve exception handling / dynamic filter customization
Opened
#980 [GH-ISSUE #1458] option output=logfile mangles screen display for ncurses programs (ie. mutt)
Opened
#981 [GH-ISSUE #1457] Unable to write mail in mutt (using emacsclient)
Opened
#982 [GH-ISSUE #1462] Unable to --join to -x11 firefox
Opened
#983 [GH-ISSUE #1459] Mutt fails to read mail attachments (using lynx / gnu highlight)
Opened
#984 [GH-ISSUE #1463] wrong/corrupted tray icon running telegram in ubuntu with lxpanel / openbox
Opened
#985 [GH-ISSUE #1470] No sound in Firefox (with apulse)
Opened
#986 [GH-ISSUE #1464] Cannot execute file with .sh extension in /usr/bin
Opened
#987 [GH-ISSUE #1467] Can't access computer:/// from PCMan File Manager
Opened
#988 [GH-ISSUE #1476] What is the syntax for hosts-file in profiles ?
Opened
#989 [GH-ISSUE #1471] firejail --noprofile allows gksu(do) but not pkexec
Opened
#990 [GH-ISSUE #1474] whitelist /dev/serial
Opened
#991 [GH-ISSUE #1478] Question regarding symlinks and firejail
Opened
#992 [GH-ISSUE #1480] firecfg error if /usr/local/bin does not exist
Opened
#993 [GH-ISSUE #1479] Feature: switch/config option to block secondary architectures
Opened
#994 [GH-ISSUE #1487] Firefox + Firejail + AppArmor (+ encrypted home directory) seem not to work together
Opened
#995 [GH-ISSUE #1486] xpra window isn't displaying / xpra-extra-params broken in firejail-git
Opened
#996 [GH-ISSUE #1481] Claws-mail doesn't open external links in Vivaldi browser
Opened
#997 [GH-ISSUE #1491] How to simulate the installation of programs?
Opened
#998 [GH-ISSUE #1492] Xonotic doesn't launch with firejail
Opened
#999 [GH-ISSUE #1490] Better way to investigate syscalls
Opened
#1000 [GH-ISSUE #1497] Question regarding specific case where qutebrowser can launch without access to ~/.local and ~/.cache
Opened
#1001 [GH-ISSUE #1499] Setting DISPLAY in --env setting does not work
Opened
#1002 [GH-ISSUE #1498] Atril doesn't launch anymore in firejail, but there's a workaround
Opened
#1003 [GH-ISSUE #1502] test suite errors
Opened
#1004 [GH-ISSUE #1504] build failure on some architectures
Opened
#1005 [GH-ISSUE #1505] Gnome-terminal stops working after stopping xpra
Opened
#1006 [GH-ISSUE #1506] Cannot run qutebrowser with Firejail due to "No module named PyQt5.QtSql"
Opened
#1007 [GH-ISSUE #1508] Hexchat notification sounds are not played.
Opened
#1008 [GH-ISSUE #1507] Slack notification sounds are not played.
Opened
#1009 [GH-ISSUE #1513] [Spotify] Blacklisting too restrictive - firejail 0.9.48
Opened
#1010 [GH-ISSUE #1509] Thunderbird profile and localhost emails
Opened
#1011 [GH-ISSUE #1510] Question: ‘program.local’ ‘global.local’ and ‘program.profile’?
Opened
#1012 [GH-ISSUE #1516] Can't start yandex-browser with firejail
Opened
#1013 [GH-ISSUE #1514] Invalid argument on Libreoffice's Appimage Recipe
Opened
#1014 [GH-ISSUE #1518] ControlSocket failed behaviour with ssh
Opened
#1015 [GH-ISSUE #1522] Errors about elevating to root
Opened
#1016 [GH-ISSUE #1520] Firejail MySQL
Opened
#1017 [GH-ISSUE #1521] Unable to run a C executable in firejail: Permission denied error.
Opened
#1018 [GH-ISSUE #1527] caps.keep broken on the commandline?
Opened
#1019 [GH-ISSUE #1525] Please add a .sig file
Opened
#1020 [GH-ISSUE #1529] remount pulseaudio noexec
Opened
#1021 [GH-ISSUE #1535] Tor Browser won't open
Opened
#1022 [GH-ISSUE #1531] fcopy: Failure to copy file when uid != root
Opened
#1023 [GH-ISSUE #1534] nginx problem in 0.9.50
Opened
#1024 [GH-ISSUE #1537] gitg not showing diff
Opened
#1025 [GH-ISSUE #1539] New namespace setup time
Opened
#1026 [GH-ISSUE #1540] All qt5 progragems should whitelist common theming engines
Opened
#1027 [GH-ISSUE #1545] Launch app outside Firejail without re-configuring?
Opened
#1028 [GH-ISSUE #1543] SSH can't start with default profile if there are system-wide configs in /etc/ssh/ssh_config.d/
Opened
#1029 [GH-ISSUE #1541] seccomp: kmail started to freeze with seccomp and tracelog
Opened
#1030 [GH-ISSUE #1547] Too restrictive blacklisting for systemd-resolved, unable to browse the web due to broken resolv.conf symlink
Opened
#1031 [GH-ISSUE #1550] Firefox no longer works after update--works again when downgraded
Opened
#1032 [GH-ISSUE #1546] Cannot authenticate SSH with smartcard though gpg-agent because of /run/user/UID/gnupg blacklist
Opened
#1033 [GH-ISSUE #1557] profile request
Opened
#1034 [GH-ISSUE #1553] private-dev disables access for U2F
Opened
#1035 [GH-ISSUE #1556] Running Virtualbox with seccomp?
Opened
#1036 [GH-ISSUE #1559] sudo firecfg : Add profiles in ~/.config/firejail
Opened
#1037 [GH-ISSUE #1560] Cannot open files from sshfs
Opened
#1038 [GH-ISSUE #1562] blacklist clipboard history file
Opened
#1039 [GH-ISSUE #1564] Firetools GUI incorrectly reporting Seccomp & Protocols as disabled
Opened
#1040 [GH-ISSUE #1566] build failure on alpine linux (musl libc) aarch64
Opened
#1041 [GH-ISSUE #1563] X11 Xephyr resize windows
Opened
#1042 [GH-ISSUE #1568] Unable to start Xfce with latest firejail (Arch Linux)
Opened
#1043 [GH-ISSUE #1569] Why do we have blacklist, noblacklist, and whitelist in the same profile?
Opened
#1044 [GH-ISSUE #1567] What happened to the smtube profile?
Opened
#1045 [GH-ISSUE #1574] firecfg: Remove DBusActivatable from .desktop files
Opened
#1046 [GH-ISSUE #1570] Avoid 'exo-open' on xfce desktop
Opened
#1047 [GH-ISSUE #1572] allow writable-run-user in profiles
Opened
#1048 [GH-ISSUE #1578] What happened to the remote desktop feature & tutorial?
Opened
#1049 [GH-ISSUE #1576] Warning messages while using and upon closing Firefox
Opened
#1050 [GH-ISSUE #1575] Firejail causes "Couldn't Initialize the Render Device." error when I try to launch a particular game from Steam
Opened
#1051 [GH-ISSUE #1579] Keyboard blocked on Ubuntu 17.10 beta
Opened
#1052 [GH-ISSUE #1580] Firejail doesn't work with wine+steam on Arch
Opened
#1053 [GH-ISSUE #1581] Authentication in Firefox does not work
Opened
#1054 [GH-ISSUE #1583] rpm build fails : missing firejail-config manpage
Opened
#1055 [GH-ISSUE #1584] Firefox Nightly breaks out of firejail(-0.9.50,-0.9.51)
Opened
#1056 [GH-ISSUE #1585] Regression: Decrypting inside the jail using gpg-agent running outside the jail with cached password doesn't work anymore
Opened
#1057 [GH-ISSUE #1586] gnome-ring can't interact with dring
Opened
#1058 [GH-ISSUE #1589] Firejail still running after closing Firefox
Opened
#1059 [GH-ISSUE #1588] Configurable location for Overlay Directories
Opened
#1060 [GH-ISSUE #1592] FireJail Idea
Opened
#1061 [GH-ISSUE #1590] error with private-tmp & /tmp as tmpfs
Opened
#1062 [GH-ISSUE #1591] firejail firefox has no DNS in some? setups
Opened
#1063 [GH-ISSUE #1594] Problem with private-tmp in okular and libreoffice profiles
Opened
#1064 [GH-ISSUE #1595] Execute commands
Opened
#1065 [GH-ISSUE #1597] Unable to load opensc-pkcs11.so into Firefox
Opened
#1066 [GH-ISSUE #1598] Bug in mate-calc.profile
Opened
#1067 [GH-ISSUE #1599] sandbox escapes with kdeinit
Opened
#1068 [GH-ISSUE #1600] Is there a recommended workaround for using wlan interfaces with firejail?
Opened
#1069 [GH-ISSUE #1602] private-lib must be disabled for hexchat to start
Opened
#1070 [GH-ISSUE #1603] Allow nesting of sandboxes
Opened
#1071 [GH-ISSUE #1601] Unable to save files to symlinked Downloads directory
Opened
#1072 [GH-ISSUE #1607] w3m can't load webpages without disabling 'private-etc'
Opened
#1073 [GH-ISSUE #1606] youtube-dl domain name resolution does not work if --external-downloader is used
Opened
#1074 [GH-ISSUE #1605] keepassxc: Challenge-Response field is greyed out unless 'private-dev' and 'protocol' are disabled
Opened
#1075 [GH-ISSUE #1609] Mousepad can't access its preferences
Opened
#1076 [GH-ISSUE #1608] noexec ignored
Opened
#1077 [GH-ISSUE #1610] Allow blocking gpg agent
Opened
#1078 [GH-ISSUE #1614] Support time based restriction limits
Opened
#1079 [GH-ISSUE #1611] version 50.1 and 50.3(artful deb) won't connect to internet in Ubuntu 17.10
Opened
#1080 [GH-ISSUE #1612] Desktop integration does not work with Google Play Music desktop player profile
Opened
#1081 [GH-ISSUE #1615] Enabling AppArmor support for Chrome disables hardware accelerated rendering
Opened
#1082 [GH-ISSUE #1618] VLC: machine-id breaks PulseAudio
Opened
#1083 [GH-ISSUE #1616] Firejail breaks the ssh-agent launch semantics
Opened
#1084 [GH-ISSUE #1619] Firejail breaks media controls in Plasma taskbar
Opened
#1085 [GH-ISSUE #1621] NetworkManager DNS update overrides --dns option
Opened
#1086 [GH-ISSUE #1620] Enforcing directory structure with permissive parts for web virtual hosts with SSH access
Opened
#1087 [GH-ISSUE #1623] Firejail failed Firefox Couldn't load XPCOM.
Opened
#1088 [GH-ISSUE #1624] Software not supported for /31 networks
Opened
#1089 [GH-ISSUE #1622] Lists in syscall.c don’t get defined in some cases, compilation error
Opened
#1090 [GH-ISSUE #1626] Is it possible to run an appimage game with firejail and save the game data?
Opened
#1091 [GH-ISSUE #1627] Will there be a config file for firejail?
Opened
#1092 [GH-ISSUE #1625] firefox: cannot communicate with enpass
Opened
#1093 [GH-ISSUE #1628] Should noexec ${HOME} be changed to noexec ${HOME}/* ?
Opened
#1094 [GH-ISSUE #1630] dropbox: program cannot update itself
Opened
#1095 [GH-ISSUE #1629] okular: printing is broken
Opened
#1096 [GH-ISSUE #1632] private-bin and symlinks to non-standard paths
Opened
#1097 [GH-ISSUE #1631] Qt5 do not inherit GTK theme when in a GTK environment [0.9.50]
Opened
#1098 [GH-ISSUE #1633] keepassxc: program does not start (private-etc machine-id)
Opened
#1099 [GH-ISSUE #1636] Make Firejail available through composer by adding composer.json file (in all branches)
Opened
#1100 [GH-ISSUE #1635] Allow passing in a netfilter configuration via the command line
Opened
#1101 [GH-ISSUE #1634] About commenting private-etc in steam.profile
Opened
#1102 [GH-ISSUE #1638] If ~/Downloads exists XDG_DOWNLOAD_DIR isn't taken into account
Opened
#1103 [GH-ISSUE #1639] Chroot -- /etc/resolv.conf file as symlink being rejected
Opened
#1104 [GH-ISSUE #1640] valgrind not working inside firejail
Opened
#1105 [GH-ISSUE #1644] strange nested loop in firejail 0.9.50 when trying to use it as login-shell
Opened
#1106 [GH-ISSUE #1641] request, add new browsers
Opened
#1107 [GH-ISSUE #1642] [Question] Does 'netfilter=filename' affect the system firewall, eg UFW
Opened
#1108 [GH-ISSUE #1646] Add p11-kit support
Opened
#1109 [GH-ISSUE #1648] Mutt cannot get to the email user file
Opened
#1110 [GH-ISSUE #1645] Cannot open files from EncFS
Opened
#1111 [GH-ISSUE #1649] Folder /files is Accessible in Chrome
Opened
#1112 [GH-ISSUE #1650] Whitelist/Backlist with subfolders (mount points - ZFS)
Opened
#1113 [GH-ISSUE #1651] Dropbox failed to start after update the firejail new built yesterday
Opened
#1114 [GH-ISSUE #1652] Odd behaviour with --x11=xorg under GNOME 3 / gdm
Opened
#1115 [GH-ISSUE #1654] zathura fails to start with default zathura.profile
Opened
#1116 [GH-ISSUE #1653] Thunderbird(Enigmail) not find GnuPG
Opened
#1117 [GH-ISSUE #1658] firejail with wine and optirun
Opened
#1118 [GH-ISSUE #1656] Starting different firejailed Firefox versions
Opened
#1119 [GH-ISSUE #1655] firefox '<url>' no longer works?
Opened
#1120 [GH-ISSUE #1659] Profile needed for MasterPDFeditor
Opened
#1121 [GH-ISSUE #1660] firefox profile leaking filesystem access
Opened
#1122 [GH-ISSUE #1661] fetchmail.profile fails when local delivery to port 25 is needed (netfilter doesn't work)
Opened
#1123 [GH-ISSUE #1665] Qbittorrent doesn't remember torrents after restart
Opened
#1124 [GH-ISSUE #1663] Qupzilla crashes when run with firejail
Opened
#1125 [GH-ISSUE #1667] Running unjailed programs from within jail
Opened
#1126 [GH-ISSUE #1668] Firefox needs dbus which conflicts with --net=vnet0
Opened
#1127 [GH-ISSUE #1670] Error: cannot create ~/.local/application directory
Opened
#1128 [GH-ISSUE #1669] Firejail breaks the network environment when sandboxing network
Opened
#1129 [GH-ISSUE #1672] DHCP replaced and as a consequence DNS not working
Opened
#1130 [GH-ISSUE #1671] Unable to open Spotify
Opened
#1131 [GH-ISSUE #1673] Cannot start with firejail by default
Opened
#1132 [GH-ISSUE #1674] skypeforlinux 8.13.76.4 segfaults with skypeforlinux profile
Opened
#1133 [GH-ISSUE #1677] Make firejail print to stderr by default (instead of stdout)
Opened
#1134 [GH-ISSUE #1675] Is there a command to activate single profile or selected profiles ??
Opened
#1135 [GH-ISSUE #1680] Opengl error with wine.profile
Opened
#1136 [GH-ISSUE #1678] Disable noroot at chrom* (including iridium and inox flavours)
Opened
#1137 [GH-ISSUE #1682] Firejail doesn't pass env TMPDIR variable after update to 0.9.52
Opened
#1138 [GH-ISSUE #1683] Jailed node js development environment
Opened
#1139 [GH-ISSUE #1684] Add Figaro's Password Manager 2 to disable-passwdmgr.inc
Opened
#1140 [GH-ISSUE #1685] firemon and proc hidepid not working for regular user
Opened
#1141 [GH-ISSUE #1686] Thunderbird not start with .icedove folder - Debian 9
Opened
#1142 [GH-ISSUE #1688] Add private-etc services to steam.profile
Opened
#1143 [GH-ISSUE #1690] firejail 0.9.52 breaks qbittorrent 4.0.3 (qt5-base 5.10.0)
Opened
#1144 [GH-ISSUE #1692] /usr/bin/string cannot read /proc/*/environ
Opened
#1145 [GH-ISSUE #1694] Jack audio does not work with private-dev
Opened
#1146 [GH-ISSUE #1693] please add basilisk browser
Opened
#1147 [GH-ISSUE #1699] Can't launch qBittorrent and okular with firejail aymore
Opened
#1148 [GH-ISSUE #1698] Override globals.local while respecting default firefox.profile?
Opened
#1149 [GH-ISSUE #1695] [Teamspeak 3] the application crashes on opening the options window
Opened
#1150 [GH-ISSUE #1705] Ubiquitous Bash - Related Functionality
Opened
#1151 [GH-ISSUE #1703] Couldn't start 'libreoffice' in Debian Testing
Opened
#1152 [GH-ISSUE #1702] Couldn't start 'minetest' in Debian Testing
Opened
#1153 [GH-ISSUE #1709] Viber profile report error!
Opened
#1154 [GH-ISSUE #1711] Evince does not run due to --private-lib configuration option
Opened
#1155 [GH-ISSUE #1707] Import profile's while ignoring others
Opened
#1156 [GH-ISSUE #1717] [INFO] How exactly does one use --private-lib?
Opened
#1157 [GH-ISSUE #1712] Intel/AMD CPU security flaws
Opened
#1158 [GH-ISSUE #1716] Firefox: access ~/Downloads folder if using --private-home
Opened
#1159 [GH-ISSUE #1720] Dropping Firejail privileges with services not running as root?
Opened
#1160 [GH-ISSUE #1718] Hexchat links do not open in chromium
Opened
#1161 [GH-ISSUE #1719] whitelisting subpath of blacklisted path
Opened
#1162 [GH-ISSUE #1721] Firejail does not work with an ipv6-only interface
Opened
#1163 [GH-ISSUE #1723] ktorrent 5.1.0 doesn't run with firejail 0.9.52
Opened
#1164 [GH-ISSUE #1722] Provide a way to specify DNSv6, for ex. --dns6
Opened
#1165 [GH-ISSUE #1726] [Info] What is the point of jailing ssh?
Opened
#1166 [GH-ISSUE #1724] Can't access internet with Tor Browser
Opened
#1167 [GH-ISSUE #1725] SSH fails, can't access /dev/null
Opened
#1168 [GH-ISSUE #1727] sandbox /tmp
Opened
#1169 [GH-ISSUE #1729] Frequent permission errors with firejail
Opened
#1170 [GH-ISSUE #1728] No window bar options using gimp
Opened
#1171 [GH-ISSUE #1730] skypeforlinux not starting with firejail 0.9.50 on ubuntu
Opened
#1172 [GH-ISSUE #1731] unbound: error with DNSSEC validation enabled
Opened
#1173 [GH-ISSUE #1732] Getting Error: "/etc/rc?.d" is an invalid filename when including disable-common.inc in the firejail profile
Opened
#1174 [GH-ISSUE #1734] private-etc templates
Opened
#1175 [GH-ISSUE #1735] New (detailed) firejail tutorial available - fact check review appreciated
Opened
#1176 [GH-ISSUE #1736] transmission-qt freezes on opening dialogs
Opened
#1177 [GH-ISSUE #1740] skypeforlinux hangs with white non-responsive window, firejail 0.9.52
Opened
#1178 [GH-ISSUE #1737] Add support for syscalls 329-332 (pkey_mprotect, pkey_alloc, pkey_free, statx)
Opened
#1179 [GH-ISSUE #1739] Firefox 59.0b1, pulseaudio
Opened
#1180 [GH-ISSUE #1742] DNS over ipv6 not working
Opened
#1181 [GH-ISSUE #1741] --x11=xorg can't connect to X on Arch
Opened
#1182 [GH-ISSUE #1743] Can't combine --private with --whitelist
Opened
#1183 [GH-ISSUE #1746] Building rpm - what's going wrong?
Opened
#1184 [GH-ISSUE #1747] Enable crontab
Opened
#1185 [GH-ISSUE #1748] google-play-music-desktop-player symlink: error while loading shared libraries: libnode.so
Opened
#1186 [GH-ISSUE #1749] Thunderbird fails to execute child process (Operation not permitted)
Opened
#1187 [GH-ISSUE #1752] spectre
Opened
#1188 [GH-ISSUE #1750] Building from git broken on Arch Linux after recent apparmor-related commits
Opened
#1189 [GH-ISSUE #1753] Firefox video hangup when switched to full screen
Opened
#1190 [GH-ISSUE #1755] Various Issues
Opened
#1191 [GH-ISSUE #1754] cannot start hexchat
Opened
#1192 [GH-ISSUE #1756] Okular fails to start in 0.9.52
Opened
#1193 [GH-ISSUE #1759] Requesting help regarding SoulseekQT profile
Opened
#1194 [GH-ISSUE #1757] Cleaning named overlay
Opened
#1195 [GH-ISSUE #1760] Dropbox startup fails because of missing library when started directly with firejail
Opened
#1196 [GH-ISSUE #1767] private-etc line breaks graphics driver in Firefox and Tor browser
Opened
#1197 [GH-ISSUE #1765] Firefox 60+ fails to run content processes
Opened
#1198 [GH-ISSUE #1769] How to globally block networking, camera, microphone, etc. and allow by exception?
Opened
#1199 [GH-ISSUE #1770] Most part of messangers can't open links in browsers other than firefox
Opened
#1200 [GH-ISSUE #1768] Spotify on Gentoo fails to open
Opened
#1201 [GH-ISSUE #1771] [firefox] noroot makes youtube fullscreen hang
Opened
#1202 [GH-ISSUE #1772] qbittorrent: no authentication protocol supported
Opened
#1203 [GH-ISSUE #1773] rewrite browser profiles with redirections
Opened
#1204 [GH-ISSUE #1778] Unable to whitelist /dev/stdin unless there's a pseudo-terminal
Opened
#1205 [GH-ISSUE #1782] Make ~/.bashrc read only?
Opened
#1206 [GH-ISSUE #1781] Unable to build profile for mono binaries run by binfmt-support
Opened
#1207 [GH-ISSUE #1784] KDEinit could not launch '/use/local/bin/kate'
Opened
#1208 [GH-ISSUE #1785] Better output options for the tracelog (e.g. console, logfile, journald)
Opened
#1209 [GH-ISSUE #1786] Error clone: main.c:2517 main: Invalid argument
Opened
#1210 [GH-ISSUE #1788] transmission-qt theme is strange with firejail
Opened
#1211 [GH-ISSUE #1790] How best to whitelist/noblacklist a deep directory?
Opened
#1212 [GH-ISSUE #1789] Konsole forgets theme
Opened
#1213 [GH-ISSUE #1791] keepassxc: cannot open database (memory-deny-write-execute)
Opened
#1214 [GH-ISSUE #1792] Brackets (adobe editor) can not launch
Opened
#1215 [GH-ISSUE #1793] ktorrent: configuration does not persist
Opened
#1216 [GH-ISSUE #1796] smartgit blacklist
Opened
#1217 [GH-ISSUE #1794] Add falkon browser profile
Opened
#1218 [GH-ISSUE #1795] allow read acces ${HOME}.cache/kioexec/krun/ for webbrowsers
Opened
#1219 [GH-ISSUE #1798] hidepid prevents me from viewing firejail-started processes in e.g. htop
Opened
#1220 [GH-ISSUE #1797] Bug: brave doesnt open
Opened
#1221 [GH-ISSUE #1799] Dropbox, multiple issues
Opened
#1222 [GH-ISSUE #1800] Gentoo portage "emerge" cant find what it just downloaded with wget
Opened
#1223 [GH-ISSUE #1801] The "less" command can't view files when run as root, using firejail.
Opened
#1224 [GH-ISSUE #1803] memory-deny-write-execute causing hangs and crashes on Arch and derivatives
Opened
#1225 [GH-ISSUE #1805] QtWebEngine crash (in Anki)
Opened
#1226 [GH-ISSUE #1804] Cannot launch Evince from command line
Opened
#1227 [GH-ISSUE #1807] Arch-Linux - 'steam-native' doesn't read /etc/firejail/steam.profile
Opened
#1228 [GH-ISSUE #1810] Firefox and Chromiun not taking input and not appearning in firejail --list
Opened
#1229 [GH-ISSUE #1808] Viewnior will not run with memory-deny-write-execute
Opened
#1230 [GH-ISSUE #1811] Can't start google chrome with firejail in debian stretch
Opened
#1231 [GH-ISSUE #1812] What is the best way to move a file outside a private jail ?
Opened
#1232 [GH-ISSUE #1813] [private-dev] xsession-errors log is chowned by root
Opened
#1233 [GH-ISSUE #1814] --interface option does not work for tun interfaces
Opened
#1234 [GH-ISSUE #1815] Not able to make file transfer work
Opened
#1235 [GH-ISSUE #1816] Add a libreoffice-base profile
Opened
#1236 [GH-ISSUE #1817] Error running ssh commands with arguments
Opened
#1237 [GH-ISSUE #1819] unexpected behavior when jails have the same name ?
Opened
#1238 [GH-ISSUE #1818] private-lib doesn't work with Palemoon & Firefox
Opened
#1239 [GH-ISSUE #1822] Recalibration of D-Bus access
Opened
#1240 [GH-ISSUE #1824] Is there way to start few applications in single x11 sandbox?
Opened
#1241 [GH-ISSUE #1823] disable-devel.inc does not blacklist python and node
Opened
#1242 [GH-ISSUE #1826] Youtube video won't start with google-chrome if firejailed
Opened
#1243 [GH-ISSUE #1832] Routing setup for three jails, one of has two tun interfaces inside, the others are connected to it via <br> interfaces
Opened
#1244 [GH-ISSUE #1833] Bug at thunderbird-beta
Opened
#1245 [GH-ISSUE #1834] Add support for blender-2.8
Opened
#1246 [GH-ISSUE #1838] Winetricks problem
Opened
#1247 [GH-ISSUE #1839] F1 2017 doesn't start - Firejail is more than likely to be the barrier
Opened
#1248 [GH-ISSUE #1836] Keyboard input doesn't work
Opened
#1249 [GH-ISSUE #1841] gnome-calculator's private-lib looks broken
Opened
#1250 [GH-ISSUE #1842] https://firejail.wordpress.com/support/#userns outdated
Opened
#1251 [GH-ISSUE #1844] Support wireguard interfaces on firejail's --net option
Opened
#1252 [GH-ISSUE #1847] Firefox 60.0b (dev edition) can't display webpages when 'seccomp' or 'shell none' enabled
Opened
#1253 [GH-ISSUE #1845] firejailed editor can't use sudoedit
Opened
#1254 [GH-ISSUE #1846] Allow to compile firejail non-setuid
Opened
#1255 [GH-ISSUE #1855] transmission-gtk freezes on opening GTK dialogs (mprotect syscall gets blocked)
Opened
#1256 [GH-ISSUE #1856] Error clone: main.c:2488 main: Operation not permitted
Opened
#1257 [GH-ISSUE #1850] BleachBit not opening in firejail
Opened
#1258 [GH-ISSUE #1858] advice for scripted w3m
Opened
#1259 [GH-ISSUE #1857] Allow machine-id for bibletime.profile
Opened
#1260 [GH-ISSUE #1866] conky issues
Opened
#1261 [GH-ISSUE #1871] Allow symlinked /opt
Opened
#1262 [GH-ISSUE #1869] atool private-etc issue
Opened
#1263 [GH-ISSUE #1872] Spotify with ALSA cannot play songs under firejail
Opened
#1264 [GH-ISSUE #1876] Bus error with firecfg
Opened
#1265 [GH-ISSUE #1878] Coyim
Opened
#1266 [GH-ISSUE #1877] CRONTABS for user
Opened
#1267 [GH-ISSUE #1879] Lighter profile for cinelerra
Opened
#1268 [GH-ISSUE #1880] Wait until IP becomes available
Opened
#1269 [GH-ISSUE #1883] Firejailing Darkest Dungeon loses all controls (keyboard and mouse)
Opened
#1270 [GH-ISSUE #1889] ExpressVPN internet issues (resolv.conf)
Opened
#1271 [GH-ISSUE #1885] Google-chrome does not open anymore.
Opened
#1272 [GH-ISSUE #1887] Flawfinder static analysis
Opened
#1273 [GH-ISSUE #1895] Zathura dbus issue
Opened
#1274 [GH-ISSUE #1896] zoom: attachments/calls/preferences
Opened
#1275 [GH-ISSUE #1893] Lobase failing again :(
Opened
#1276 [GH-ISSUE #1901] Prevent starting programs in non-sandboxed mode from within a firejail sandbox
Opened
#1277 [GH-ISSUE #1899] Bug: waterfox can't close
Opened
#1278 [GH-ISSUE #1897] Compilation fails on alpine linux
Opened
#1279 [GH-ISSUE #1902] firecfg and user restrictions
Opened
#1280 [GH-ISSUE #1907] Define specific overlay directory in argument
Opened
#1281 [GH-ISSUE #1908] Error installing and running services in sudo firejail no profile overlay
Opened
#1282 [GH-ISSUE #1912] Ping replies going to wrong jails
Opened
#1283 [GH-ISSUE #1917] LibreOffice won't start on Ubuntu 18.04
Opened
#1284 [GH-ISSUE #1913] chrome flash problem
Opened
#1285 [GH-ISSUE #1920] Lists of libraries for private-lib
Opened
#1286 [GH-ISSUE #1921] few questions about firejail
Opened
#1287 [GH-ISSUE #1925] Allow folder from USB device mounted in /mnt/
Opened
#1288 [GH-ISSUE #1927] firejail --list is empty, but firemon shows firejail processes
Opened
#1289 [GH-ISSUE #1926] prevent info leakage through /proc
Opened
#1290 [GH-ISSUE #1928] Hide firejail --list from firejail --list?
Opened
#1291 [GH-ISSUE #1929] FJ + Thunderbird + GPG + Keycard
Opened
#1292 [GH-ISSUE #1930] Tor and Pale Moon Browsers hang and won't display.
Opened
#1293 [GH-ISSUE #1931] Blender with AMD GPU fails under firejail
Opened
#1294 [GH-ISSUE #1939] Firefox version 60 breaks completely with the default Firejail profile or any profile containing seccomp.
Opened
#1295 [GH-ISSUE #1938] fldd returns different output from ldd
Opened
#1296 [GH-ISSUE #1937] Firefox 60 does not close
Opened
#1297 [GH-ISSUE #1940] White screen after upgrade to Firefox 60
Opened
#1298 [GH-ISSUE #1941] Includes missing from firejail apparmor profile
Opened
#1299 [GH-ISSUE #1942] Firefox 60 no menu with Firejail 0.9.54~rc2
Opened
#1300 [GH-ISSUE #1944] Krita isn't working
Opened
#1301 [GH-ISSUE #1945] mpv: OpenGL doesn't work with the proprietary Nvidia driver
Opened
#1302 [GH-ISSUE #1946] Firejail versions 0.9.54~rc1_1 & 0.9.54~rc2_1 are causing Mozilla Thunderbird to crash
Opened
#1303 [GH-ISSUE #1948] 0.9.54 compilation fails on RasPi 2
Opened
#1304 [GH-ISSUE #1949] [ENHANCEMENT] make "firejail --list" more readable
Opened
#1305 [GH-ISSUE #1947] Firefox exit code question
Opened
#1306 [GH-ISSUE #1950] Chrome cannot get the timezone correctly breaking many websites
Opened
#1307 [GH-ISSUE #1952] Discord.profile won't launch
Opened
#1308 [GH-ISSUE #1951] Firejail breaks enigmail in Thunderbird
Opened
#1309 [GH-ISSUE #1955] firejailed thunderbird fails to open links in firejailed chromium
Opened
#1310 [GH-ISSUE #1953] Krita crashes after splash screen when run with firejail
Opened
#1311 [GH-ISSUE #1956] Having trouble getting firejail to work in a Docker container
Opened
#1312 [GH-ISSUE #1959] Tor browser s profile need an update for using with ubuntu 16.04?
Opened
#1313 [GH-ISSUE #1960] Cruzin' the net with --net=none
Opened
#1314 [GH-ISSUE #1957] Should we update travis to something never than Ubuntu trusty?
Opened
#1315 [GH-ISSUE #1961] --allusers not working with vlc.profile after upgrading 0.9.52 -> 0.9.54
Opened
#1316 [GH-ISSUE #1962] Firefox doesn't load pages, crashes on Ubuntu 16.04 and 18.04 LTS
Opened
#1317 [GH-ISSUE #1963] 0.9.54 no work?
Opened
#1318 [GH-ISSUE #1965] Apparmor causing Firefox Quantum: Gecko_IOThread segfault
Opened
#1319 [GH-ISSUE #1964] UID_MIN evaluation at runtime
Opened
#1320 [GH-ISSUE #1966] Integrate TorJail
Opened
#1321 [GH-ISSUE #1968] No sound output from Firefox after upgrading Firejail to 0.9.54
Opened
#1322 [GH-ISSUE #1970] Chrome - TwitterDeck
Opened
#1323 [GH-ISSUE #1967] --fwmark support
Opened
#1324 [GH-ISSUE #1973] [information] Scenario of an attack
Opened
#1325 [GH-ISSUE #1972] [SOLVED] running chromium from snap in Firejail
Opened
#1326 [GH-ISSUE #1971] "namespace support is disabled" in 0.9.54
Opened
#1327 [GH-ISSUE #1978] Add support for ipvlan interfaces
Opened
#1328 [GH-ISSUE #1974] Xed as default editor using FileZilla doesn't work i.c.m firejail
Opened
#1329 [GH-ISSUE #1975] cannot open local profile file
Opened
#1330 [GH-ISSUE #1980] firejail prevents id.fedoraproject.org redirection in firefox
Opened
#1331 [GH-ISSUE #1979] [SOLVED] firejail runs sandbox for app that I didn't set to run in firejail
Opened
#1332 [GH-ISSUE #1981] Apparmor dbus confinement not working?
Opened
#1333 [GH-ISSUE #1982] [ Information ] Linux Mint 19 “Tara” Cinnamon – BETA Release
Opened
#1334 [GH-ISSUE #1983] An indication to know if a program is Sandboxed
Opened
#1335 [GH-ISSUE #1984] Firejail 0.9.55 & pulseaudio 11.99.1 (mpv profile fix / llvm )
Opened
#1336 [GH-ISSUE #1987] Question: benefits of running Firejail with AppArmor?
Opened
#1337 [GH-ISSUE #1986] fontforge profile broken
Opened
#1338 [GH-ISSUE #1985] Thunderbird folder whitelisted in Chrome and Firefox
Opened
#1339 [GH-ISSUE #1988] Profile option to access files in CLI arguments
Opened
#1340 [GH-ISSUE #1989] gpg-agent errors
Opened
#1341 [GH-ISSUE #1990] firefox: Yubikey u2f does not work if plugged in after launching (private-dev)
Opened
#1342 [GH-ISSUE #1993] private-dev and /dev/shm
Opened
#1343 [GH-ISSUE #1991] webcam works in Firefox although --private-dev was set
Opened
#1344 [GH-ISSUE #1992] 0.9.55 regression
Opened
#1345 [GH-ISSUE #1994] Krita profile broken on archinux
Opened
#1346 [GH-ISSUE #1995] Adding a global modifier (net=eth0) to all firejails
Opened
#1347 [GH-ISSUE #2001] Ark does not open zip files
Opened
#1348 [GH-ISSUE #2002] [Feature request] Make settings in firejail.config ignorable in profiles
Opened
#1349 [GH-ISSUE #2005] [question] opening a PDF from within firefox using atril used to work, then stopped working
Opened
#1350 [GH-ISSUE #2004] [Question] Does Firejail "sudo" commands effective in this special case ?
Opened
#1351 [GH-ISSUE #2008] Launching a x11=xephyr Firejail instance to a full monitor instead of a window
Opened
#1352 [GH-ISSUE #2006] globals.local included twice in profiles using x-common.profile format
Opened
#1353 [GH-ISSUE #2009] Maximum profile include level was reached
Opened
#1354 [GH-ISSUE #2011] invalid whitelist path if /var/tmp is symlink to /tmp
Opened
#1355 [GH-ISSUE #2013] profile weechat broken
Opened
#1356 [GH-ISSUE #2014] dnscrypt-proxy and systemd's DynamicUser concept
Opened
#1357 [GH-ISSUE #2018] Cannot run Geary 0.12.2-1
Opened
#1358 [GH-ISSUE #2016] New inox fixes
Opened
#1359 [GH-ISSUE #2017] Patch release for 0.9.52
Opened
#1360 [GH-ISSUE #2021] gdb does not work with --allow-debuggers and kernel >= 4.9
Opened
#1361 [GH-ISSUE #2019] [Request] Profile for gradio
Opened
#1362 [GH-ISSUE #2023] Cannot whitelist path in /run
Opened
#1363 [GH-ISSUE #2024] New profile for Gradio
Opened
#1364 [GH-ISSUE #2027] Can't run firefox, chromium through firejail.
Opened
#1365 [GH-ISSUE #2026] Firejail breaks Gnome Shell connector
Opened
#1366 [GH-ISSUE #2030] Snapper - **/.snapshots
Opened
#1367 [GH-ISSUE #2029] Possible conflict with noexec and whitelist
Opened
#1368 [GH-ISSUE #2028] Chrome native notifications are broken
Opened
#1369 [GH-ISSUE #2032] Run program with the tun0 interface
Opened
#1370 [GH-ISSUE #2034] Slack profile does not allow to use microphone
Opened
#1371 [GH-ISSUE #2031] [feature request] Allow all directories, not just top-level for --private-home
Opened
#1372 [GH-ISSUE #2036] Can't combine --overlay-named with --private=
Opened
#1373 [GH-ISSUE #2035] Firejail 0.9.54 and pulseaudio 12: Edge case with no sound
Opened
#1374 [GH-ISSUE #2037] Machine-ID breaks Pulseaudio
Opened
#1375 [GH-ISSUE #2038] Just updating firejail on Fedora 28
Opened
#1376 [GH-ISSUE #2040] Cannot access profile file
Opened
#1377 [GH-ISSUE #2039] [enhancement] Allow more fine-grained ignore predicates
Opened
#1378 [GH-ISSUE #2043] No ALSA sound in Chromium due to "nogroup" setting.
Opened
#1379 [GH-ISSUE #2041] [enhancement] Allow whitelisting arbitrary directories
Opened
#1380 [GH-ISSUE #2042] more gradual control over supplementary groups
Opened
#1381 [GH-ISSUE #2045] Profile autodetection fails when path contains spaces
Opened
#1382 [GH-ISSUE #2046] RTNETLINK error using "--net" option
Opened
#1383 [GH-ISSUE #2044] 0.9.54 does not ARM cross-compile anymore (seccomp) [yocto]
Opened
#1384 [GH-ISSUE #2050] Android Studio Invalid Config Path
Opened
#1385 [GH-ISSUE #2047] Thunderbird-Chromium Issue
Opened
#1386 [GH-ISSUE #2048] Evince can't open annotations
Opened
#1387 [GH-ISSUE #2053] [enhancement] Ability to specify xpra display
Opened
#1388 [GH-ISSUE #2051] wire-desktop
Opened
#1389 [GH-ISSUE #2059] Bug: Cannot whitelist home folders correctly
Opened
#1390 [GH-ISSUE #2062] keepassxc: single-instance option does not work (private-tmp)
Opened
#1391 [GH-ISSUE #2061] [cosmetic] --netfilter6= and restricted-network yes
Opened
#1392 [GH-ISSUE #2064] Bugs rpm package heikoada/firejail - Fedora 28
Opened
#1393 [GH-ISSUE #2067] [enhancement] file globbing in put and get
Opened
#1394 [GH-ISSUE #2065] Freedesktop dirs whitelisting works from profile but not command line
Opened
#1395 [GH-ISSUE #2066] Tor Browser cannot execute with "noroot" and "nogroups" profile
Opened
#1396 [GH-ISSUE #2068] Pure computation in a specific folder?
Opened
#1397 [GH-ISSUE #2069] Feature request: Scanning application to determine if it 'misbehaves'
Opened
#1398 [GH-ISSUE #2070] [Proposal] Convert all profiles to a whitelist model
Opened
#1399 [GH-ISSUE #2071] [bug] Whitelisting a file leads to inability to write to it
Opened
#1400 [GH-ISSUE #2072] Nvida drivers using firejail
Opened
#1401 [GH-ISSUE #2073] How does Firejail compared to Sandboxie
Opened
#1402 [GH-ISSUE #2074] Variables like ${DOWNLOADS} don't seem to work with blacklist
Opened
#1403 [GH-ISSUE #2075] Weechat /exec fails with default weechat.profile
Opened
#1404 [GH-ISSUE #2077] Discord won't launch
Opened
#1405 [GH-ISSUE #2078] FIrejail in openSUSE Leap15
Opened
#1406 [GH-ISSUE #2080] Spotify, Arch: ERROR: ld.so: object 'libcurl.so.3' from LD_PRELOAD
Opened
#1407 [GH-ISSUE #2082] Properties and owner of /run/firejail ?
Opened
#1408 [GH-ISSUE #2085] Virtual environements
Opened
#1409 [GH-ISSUE #2084] AppArmor not working in OpenSuse
Opened
#1410 [GH-ISSUE #2083] --build broken
Opened
#1411 [GH-ISSUE #2088] Allow system users to use firejail if listed in firejail.users
Opened
#1412 [GH-ISSUE #2087] Qutebrowser (qtwebengine) needs llvm whitelist
Opened
#1413 [GH-ISSUE #2086] Pale Moon 28 doesn't start
Opened
#1414 [GH-ISSUE #2090] Our documentation
Opened
#1415 [GH-ISSUE #2095] A simple tool for profile/policies creation
Opened
#1416 [GH-ISSUE #2089] Have firecfg install to ${HOME}/bin instead of /usr/local/bin?
Opened
#1417 [GH-ISSUE #2099] Question : firejail and Xephyr
Opened
#1418 [GH-ISSUE #2098] Spotify: D-Bus functionality
Opened
#1419 [GH-ISSUE #2097] firecfg: allow for ignoring specific apps
Opened
#1420 [GH-ISSUE #2100] seccomp filtering not working with chroot
Opened
#1421 [GH-ISSUE #2101] Firejail breaks evince printing
Opened
#1422 [GH-ISSUE #2102] No menu in libreoffice
Opened
#1423 [GH-ISSUE #2106] OpenGL on Radeon needs /usr/lib/llvm/, which is blacklisted in disable-devel.inc
Opened
#1424 [GH-ISSUE #2103] Windows apps installed with Proton don't work (sound issue) [but do work with native Wine]
Opened
#1425 [GH-ISSUE #2107] Firejail with iptables for LAN only doesn't work
Opened
#1426 [GH-ISSUE #2109] Firefox and native messaging
Opened
#1427 [GH-ISSUE #2108] Tor Browser fails with curernt tor profile
Opened
#1428 [GH-ISSUE #2110] Tor Browser stopped working with firejail after a major update
Opened
#1429 [GH-ISSUE #2111] Way to prevent nodbus
Opened
#1430 [GH-ISSUE #2113] Custom pulseaudio client.conf issue, firejail being started as non-root
Opened
#1431 [GH-ISSUE #2112] VS Code cannot perform remote git operations
Opened
#1432 [GH-ISSUE #2114] Hiding HOME with --whitelist: cannot open directory '.'
Opened
#1433 [GH-ISSUE #2117] this code is definitely wrong
Opened
#1434 [GH-ISSUE #2116] firejail AppArmor profile doesn't work
Opened
#1435 [GH-ISSUE #2118] Firejail - Apparmor problem with missing slash
Opened
#1436 [GH-ISSUE #2120] nonewprivs exceptions?
Opened
#1437 [GH-ISSUE #2119] Running any GOG game under Firejail is extremely awkward
Opened
#1438 [GH-ISSUE #2122] FAQ link in readme
Opened
#1439 [GH-ISSUE #2121] man-pages not readable while less firejailed and man app-armored
Opened
#1440 [GH-ISSUE #2124] mpv gpu output not working
Opened
#1441 [GH-ISSUE #2125] sysconfdir not configurable when --prefix=/usr
Opened
#1442 [GH-ISSUE #2128] Jailing system services
Opened
#1443 [GH-ISSUE #2126] Problem with running 'wine' on different user, can't connect to X display
Opened
#1444 [GH-ISSUE #2132] vlc: why is $(DOCUMENTS) blacklisted?
Opened
#1445 [GH-ISSUE #2134] Firefox 62.0.3 on Ubuntu 18.04 with PPA-Version 0.9.56-1
Opened
#1446 [GH-ISSUE #2129] Discord fails to open with ENOTFOUND discordapp.com
Opened
#1447 [GH-ISSUE #2135] [Feature] Manage Proxies
Opened
#1448 [GH-ISSUE #2136] Firejail 0.9.56 + TorBrowserBundle 8.0.2 Doesnt start inside Whonix
Opened
#1449 [GH-ISSUE #2137] Browser trouble - whitelisting ${HOME}-directories issue
Opened
#1450 [GH-ISSUE #2142] Firefox 61.0.1.glibc2.7 Appimage with multi-process windows enabled does not successfully load pages
Opened
#1451 [GH-ISSUE #2139] Allow for --join to wait until sandbox is ready instead of dying when its not.
Opened
#1452 [GH-ISSUE #2140] Allow --appimage to accept a path to the appimage file.
Opened
#1453 [GH-ISSUE #2145] Question : browser configured with proxy
Opened
#1454 [GH-ISSUE #2143] Harden against thumbnailer exploits etc.
Opened
#1455 [GH-ISSUE #2146] Question: how can I blacklist /home for Firefox?
Opened
#1456 [GH-ISSUE #2148] firejail should never fail to find its helper binaries for arbitrary install paths
Opened
#1457 [GH-ISSUE #2147] Allow persistent cache of appimage desktop integration prompt
Opened
#1458 [GH-ISSUE #2149] Firefox cannot use profiles under /media with the default profile regardless of whitelisting.
Opened
#1459 [GH-ISSUE #2150] --build should not assume that firejail's default profile dir is /etc/firejail
Opened
#1460 [GH-ISSUE #2153] noinclude directive
Opened
#1461 [GH-ISSUE #2151] Use ${CFG} in all profiles instead of hardcoded paths
Opened
#1462 [GH-ISSUE #2154] Split up disable-mnt
Opened
#1463 [GH-ISSUE #2160] file profile not working with 'private-bin file'
Opened
#1464 [GH-ISSUE #2155] Add firejail.config option to prevent loading of user profiles.
Opened
#1465 [GH-ISSUE #2175] How do I install 'Firetools'
Opened
#1466 [GH-ISSUE #2176] sshd works within chroot, but not firejail chroot
Opened
#1467 [GH-ISSUE #2187] Allow subdirectories in private-etc
Opened
#1468 [GH-ISSUE #2188] disable-mnt is unintuitive and complicated, suggesting removal or alteration
Opened
#1469 [GH-ISSUE #2194] add nou2f to all profiles with private-dev
Opened
#1470 [GH-ISSUE #2195] Chromium sys_chroot and sys_admin permissions
Opened
#1471 [GH-ISSUE #2200] --read-only recursiveness does not cross filesystem boundaries
Opened
#1472 [GH-ISSUE #2197] debug-syscalls, debug-errnos, ... don't work any more
Opened
#1473 [GH-ISSUE #2196] Firefox 62.0.3 doesn't close properly
Opened
#1474 [GH-ISSUE #2203] Consider keeping /dev/input/js0 (joystick device) with --private-dev
Opened
#1475 [GH-ISSUE #2204] Error: --net and --net=none are mutually exclusive
Opened
#1476 [GH-ISSUE #2202] Need better way of managing order of options vis-a-vis implicitly-loaded profiles
Opened
#1477 [GH-ISSUE #2206] Firejail "breaks" ranger
Opened
#1478 [GH-ISSUE #2205] Program in X11 sandbox can kill host X session
Opened
#1479 [GH-ISSUE #2207] private-bin broken in weird case
Opened
#1480 [GH-ISSUE #2208] Consider migrating from Travis-CI to Github Actions
Opened
#1481 [GH-ISSUE #2210] Custom profile gives 'no such file or directory' error for existing script
Opened
#1482 [GH-ISSUE #2209] Firejail breaks gajim
Opened
#1483 [GH-ISSUE #2214] LibreOffice won't start on Parrot 4.3
Opened
#1484 [GH-ISSUE #2212] firefox: cannot create crash dump and send crash report after crash
Opened
#1485 [GH-ISSUE #2211] chromium: program does not start on 0.9.56
Opened
#1486 [GH-ISSUE #2215] [Question] Do Apps Automatically use FireJail when Configured?
Opened
#1487 [GH-ISSUE #2216] Warnings with firefox and firejail
Opened
#1488 [GH-ISSUE #2217] More Portable Like MultiloginApp please
Opened
#1489 [GH-ISSUE #2220] Firejail passing MIT COOKIE on cmd line - visible in ps -auxw?
Opened
#1490 [GH-ISSUE #2219] [Documentation] How to utilize FireJail with Wine
Opened
#1491 [GH-ISSUE #2221] Why does firejail need to alter /etc/X11/Xwrapper.config allowed_users=console?
Opened
#1492 [GH-ISSUE #2222] DNS-Crypt local proxy (127.0.0.1) and --net=eth0
Opened
#1493 [GH-ISSUE #2224] Errors with Wine running Papers Please
Opened
#1494 [GH-ISSUE #2223] errors/troubles with x11
Opened
#1495 [GH-ISSUE #2225] unable to authorize user to use firejail
Opened
#1496 [GH-ISSUE #2226] Execute firecfg on every change?
Opened
#1497 [GH-ISSUE #2228] Cannot open hyperlink with Firefox using Libreoffice Calc
Opened
#1498 [GH-ISSUE #2229] Cross Compiling Difficulty
Opened
#1499 [GH-ISSUE #2231] organize profiles a bit
Opened
#1500 [GH-ISSUE #2230] transfer.sh wil be shutdown on 30th November
Opened
#1501 [GH-ISSUE #2234] Firejailed APPs are not seeing my Network
Opened
#1502 [GH-ISSUE #2233] [Question] How secure is WINE with the defualt profile?
Opened
#1503 [GH-ISSUE #2232] Support iptables with nf_tables backend
Opened
#1504 [GH-ISSUE #2242] Arch linux needs extra options in gpg profile
Opened
#1505 [GH-ISSUE #2239] Debian based distributions need writable-var in tar.profile
Opened
#1506 [GH-ISSUE #2248] Question: Firejail vs using Apparmor only? What are some the advantages
Opened
#1507 [GH-ISSUE #2257] profiles not copied to etc when doing src install on fedora
Opened
#1508 [GH-ISSUE #2256] More restrictive profiles when run with --appimage
Opened
#1509 [GH-ISSUE #2252] More complete documentation for -c option
Opened
#1510 [GH-ISSUE #2261] Flameshot not working
Opened
#1511 [GH-ISSUE #2258] google-chrome: program does not start
Opened
#1512 [GH-ISSUE #2259] Whitelisting results in fs_private: Read-only file system
Opened
#1513 [GH-ISSUE #2262] local/python for mpv and youtube-dl
Opened
#1514 [GH-ISSUE #2263] Issue with Steam again
Opened
#1515 [GH-ISSUE #2264] Pinta starts without menus
Opened
#1516 [GH-ISSUE #2267] Why does calling getpgrp(2) from a sandboxed process return 0?
Opened
#1517 [GH-ISSUE #2269] For --private-tmp expose /tmp/.X11-unix as read-only
Opened
#1518 [GH-ISSUE #2270] Memory Limit
Opened
#1519 [GH-ISSUE #2273] Add UrbanTerror and/or quake mod games to profiles.
Opened
#1520 [GH-ISSUE #2274] Allowing the execution of a file?
Opened
#1521 [GH-ISSUE #2282] Can't access /mnt despite ignore disable-mnt and whitelists
Opened
#1522 [GH-ISSUE #2283] "firejail --help" behavior after clean installation
Opened
#1523 [GH-ISSUE #2284] firejail always detects a sandbox when running under WSL
Opened
#1524 [GH-ISSUE #2286] dnscrypt-proxy does not start because of authorization problem
Opened
#1525 [GH-ISSUE #2289] keepassxc: QXcbConnection: Could not connect to display :0.0 (MX Linux)
Opened
#1526 [GH-ISSUE #2287] restrict KDE sockets better
Opened
#1527 [GH-ISSUE #2288] Crash in tor browser
Opened
#1528 [GH-ISSUE #2291] Firejail Apparmor Support Not Working (Even Though it's Been Enable During BUILD)
Opened
#1529 [GH-ISSUE #2292] Spotify doesn't launch on Arch Linux
Opened
#1530 [GH-ISSUE #2290] Error running Franz appimage
Opened
#1531 [GH-ISSUE #2296] join option doesn't apply seccomp filter
Opened
#1532 [GH-ISSUE #2301] File transfer fails on large files
Opened
#1533 [GH-ISSUE #2300] Brave not saving settings
Opened
#1534 [GH-ISSUE #2305] Does --appimage use the default profile under /firejail/etc?
Opened
#1535 [GH-ISSUE #2302] Qutebrowser 1.5.2 (latest) not working with seccomp.drop name_to_handle_at
Opened
#1536 [GH-ISSUE #2304] Some Security Questions Regarding Firejail
Opened
#1537 [GH-ISSUE #2309] emacs: File error: Opening input file, Decryption failed, No secret key
Opened
#1538 [GH-ISSUE #2307] File transfer: "invalid file name" error on valid filename
Opened
#1539 [GH-ISSUE #2306] Gwenview and baloo blacklist violation
Opened
#1540 [GH-ISSUE #2310] Can't create run directory without suid-root
Opened
#1541 [GH-ISSUE #2312] Youtube videos not playing with firejail
Opened
#1542 [GH-ISSUE #2311] keepassxc: cannot open attachments in kate
Opened
#1543 [GH-ISSUE #2314] Fail to open firefox in firejail: Error send: arp.c:182 arp_check: Invalid argument
Opened
#1544 [GH-ISSUE #2317] Cherrytree should not connect to any network
Opened
#1545 [GH-ISSUE #2316] The arguments --tracelog and --trace stay hanging if I use them with discord
Opened
#1546 [GH-ISSUE #2318] firejail crashes xreader in Mint 18.3
Opened
#1547 [GH-ISSUE #2320] On code tests, why make install?
Opened
#1548 [GH-ISSUE #2321] netfilter-default in firejail.config does not appear to be working
Opened
#1549 [GH-ISSUE #2323] Firefox Private Window allowing access to home entire folder in Kubuntu 18.04
Opened
#1550 [GH-ISSUE #2324] Firefox using 100% CPU with firejail when downloading files
Opened
#1551 [GH-ISSUE #2322] Add visual cue for firejail outputs
Opened
#1552 [GH-ISSUE #2329] Cannot access symlinked config files
Opened
#1553 [GH-ISSUE #2325] chromium: segfault due to "Check failed: ChrootToSafeEmptyDir()"
Opened
#1554 [GH-ISSUE #2326] Enable apparmor specific aplication profile use
Opened
#1555 [GH-ISSUE #2332] Can exclude individual Wine application from banned Internet connection of Wine default profile ?
Opened
#1556 [GH-ISSUE #2333] Weird issue with mpv and mpsyt
Opened
#1557 [GH-ISSUE #2330] Can't get Libreoffice to start on Kbuntu 18.04
Opened
#1558 [GH-ISSUE #2335] private-opt and private-srv problem
Opened
#1559 [GH-ISSUE #2337] chromium: "Open in Firefox" addon does not work
Opened
#1560 [GH-ISSUE #2336] JDownloader: cannot execute web browser
Opened
#1561 [GH-ISSUE #2341] LTS build out of mainline sources
Opened
#1562 [GH-ISSUE #2342] Regression: Relative profile include silently ignored
Opened
#1563 [GH-ISSUE #2339] Is it possible to run multiple firejailed torbrowser instances?
Opened
#1564 [GH-ISSUE #2343] Dropping 'mincore' syscall breaks several apps
Opened
#1565 [GH-ISSUE #2345] Request: Profile for Mellowplayer
Opened
#1566 [GH-ISSUE #2346] why is {PICTURES}/folder not working?
Opened
#1567 [GH-ISSUE #2348] Dolphin SMB integration does not function if "protocol" filter is enabled
Opened
#1568 [GH-ISSUE #2351] OpenGL does not work even with --noprofile (NixOS)
Opened
#1569 [GH-ISSUE #2355] chromium/firefox: file open dialog takes 5 seconds to list the files (dbus)
Opened
#1570 [GH-ISSUE #2357] trap: thunderbird using default-profile + archiving mails to external folder/device does delete them finally
Opened
#1571 [GH-ISSUE #2360] Can RPMs or DEBs be installed and tested in --private Firejails?
Opened
#1572 [GH-ISSUE #2359] Support subpaths in macros (like ${PICTURES}/Screenshots)
Opened
#1573 [GH-ISSUE #2361] "desktop.profile"
Opened
#1574 [GH-ISSUE #2364] apparmor bash shell gives weird message
Opened
#1575 [GH-ISSUE #2363] Skypeforlinux requires ignore noexec /tmp
Opened
#1576 [GH-ISSUE #2368] ark, private-tmp and browsers
Opened
#1577 [GH-ISSUE #2365] Debian thunderbird - gpp-agent not working togehter
Opened
#1578 [GH-ISSUE #2367] Firefox won't start
Opened
#1579 [GH-ISSUE #2370] Suggestion for basic usage documentation
Opened
#1580 [GH-ISSUE #2371] Making cgroup feature configurable in firejail.config
Opened
#1581 [GH-ISSUE #2369] qBittorrent: menu items that open external apps do not work
Opened
#1582 [GH-ISSUE #2376] Automatic renaming of sandbox is unexpected
Opened
#1583 [GH-ISSUE #2375] LD_PRELOAD failed to map segment from shared object
Opened
#1584 [GH-ISSUE #2374] qtox no sound with firejail
Opened
#1585 [GH-ISSUE #2379] Bitmessage not starting with Firejail
Opened
#1586 [GH-ISSUE #2377] cliqz.profile need to be revised
Opened
#1587 [GH-ISSUE #2378] firejail 0.9.58 and youtube-dl issue
Opened
#1588 [GH-ISSUE #2380] firejail 0.9.58 breaks many programs (execute permission denied)
Opened
#1589 [GH-ISSUE #2383] Issue with Streaming / Streamed YouTube Videos
Opened
#1590 [GH-ISSUE #2381] print.c:209:20: warning: duplicated 'if' condition [-Wduplicated-cond]
Opened
#1591 [GH-ISSUE #2387] RTNETLINK error using "--net" option
Opened
#1592 [GH-ISSUE #2385] Firefox cannot play Netflix videos if started in firejail
Opened
#1593 [GH-ISSUE #2388] Retain firejail-local AppArmor customizations
Opened
#1594 [GH-ISSUE #2393] thunderbird startup problems with firejail
Opened
#1595 [GH-ISSUE #2395] claws-mail: nosound and GTK menu lag
Opened
#1596 [GH-ISSUE #2389] Chrome 72 filling up .xsession-errors while watching YouTube with Firejail
Opened
#1597 [GH-ISSUE #2399] Flameshot - error while loading shared libraries
Opened
#1598 [GH-ISSUE #2397] Nix, snap, appimage support
Opened
#1599 [GH-ISSUE #2396] Creating a firejail group for the firejail binary no longer works
Opened
#1600 [GH-ISSUE #2400] Restrict SFTP access to user's $HOME directory (or use blacklist)
Opened
#1601 [GH-ISSUE #2404] How to enable list command by firejailed program (jedit)
Opened
#1602 [GH-ISSUE #2401] CVE-2019-5736
Opened
#1603 [GH-ISSUE #2407] Unknown or unsupported transport “DBUS_SESSION_BUS_ADDRESS=unix”
Opened
#1604 [GH-ISSUE #2406] Duplicate bookmarks in Firefox
Opened
#1605 [GH-ISSUE #2405] Script to spoof Opera browser
Opened
#1606 [GH-ISSUE #2411] How to allow kate to edit files in .config ?
Opened
#1607 [GH-ISSUE #2410] Firecfg claims "symlinks were created", though none working
Opened
#1608 [GH-ISSUE #2408] chromium: cannot launch without --password-store=basic
Opened
#1609 [GH-ISSUE #2413] Warnings in firejail
Opened
#1610 [GH-ISSUE #2416] How to sandbox --net X11 browser over OpenVPN / Wireguard with Firejail
Opened
#1611 [GH-ISSUE #2414] Feh: Standard config does not allow internet access
Opened
#1612 [GH-ISSUE #2419] whitelist and noblacklist seems to have no effect
Opened
#1613 [GH-ISSUE #2429] [Tor Browser] ‘./Browser/execdesktop’: No such file or directory
Opened
#1614 [GH-ISSUE #2417] browsers: undocumented ?BROWSER_DISABLE_U2F conditional
Opened
#1615 [GH-ISSUE #2432] DBUS firejail. Solved but need an "expert" opinion
Opened
#1616 [GH-ISSUE #2433] Use Firejail as shell - shutdown issue
Opened
#1617 [GH-ISSUE #2434] Firejail only runs as root? OpenSuse
Opened
#1618 [GH-ISSUE #2446] new and unknown programs
Opened
#1619 [GH-ISSUE #2447] mpv: nvdec HW decoder cannot load even with --noprofile
Opened
#1620 [GH-ISSUE #2448] Steam profile blocks gamepad (dualshock 3)
Opened
#1621 [GH-ISSUE #2471] sandbox selected applications upon startup
Opened
#1622 [GH-ISSUE #2449] Torbrowser won't launch in Firejail: OSError: [Errno 13] Permission denied
Opened
#1623 [GH-ISSUE #2472] How is pulseaudio working for FJ urers
Opened
#1624 [GH-ISSUE #2480] read-write does not work after read-only
Opened
#1625 [GH-ISSUE #2482] netfilter6 default
Opened
#1626 [GH-ISSUE #2477] Can you install applications within a firejail, kinda like chroot?
Opened
#1627 [GH-ISSUE #2503] How to install deb packages inside chroot firejail
Opened
#1628 [GH-ISSUE #2497] Firecfg multi-user behavior - error shown by default when only one user ran sudo firecfg
Opened
#1629 [GH-ISSUE #2496] memory-deny-write-execute: also block memfd_create?
Opened
#1630 [GH-ISSUE #2507] Profiles not in firecfg
Opened
#1631 [GH-ISSUE #2505] new *-common includes
Opened
#1632 [GH-ISSUE #2506] firefox-common.profile: seccomp instead of seccomp.drop ?
Opened
#1633 [GH-ISSUE #2513] firejail doesn't detach
Opened
#1634 [GH-ISSUE #2518] noexec ${HOME} breaks Discord
Opened
#1635 [GH-ISSUE #2514] [Info] seccomp enhancements in Linux 5.0
Opened
#1636 [GH-ISSUE #2538] firejail-default apparmor profile breaks code-oss
Opened
#1637 [GH-ISSUE #2531] firefox: "browser-disable-u2f no" does not enable u2f
Opened
#1638 [GH-ISSUE #2519] Many firejails aren't whitelisting /home/downloads/
Opened
#1639 [GH-ISSUE #2548] Flameshot raw screenshot issue
Opened
#1640 [GH-ISSUE #2547] Discord issues returned
Opened
#1641 [GH-ISSUE #2543] 'firejail --list' does not list sandboxes started with '--x11=none'
Opened
#1642 [GH-ISSUE #2550] Pidgin lags in firejail
Opened
#1643 [GH-ISSUE #2578] Trust Certificates
Opened
#1644 [GH-ISSUE #2551] Firefox-developer desktop launches regular firefox
Opened
#1645 [GH-ISSUE #2579] Running firejail in Docker
Opened
#1646 [GH-ISSUE #2589] Compare to nsjail
Opened
#1647 [GH-ISSUE #2590] interaction between --dns option and overlayfs
Opened
#1648 [GH-ISSUE #2597] ubuntu 18:10 snap apps dissapeared from search after firejail set up
Opened
#1649 [GH-ISSUE #2591] Seahorse isn't firejailed, but still launches.
Opened
#1650 [GH-ISSUE #2593] Extra character in error output
Opened
#1651 [GH-ISSUE #2608] Cannot start LibreOffice when already started
Opened
#1652 [GH-ISSUE #2605] Slack now performs log in only via browser
Opened
#1653 [GH-ISSUE #2607] [feature request] profiles that execute code (e.g. for dynamic soft-coded directories)
Opened
#1654 [GH-ISSUE #2612] Tray icons (appindicator) are empty in Gnome for Electron apps
Opened
#1655 [GH-ISSUE #2610] No /etc/firejail directory created
Opened
#1656 [GH-ISSUE #2609] vlc whitelist
Opened
#1657 [GH-ISSUE #2617] ElectronMail cannot read or write config files
Opened
#1658 [GH-ISSUE #2613] How to stop the specific sandbox (other than send SIGTERM to sandbox)?
Opened
#1659 [GH-ISSUE #2616] Firefox 66 is using chroot. Ubuntu 16.04 with seccomp enabled will break firefox.
Opened
#1660 [GH-ISSUE #2618] How to create multiple firejail chroot folders
Opened
#1661 [GH-ISSUE #2619] Add a monitoring option to capture network traffic to a file
Opened
#1662 [GH-ISSUE #2621] Evince crashes when 2-page side-by-side is chosen
Opened
#1663 [GH-ISSUE #2629] Question about Desktop Integration
Opened
#1664 [GH-ISSUE #2623] /dev/null created with wrong permissions
Opened
#1665 [GH-ISSUE #2624] firecfg does not detect all .desktop files for cleaning
Opened
#1666 [GH-ISSUE #2642] Does "q4wine" need to be sandboxed by Firejail if "WineHQ" is already sandboxed by Firejail
Opened
#1667 [GH-ISSUE #2637] undocumented location of a profile files
Opened
#1668 [GH-ISSUE #2638] Why? Warning: networking feature is disabled in Firejail configuration file
Opened
#1669 [GH-ISSUE #2645] firefox passf plugin not working
Opened
#1670 [GH-ISSUE #2644] Allow ~/VirtualBox VMs/shared for all the apps
Opened
#1671 [GH-ISSUE #2643] Run "WineHQ" profile before launch WineHQ for 1st time or run this profile after 1st launch of WineHQ
Opened
#1672 [GH-ISSUE #2655] gajim doesn't let open images
Opened
#1673 [GH-ISSUE #2653] Error when running aa-enforce firejail-default
Opened
#1674 [GH-ISSUE #2657] Dropbox will not start with default profile Kubuntu Ubunutu 18.10 firejail version 0.9.54
Opened
#1675 [GH-ISSUE #2658] Gimp not working
Opened
#1676 [GH-ISSUE #2662] 'sudo firejail --apparmor' = Root shell
Opened
#1677 [GH-ISSUE #2661] Fedora 30 Compilation Errors
Opened
#1678 [GH-ISSUE #2665] Malware can bypass host's firewall using firejail --net=...
Opened
#1679 [GH-ISSUE #2663] ${HOME}/.git-credentials is not covered by default
Opened
#1680 [GH-ISSUE #2664] Broken commit !!
Opened
#1681 [GH-ISSUE #2666] Why there are no profiles for pip and npm?
Opened
#1682 [GH-ISSUE #2667] playonlinux + wine + firejail
Opened
#1683 [GH-ISSUE #2668] Error: cannot detect login user
Opened
#1684 [GH-ISSUE #2671] Error: --shell=none configured, but no program specified
Opened
#1685 [GH-ISSUE #2669] Remove the need for QTWEBENGINE_DISABLE_SANDBOX=1 (appimage)
Opened
#1686 [GH-ISSUE #2670] How to automatically get the applications to point to firejail after installation
Opened
#1687 [GH-ISSUE #2678] Firefox Nightly could not load profile
Opened
#1688 [GH-ISSUE #2675] Using the overlay option
Opened
#1689 [GH-ISSUE #2681] gimp: failure due to seccomp (needs mbind syscall)
Opened
#1690 [GH-ISSUE #2683] How can I allow dbus but not net (gimp profile)
Opened
#1691 [GH-ISSUE #2685] Firefox 66: can't save downloaded files due to unwriteable /tmp/user/$UID
Opened
#1692 [GH-ISSUE #2686] Protect firejailed program from "the outside" using a dedicated user
Opened
#1693 [GH-ISSUE #2692] Atom ain't sandboxed
Opened
#1694 [GH-ISSUE #2689] [Feature request] Integrate hardened_malloc When Available on System
Opened
#1695 [GH-ISSUE #2690] Some AppImages break, "Permission denied"
Opened
#1696 [GH-ISSUE #2695] reboot works with --seccomp
Opened
#1697 [GH-ISSUE #2696] O_PATH undeclared (CentOS 6)
Opened
#1698 [GH-ISSUE #2693] Signal-desktop cannot run in chroot as user (due to some chroot magic)
Opened
#1699 [GH-ISSUE #2700] firemon error: recv: No buffer space available
Opened
#1700 [GH-ISSUE #2698] firejailed ssh tunnel not authenticated
Opened
#1701 [GH-ISSUE #2699] Error: no suitable proxychains4 executable found
Opened
#1702 [GH-ISSUE #2703] Firefox is Working Only in Noprofile mode, is this normal? "New User"
Opened
#1703 [GH-ISSUE #2702] SELinux denials under Fedora 30 every sandbox start
Opened
#1704 [GH-ISSUE #2706] Can't get tor-browser to run with Firejail
Opened
#1705 [GH-ISSUE #2709] [help-me-plz] how to install an application and run it with firejail without harming my system
Opened
#1706 [GH-ISSUE #2707] can setup an application
Opened
#1707 [GH-ISSUE #2711] What is the correct way to pass /tmp/.X11-unix into a chroot?
Opened
#1708 [GH-ISSUE #2713] Switch from Wordpress site to Github Pages
Opened
#1709 [GH-ISSUE #2717] Github wiki for FAQs/tips?
Opened
#1710 [GH-ISSUE #2718] seccomp bypass when joining existing jail
Opened
#1711 [GH-ISSUE #2720] keepassxc: cannot open URL links in firefox
Opened
#1712 [GH-ISSUE #2722] Starting syncthing throws message "Firefox profile cannot be loaded..."
Opened
#1713 [GH-ISSUE #2721] Is it possible to create a new file virutal filesystem and isolate it from the main operating system?
Opened
#1714 [GH-ISSUE #2723] Use wildcards for handling paths in /dev
Opened
#1715 [GH-ISSUE #2725] --timeout results in approximately 2 seconds of latency for all executions
Opened
#1716 [GH-ISSUE #2726] obs: program does not start (private-bin)
Opened
#1717 [GH-ISSUE #2729] Migrations
Opened
#1718 [GH-ISSUE #2728] Installing some Linux packages in overlayFS?
Opened
#1719 [GH-ISSUE #2730] Provide template for profile creation
Opened
#1720 [GH-ISSUE #2733] [question] - running firefox with profile in RAM
Opened
#1721 [GH-ISSUE #2738] [Enhancement] syscall script
Opened
#1722 [GH-ISSUE #2731] Profiles for Adobe products missing
Opened
#1723 [GH-ISSUE #2743] Print better error in the case of ownership issues
Opened
#1724 [GH-ISSUE #2744] Firefox doesn't work with W^X enforced by firejail
Opened
#1725 [GH-ISSUE #2739] Add automated CI checks and git hooks
Opened
#1726 [GH-ISSUE #2747] alpine: client terminates by itself (--noprofile)
Opened
#1727 [GH-ISSUE #2749] Wiki: Home
Opened
#1728 [GH-ISSUE #2748] Wiki: Creating Profiles
Opened
#1729 [GH-ISSUE #2755] Wiki: Sandboxing Binary Software
Opened
#1730 [GH-ISSUE #2750] [suggestion] allow ssh to use netcat to connect to Tor onion services
Opened
#1731 [GH-ISSUE #2752] Run Firefox on remote X11 server without X11 forwarding
Opened
#1732 [GH-ISSUE #2760] Spotify on Fedora fails to open (no sse2 support)
Opened
#1733 [GH-ISSUE #2758] Firejail does not work with a custom hosts file
Opened
#1734 [GH-ISSUE #2761] Versions dont look right
Opened
#1735 [GH-ISSUE #2765] Steam on Fedora fails to open with firejail
Opened
#1736 [GH-ISSUE #2763] Using --overlay loses user groups
Opened
#1737 [GH-ISSUE #2762] Symlink for newsboat
Opened
#1738 [GH-ISSUE #2768] join-or-start on multi-user systems
Opened
#1739 [GH-ISSUE #2770] How to change meaning of novideo and nosound in .local profile?
Opened
#1740 [GH-ISSUE #2767] qTox: hangs after launch in Arch Linux due to memory-deny-write-execute
Opened
#1741 [GH-ISSUE #2777] How to automatically open PDF viewer firejailed when opening a pdf file?
Opened
#1742 [GH-ISSUE #2772] "private-cache" in aria2c.profile breaks lutris/winetricks installs
Opened
#1743 [GH-ISSUE #2776] Running firejail with --x11 as different user - how?
Opened
#1744 [GH-ISSUE #2786] private-gnupg?
Opened
#1745 [GH-ISSUE #2782] Cannot start any programs anymore
Opened
#1746 [GH-ISSUE #2787] x11 xorg doesn't seem to respect the quiet option
Opened
#1747 [GH-ISSUE #2792] Wiki: Frequently Asked Questions
Opened
#1748 [GH-ISSUE #2791] Build issues on Fedora
Opened
#1749 [GH-ISSUE #2790] Thoughts on tightening SSH profiles with nodbus
Opened
#1750 [GH-ISSUE #2795] Firefox cannot open mailto links
Opened
#1751 [GH-ISSUE #2793] Disable firetunnel support at build time?
Opened
#1752 [GH-ISSUE #2794] Wiki: Frequently Asked Questions
Opened
#1753 [GH-ISSUE #2799] --overlay-named exits with error as of linux 5.1.15 (overlayfs)
Opened
#1754 [GH-ISSUE #2798] Firejail is almost broken on fedora silverblue
Opened
#1755 [GH-ISSUE #2801] String overflow warning with gcc 9.1 on Arch Linux
Opened
#1756 [GH-ISSUE #2804] kdialog doesn't work with Firejail
Opened
#1757 [GH-ISSUE #2805] net none in udiskie profile is causing dbus errors
Opened
#1758 [GH-ISSUE #2807] Document broken options order for appimage
Opened
#1759 [GH-ISSUE #2809] firejail hanging when using strace, but ptrace is not allowed
Opened
#1760 [GH-ISSUE #2810] static analysis warnings
Opened
#1761 [GH-ISSUE #2808] KDE Plasma 5.16: file pickers and Dolphin require access to ${HOME}/.config/kioslaverc
Opened
#1762 [GH-ISSUE #2812] Error: no suitable firefox executable found
Opened
#1763 [GH-ISSUE #2811] I can't open a libreoffice document from either thunderbird or firefox
Opened
#1764 [GH-ISSUE #2813] firejail help for novice
Opened
#1765 [GH-ISSUE #2821] /usr/bin/riot-desktop: line 3: 8 Trace/breakpoint trap (core dumped) electron /usr/lib/riot/ "$@"
Opened
#1766 [GH-ISSUE #2824] Proposal for tagging of labels
Opened
#1767 [GH-ISSUE #2820] fcopy size limit is not adjustable
Opened
#1768 [GH-ISSUE #2826] Gajim profile not working
Opened
#1769 [GH-ISSUE #2829] Local option for firecfg.config
Opened
#1770 [GH-ISSUE #2830] nonroot --netns=XXX/--net=XXX is insecure
Opened
#1771 [GH-ISSUE #2833] mpv (w/ ytdl) fails, but ytdl works standalone
Opened
#1772 [GH-ISSUE #2831] Unable to firejail tutanota desktop client appimage
Opened
#1773 [GH-ISSUE #2834] qpdfview profile broken
Opened
#1774 [GH-ISSUE #2838] mpv: no-cache causes slow OSD
Opened
#1775 [GH-ISSUE #2839] Duplicate directories in file dialog
Opened
#1776 [GH-ISSUE #2840] memory-deny-write-execute breaks several applications
Opened
#1777 [GH-ISSUE #2842] Appimage support does not send all appimage environment variables to AppRun
Opened
#1778 [GH-ISSUE #2846] Wiki: Guidelines
Opened
#1779 [GH-ISSUE #2841] Firejail breaks fcitx input on Firefox
Opened
#1780 [GH-ISSUE #2852] Can't start qpdfview
Opened
#1781 [GH-ISSUE #2853] Can't use 'less' on many files in own home directory - is that normal?
Opened
#1782 [GH-ISSUE #2849] Build AppImage bundle of firejail
Opened
#1783 [GH-ISSUE #2859] Problem with Spotify
Opened
#1784 [GH-ISSUE #2854] Standard notes not working
Opened
#1785 [GH-ISSUE #2860] seccomp causes steam (and other) games to freeze
Opened
#1786 [GH-ISSUE #2863] Tor Browser profile for Whonix / tb-updater
Opened
#1787 [GH-ISSUE #2864] profiles not found in /etc/firejail
Opened
#1788 [GH-ISSUE #2862] Tor exited during startup.
Opened
#1789 [GH-ISSUE #2867] Can't seem to stop .Xauthority or .asound from being created/copied
Opened
#1790 [GH-ISSUE #2865] Redundant Makefile targets?
Opened
#1791 [GH-ISSUE #2866] new version of Slack Desktop (4.0) not working
Opened
#1792 [GH-ISSUE #2872] /dev/fd symlink is missing when using private-dev
Opened
#1793 [GH-ISSUE #2869] DNS leak? Process escapes sandbox to use host's DNS call?
Opened
#1794 [GH-ISSUE #2868] Virtualbox not able to write to /dev/vbox*
Opened
#1795 [GH-ISSUE #2875] Pidgin: fcitx input method switching only works with private-bin
Opened
#1796 [GH-ISSUE #2873] keepassxc: cannot save database file (whitelisting issue)
Opened
#1797 [GH-ISSUE #2874] Write to console error message when trying to rename a whitelisted file
Opened
#1798 [GH-ISSUE #2878] Discord fails to load using --profile=
Opened
#1799 [GH-ISSUE #2876] silence --x11=xorg when using --quiet
Opened
#1800 [GH-ISSUE #2877] firejail inside firejail broken
Opened
#1801 [GH-ISSUE #2882] Nowhitelist option does not disable whitelisting entirely
Opened
#1802 [GH-ISSUE #2880] What to do when executable is already in /usr/local/bin?
Opened
#1803 [GH-ISSUE #2887] firefox addon mailvelope not work w/ firejail
Opened
#1804 [GH-ISSUE #2888] Warning - networking feature is disabled in Firejail configuration file @ Opera
Opened
#1805 [GH-ISSUE #2891] firefox access to gpg-agent-browser.socket
Opened
#1806 [GH-ISSUE #2889] transmission-remote-gtk libcanberra issue - fails to start
Opened
#1807 [GH-ISSUE #2892] clicking url in thunderbird email message launches firefox with non-default profile
Opened
#1808 [GH-ISSUE #2894] Using aria2c with firejail makes it fail to download anything: -> [SocketCore.cc:1018] errorCode=1 SSL/TLS handshake failure: unable to get local issuer certificate
Opened
#1809 [GH-ISSUE #2893] Adding 'apparmor' to dolphin.profile to mitigate KDE vulnerability?
Opened
#1810 [GH-ISSUE #2896] Cgroup2 support/migration
Opened
#1811 [GH-ISSUE #2895] leave Github
Opened
#1812 [GH-ISSUE #2897] Firejail can't handle Xauthority correctly if it isn't in $HOME/.Xauthority
Opened
#1813 [GH-ISSUE #2899] keepassxc: db is not locked after resume from lockscreen / sleep (dbus)
Opened
#1814 [GH-ISSUE #2905] Potential leakage in quiet option
Opened
#1815 [GH-ISSUE #2901] [Teamspeak 3] crashes on opening options window if seccomp is enabled
Opened
#1816 [GH-ISSUE #2908] Plugins support
Opened
#1817 [GH-ISSUE #2910] [ssh profiles] Cannot perform git operation via SSH
Opened
#1818 [GH-ISSUE #2906] How to make firejail run with executable/custom scripts in a folder?
Opened
#1819 [GH-ISSUE #2912] Skypeforlinux 8.51.0.72 crashes on startup since it's not permitted to use the chroot syscall
Opened
#1820 [GH-ISSUE #2914] Command "firejail --seccomp skypeforlinux" used to work until skype's rpm update to 8.51.0.72-1.x86_64.rpm
Opened
#1821 [GH-ISSUE #2916] private does not see my new folder
Opened
#1822 [GH-ISSUE #2917] Standalone firejail
Opened
#1823 [GH-ISSUE #2922] firemon --nowrap name
Opened
#1824 [GH-ISSUE #2918] Requesting support for FreeTube AppImage
Opened
#1825 [GH-ISSUE #2923] include on the commandline
Opened
#1826 [GH-ISSUE #2925] make rpms broken on fedora 30
Opened
#1827 [GH-ISSUE #2924] Multiple bugs due to old version (Linux Mint)
Opened
#1828 [GH-ISSUE #2932] Can Firejail put a sandbox around TOR or can it help keep me secure online some other way?
Opened
#1829 [GH-ISSUE #2931] --seccomp= unknown syscall names/numbers are silently ignored
Opened
#1830 [GH-ISSUE #2930] numeric syscalls are not accepted with --seccomp= and the friends
Opened
#1831 [GH-ISSUE #2933] skypeforlinux 8.51.0.86 now requires SYS_ADMIN, SYS_CHROOT capabilities
Opened
#1832 [GH-ISSUE #2934] join fails with private-bin and an alternate (non-bash/sh) shell as default
Opened
#1833 [GH-ISSUE #2936] Firefox and Thunderbird profiles broken
Opened
#1834 [GH-ISSUE #2942] tar profile needs firejail in private-bin for xz support
Opened
#1835 [GH-ISSUE #2938] Allow binaries to run in ${HOME}/bin/** while having noexec ${HOME}
Opened
#1836 [GH-ISSUE #2941] gnome-schedule is broken
Opened
#1837 [GH-ISSUE #2943] chromium: program does not start (snap)
Opened
#1838 [GH-ISSUE #2944] Firejail breaks Brave browser default sandboxing
Opened
#1839 [GH-ISSUE #2945] Signal 1.27 Fails to Start
Opened
#1840 [GH-ISSUE #2946] Electron & Chromium
Opened
#1841 [GH-ISSUE #2947] libpostexecseccomp.so in /run/firejail/lib/libpostexecseccomp.so apparmor issue
Opened
#1842 [GH-ISSUE #2948] /usr/local/bin/dirname apparmor issue
Opened
#1843 [GH-ISSUE #2951] Steam not running
Opened
#1844 [GH-ISSUE #2950] Having some problems regarding sandboxing
Opened
#1845 [GH-ISSUE #2952] chromium and custom URL protocol handler in KDE
Opened
#1846 [GH-ISSUE #2955] Limiting RAM with --rlimit-as
Opened
#1847 [GH-ISSUE #2953] Need help for plasma browser integration
Opened
#1848 [GH-ISSUE #2954] Can access to localhost be allowed with net none
Opened
#1849 [GH-ISSUE #2958] Firejail isn't used if Libreoffice was started using "libreoffice"
Opened
#1850 [GH-ISSUE #2959] Firejail sandbox can't access vulkan
Opened
#1851 [GH-ISSUE #2956] No sound in firefox until started without firejail once.
Opened
#1852 [GH-ISSUE #2966] firejail should follow symlinks for private-etc?
Opened
#1853 [GH-ISSUE #2961] Firefox and Thunderbird jails share some settings, if the other jail is "running"
Opened
#1854 [GH-ISSUE #2963] Apparmor integration, most applications crash.
Opened
#1855 [GH-ISSUE #2969] whitelist/blacklist nesting + private-bin
Opened
#1856 [GH-ISSUE #2968] using --private=homedir and --private-cache, doesn't do --private-cache
Opened
#1857 [GH-ISSUE #2967] Inkscape cannot export GIMP .xcf files
Opened
#1858 [GH-ISSUE #2970] ping broken
Opened
#1859 [GH-ISSUE #2975] Opensuse Tumbleweed firejail Error: cannot create /run/firejail/profile/12562
Opened
#1860 [GH-ISSUE #2974] meld.profile missing access to dconf
Opened
#1861 [GH-ISSUE #2977] Translations of firejail
Opened
#1862 [GH-ISSUE #2979] firejail --build=FILE output
Opened
#1863 [GH-ISSUE #2976] migrate from wordpress to hugo
Opened
#1864 [GH-ISSUE #2980] Evince crashes when 2-page side-by-side is chosen
Opened
#1865 [GH-ISSUE #2983] SSH creates core dumps while using seccomp
Opened
#1866 [GH-ISSUE #2984] Implement or/and document option allowing to redirect overlay to a custom path
Opened
#1867 [GH-ISSUE #2986] FireFox pipe error: Broken pipe and Decode error
Opened
#1868 [GH-ISSUE #2987] Issues with using Firefox addon VideoDownloadHelper's "companion app"
Opened
#1869 [GH-ISSUE #2985] Problems with chroot and user namespaces
Opened
#1870 [GH-ISSUE #2989] k3b needs access to /usr/bin/cdrecord
Opened
#1871 [GH-ISSUE #2990] zathura: printing not possible
Opened
#1872 [GH-ISSUE #2988] Is there any deep reason to do privatelib for strings?
Opened
#1873 [GH-ISSUE #2993] skypeforlinux not working
Opened
#1874 [GH-ISSUE #2994] firefox: certificate error: MOZILLA_PKIX_ERROR_MITM_DETECTED
Opened
#1875 [GH-ISSUE #2991] Electron+AppImage config directory whitelist by default?
Opened
#1876 [GH-ISSUE #2996] ebook-viewer (calibre): program does not start
Opened
#1877 [GH-ISSUE #2995] Epiphany needs bwrap
Opened
#1878 [GH-ISSUE #2997] Visual Studio Code not working under Archlinux
Opened
#1879 [GH-ISSUE #3001] firejail --get and --put fail on filenames containing brackets
Opened
#1880 [GH-ISSUE #3003] Last version of slack-desktop do not run anymore
Opened
#1881 [GH-ISSUE #3000] No network connection when using wireless interface
Opened
#1882 [GH-ISSUE #3007] Firenvim extension to firefox
Opened
#1883 [GH-ISSUE #3006] Firecfg and Cinnamon desktop crashes apps
Opened
#1884 [GH-ISSUE #3008] KVM on Android Studio
Opened
#1885 [GH-ISSUE #3012] 'noroot' in dolphin.profile breaks mpv vulkan renderer
Opened
#1886 [GH-ISSUE #3013] waterfox: there are new executable names
Opened
#1887 [GH-ISSUE #3009] Franz 5.4.0 not working with seccomp
Opened
#1888 [GH-ISSUE #3017] socket proxy 4/5 support
Opened
#1889 [GH-ISSUE #3015] Slack Desktop 4.1.1 cannot open external links
Opened
#1890 [GH-ISSUE #3016] [feature request] Exclude certain programs with firecfg?
Opened
#1891 [GH-ISSUE #3018] Cannot start sandbox when installing Firejail with Stow
Opened
#1892 [GH-ISSUE #3022] After Update Firejail cannot Launch Vivaldi Browser
Opened
#1893 [GH-ISSUE #3020] Cannot run Icecat installed with Guix
Opened
#1894 [GH-ISSUE #3024] media support unavailable since update to Vivaldi 2.9
Opened
#1895 [GH-ISSUE #3023] AppImage doesn't seem to work (ImageMagick)
Opened
#1896 [GH-ISSUE #3025] Fedora silverblue flatpak of firejail
Opened
#1897 [GH-ISSUE #3029] Drop legacy Skype profile
Opened
#1898 [GH-ISSUE #3026] Configuring network interface with DHCP
Opened
#1899 [GH-ISSUE #3027] --x11 not working with chroot
Opened
#1900 [GH-ISSUE #3033] DNS over HTTPS (DoH)
Opened
#1901 [GH-ISSUE #3031] Telegram desktop does not open links in browser (seccomp problem?)
Opened
#1902 [GH-ISSUE #3030] Dia not working
Opened
#1903 [GH-ISSUE #3034] Vivaldi Error messages
Opened
#1904 [GH-ISSUE #3036] pkill ps aux ·| rg fire
Opened
#1905 [GH-ISSUE #3038] dig fails on Ubuntu 16.04 LTS, possibly others
Opened
#1906 [GH-ISSUE #3040] profiles for the WPS office
Opened
#1907 [GH-ISSUE #3041] Document the algorithm used to determine firejail behavior for virtual paths
Opened
#1908 [GH-ISSUE #3039] Cant run firejail firefox
Opened
#1909 [GH-ISSUE #3042] Add an option to kill all the processes in containers when the initial process finishes
Opened
#1910 [GH-ISSUE #3045] Ping Broken
Opened
#1911 [GH-ISSUE #3043] --apparmor breaks ./configure scripts created by autotools
Opened
#1912 [GH-ISSUE #3046] Does firejail worsen security?
Opened
#1913 [GH-ISSUE #3048] Need help for Opera Firejail Profile
Opened
#1914 [GH-ISSUE #3047] Need help for Waterofx.profile (Firejail)
Opened
#1915 [GH-ISSUE #3052] electron-mail won't work with firejail unless I specify --no-profile
Opened
#1916 [GH-ISSUE #3049] Steam issue with internal browser
Opened
#1917 [GH-ISSUE #3050] Opera FireJail-profile network problem
Opened
#1918 [GH-ISSUE #3063] Virtualbox "Effective UID is not root"
Opened
#1919 [GH-ISSUE #3066] Monitor network connection attempts with firejail/firemon
Opened
#1920 [GH-ISSUE #3067] bin bash + not a directory - firejail is shutting down
Opened
#1921 [GH-ISSUE #3069] firejail firefox: Permission denied
Opened
#1922 [GH-ISSUE #3070] make install-strip broken
Opened
#1923 [GH-ISSUE #3068] Problems with kernel 5.4 and firejail
Opened
#1924 [GH-ISSUE #3071] Allow "$HOME" along with "${HOME}" in profiles or signal error
Opened
#1925 [GH-ISSUE #3072] Question about OverlayFS
Opened
#1926 [GH-ISSUE #3073] Feature: post-mortem analysis
Opened
#1927 [GH-ISSUE #3074] KDE apps causing seccomp violations (name_to_handle_at)?
Opened
#1928 [GH-ISSUE #3076] Profile Updates
Opened
#1929 [GH-ISSUE #3075] configure script breaks
Opened
#1930 [GH-ISSUE #3078] Firejail and the reboot command
Opened
#1931 [GH-ISSUE #3079] noroot option is not available
Opened
#1932 [GH-ISSUE #3080] get exit reason
Opened
#1933 [GH-ISSUE #3082] Firejail safe enough to deliberately execute malware ?
Opened
#1934 [GH-ISSUE #3081] notrash option
Opened
#1935 [GH-ISSUE #3084] firejail appimage. But Black Screen Reboot.
Opened
#1936 [GH-ISSUE #3089] commits/changes to backport/cherry-pick to 0.9.62
Opened
#1937 [GH-ISSUE #3090] popcorn-time won't start with firejail (help needed)
Opened
#1938 [GH-ISSUE #3092] firefox: u2f does not work if plugged in after launching (private-dev)
Opened
#1939 [GH-ISSUE #3099] sort.py breaks on older python3 versions
Opened
#1940 [GH-ISSUE #3096] running virt-manager within firejail
Opened
#1941 [GH-ISSUE #3095] Firecfg CLI archivers - missing and/or broken on Arch makepkg
Opened
#1942 [GH-ISSUE #3103] User defined config directory
Opened
#1943 [GH-ISSUE #3100] Ctrl+c on terminal program mpsyt causes unclean termination
Opened
#1944 [GH-ISSUE #3101] Firecfg breaks official GNOME Shell extension "Places Status Indicator"
Opened
#1945 [GH-ISSUE #3106] seccomp groups (next round)
Opened
#1946 [GH-ISSUE #3104] firejail gedit doesn´t work anymore
Opened
#1947 [GH-ISSUE #3105] allow-ruby.inc missing
Opened
#1948 [GH-ISSUE #3110] mupdf: profile does not work for mupdf-gl
Opened
#1949 [GH-ISSUE #3109] VLC xdg-screensaver access
Opened
#1950 [GH-ISSUE #3107] whitelist-usr-share-common.inc breakage
Opened
#1951 [GH-ISSUE #3116] --audit and shell=none
Opened
#1952 [GH-ISSUE #3112] Pavucontrol error while closing
Opened
#1953 [GH-ISSUE #3113] fseccomp not found with private-bin+private-lib+seccomp
Opened
#1954 [GH-ISSUE #3117] celluloid: Failed to create DBus connection
Opened
#1955 [GH-ISSUE #3118] Can't load libstdc++.so.6 due to private-etc (Gentoo)
Opened
#1956 [GH-ISSUE #3119] Strange pathname behaviour
Opened
#1957 [GH-ISSUE #3122] firejail sylpheed doesn´t work properly
Opened
#1958 [GH-ISSUE #3121] evince.profile issues (Gentoo)
Opened
#1959 [GH-ISSUE #3124] Digikam broken
Opened
#1960 [GH-ISSUE #3126] cannot combine --private with --private=
Opened
#1961 [GH-ISSUE #3127] Failed to use AppImage binary with firejail: Cannot mount AppImage, please check your FUSE setup.
Opened
#1962 [GH-ISSUE #3125] no way to selectively disable quiet-by-default in firejail.config
Opened
#1963 [GH-ISSUE #3129] midori.profile: ad-blocker not working properly
Opened
#1964 [GH-ISSUE #3130] firejail randomly elevates itself from standard user to root
Opened
#1965 [GH-ISSUE #3132] [Feature?] Force process to spend most of its time in swap (zram, cgroups)
Opened
#1966 [GH-ISSUE #3135] Concise command output for documentation purpose
Opened
#1967 [GH-ISSUE #3136] firejail --top causes single cpu core large load
Opened
#1968 [GH-ISSUE #3133] Dealing with symlinked ~/.cache
Opened
#1969 [GH-ISSUE #3138] tvbrowser updates every time
Opened
#1970 [GH-ISSUE #3139] How to download a file and save it in --private mode
Opened
#1971 [GH-ISSUE #3137] firejail firefox & spotify
Opened
#1972 [GH-ISSUE #3141] Keepass: synchronization broken
Opened
#1973 [GH-ISSUE #3142] RPC connection
Opened
#1974 [GH-ISSUE #3140] Problem with firefox nightly auto-update
Opened
#1975 [GH-ISSUE #3144] Avoiding indirect GLX for sandboxed Wine app
Opened
#1976 [GH-ISSUE #3145] Handle "non-standard" login.defs paths better
Opened
#1977 [GH-ISSUE #3146] Immutable ~/.mozilla with persistent ~/Downloads
Opened
#1978 [GH-ISSUE #3147] ffmpeg.profile needs ld.so.cache on arch linux
Opened
#1979 [GH-ISSUE #3148] firejail allows wlr-screencopy by default
Opened
#1980 [GH-ISSUE #3153] Whois not working
Opened
#1981 [GH-ISSUE #3157] ffmpeg 4.2.2 does not work with the included firejail profile
Opened
#1982 [GH-ISSUE #3158] firejail torbrowser - no videos on many websites
Opened
#1983 [GH-ISSUE #3164] end of python2
Opened
#1984 [GH-ISSUE #3165] Bad quality audio with --noprofile and PCSX2
Opened
#1985 [GH-ISSUE #3170] firefox: Yubikey is not detected if plugged in after launching (private-dev)
Opened
#1986 [GH-ISSUE #3169] groups.keep
Opened
#1987 [GH-ISSUE #3171] [profile] firefox on 0.9.62 with sway/voidlinux won't start
Opened
#1988 [GH-ISSUE #3174] Travis CI fail: error: comparison between signed and unsigned integer expressions
Opened
#1989 [GH-ISSUE #3173] Directory read-only even after noblacklist/whitelist
Opened
#1990 [GH-ISSUE #3175] udiskie fails to open drive with seccomp blocking request_key
Opened
#1991 [GH-ISSUE #3179] firecfg and .desktop, the third.
Opened
#1992 [GH-ISSUE #3184] access to the system DBus
Opened
#1993 [GH-ISSUE #3185] allowing fscrypt files
Opened
#1994 [GH-ISSUE #3189] Sharing data through /run subdirs
Opened
#1995 [GH-ISSUE #3191] How to configure applications to automatically go through firejail?
Opened
#1996 [GH-ISSUE #3192] zathura fails without /etc/ld.so.cache
Opened
#1997 [GH-ISSUE #3197] difference with LXC
Opened
#1998 [GH-ISSUE #3196] Running "firejail --join=" does not work
Opened
#1999 [GH-ISSUE #3200] firefox: keepassxc browser addon: Key exchange not successful
Opened
#2000 [GH-ISSUE #3199] --private=subdir of encrypted dir does not work
Opened
#2001 [GH-ISSUE #3198] nano [ magic_load() failed: No such file or directory ]
Opened
#2002 [GH-ISSUE #3203] Deepin-Screen-Recorder does not work as not started firejailed by default
Opened
#2003 [GH-ISSUE #3202] Dino does not open images in image viewer (gwenview)
Opened
#2004 [GH-ISSUE #3201] How to make applications have access to a virtual filepath (like flatpak does)
Opened
#2005 [GH-ISSUE #3205] Cannot open downloaded file in external program from Firefox
Opened
#2006 [GH-ISSUE #3206] Can applications still take a screenshot if the application is sanboxed?
Opened
#2007 [GH-ISSUE #3204] Simplescreenrecorder does not work
Opened
#2008 [GH-ISSUE #3212] Cannot open /etc/firejail/kate.profile with kate
Opened
#2009 [GH-ISSUE #3210] Add wayland display socket test to faudit
Opened
#2010 [GH-ISSUE #3211] --x11= and 777 permissions on new socket vs. other users
Opened
#2011 [GH-ISSUE #3214] [Question] How to disable firejail temporarily?
Opened
#2012 [GH-ISSUE #3213] [Question] How to use firejail only for certain apps?
Opened
#2013 [GH-ISSUE #3215] Clicking an URL in Dino launches Firefox with new profile
Opened
#2014 [GH-ISSUE #3218] "Warning: cannot find home directory" and no sandboxing when homedir is /home/x/y
Opened
#2015 [GH-ISSUE #3216] Problem running Cura-4.4.1.appimage with Firejail
Opened
#2016 [GH-ISSUE #3217] --private creates empty dirs on $HOME
Opened
#2017 [GH-ISSUE #3220] script that launches multiple firejails and ends with 'exec firejail' vs. fstat and --list
Opened
#2018 [GH-ISSUE #3221] openshot.profile needs update for openshot 2.5.0
Opened
#2019 [GH-ISSUE #3219] Crashes with an AMD GPU with Mesa >= 19.3.4 and seccomp
Opened
#2020 [GH-ISSUE #3222] allow firejail home tmp overlay to be fuse mounted outside
Opened
#2021 [GH-ISSUE #3223] Chrome GPU crashes and reverts to software with screen tearing
Opened
#2022 [GH-ISSUE #3224] Firejail not tearing down sandbox after closing VLC
Opened
#2023 [GH-ISSUE #3225] youtube-dl abruptly terminates on firejail 0.9.60-1 without saying anything; works with --noprofile; Fedora 30; youtube-dl version 2020.01.24
Opened
#2024 [GH-ISSUE #3227] firefox: libGL error: MESA-LOADER: failed to retrieve device information (AppArmor)
Opened
#2025 [GH-ISSUE #3226] AppArmor and Firefox: Error message
Opened
#2026 [GH-ISSUE #3232] multi user dota2 in fedora with glXChooseVisual failed
Opened
#2027 [GH-ISSUE #3230] Yet another symlink question
Opened
#2028 [GH-ISSUE #3228] chromium: "Just Read" extension does not work anymore
Opened
#2029 [GH-ISSUE #3233] firejail file fails due to linker unable to find libseccomp.so.2
Opened
#2030 [GH-ISSUE #3236] private-lib + python is broken
Opened
#2031 [GH-ISSUE #3235] Firejail stopped working with Opera.
Opened
#2032 [GH-ISSUE #3237] kernel.yama.ptrace_scope = 2|3 breaks --build if strace is installed
Opened
#2033 [GH-ISSUE #3238] tor browser fails with netns
Opened
#2034 [GH-ISSUE #3240] "firejail --appimage": does it really need to be executable?
Opened
#2035 [GH-ISSUE #3245] How to blacklist specific drive or partition
Opened
#2036 [GH-ISSUE #3247] discord 0.10 seccomp
Opened
#2037 [GH-ISSUE #3244] firefox silenium
Opened
#2038 [GH-ISSUE #3249] settings in default.profile and disable-common.inc that break AppImages
Opened
#2039 [GH-ISSUE #3250] conky needs lua
Opened
#2040 [GH-ISSUE #3248] Using Thunderbird with a profile location other than default
Opened
#2041 [GH-ISSUE #3252] Thunderbird not opening pdf with jailed MasterpdfEditor
Opened
#2042 [GH-ISSUE #3254] seccomp with filter based on flags argument of syscall
Opened
#2043 [GH-ISSUE #3257] stackable wrappers convention proposal
Opened
#2044 [GH-ISSUE #3260] systray icon and dialog window (discord) but maybe others.
Opened
#2045 [GH-ISSUE #3261] Question: Whats the best way to update?
Opened
#2046 [GH-ISSUE #3258] vscode: cannot isolate sandboxes (RUNUSER socket)
Opened
#2047 [GH-ISSUE #3262] keepassxc: cannot access NTFS mountpoints in /storage (private-etc)
Opened
#2048 [GH-ISSUE #3263] nosound should blacklist ${RUNUSER}/pulse
Opened
#2049 [GH-ISSUE #3264] FIREJAIL_PROFILE_PATH or similar firejail.config setting
Opened
#2050 [GH-ISSUE #3269] --netns= traffic does not go over socks5 ssh tunnel
Opened
#2051 [GH-ISSUE #3267] Steam freezes on start
Opened
#2052 [GH-ISSUE #3266] VPN connection for Firefox and Thunderbird in Firejail
Opened
#2053 [GH-ISSUE #3270] name matching for .local files when .profiles include others
Opened
#2054 [GH-ISSUE #3272] Zoom: cannot signin with sso
Opened
#2055 [GH-ISSUE #3274] firejail netns netstat shows /tmp/.X11-unix/X0
Opened
#2056 [GH-ISSUE #3279] Teamspeak3 doesn't work
Opened
#2057 [GH-ISSUE #3277] Pull request #3268 broke firejail
Opened
#2058 [GH-ISSUE #3280] Zathura exits on startup
Opened
#2059 [GH-ISSUE #3281] ERROR: ld.so: object '/run/firejail/lib/libpostexecseccomp.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
Opened
#2060 [GH-ISSUE #3283] Viber - how to disable clipboard?
Opened
#2061 [GH-ISSUE #3282] Sound not working with firejail
Opened
#2062 [GH-ISSUE #3285] nslookup apparmor denied
Opened
#2063 [GH-ISSUE #3284] UIM input method switching not working with firefox
Opened
#2064 [GH-ISSUE #3287] Audacious & Audacity freeze, works with "ignore memory-deny-write-execute"
Opened
#2065 [GH-ISSUE #3288] mpv: failure with gpu/vdpau options (AMD gpu with mesa drivers)
Opened
#2066 [GH-ISSUE #3289] I need a FireJail profile for Mate-Terminal
Opened
#2067 [GH-ISSUE #3290] error "Firefox is already running but is not responding" when using firefox wayland
Opened
#2068 [GH-ISSUE #3291] thunderbird: harden rules that allow Firefox to open links
Opened
#2069 [GH-ISSUE #3297] tracelog option broken on ppc64le
Opened
#2070 [GH-ISSUE #3295] Can't run screen in firejail. It drops with "Cannot find terminfo entry for 'xterm-color'"
Opened
#2071 [GH-ISSUE #3299] Firefox is broken on Ubuntu 20.04 Focal
Opened
#2072 [GH-ISSUE #3302] Tor Browser exits during startup
Opened
#2073 [GH-ISSUE #3303] noroot removes all user groups, nogroups redundant
Opened
#2074 [GH-ISSUE #3304] firefox: Error while opening directory: fs.c:442 fs_tmpfs: No such file or directory
Opened
#2075 [GH-ISSUE #3306] many builtin profiles use netfilter with system net namespace
Opened
#2076 [GH-ISSUE #3307] Fedora 31 Silverblue
Opened
#2077 [GH-ISSUE #3308] Question on private-bin & Hyperlinking
Opened
#2078 [GH-ISSUE #3311] Teams and Firefox
Opened
#2079 [GH-ISSUE #3309] firecfg manpage
Opened
#2080 [GH-ISSUE #3313] join broken with seccomp since 88eadbf
Opened
#2081 [GH-ISSUE #3314] keepassxc: ssh-agent feature does not work
Opened
#2082 [GH-ISSUE #3312] newsbeuter doesn´t trigger browser when pressing "o" when using firejail
Opened
#2083 [GH-ISSUE #3316] dropbox breaks the jail
Opened
#2084 [GH-ISSUE #3318] ungoogled-chromium: Error: no suitable /opt/ungoogled-chromium executable found
Opened
#2085 [GH-ISSUE #3320] Build fails on Ubuntu 16.04 LTS with commit ab62720
Opened
#2086 [GH-ISSUE #3323] Can't open links from hexchat
Opened
#2087 [GH-ISSUE #3321] Bitwarden appimage not working with Bitwarden profile
Opened
#2088 [GH-ISSUE #3328] Discord won't launch with default profile
Opened
#2089 [GH-ISSUE #3330] Best practice for AppImage profiles
Opened
#2090 [GH-ISSUE #3332] firejail container with --chroot?
Opened
#2091 [GH-ISSUE #3329] keepassxc: please provide more options or more guidance
Opened
#2092 [GH-ISSUE #3336] zoom: no response when using spacebar as push-to-talk
Opened
#2093 [GH-ISSUE #3335] mpv: hardware video decoding nvdec does not work
Opened
#2094 [GH-ISSUE #3333] Creating temporary filesystem from shell fails
Opened
#2095 [GH-ISSUE #3341] build from git master broken with 0f18c1b
Opened
#2096 [GH-ISSUE #3342] Permission denied when using terminal inside dolphin / kate
Opened
#2097 [GH-ISSUE #3343] rambox: fails to start
Opened
#2098 [GH-ISSUE #3346] support mkdir in ${RUNUSER}
Opened
#2099 [GH-ISSUE #3344] Warning: cannot open source file /usr/local/lib/firejail/seccomp, file not copied
Opened
#2100 [GH-ISSUE #3345] cgroup owner checking ...
Opened
#2101 [GH-ISSUE #3349] Wiki: Restrict D-Bus
Opened
#2102 [GH-ISSUE #3350] Error: too many environment variables
Opened
#2103 [GH-ISSUE #3351] Can not use custom mplayer profile without whitelisting directory of each video file
Opened
#2104 [GH-ISSUE #3352] Firejail doesn't hide set secrets
Opened
#2105 [GH-ISSUE #3354] Option --quiet suppresses important warnings
Opened
#2106 [GH-ISSUE #3353] Cannot get everything read-only but /tmp and a single directory
Opened
#2107 [GH-ISSUE #3356] Terminal control codes in progress messages should be optional
Opened
#2108 [GH-ISSUE #3357] No warning or error if a file or directory does not exist
Opened
#2109 [GH-ISSUE #3355] Some warnings should be errors
Opened
#2110 [GH-ISSUE #3358] Useless lines in disable-common.inc
Opened
#2111 [GH-ISSUE #3360] Cannot start Libreoffice with the latest Firejail
Opened
#2112 [GH-ISSUE #3361] jdownloader profile doesn't work
Opened
#2113 [GH-ISSUE #3368] Nicotine does not start
Opened
#2114 [GH-ISSUE #3363] dolphin: allow lua for playing videos with mpv
Opened
#2115 [GH-ISSUE #3366] GitHub truncates the /etc/firejail dir
Opened
#2116 [GH-ISSUE #3369] No Audio in Zoom
Opened
#2117 [GH-ISSUE #3372] Game clone hero refuses to run
Opened
#2118 [GH-ISSUE #3371] Support simplification: improving --debug and stdout
Opened
#2119 [GH-ISSUE #3377] build: gcc10 static analyzer warnings
Opened
#2120 [GH-ISSUE #3376] steam: cannot connect to the internet (ca-certificates)
Opened
#2121 [GH-ISSUE #3374] Everdo appimage can't start with Firejail
Opened
#2122 [GH-ISSUE #3378] ignore option and globbing
Opened
#2123 [GH-ISSUE #3381] Cannot add /usr/bin/[ to private-bin
Opened
#2124 [GH-ISSUE #3379] thunderbird: keyboard does not work: Unable to connect to ibus
Opened
#2125 [GH-ISSUE #3383] Error: too long environment variables in vifm's subshell
Opened
#2126 [GH-ISSUE #3384] Akondai issues
Opened
#2127 [GH-ISSUE #3385] gnome-contacts doesn't work, fixed with ignore no3d
Opened
#2128 [GH-ISSUE #3388] Use /usr/etc/login.defs after checking for /etc/login.defs
Opened
#2129 [GH-ISSUE #3389] Zeal profile not working
Opened
#2130 [GH-ISSUE #3391] vlc: front end does not appear after launch
Opened
#2131 [GH-ISSUE #3393] seccomp filter are generated multible times
Opened
#2132 [GH-ISSUE #3392] qtox is missing from system tray
Opened
#2133 [GH-ISSUE #3396] Vim contrib files do not follow the DESTDIR option in make install
Opened
#2134 [GH-ISSUE #3400] [dbus] Eye of GNOME won't open
Opened
#2135 [GH-ISSUE #3399] [dbus] LibreOffice's menubar has disappeared
Opened
#2136 [GH-ISSUE #3398] Libreoffice menubar has
Opened
#2137 [GH-ISSUE #3403] gitlab CI broken
Opened
#2138 [GH-ISSUE #3402] implement xdg-dbus-proxy --log / log denied D-Bus access tries
Opened
#2139 [GH-ISSUE #3404] Teams doesn't start because of the apparmor profile
Opened
#2140 [GH-ISSUE #3408] Allow --dbus-user=none on the command line for profiles with dbus-user filter
Opened
#2141 [GH-ISSUE #3407] Firefox save file dialog not showing
Opened
#2142 [GH-ISSUE #3412] Support bash like alias
Opened
#2143 [GH-ISSUE #3413] u2f key is not detected in the browser
Opened
#2144 [GH-ISSUE #3415] Unetbootin + Firejail ???
Opened
#2145 [GH-ISSUE #3416] Busybox
Opened
#2146 [GH-ISSUE #3419] Does "seccomp.drop=all" works
Opened
#2147 [GH-ISSUE #3420] Firefox doesn't start on Ubuntu 20.04
Opened
#2148 [GH-ISSUE #3417] seccomp.block-secondary
Opened
#2149 [GH-ISSUE #3423] seccomp is breaking wire-desktop
Opened
#2150 [GH-ISSUE #3424] Support bash or AppArmor like variables
Opened
#2151 [GH-ISSUE #3421] Whitelisted FUSE mounted directory can not be accessed
Opened
#2152 [GH-ISSUE #3426] Feature request: Allow bind in non-root mode
Opened
#2153 [GH-ISSUE #3427] Can we have an option to block access to 127.0.0.1 and/or other internal only IP addresses?
Opened
#2154 [GH-ISSUE #3425] I feel like I don't know anything.
Opened
#2155 [GH-ISSUE #3428] Zoom does not work with zoom.profile; stuck at "connecting"
Opened
#2156 [GH-ISSUE #3429] Firejail should report which profile it can't load in an include chain
Opened
#2157 [GH-ISSUE #3431] Version 0.9.62 forces Dropbox to load in firejail
Opened
#2158 [GH-ISSUE #3432] apparmor breaks dbus-*=filter
Opened
#2159 [GH-ISSUE #3436] Sound only working with one program at a time with ALSA
Opened
#2160 [GH-ISSUE #3434] Default shell is guessed from $SHELL, despite manpage specifying /bin/bash
Opened
#2161 [GH-ISSUE #3439] How to block all internet except 127.0.0.1 localhost
Opened
#2162 [GH-ISSUE #3443] Wiki: Using firejail from git
Opened
#2163 [GH-ISSUE #3441] surf browser from suckless doesn't start
Opened
#2164 [GH-ISSUE #3448] --private-bin=something does not seem to work
Opened
#2165 [GH-ISSUE #3447] Replace whitelist and blacklist commands with better terms
Opened
#2166 [GH-ISSUE #3446] wine registry does not save changes
Opened
#2167 [GH-ISSUE #3449] Consider adding "Allow Python" to Steam.profile so Blender runs
Opened
#2168 [GH-ISSUE #3451] firejail.config defaults for cgroup/restricted-network and Debian bug 916920
Opened
#2169 [GH-ISSUE #3452] need help using github-markdown on wiki page
Opened
#2170 [GH-ISSUE #3453] [Question not a bug] About Firefox under firejail
Opened
#2171 [GH-ISSUE #3456] jitsi-meet-electron AppImage not launched if run with Firejail !
Opened
#2172 [GH-ISSUE #3454] Emacs configuration is mounted as read only
Opened
#2173 [GH-ISSUE #3458] Thunderbird sandbox by Firejail remain active even after close/quit Thunderbird
Opened
#2174 [GH-ISSUE #3461] Joplin AppImage does not run with firejail
Opened
#2175 [GH-ISSUE #3457] Warning & errors in terminal when firejail browsers
Opened
#2176 [GH-ISSUE #3462] Installation fails if /etc/firejail/login.users exists
Opened
#2177 [GH-ISSUE #3465] Notification from Firefox add-on become of lower resolution & can not induced system sound notification.
Opened
#2178 [GH-ISSUE #3464] Atom 1.48.0 breaks with Firejail 0.9.58.2
Opened
#2179 [GH-ISSUE #3468] Interfering with Itch.io game
Opened
#2180 [GH-ISSUE #3471] Properly document how to "Drastically reduce security for profiles which need to open stuff in [browser name]"
Opened
#2181 [GH-ISSUE #3466] [Question] About sandbox "X11"
Opened
#2182 [GH-ISSUE #3473] zathura and mpv (maybe others as well) "fstat: fs.c:497 fs_remount_simple"
Opened
#2183 [GH-ISSUE #3474] Riot-desktop does not launch
Opened
#2184 [GH-ISSUE #3475] enable firejail with chroot allow SFTP without chroot
Opened
#2185 [GH-ISSUE #3477] slack-desktop 4.4.3 not starting
Opened
#2186 [GH-ISSUE #3478] evolution: cannot modify/create lock file on Unix mbox spool files
Opened
#2187 [GH-ISSUE #3476] With seccomp installed, child process exit successfully but parent process would not exit.
Opened
#2188 [GH-ISSUE #3480] PyCharm requires ${HOME}/.cache/ mounted exec
Opened
#2189 [GH-ISSUE #3479] firejail IRC channel now on libera.chat
Opened
#2190 [GH-ISSUE #3481] pandoc does not have required access to /etc/texmf
Opened
#2191 [GH-ISSUE #3484] PulseAudio not working in --chroot
Opened
#2192 [GH-ISSUE #3483] Lutris and steam issue
Opened
#2193 [GH-ISSUE #3482] Unable to launch Firefox for SSO from Zoom profile
Opened
#2194 [GH-ISSUE #3485] [Solved] Impossible to inclure tutanota-desktop-linux.AppImage in a sandbox with firejail
Opened
#2195 [GH-ISSUE #3488] Seccomp error action not working
Opened
#2196 [GH-ISSUE #3491] Firejail breaks daemonizing processes
Opened
#2197 [GH-ISSUE #3495] Tutanota-desktop difficult to integrate
Opened
#2198 [GH-ISSUE #3494] firefox: no internet with whitelist-var-common.inc (resolv.conf)
Opened
#2199 [GH-ISSUE #3492] Suggestion: add --nsswitch-file option to better control name resolution
Opened
#2200 [GH-ISSUE #3500] Running firejail with timeout causes SIGTTOU
Opened
#2201 [GH-ISSUE #3498] audit.log did not print when --seccomp-error-action is EPERM
Opened
#2202 [GH-ISSUE #3501] noroot in Kodi's profile causing black/frozen screen
Opened
#2203 [GH-ISSUE #3506] youtube-dl and ffprobe requires libblas.so
Opened
#2204 [GH-ISSUE #3504] Wiki: Creating overrides
Opened
#2205 [GH-ISSUE #3503] "ignore quiet" does not work in override (.local) files
Opened
#2206 [GH-ISSUE #3507] Firefox does not work with Firejail on Mint 20
Opened
#2207 [GH-ISSUE #3508] No sound with steam games using FMOD
Opened
#2208 [GH-ISSUE #3509] firejail with wine
Opened
#2209 [GH-ISSUE #3512] add Asbru Connection Manager profile
Opened
#2210 [GH-ISSUE #3513] docs: Improve U2F documentation
Opened
#2211 [GH-ISSUE #3510] Audacity not working.
Opened
#2212 [GH-ISSUE #3514] Need a little help regarding vmware profile
Opened
#2213 [GH-ISSUE #3515] [Reminder] Add xdg-dbus-proxy as dependency on next release
Opened
#2214 [GH-ISSUE #3522] integrate join(-or-start) with dbus options
Opened
#2215 [GH-ISSUE #3527] [Question] SkypeforLinux - or General .deb Security
Opened
#2216 [GH-ISSUE #3523] No more way to specify custom configure options when building deb?
Opened
#2217 [GH-ISSUE #3524] Arch build breaking due to pandoc
Opened
#2218 [GH-ISSUE #3528] discord profile does not work when user is using the fish shell
Opened
#2219 [GH-ISSUE #3531] mathematica profile
Opened
#2220 [GH-ISSUE #3530] disable-shell.inc breaks AppImages
Opened
#2221 [GH-ISSUE #3534] How to use "passwd" in a firejail login shell?
Opened
#2222 [GH-ISSUE #3536] Custom/local applications doesn't start
Opened
#2223 [GH-ISSUE #3539] Automatically started application in KDE not firejailed
Opened
#2224 [GH-ISSUE #3541] Font styles unreadable in dark themes
Opened
#2225 [GH-ISSUE #3540] Signal-desktop icon in mate notification tray not displayed
Opened
#2226 [GH-ISSUE #3544] Firetools dark theme
Opened
#2227 [GH-ISSUE #3545] vscode: need help blocking spying
Opened
#2228 [GH-ISSUE #3549] keepassxc: program does not start on BSPWM
Opened
#2229 [GH-ISSUE #3546] Error mounting appimage: No such device
Opened
#2230 [GH-ISSUE #3554] mpv: lua plugins cannot load shared libraries
Opened
#2231 [GH-ISSUE #3551] private-tmp in meld breaks diff view
Opened
#2232 [GH-ISSUE #3552] Does changing $PATH affect the security?
Opened
#2233 [GH-ISSUE #3557] firefox dbus restriction (not a bug but a question)
Opened
#2234 [GH-ISSUE #3562] Allow gajim to access GPG keys
Opened
#2235 [GH-ISSUE #3563] docs: manpage warnings: cannot adjust line
Opened
#2236 [GH-ISSUE #3568] How to block internet access while retain connection to host native X11
Opened
#2237 [GH-ISSUE #3567] Can't exec ping inside chroot
Opened
#2238 [GH-ISSUE #3565] /bin/bash: ./Telegram/Telegram: Permission denied
Opened
#2239 [GH-ISSUE #3570] No history, bookmarks etc. preserved in lynx browser
Opened
#2240 [GH-ISSUE #3576] firefox: cannot open docs in ~/.rustup
Opened
#2241 [GH-ISSUE #3575] New release on Monday (Aug 10): CVE fixes
Opened
#2242 [GH-ISSUE #3579] JDownloader: cannot open links in firejailed Firefox
Opened
#2243 [GH-ISSUE #3580] Question: Firefox - How do i allow an external storage path?
Opened
#2244 [GH-ISSUE #3578] Error: no suitable /path/JDownloader2 executable found
Opened
#2245 [GH-ISSUE #3582] How to install with apt-get without interaction
Opened
#2246 [GH-ISSUE #3581] Blacklisting /media/ except for one folder
Opened
#2247 [GH-ISSUE #3584] Disable the access to /run/firejail/mnt/devlog
Opened
#2248 [GH-ISSUE #3585] Firejail 0.9.62.2 apparmor profile parser error
Opened
#2249 [GH-ISSUE #3589] Discord wont open when executed outside the pkg manager one
Opened
#2250 [GH-ISSUE #3586] element-desktop: program does not start (--no-sandbox)
Opened
#2251 [GH-ISSUE #3591] firejail breaks haskell development tools cabal and stack
Opened
#2252 [GH-ISSUE #3593] Some errors in Telegram
Opened
#2253 [GH-ISSUE #3595] ledger-live-desktop: program does not start (AppImage)
Opened
#2254 [GH-ISSUE #3597] Firefox kfmclient crash
Opened
#2255 [GH-ISSUE #3598] Adding binaries outside standard "bin dirs" ala private-bin?
Opened
#2256 [GH-ISSUE #3596] smplayer: cannot play video with mpv as backend on Arch
Opened
#2257 [GH-ISSUE #3601] Improving symlink invocation?
Opened
#2258 [GH-ISSUE #3599] Telegram Question about the privacy of multiple accounts
Opened
#2259 [GH-ISSUE #3600] is there virtual memory option ?
Opened
#2260 [GH-ISSUE #3604] firejail firejail does not work in openSUSE
Opened
#2261 [GH-ISSUE #3605] DNS requests fail in jailed Firefox with IPv6 resolver
Opened
#2262 [GH-ISSUE #3602] Wiki: x11 guide
Opened
#2263 [GH-ISSUE #3608] claws-mail.profile had to be altered
Opened
#2264 [GH-ISSUE #3606] Default DNS in .profile
Opened
#2265 [GH-ISSUE #3609] firefox: program does not open (seccomp)
Opened
#2266 [GH-ISSUE #3612] join-or-start can break
Opened
#2267 [GH-ISSUE #3610] Toggle Network
Opened
#2268 [GH-ISSUE #3611] firefox: --private-home= disables add-ons
Opened
#2269 [GH-ISSUE #3615] Opening up x-terminal-emulator with --noprofile exits the jail
Opened
#2270 [GH-ISSUE #3614] telegram.profile needs netlink protocol
Opened
#2271 [GH-ISSUE #3613] Disabling /dev/snd/ with private-dev?
Opened
#2272 [GH-ISSUE #3616] Can't use newsboat through torsocks
Opened
#2273 [GH-ISSUE #3617] MAC Address --mac should be able to be changed/spoofed without the need for --net
Opened
#2274 [GH-ISSUE #3618] Must-fix bugs for release 0.9.64
Opened
#2275 [GH-ISSUE #3620] Hardcoded tc command is not found on openSUSE
Opened
#2276 [GH-ISSUE #3623] build: remove src/man/preproc from Makefile
Opened
#2277 [GH-ISSUE #3625] hedgewars crashes without access to liblua
Opened
#2278 [GH-ISSUE #3626] Firefox is already running, but is not responding.
Opened
#2279 [GH-ISSUE #3627] X11 security
Opened
#2280 [GH-ISSUE #3628] "Cannot alocate memory" error when trying to copy/paste in MPV
Opened
#2281 [GH-ISSUE #3629] Problem Apparmor with Brave
Opened
#2282 [GH-ISSUE #3630] MacVlan not support run over eth0.xxx
Opened
#2283 [GH-ISSUE #3631] DNS access control and DNS-controlled firewalling
Opened
#2284 [GH-ISSUE #3632] docs: addgroup should add system group not user group
Opened
#2285 [GH-ISSUE #3633] chromium-privacy-browser: program does not start
Opened
#2286 [GH-ISSUE #3634] Discord 0.0.12 not starting
Opened
#2287 [GH-ISSUE #3635] [mpv] "Running subprocess failed: init" when trying to execute script in ~/bin
Opened
#2288 [GH-ISSUE #3637] Firejail not loading certain profiles automatically
Opened
#2289 [GH-ISSUE #3636] transmission-daemon fills log with error
Opened
#2290 [GH-ISSUE #3638] Why are all the $HOME dirs and files visible in Telegram and not jailed?
Opened
#2291 [GH-ISSUE #3640] Gimp - add note how to enable scanning (xsane)
Opened
#2292 [GH-ISSUE #3639] 'less' does not work
Opened
#2293 [GH-ISSUE #3643] Firejail profile preventing flameshot from starting
Opened
#2294 [GH-ISSUE #3644] nvidia: opengl errors with nvidia proprietary driver due to "nogroups"
Opened
#2295 [GH-ISSUE #3641] Cannot run DB_Browser_for_SQLite--x86_64.appimage under firejail
Opened
#2296 [GH-ISSUE #3646] web browsers have no internet connection (resolv.conf)
Opened
#2297 [GH-ISSUE #3645] Unable to watch shows on ctv.ca and globaltv.com using firejail
Opened
#2298 [GH-ISSUE #3647] webkit2gtk-4.0 requires bwrap
Opened
#2299 [GH-ISSUE #3649] private-etc=resolv.conf will not update for changed DNS server
Opened
#2300 [GH-ISSUE #3648] Regression: Error: no such executable /usr/bin/git
Opened
#2301 [GH-ISSUE #3654] Firejail crashing with SELinux support enabled
Opened
#2302 [GH-ISSUE #3659] AppArmor profile fails to load with AppArmor 3.0.0 installed
Opened
#2303 [GH-ISSUE #3655] Simplify profile creating process
Opened
#2304 [GH-ISSUE #3658] read-write permission for /opt/ directory or other shared documents
Opened
#2305 [GH-ISSUE #3663] Unable to whitelist steamapps when using --private
Opened
#2306 [GH-ISSUE #3662] free(): invalid pointer with --ip=dhcp
Opened
#2307 [GH-ISSUE #3661] Error w/o 'gawk' and no apparmor on Ubuntu
Opened
#2308 [GH-ISSUE #3668] Some gui applications do not accept keyboard input if host X11 DISPLAY env variable is not 0
Opened
#2309 [GH-ISSUE #3666] Torbrowser-launcher.profile doesn't launch without certain flags disabled
Opened
#2310 [GH-ISSUE #3665] With firecfg, how do I configure specific applications to go through firejail?
Opened
#2311 [GH-ISSUE #3671] GDB a process inside FireJail
Opened
#2312 [GH-ISSUE #3673] bug? --rmenv seems to fire after check for length of environment variables, which makes long variables impossible to remove from firejail side
Opened
#2313 [GH-ISSUE #3669] skypeforlinux logs out every time, even without profile
Opened
#2314 [GH-ISSUE #3678] Error: too long environment variables, please use --rmenv
Opened
#2315 [GH-ISSUE #3677] Disable user-defined profile
Opened
#2316 [GH-ISSUE #3680] firefox: does not start due to dpkg error (Linux Mint)
Opened
#2317 [GH-ISSUE #3682] No blu-ray playback with vlc using libaacs
Opened
#2318 [GH-ISSUE #3681] Widevine/DRM broken with firejail 0.9.64 in browsers
Opened
#2319 [GH-ISSUE #3684] Error: proc 52651 cannot sync with peer: unexpected EOF
Opened
#2320 [GH-ISSUE #3686] mpsyt: mpv needs lua
Opened
#2321 [GH-ISSUE #3685] Warn on static binaries + seccomp
Opened
#2322 [GH-ISSUE #3687] start-tor-browser doesn't open with any profile
Opened
#2323 [GH-ISSUE #3690] test failure: mkdir.exp
Opened
#2324 [GH-ISSUE #3691] test failure: shutdown.exp
Opened
#2325 [GH-ISSUE #3689] iceweasel: DBus user socket not found (Parabola OpenRC)
Opened
#2326 [GH-ISSUE #3696] Next release (0.9.64.2 / 0.9.66)
Opened
#2327 [GH-ISSUE #3693] Kate - Read/Write problems in /home/ (ignores overrides?)
Opened
#2328 [GH-ISSUE #3695] --private-home
Opened
#2329 [GH-ISSUE #3697] Need help for spectacle's profile
Opened
#2330 [GH-ISSUE #3699] Firefox can't inhibit screensavers/screen blanking
Opened
#2331 [GH-ISSUE #3701] Firefox native messaging regression in 0.9.62.4 -> 0.9.64rc1
Opened
#2332 [GH-ISSUE #3706] Does sandboxing with firejail works with spack package manager applications?
Opened
#2333 [GH-ISSUE #3702] Can't run vglrun inside firejail
Opened
#2334 [GH-ISSUE #3707] qBittorrent tray icon missing from notification panel when running it with firejail
Opened
#2335 [GH-ISSUE #3712] 'make test' errors on tests not included in release tarball
Opened
#2336 [GH-ISSUE #3711] zoom profile: can't access webcam
Opened
#2337 [GH-ISSUE #3709] Tor doesn't launch with Brave browser.
Opened
#2338 [GH-ISSUE #3715] Why do network interfaces get removed when specified with firejail?
Opened
#2339 [GH-ISSUE #3714] How would it be possible to have specified commands run automatically with firejail? (e.g. youtube-dl becomes firejail youtube-dl)
Opened
#2340 [GH-ISSUE #3713] keepassxc: issues with browser extension and tray icon (dbus)
Opened
#2341 [GH-ISSUE #3720] Question about --dns option
Opened
#2342 [GH-ISSUE #3718] KDE Kontact: configuring Google calender, tasks and Contacts not possible
Opened
#2343 [GH-ISSUE #3721] Travis CI
Opened
#2344 [GH-ISSUE #3722] Filezilla profile does not allow to open HOME/.ssh folder for using keys in OpenSSH/SFTP connections
Opened
#2345 [GH-ISSUE #3724] [abrt] firejail: iopl(): faudit killed by SIGSYS
Opened
#2346 [GH-ISSUE #3723] Default minetest profile doesn't work
Opened
#2347 [GH-ISSUE #3727] Allow external debuggers with --noroot?
Opened
#2348 [GH-ISSUE #3726] zoom: program does not start (private-etc)
Opened
#2349 [GH-ISSUE #3725] Firefox widevinecdm crashes (e.g. Amazon Prime Video)
Opened
#2350 [GH-ISSUE #3728] Don't correct fonts and theme styles in openSUSE KDE
Opened
#2351 [GH-ISSUE #3730] Is it unsafe if I run Firejail with --no-sandbox?
Opened
#2352 [GH-ISSUE #3729] "Process Tree"-tab in firetools is empty - firejail seems to be responsible
Opened
#2353 [GH-ISSUE #3733] telegram.profile need netlink protocol
Opened
#2354 [GH-ISSUE #3732] firefox: cannot use fcitx IME (dbus)
Opened
#2355 [GH-ISSUE #3731] Is it possible through firejail to make available what the launched user is not available?
Opened
#2356 [GH-ISSUE #3736] Add alsaequal (Equalizer for alsa) to whitelist-common.inc
Opened
#2357 [GH-ISSUE #3735] Wrong definition of macro paths from ~/.config/user-dirs.dirs if they are not in "$HOME".
Opened
#2358 [GH-ISSUE #3737] There is no sound in telegram via alsa (needs "alsa" and "group" for the "private-etc" option).
Opened
#2359 [GH-ISSUE #3738] Feature Request: Support for time namespaces (Linux 5.6)
Opened
#2360 [GH-ISSUE #3741] Error: failed to run /run/firejail/lib/fcopy
Opened
#2361 [GH-ISSUE #3739] Steam doesn't work with symlinked steamfolder
Opened
#2362 [GH-ISSUE #3744] zoom: program does not start (missing whitelist)
Opened
#2363 [GH-ISSUE #3745] Public gpg key & Signature
Opened
#2364 [GH-ISSUE #3743] Lost email in claws-mail
Opened
#2365 [GH-ISSUE #3749] Where to print debug messages (stdout or stderr)?
Opened
#2366 [GH-ISSUE #3753] [Feature] different profiles/behavior per user?
Opened
#2367 [GH-ISSUE #3754] Can't run Discord with Linux-Hardened kernel
Opened
#2368 [GH-ISSUE #3755] signal-desktop no longer works with notify-send?
Opened
#2369 [GH-ISSUE #3758] library libgtk3-nocsd cannot be preloaded
Opened
#2370 [GH-ISSUE #3756] Finally Viber has an appimage
Opened
#2371 [GH-ISSUE #3765] Spotify 1.1.42.622 Hangs on Arch Linux
Opened
#2372 [GH-ISSUE #3761] w3m with w3m-img installed does not display images when on virtual console/framebuffer
Opened
#2373 [GH-ISSUE #3759] thunderbird: cannot open links in Firefox: "Your Firefox profile cannot be loaded"
Opened
#2374 [GH-ISSUE #3770] xournal.profile: liblua.so.5.4: cannot open shared object file: Permission denied
Opened
#2375 [GH-ISSUE #3767] firefox: keepassxc browser extension fails due to whitelist-runuser-common
Opened
#2376 [GH-ISSUE #3769] firefox: DBus user socket was not found
Opened
#2377 [GH-ISSUE #3775] zathura does not work with ipc-namespace
Opened
#2378 [GH-ISSUE #3773] Interferes with firefox loading webpages
Opened
#2379 [GH-ISSUE #3774] Tray-icon researches
Opened
#2380 [GH-ISSUE #3776] ffmpeg profile breaks jellyfin transcoding
Opened
#2381 [GH-ISSUE #3780] whois profile block hostname resolution via getaddrinfo (Name or service not known)
Opened
#2382 [GH-ISSUE #3777] lyx: program does not start (private-etc)
Opened
#2383 [GH-ISSUE #3782] Man pages have #ifdefs in them
Opened
#2384 [GH-ISSUE #3783] google-chrome: hardware acceleration is broken (intel/wayland ozone) (seccomp)
Opened
#2385 [GH-ISSUE #3781] Rootless Firejail re-entry to Firejail created network namespace: Error: cannot join netns 'wgsh': Invalid argument
Opened
#2386 [GH-ISSUE #3784] Error ioctl: interface.c:302 net_if_mac: Cannot assign requested address
Opened
#2387 [GH-ISSUE #3785] Allowing calling specific apps outside the sandbox or with a different firejail profile
Opened
#2388 [GH-ISSUE #3786] rhythmbox profile does not support viewing/loading files from cdrom
Opened
#2389 [GH-ISSUE #3788] No sound with pulseaudio and private home
Opened
#2390 [GH-ISSUE #3789] Two firejail related scripts.
Opened
#2391 [GH-ISSUE #3787] [Question] Can an app read the username of the user's home dir on linux?
Opened
#2392 [GH-ISSUE #3792] MTP Android files can be copied outside firejail in Thunar file manager.
Opened
#2393 [GH-ISSUE #3793] running wine in firejail (--private option)
Opened
#2394 [GH-ISSUE #3790] xfce4-screenshooter - profile broken by memory-deny-write-execute
Opened
#2395 [GH-ISSUE #3794] Trouble running Firefox Portable Dev Edition in firejail
Opened
#2396 [GH-ISSUE #3796] firefox: YubiKey WebAuthn does not work
Opened
#2397 [GH-ISSUE #3795] teams: program does not start (seccomp/tracelog)
Opened
#2398 [GH-ISSUE #3798] Cannot start firejailed app from a path on a gocryptfs filesystem
Opened
#2399 [GH-ISSUE #3797] Get ride of all these u2f and drm issues
Opened
#2400 [GH-ISSUE #3799] Viber appimage pausing firejail execution asking to replace mimeapps.list 'overriding mode 0664'
Opened
#2401 [GH-ISSUE #3804] Blacklist .ssh directory by default
Opened
#2402 [GH-ISSUE #3800] "firejail playonlinux" starts GUI but not installed programme
Opened
#2403 [GH-ISSUE #3801] --get outputs empty file when using --chroot
Opened
#2404 [GH-ISSUE #3805] telegram-desktop launch browser for open URL problem in openSUSE
Opened
#2405 [GH-ISSUE #3809] Relationship between disable-mnt and disable-write.inc
Opened
#2406 [GH-ISSUE #3806] Refactor electron.profile and electron based programs
Opened
#2407 [GH-ISSUE #3822] rhythmbox: media keys do not work
Opened
#2408 [GH-ISSUE #3815] Question: AppImage trust
Opened
#2409 [GH-ISSUE #3817] playonlinux in firejail - internet connection issues?
Opened
#2410 [GH-ISSUE #3831] Question to bug #2101
Opened
#2411 [GH-ISSUE #3823] Unable to start hexchat with firejail
Opened
#2412 [GH-ISSUE #3833] archivers: issues due limiting file system access
Opened
#2413 [GH-ISSUE #3836] what about snap app ?
Opened
#2414 [GH-ISSUE #3837] firefox: firefox -p fails to launch (seccomp)
Opened
#2415 [GH-ISSUE #3835] Is there a way to force a jail outside Network Manager systemwide VPN?
Opened
#2416 [GH-ISSUE #3838] --x11=none --netns=isolated invalidly errors on the abstract X11 socket being accessible
Opened
#2417 [GH-ISSUE #3840] Temporary private home directory based on template where changes are discarded?
Opened
#2418 [GH-ISSUE #3841] Permission denied - runnig is as a normal user [SOLVED]
Opened
#2419 [GH-ISSUE #3843] use sandbox name as xephyr window title
Opened
#2420 [GH-ISSUE #3842] Cannot launch Teams on POP!_OS 20.10
Opened
#2421 [GH-ISSUE #3844] firejail --private hanging
Opened
#2422 [GH-ISSUE #3851] Compiled-in environment/arg limits causing issues
Opened
#2423 [GH-ISSUE #3845] On squashing commits and git workflows
Opened
#2424 [GH-ISSUE #3846] Not able to use netns configuration directive in .profile or .local files
Opened
#2425 [GH-ISSUE #3857] [Question] Is it possible to modify the profile while firejail is running?
Opened
#2426 [GH-ISSUE #3856] Jackbox games broken under firejail
Opened
#2427 [GH-ISSUE #3855] "caps.drop all" fails to run commands which have capabilities set (was: node does not want to run (but the same binary renamed works))
Opened
#2428 [GH-ISSUE #3860] Video Tutorial
Opened
#2429 [GH-ISSUE #3861] firejail --list shows nothing
Opened
#2430 [GH-ISSUE #3858] Unable to start Firefox v84.0.1 on Debian 10 (Buster)
Opened
#2431 [GH-ISSUE #3862] Paths in app profiles with ^ and ! wildcards in them are not expanded
Opened
#2432 [GH-ISSUE #3868] Error getpwuid: main.c:237 init_cfg: Success (keepassxc/signal/joplin)
Opened
#2433 [GH-ISSUE #3865] obs: program does not start
Opened
#2434 [GH-ISSUE #3871] vscodium: missing profile redirect: vscodium was renamed to codium
Opened
#2435 [GH-ISSUE #3872] Screen sharing configuration on wayland
Opened
#2436 [GH-ISSUE #3874] What's are currently the best ways to configure apps to run sandboxed with firejail? (Modified .desktop files can change after updates)
Opened
#2437 [GH-ISSUE #3878] umask always 0002
Opened
#2438 [GH-ISSUE #3877] Using firejail with private /home with a folder on /home mount point but outside of users folders
Opened
#2439 [GH-ISSUE #3881] discord: cannot open links in the browser
Opened
#2440 [GH-ISSUE #3884] ssh profile blocks access to ssh-agent with non-default socket location
Opened
#2441 [GH-ISSUE #3891] How to allow firefox (or any sandbox) to access the pulseaudio process?
Opened
#2442 [GH-ISSUE #3883] Getting "Permission denied" when running Electron apps with --no-sandbox
Opened
#2443 [GH-ISSUE #3894] newsboat unable to launch default browser
Opened
#2444 [GH-ISSUE #3892] Option to launch firejailed program as a different user
Opened
#2445 [GH-ISSUE #3898] Appimage fails to run
Opened
#2446 [GH-ISSUE #3905] nginx cant start in firejail version 0.9.63
Opened
#2447 [GH-ISSUE #3906] google-earth-pro: program does not work on Arch Linux
Opened
#2448 [GH-ISSUE #3904] VScode can't execute certain script when seccom is enabled
Opened
#2449 [GH-ISSUE #3907] Bibletime profile does not work, should add a new whitelist
Opened
#2450 [GH-ISSUE #3910] molotov: cannot run AppImage with custom profile
Opened
#2451 [GH-ISSUE #3909] bind directory update option for specific time period
Opened
#2452 [GH-ISSUE #3912] Chrome not working due to symlink.
Opened
#2453 [GH-ISSUE #3914] Redirect profiles without .local
Opened
#2454 [GH-ISSUE #3911] firecfg breaking firejail on the command line
Opened
#2455 [GH-ISSUE #3925] telegram-desktop launch browser for open URL (after update to 0.9.64.2)
Opened
#2456 [GH-ISSUE #3927] [INFO] Whitelist ssh_config
Opened
#2457 [GH-ISSUE #3919] xdg-open inside a jail can't open URLs in (not jailed) Firefox
Opened
#2458 [GH-ISSUE #3937] dolphin: cannot start keepassxc
Opened
#2459 [GH-ISSUE #3933] different seccomp behavior with and without arguments
Opened
#2460 [GH-ISSUE #3928] CI seems broken, unsure on how to proceed.
Opened
#2461 [GH-ISSUE #3938] vlc: no video playback (seccomp)
Opened
#2462 [GH-ISSUE #3940] brave: u2f does not work
Opened
#2463 [GH-ISSUE #3939] brave: u2f does not work
Opened
#2464 [GH-ISSUE #3942] gVisor backend
Opened
#2465 [GH-ISSUE #3941] keepassxc: cannot communicate with ungoogled-chromium
Opened
#2466 [GH-ISSUE #3943] Parent is shutting down, bye... AppImage unmounted
Opened
#2467 [GH-ISSUE #3949] firejail not terminated after browser is killed
Opened
#2468 [GH-ISSUE #3948] firejail --join=foobar fails with Error: cannot read /proc file
Opened
#2469 [GH-ISSUE #3945] It seems some capabilities are missing
Opened
#2470 [GH-ISSUE #3952] firefox: cannot communicate with keepassxc
Opened
#2471 [GH-ISSUE #3953] xwallaper fail to set wallpaper
Opened
#2472 [GH-ISSUE #3951] firejail rtkit dbus support
Opened
#2473 [GH-ISSUE #3957] Error: execute permission denied for /usr/local/bin/firefox
Opened
#2474 [GH-ISSUE #3958] firejail hangs with net parameter
Opened
#2475 [GH-ISSUE #3954] ssh: cannot access ssh-agent when doing a proxyjump
Opened
#2476 [GH-ISSUE #3959] faccessat2 syscalls support required for glibc 2.33
Opened
#2477 [GH-ISSUE #3962] firefox: program does not work due to whitelist-runuser-common
Opened
#2478 [GH-ISSUE #3960] Patches from Jolla
Opened
#2479 [GH-ISSUE #3963] slack: cannot open links or sign in
Opened
#2480 [GH-ISSUE #3968] chromium: save location bypass and code execution
Opened
#2481 [GH-ISSUE #3965] firejail fails to start if iBus is not in use, but .config/ibus/bus/* exists.
Opened
#2482 [GH-ISSUE #3971] mpv no longer uses user config
Opened
#2483 [GH-ISSUE #3973] Is this a bug or intended or a bug ??
Opened
#2484 [GH-ISSUE #3972] Add sara LSM library for W^X protection
Opened
#2485 [GH-ISSUE #3977] Mistake
Opened
#2486 [GH-ISSUE #3975] Running xpdf in friejail
Opened
#2487 [GH-ISSUE #3976] jitsi-meet-desktop not properly starting
Opened
#2488 [GH-ISSUE #3979] KMail profile in 0.9.64.4 has multiple fatal errors
Opened
#2489 [GH-ISSUE #3978] android-studio: cannot create the directory
Opened
#2490 [GH-ISSUE #3980] private-lib: can we mount instead of copy?
Opened
#2491 [GH-ISSUE #3981] Wayland Only: ibus failed to work in some programs even with --noprofile
Opened
#2492 [GH-ISSUE #3982] thunderbird: cannot open links in firefox (and vice-versa)
Opened
#2493 [GH-ISSUE #3986] CodeQL warnings
Opened
#2494 [GH-ISSUE #3987] cannot confine using apparmor on Arch linux LTS kernel
Opened
#2495 [GH-ISSUE #3991] private-etc doesn't allow subdirs
Opened
#2496 [GH-ISSUE #3989] First link to Firefox Opens New Window Instead of New Tab
Opened
#2497 [GH-ISSUE #3996] celluloid: error while loading shared libraries: liblua5.2.so.5.2
Opened
#2498 [GH-ISSUE #3999] Firejail usage
Opened
#2499 [GH-ISSUE #3992] Enhancement adding lowlevel new sandbox feature "landlock"
Opened
#2500 [GH-ISSUE #4012] join-or-start doesn't work with okular
Opened
#2501 [GH-ISSUE #4011] Support. How to install firejail on Debian so that it does not interfere with any programs?
Opened
#2502 [GH-ISSUE #4006] zoom: cannot save chat logs
Opened
#2503 [GH-ISSUE #4013] nixnote2: Could not create AF_NETLINK socket
Opened
#2504 [GH-ISSUE #4017] new protocol list behaviour needs to be announced somewhere so users can adjust their local overrides
Opened
#2505 [GH-ISSUE #4014] Installation problem: trying to overwrite '/etc/firejail/0ad.profile'
Opened
#2506 [GH-ISSUE #4018] Desktop Entry: firecfg --fix can not distinguish firefox, firefox-nightly, firefox-developer-edition,...
Opened
#2507 [GH-ISSUE #4026] --private and $HOME
Opened
#2508 [GH-ISSUE #4020] Revisit profiles allowing netlink protocol
Opened
#2509 [GH-ISSUE #4033] Unable To Close MOC
Opened
#2510 [GH-ISSUE #4027] firejail prevent my firefox from login to "Ask Fedora" site !
Opened
#2511 [GH-ISSUE #4032] Firetools "Process Tree"-tab empty once again
Opened
#2512 [GH-ISSUE #4034] Any way to know we are inside Firejail or not?
Opened
#2513 [GH-ISSUE #4044] skypeforlinux fails to start on Arch Linux
Opened
#2514 [GH-ISSUE #4039] patch: program fails to run on Artix Linux
Opened
#2515 [GH-ISSUE #4049] Documentation for less technical users
Opened
#2516 [GH-ISSUE #4046] Wordpress connotations
Opened
#2517 [GH-ISSUE #4047] GitHub discussions
Opened
#2518 [GH-ISSUE #4055] Wiki FAQ request: comparison with bubblewrap
Opened
#2519 [GH-ISSUE #4050] question regarding running "firejail firefox"
Opened
#2520 [GH-ISSUE #4054] Remove link from Wordpress site
Opened
#2521 [GH-ISSUE #4058] Feature request: Midnight Comander (mcedit) syntax
Opened
#2522 [GH-ISSUE #4066] [profile bug] atril doesn't open comic archives
Opened
#2523 [GH-ISSUE #4059] firejail.config not found after following git instructions on the source .tarball
Opened
#2524 [GH-ISSUE #4073] Flameshot escapes firejail
Opened
#2525 [GH-ISSUE #4076] Mirror channel on PeerTube
Opened
#2526 [GH-ISSUE #4067] Running the program many times
Opened
#2527 [GH-ISSUE #4086] firejail prevents Firefox from deactivating screen dimming during video watch
Opened
#2528 [GH-ISSUE #4078] Document that private-etc and private-bin always accumulate
Opened
#2529 [GH-ISSUE #4081] Having blacklist violation for Dolphin
Opened
#2530 [GH-ISSUE #4087] chromium: child processes escape the network namespace sandbox
Opened
#2531 [GH-ISSUE #4093] darktable needs read access to liblua*
Opened
#2532 [GH-ISSUE #4088] [profile bug] eo-common and net none
Opened
#2533 [GH-ISSUE #4103] Can't combine private-home and whitelist for Firefox
Opened
#2534 [GH-ISSUE #4104] libreoffice: package does not work, only AppImage (Linux Mint)
Opened
#2535 [GH-ISSUE #4105] firejail --x11=xorg result in unable to open display
Opened
#2536 [GH-ISSUE #4106] [Question] Security advantage of private-tmp for the default firefox profile
Opened
#2537 [GH-ISSUE #4107] evolution - gpg card
Opened
#2538 [GH-ISSUE #4109] Pixel Saver / Unite and similar gnome extensions problem
Opened
#2539 [GH-ISSUE #4114] Apparmor and Firejail - Sandboxing not working properly
Opened
#2540 [GH-ISSUE #4115] nheko: program does not work properly
Opened
#2541 [GH-ISSUE #4113] File Roller on the cinnamon desktop doesn't work
Opened
#2542 [GH-ISSUE #4118] Discord Game Activity
Opened
#2543 [GH-ISSUE #4120] How to allow access to other home directories?
Opened
#2544 [GH-ISSUE #4122] firefox: How to specify proxy servers with --x11=xpra?
Opened
#2545 [GH-ISSUE #4127] [SOLVED] Firefox has different audio backend when started with custom profile
Opened
#2546 [GH-ISSUE #4136] --shell=none does not work
Opened
#2547 [GH-ISSUE #4132] Can't start newest slack
Opened
#2548 [GH-ISSUE #4142] Feedreader not working properly with Firejail's Sandbox
Opened
#2549 [GH-ISSUE #4146] firefox profile cannot run Emacs because /usr/share/emacs is not whitelisted
Opened
#2550 [GH-ISSUE #4145] firejail doesn't work automatically with gnome-books
Opened
#2551 [GH-ISSUE #4150] Dropbox needs access to python
Opened
#2552 [GH-ISSUE #4147] Thunderbird in non-default location won't start
Opened
#2553 [GH-ISSUE #4151] Unset TMP if it doesn't exist inside of sandbox
Opened
#2554 [GH-ISSUE #4153] Help me?
Opened
#2555 [GH-ISSUE #4152] libreoffice: $HOME/.config/libreoffice needs to be whitelisted
Opened
#2556 [GH-ISSUE #4157] [Feature] Should rmenv GitHub auth tokens
Opened
#2557 [GH-ISSUE #4158] Dunst notifications with Signal-Desktop not working
Opened
#2558 [GH-ISSUE #4160] Firejail blocks sound/music when using cmus
Opened
#2559 [GH-ISSUE #4162] Firejail the whole operating system
Opened
#2560 [GH-ISSUE #4166] npm and pip profiles
Opened
#2561 [GH-ISSUE #4168] Error: invalid --debug command line option if quiet-by-default is set in firejail.config
Opened
#2562 [GH-ISSUE #4171] chromium: firejail erases javascript whitelist
Opened
#2563 [GH-ISSUE #4173] gnome-calculator hangs with 100% CPU
Opened
#2564 [GH-ISSUE #4175] Discord Canary profile doesn't work FireJail using its own profile
Opened
#2565 [GH-ISSUE #4177] Document how to enable browser access to native Gnome connector (extensions.gnome.org)
Opened
#2566 [GH-ISSUE #4181] mumble: program does not start (no3d)
Opened
#2567 [GH-ISSUE #4182] Evolution 3.38.4 wont start using default profile
Opened
#2568 [GH-ISSUE #4183] vscodium: missing profile redirect for codium
Opened
#2569 [GH-ISSUE #4186] Enhancement starting firejail before runit,openrc,sysinitv and systemd service, and sandboxing early startup process.
Opened
#2570 [GH-ISSUE #4184] telegram-desktop 2.7.1 is not starting with telegram-desktop.profile
Opened
#2571 [GH-ISSUE #4185] Enhancement. we need secure memory zone for started apps
Opened
#2572 [GH-ISSUE #4187] Issue with printing evince
Opened
#2573 [GH-ISSUE #4191] A question about one program starting another program
Opened
#2574 [GH-ISSUE #4190] brave profile blocks Tor
Opened
#2575 [GH-ISSUE #4202] dbus-send: hardcoded libpcre2-8.so.0 does not match libpcre.so.3 (private-lib)
Opened
#2576 [GH-ISSUE #4194] cannot access whitelisted directories in Thunderbird Ubuntu 20.04
Opened
#2577 [GH-ISSUE #4197] terminal window title is not restored after firejail exits
Opened
#2578 [GH-ISSUE #4208] Issue introduced in glibc 2.33 could lead to perpetual spin in firejail arp code
Opened
#2579 [GH-ISSUE #4206] [NOT SURE IF BUG] multiple instances of same application started via "firejail --private $PROG" not isolated but share data
Opened
#2580 [GH-ISSUE #4210] "Warning: cannot find /var/run/utmp" but looks for "/dev/null/utmp" instead
Opened
#2581 [GH-ISSUE #4211] Bug: Keyboard input doesn't work in VS Code when configured with desktop integration via: "sudo firecfg". Works upon "sudo firecfg --clean".
Opened
#2582 [GH-ISSUE #4212] Invalid --env setting, Failed to compile git version on Arch Linux with --enable-apparmor
Opened
#2583 [GH-ISSUE #4213] librewolf: cannot communicate with keepassxc
Opened
#2584 [GH-ISSUE #4218] Digikam - unable to customize toolbars
Opened
#2585 [GH-ISSUE #4220] vlc broken - ubuntu focal
Opened
#2586 [GH-ISSUE #4214] Obsidian appimage wont start.
Opened
#2587 [GH-ISSUE #4224] Firefox des not start anymore
Opened
#2588 [GH-ISSUE #4235] firecfg does not work with symlinks (discord.desktop)
Opened
#2589 [GH-ISSUE #4236] Discord doesn't detect webcam with firejail
Opened
#2590 [GH-ISSUE #4238] how to start to use "firejail firefox"?
Opened
#2591 [GH-ISSUE #4237] Steam wont launch in firejail using Sea Island GPU(AMD) with vulkan(RADV) support enabled
Opened
#2592 [GH-ISSUE #4241] wireshark: Error: You do not have permission to capture on device
Opened
#2593 [GH-ISSUE #4249] Profile for Firefox on Ramdisk
Opened
#2594 [GH-ISSUE #4252] Question... how to run Snaps on Firejail (Arch)
Opened
#2595 [GH-ISSUE #4256] CI broken (again)
Opened
#2596 [GH-ISSUE #4264] --build-local, build .local profile
Opened
#2597 [GH-ISSUE #4263] discord logs out if opens twice.
Opened
#2598 [GH-ISSUE #4265] Open file dialog in Telegram
Opened
#2599 [GH-ISSUE #4267] Landlock support mainlined in 5.13
Opened
#2600 [GH-ISSUE #4268] Conflict with jailtest utility
Opened
#2601 [GH-ISSUE #4270] CPU hotplug (cpuhp) process running libreoffice as root
Opened
#2602 [GH-ISSUE #4274] gcc -fanalyzer warnings (GCC 11)
Opened
#2603 [GH-ISSUE #4275] Rework quiet, debug and normal console output
Opened
#2604 [GH-ISSUE #4279] firefox: keepassxc browser integration not working correctly (even with fixes from #3952)
Opened
#2605 [GH-ISSUE #4282] chromium: Unable to open X display (missing whitelist)
Opened
#2606 [GH-ISSUE #4285] whitelist + private logic changed after #4229
Opened
#2607 [GH-ISSUE #4280] Blacklisting directories of encrypted containers
Opened
#2608 [GH-ISSUE #4292] Problems with Cinelerra - AppImage
Opened
#2609 [GH-ISSUE #4294] Firejail broke latest Bitwarden by blocking network access
Opened
#2610 [GH-ISSUE #4289] firetools: Network applications disappear in Configuration Wizard
Opened
#2611 [GH-ISSUE #4296] private-dev customization
Opened
#2612 [GH-ISSUE #4297] CI is broken (yet again)
Opened
#2613 [GH-ISSUE #4298] [meta] Avoid merging PRs that break CI
Opened
#2614 [GH-ISSUE #4301] screen: How to keep session alive after logout?
Opened
#2615 [GH-ISSUE #4304] Add new commands to vim syntax
Opened
#2616 [GH-ISSUE #4299] Improve dolphin (and pluggins and applications) startup from other applications (open directory containing file).
Opened
#2617 [GH-ISSUE #4310] Invalid whitelist path /local
Opened
#2618 [GH-ISSUE #4305] Officially deprecate follow-symlink-as-user
Opened
#2619 [GH-ISSUE #4306] firejail took over the default gateway IP
Opened
#2620 [GH-ISSUE #4328] Seccomp list output goes to stdout instead of stderr
Opened
#2621 [GH-ISSUE #4321] Yarn profile causing error
Opened
#2622 [GH-ISSUE #4324] Access to CEC Adapter blocked by kodi.profile
Opened
#2623 [GH-ISSUE #4335] Enhancement volatile overlayfs flag for more IO
Opened
#2624 [GH-ISSUE #4329] Slack (Arch Linux AUR) doesn't work with default firejail configuration
Opened
#2625 [GH-ISSUE #4331] blacklisting ${HOME}/.netrc blocks internet access for SRBMiner 0.7.5+
Opened
#2626 [GH-ISSUE #4341] Problems Firejailing Discord on Linux Mint
Opened
#2627 [GH-ISSUE #4346] Issue with engrampa
Opened
#2628 [GH-ISSUE #4339] Enhancement hardened internet sandbox needed
Opened
#2629 [GH-ISSUE #4354] cpulimit limits
Opened
#2630 [GH-ISSUE #4355] AppImage: automatically detect profile
Opened
#2631 [GH-ISSUE #4351] Sandboxed application can't find program in $PATH
Opened
#2632 [GH-ISSUE #4362] Firefox can't access sndio sound server
Opened
#2633 [GH-ISSUE #4357] no sound with different user in firefox inside firejail
Opened
#2634 [GH-ISSUE #4361] Allow firefox to use sndio sound system
Opened
#2635 [GH-ISSUE #4363] minecraft-launcher not running with firejail
Opened
#2636 [GH-ISSUE #4366] Steam Proton (Experimental) doesn't work, even under an empty profile
Opened
#2637 [GH-ISSUE #4364] Build from git master broken
Opened
#2638 [GH-ISSUE #4367] gimp 2.10.22-3: gegl:introspect broken
Opened
#2639 [GH-ISSUE #4372] qpdfview launches fine but hangs on open file
Opened
#2640 [GH-ISSUE #4377] telegram-desktop 2.8.2 not starting using firejail-git
Opened
#2641 [GH-ISSUE #4378] Telegram 2.8.0 not working
Opened
#2642 [GH-ISSUE #4379] Replace "whitelist" and "blacklist" terms by "allowlist" and "blocklist"/"denylist"
Opened
#2643 [GH-ISSUE #4380] Tor Browser with 0.9.66
Opened
#2644 [GH-ISSUE #4383] move noblacklist ${HOME}/.bogofilter to email-common.profile for claws-mail (and other mailers)
Opened
#2645 [GH-ISSUE #4382] Error chown: fs_logger.c:117 fs_logger_change_owner: Read-only file system
Opened
#2646 [GH-ISSUE #4381] regression in 0.9.64.2: private-tmp whitelists .X11-unix, but makes it read-only
Opened
#2647 [GH-ISSUE #4394] tmpfs doesn't mount in home directory
Opened
#2648 [GH-ISSUE #4393] BUG// apparmor protection failed
Opened
#2649 [GH-ISSUE #4387] Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument Error: proc 22812 cannot sync with peer: unexpected EOF
Opened
#2650 [GH-ISSUE #4395] Firejail rejects empty arguments
Opened
#2651 [GH-ISSUE #4396] tracelog causes anki to segfault
Opened
#2652 [GH-ISSUE #4397] question about jailcheck/configuration
Opened
#2653 [GH-ISSUE #4406] Electron apps segfault in libglib when trying to upload files
Opened
#2654 [GH-ISSUE #4402] Add profile for Morty
Opened
#2655 [GH-ISSUE #4408] vscode: crashes without seccomp !chroot
Opened
#2656 [GH-ISSUE #4409] Add Microsoft Edge (Beta/Dev channels)
Opened
#2657 [GH-ISSUE #4411] superuser in titlebar of various apps
Opened
#2658 [GH-ISSUE #4414] Can't open atril from within calibre
Opened
#2659 [GH-ISSUE #4417] Brave stopped working
Opened
#2660 [GH-ISSUE #4415] steam: cannot launch games (seccomp)
Opened
#2661 [GH-ISSUE #4416] kmail.profile broken due to wildcard
Opened
#2662 [GH-ISSUE #4421] Fix new profiles after [no]deny / [no]allow revert
Opened
#2663 [GH-ISSUE #4422] nuclear: does not work with --no-sandbox
Opened
#2664 [GH-ISSUE #4418] nosound in firefox
Opened
#2665 [GH-ISSUE #4425] Firefox Profile Question
Opened
#2666 [GH-ISSUE #4424] firejail strace method for private-lib needed
Opened
#2667 [GH-ISSUE #4423] profile request for Fwknop
Opened
#2668 [GH-ISSUE #4428] vscodium: crashes due to seccomp
Opened
#2669 [GH-ISSUE #4429] Add new blacklist "${HOME}/Private" to disable-common
Opened
#2670 [GH-ISSUE #4430] Discord doesn't start
Opened
#2671 [GH-ISSUE #4440] [Meta] Handling of background processes / services / agents / daemons
Opened
#2672 [GH-ISSUE #4439] mirage: does not work since stretch, buster and bullseye Debian
Opened
#2673 [GH-ISSUE #4437] steam-controller not working in steam.profile
Opened
#2674 [GH-ISSUE #4465] [Website] remove trackers and embeds and make the site legal in the EU
Opened
#2675 [GH-ISSUE #4454] Merge disable-passwordmgr.inc in disable-common.inc or disable-programs.inc
Opened
#2676 [GH-ISSUE #4460] --build clears the environment
Opened
#2677 [GH-ISSUE #4478] I can't write in /usr
Opened
#2678 [GH-ISSUE #4469] Need help to fix the profile for celluloid!
Opened
#2679 [GH-ISSUE #4474] Exit code 255 instead of real exit code for signals
Opened
#2680 [GH-ISSUE #4480] can't lock mbox file with evolution
Opened
#2681 [GH-ISSUE #4482] It seems that 8d3d67e8960f87a7592bc3a1623f27b45a52edb5 breaks Firefox
Opened
#2682 [GH-ISSUE #4483] mpv requires whitelisting /usr/share/pipewire
Opened
#2683 [GH-ISSUE #4494] skypeforlinux - systray icon not shown
Opened
#2684 [GH-ISSUE #4488] telegram-desktop cannot start
Opened
#2685 [GH-ISSUE #4503] Code scanning alerts (CodeQL CWE-367/TOCTOU warnings)
Opened
#2686 [GH-ISSUE #4509] Nextcloud profile broken - needs 3D and system tray access
Opened
#2687 [GH-ISSUE #4508] telegram.profile breaks download, open links und tray icon
Opened
#2688 [GH-ISSUE #4506] Freetube does not start
Opened
#2689 [GH-ISSUE #4511] telegram-desktop: program does not shutdown
Opened
#2690 [GH-ISSUE #4512] firefox: no sound (whitelisting in ${RUNUSER})
Opened
#2691 [GH-ISSUE #4516] Error fcopy: invalid ownership for file /usr/local/bin/foo
Opened
#2692 [GH-ISSUE #4518] Musixmatch can not run under firejail
Opened
#2693 [GH-ISSUE #4523] No webcams in Zoom
Opened
#2694 [GH-ISSUE #4527] Error: .asoundrc is a symbolic link pointing to a file outside home directory
Opened
#2695 [GH-ISSUE #4535] RUNUSER should default to $XDG_RUNTIME_DIR
Opened
#2696 [GH-ISSUE #4539] List of deprecated profiles
Opened
#2697 [GH-ISSUE #4528] nogroups kills ALSA audio in mpv.profile and vlc.profile
Opened
#2698 [GH-ISSUE #4545] Error fcopy: invalid ownership for file /etc/resolv.conf (systemd-resolved)
Opened
#2699 [GH-ISSUE #4540] [INFO] gitconsensus
Opened
#2700 [GH-ISSUE #4543] --join-or-start=program shouldn't create program-PID sandboxes if multiple instances try to start simultaneously.
Opened
#2701 [GH-ISSUE #4547] Support --net=ipv6-only-bridge.
Opened
#2702 [GH-ISSUE #4550] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /run/firejail/appimage/.appimage-8934/chrome-sandbox is owned by root and has m…
Opened
#2703 [GH-ISSUE #4552] Firejail for only Zoom, nothing else
Opened
#2704 [GH-ISSUE #4555] Evince does not support .cbz format with certain plugin
Opened
#2705 [GH-ISSUE #4558] --tracelog and --trace override /etc/ld.so.preload inside the sandbox
Opened
#2706 [GH-ISSUE #4563] Is it possible for Firejail to work with Snaps? [Ubuntu 21.10 ships firefox as snap]
Opened
#2707 [GH-ISSUE #4568] Firefox profile missing when using profile-sync-daemon
Opened
#2708 [GH-ISSUE #4576] Requesting rework of geekbench.profile
Opened
#2709 [GH-ISSUE #4565] Block audio input in default.profile (like with video input)
Opened
#2710 [GH-ISSUE #4578] PATH_MAX is undeclared on musl libc
Opened
#2711 [GH-ISSUE #4584] Latest version of Nheko is broken under firejail
Opened
#2712 [GH-ISSUE #4577] Broken link to building profiles
Opened
#2713 [GH-ISSUE #4592] --build creates invalid paths with "after,$HOME" $HOME expanded
Opened
#2714 [GH-ISSUE #4589] Can't find libstdc++.so.6 due to private-etc and private-lib in aria2c.profile
Opened
#2715 [GH-ISSUE #4588] Allow access to some specific file/folder while program is running inside firejail
Opened
#2716 [GH-ISSUE #4604] brave: program takes a long time to open
Opened
#2717 [GH-ISSUE #4597] firefox: dpkg-query: error: failed to open package info file '/var/lib/dpkg/status' (Linux Mint)
Opened
#2718 [GH-ISSUE #4603] Feature Request: Logind conditional
Opened
#2719 [GH-ISSUE #4607] noprinters
Opened
#2720 [GH-ISSUE #4608] noinput in supertux2.profile means no joystick/gamepad support
Opened
#2721 [GH-ISSUE #4605] supertuxkart: cannot see controller without netlink
Opened
#2722 [GH-ISSUE #4611] jumpnbump-menu is broken (does not start)
Opened
#2723 [GH-ISSUE #4609] Firejail on Kubuntu 21.10 not working (missing SUID bit)
Opened
#2724 [GH-ISSUE #4614] Allow apostrophe in whitelist (and blacklist)
Opened
#2725 [GH-ISSUE #4620] Xbox controller not recognized with wine
Opened
#2726 [GH-ISSUE #4619] Steam with apparmor doesn't launch
Opened
#2727 [GH-ISSUE #4616] Tremulous and warsow profiles are broken on Arch
Opened
#2728 [GH-ISSUE #4626] Strange issue with xonotic.profile on Arch
Opened
#2729 [GH-ISSUE #4623] firefox: cannot access /proc/self/map_files: Permission denied
Opened
#2730 [GH-ISSUE #4625] Firejail Incompatible with Ubuntu 21.10
Opened
#2731 [GH-ISSUE #4629] /var not mounted with --overlay and failed to do dpkg related things
Opened
#2732 [GH-ISSUE #4633] Higher argument limits? (Error: too many arguments)
Opened
#2733 [GH-ISSUE #4627] Impossible to inclure tutanota-desktop-linux.AppImage in a sandbox with firejail with Linux Mint 20.2
Opened
#2734 [GH-ISSUE #4641] Firefox doesn't work with Discord
Opened
#2735 [GH-ISSUE #4642] Switch from autotools to meson
Opened
#2736 [GH-ISSUE #4637] keepassxc: cannot access devices in /media after whitelist (snap)
Opened
#2737 [GH-ISSUE #4647] firefox: cannot run gv and gs (GhostScript)
Opened
#2738 [GH-ISSUE #4646] private-bin throws fopen: Permission denied after latest related commits
Opened
#2739 [GH-ISSUE #4653] Allow specifying paths relative to XDG user dir variables (${DOWNLOADS}/something, ${PICTURES}/something...)
Opened
#2740 [GH-ISSUE #4667] mpv does not see files in certain directories
Opened
#2741 [GH-ISSUE #4660] Should /run/timeshift be blacklisted by default?
Opened
#2742 [GH-ISSUE #4659] Audacity fails to start when "protocol unix" is set
Opened
#2743 [GH-ISSUE #4671] Can't start docker in firejail
Opened
#2744 [GH-ISSUE #4670] firefox: cannot open new URLs into running instance
Opened
#2745 [GH-ISSUE #4668] Chasing SUID executables
Opened
#2746 [GH-ISSUE #4682] konsole: Cannot find binary
Opened
#2747 [GH-ISSUE #4686] Seccomp is blocking Steam from launching a child container
Opened
#2748 [GH-ISSUE #4677] Add openstego profile
Opened
#2749 [GH-ISSUE #4687] Error ioctl: interface.c:302 net_if_mac: Operation not supported when using wifi interface with Unicast MAC
Opened
#2750 [GH-ISSUE #4692] A Viber.AppImage update broke firejail execution
Opened
#2751 [GH-ISSUE #4696] libreWolf: cannot detect local timezone
Opened
#2752 [GH-ISSUE #4697] [solved] Firejail 0.9.66-1~0ubuntu21.10.1 Breaks Tor 11.0.1 (disabling apparmor for tor fixed this)
Opened
#2753 [GH-ISSUE #4699] Problem with Tor Browser Bundle and seccomp !chroot
Opened
#2754 [GH-ISSUE #4698] firefox: freeze with custom profile (seccomp)
Opened
#2755 [GH-ISSUE #4705] firejail tree+list flags bypass hidepid mounted /proc displaying details of other users sandboxes
Opened
#2756 [GH-ISSUE #4704] balena etcher profile
Opened
#2757 [GH-ISSUE #4702] Open torrent in firefox
Opened
#2758 [GH-ISSUE #4708] minecraft-launcher fails with fatal error (Manjaro 5.13.19-2, nvidia)
Opened
#2759 [GH-ISSUE #4707] elinks on Arch complains about missing access to liblua
Opened
#2760 [GH-ISSUE #4706] Implement case insensitive sorting of profiles on GitHub to avoid duplication
Opened
#2761 [GH-ISSUE #4713] Can't mount using firejail
Opened
#2762 [GH-ISSUE #4714] dhclient-script needs ip, which is disabled in disable-common.inc
Opened
#2763 [GH-ISSUE #4711] telegram-desktop: screen sharing doesn't work
Opened
#2764 [GH-ISSUE #4716] firefox: cannot save files with the File Chooser Portal (dbus)
Opened
#2765 [GH-ISSUE #4715] firefox: cannot run without X11 abstract sockets
Opened
#2766 [GH-ISSUE #4728] firefox: webcam and 2fa keys connected after starting don't work
Opened
#2767 [GH-ISSUE #4734] Error: cannot join namespace user
Opened
#2768 [GH-ISSUE #4741] When installing a software with wine, icons doesn't appear
Opened
#2769 [GH-ISSUE #4733] GitLab CI broken: Lintian failure because of binary in /etc (profstats)
Opened
#2770 [GH-ISSUE #4753] Allow running firecfg as non-root
Opened
#2771 [GH-ISSUE #4742] Bind instead of copy for private-{bin,etc,lib,opt,srv}
Opened
#2772 [GH-ISSUE #4749] shotwell: cannot access PTP camera (gphoto2)
Opened
#2773 [GH-ISSUE #4775] Highlight profile blacklists lua which is required
Opened
#2774 [GH-ISSUE #4769] Can session D-BUS and --net both available
Opened
#2775 [GH-ISSUE #4754] Support for youtube-dl forks in e.g mpv
Opened
#2776 [GH-ISSUE #4784] telegram: cannot open links in browser
Opened
#2777 [GH-ISSUE #4785] Firefox on KDE & Wayland fails to show Qt file-picker using portals, old fixes do not work on new Firejail versions
Opened
#2778 [GH-ISSUE #4780] private-cwd leaks access to the entire filesystem
Opened
#2779 [GH-ISSUE #4789] keepassxc: Error: permission is denied to join a sandbox created by a different user
Opened
#2780 [GH-ISSUE #4793] docs: Why not recommend disabling X11 abstract socket?
Opened
#2781 [GH-ISSUE #4794] xpra crashes
Opened
#2782 [GH-ISSUE #4808] ${HOME} should be allowed to be something like /dev/null
Opened
#2783 [GH-ISSUE #4797] VLC Player can't open with doubleclick on icon with latest firejail
Opened
#2784 [GH-ISSUE #4796] VirtualBox not starting when clicking on it with newest firejail version
Opened
#2785 [GH-ISSUE #4815] firejail --list truncates command output in pipes and command substitutions
Opened
#2786 [GH-ISSUE #4823] xed: cannot edit common blacklisted files
Opened
#2787 [GH-ISSUE #4825] gimp: program uses the default language instead of changed one
Opened
#2788 [GH-ISSUE #4835] new xephyr version crashes
Opened
#2789 [GH-ISSUE #4839] mediathekview: program does not work
Opened
#2790 [GH-ISSUE #4842] retroshare profile needed
Opened
#2791 [GH-ISSUE #4844] profile-request for metaless anonymized app session.
Opened
#2792 [GH-ISSUE #4848] --netlock
Opened
#2793 [GH-ISSUE #4845] Options to deal with open file descriptors
Opened
#2794 [GH-ISSUE #4867] Rename and move /etc/firejail/hostnames
Opened
#2795 [GH-ISSUE #4855] chromium: no sound with pipewire
Opened
#2796 [GH-ISSUE #4866] tutanota: freezes after downloading attachment (AppImage)
Opened
#2797 [GH-ISSUE #4882] firefox: cannot play Netflix/widevine with VPN on
Opened
#2798 [GH-ISSUE #4871] Install provided profiles under LIBDIR/firejail-profiles
Opened
#2799 [GH-ISSUE #4875] shellcheck: cannot enable executable stack (mdwe)
Opened
#2800 [GH-ISSUE #4887] When /etc/fonts is a symlink to a directory, private-etc rules that invoke fcopy produce wrong directory structure and breaks apps (NixOS)
Opened
#2801 [GH-ISSUE #4884] Geeqie - protocol=unix disables map view
Opened
#2802 [GH-ISSUE #4883] keepassxc: cannot detect hardware key (nou2f/private-dev)
Opened
#2803 [GH-ISSUE #4890] tutanota: "Could not access secret storage"
Opened
#2804 [GH-ISSUE #4891] librewolf: cannot open new URLs into running instance
Opened
#2805 [GH-ISSUE #4888] static-ip-map license
Opened
#2806 [GH-ISSUE #4895] lutris: cannot launch games (black screen)
Opened
#2807 [GH-ISSUE #4893] Firefox WebRender acceleration broken with proprietary nvidia driver
Opened
#2808 [GH-ISSUE #4892] steam: gamepad does not work with nou2f due to /dev/hidraw access (and enumeration fails)
Opened
#2809 [GH-ISSUE #4896] vscodium: crashes due to seccomp
Opened
#2810 [GH-ISSUE #4900] quiet from mediainfo.profile does not suppress 'Reading profile...' message
Opened
#2811 [GH-ISSUE #4899] librewolf: Error: Can't find profile directory
Opened
#2812 [GH-ISSUE #4906] steam: whitelisting may cause data loss in multiple games (config, saves, screenshots, etc)
Opened
#2813 [GH-ISSUE #4909] eog: Thumbnail creation failed
Opened
#2814 [GH-ISSUE #4907] [ignore] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
Opened
#2815 [GH-ISSUE #4910] private-cwd not expanding macros (e.g. ${HOME})
Opened
#2816 [GH-ISSUE #4923] goldendict: clicking tray icon creates another tray icon instead of opening a program window
Opened
#2817 [GH-ISSUE #4917] iridium-browser crashes when started with firejail
Opened
#2818 [GH-ISSUE #4924] flameshot: left-clicking on tray icon is ignored
Opened
#2819 [GH-ISSUE #4925] flameshot complaining about AF_NETLINK socket
Opened
#2820 [GH-ISSUE #4926] [feature] create /etc/firejail/local
Opened
#2821 [GH-ISSUE #4927] broken man.profile in 0.9.68
Opened
#2822 [GH-ISSUE #4928] keepassxc: cannot access Yubikeys
Opened
#2823 [GH-ISSUE #4929] Opera not starting after updating profiles
Opened
#2824 [GH-ISSUE #4932] local qutebrowser profile issues since last update
Opened
#2825 [GH-ISSUE #4931] w3m doesn´t work any more
Opened
#2826 [GH-ISSUE #4930] nogroups + wrc prints confusing messages
Opened
#2827 [GH-ISSUE #4935] trans: program hangs ("translate shell")
Opened
#2828 [GH-ISSUE #4937] Profile for signal-desktop fails!
Opened
#2829 [GH-ISSUE #4936] broken bash autocomplete with --private option
Opened
#2830 [GH-ISSUE #4951] nogroups still drops audio group and all other supplementary groups.
Opened
#2831 [GH-ISSUE #4945] Firejail Configuration Wizard - readability issue (light grey text on white background)
Opened
#2832 [GH-ISSUE #4939] Deny CLONE_NEWUSER (restrict namespaces)
Opened
#2833 [GH-ISSUE #4954] No internet access with whitelist-run-common.inc (OpenSUSE) (resolv.conf)
Opened
#2834 [GH-ISSUE #4953] cannot create an empty sandbox any more
Opened
#2835 [GH-ISSUE #4952] error: failed retrieving file 'apparmor-3.0.3-3-x86_64.pkg.tar.zst' when installing firejail
Opened
#2836 [GH-ISSUE #4961] minecraft-launcher: segfault in versions later than 0.9.66
Opened
#2837 [GH-ISSUE #4960] Brave crashes on multiple browser profiles with PWAs under Wayland
Opened
#2838 [GH-ISSUE #4962] chromium: program does not start (snap)
Opened
#2839 [GH-ISSUE #4973] rmenv looks broken
Opened
#2840 [GH-ISSUE #4965] The latest stable chrome (98.0.4758.102) does not start with firejail.
Opened
#2841 [GH-ISSUE #4971] U2F key with firefox becomes and usable after browser is opened for long time
Opened
#2842 [GH-ISSUE #4982] geary: fails to fully start and burns CPU
Opened
#2843 [GH-ISSUE #4974] Tiny typo
Opened
#2844 [GH-ISSUE #4978] ffplay fails to play anything
Opened
#2845 [GH-ISSUE #4988] mplayer: program does not start
Opened
#2846 [GH-ISSUE #4994] disable-xdg.inc weirdness with ${DESKTOP} [mupdf and directory whitelist]
Opened
#2847 [GH-ISSUE #4991] firefox: cannot access PGP card using GPG
Opened
#2848 [GH-ISSUE #4995] problems with sylpheed
Opened
#2849 [GH-ISSUE #4998] private-lib can't include /usr/lib/gcc/x86_64-pc-linux-gnu/*/*.so.*
Opened
#2850 [GH-ISSUE #5000] Firejail not giving IP with --ip=dhcp
Opened
#2851 [GH-ISSUE #5004] signal-desktop fails with Wayland Ozone platform
Opened
#2852 [GH-ISSUE #5006] git: ssh push fails when using a yubikey
Opened
#2853 [GH-ISSUE #5008] akregator: program does not start
Opened
#2854 [GH-ISSUE #5011] Evince will not print - /bin/sh not found
Opened
#2855 [GH-ISSUE #5012] vscode: cannot access own config directory (whitelisting issue)
Opened
#2856 [GH-ISSUE #5010] firefox: cannot make new connections after switching network connection methods (resolv.conf)
Opened
#2857 [GH-ISSUE #5023] [REOPEN] Element Messenger breaking out of Firejail?
Opened
#2858 [GH-ISSUE #5032] chromium: file dialog does not work
Opened
#2859 [GH-ISSUE #5014] Newest Steam client has black window under firejail (fix included)
Opened
#2860 [GH-ISSUE #5035] gamemoderun doesn't work with firejail
Opened
#2861 [GH-ISSUE #5039] Firejail sould be released as AppImage
Opened
#2862 [GH-ISSUE #5045] chromium: program does not start (snap)
Opened
#2863 [GH-ISSUE #5049] docs: users are told to include main .profile in .local profile
Opened
#2864 [GH-ISSUE #5046] One time private application (no sharing)
Opened
#2865 [GH-ISSUE #5055] Add option to automatically create symlink on sandbox activation
Opened
#2866 [GH-ISSUE #5067] 0ad: unable to install mods in-game
Opened
#2867 [GH-ISSUE #5068] Hugin profile requires shell and uname
Opened
#2868 [GH-ISSUE #5062] firefox: theme changes are not picked up automatically
Opened
#2869 [GH-ISSUE #5070] man: describe list accumulation
Opened
#2870 [GH-ISSUE #5080] Ephemeral runtime (--private) breaks XDG_RUNTIME_DIR within user home.
Opened
#2871 [GH-ISSUE #5079] On the fly, request/permission based profile building
Opened
#2872 [GH-ISSUE #5083] firefox: file dialog broken due to "Can not find 'kioslave5'" (libexec)
Opened
#2873 [GH-ISSUE #5081] Firefox DRM broken when using profile-sync-daemon because noexec is ignored
Opened
#2874 [GH-ISSUE #5086] palemoon: cannot open meeting links in Teams desktop app
Opened
#2875 [GH-ISSUE #5089] dnsmasq: libvirtd cannot start bridge network: PATH environment variable not set
Opened
#2876 [GH-ISSUE #5091] Nextcloud fails to connect to socket bus_0
Opened
#2877 [GH-ISSUE #5094] telegram: fcopy: invalid ownership for file /usr/bin/telegram
Opened
#2878 [GH-ISSUE #5098] xreader: pdf thumbnails do not work
Opened
#2879 [GH-ISSUE #5095] tutanota-desktop: Cannot start application: Permission denied
Opened
#2880 [GH-ISSUE #5100] gedit: keyboard no longer works (ibus)
Opened
#2881 [GH-ISSUE #5107] [Website Text Amends] What is SUID, and how does it affect me?
Opened
#2882 [GH-ISSUE #5110] Log blocked syscall
Opened
#2883 [GH-ISSUE #5111] Interactive configuration guide
Opened
#2884 [GH-ISSUE #5117] mdns resolution with avahi
Opened
#2885 [GH-ISSUE #5116] Filter netlink families with seccomp
Opened
#2886 [GH-ISSUE #5120] Unable to use tcpdump with -Z 'username'
Opened
#2887 [GH-ISSUE #5125] /usr/share is empty with google chrome profiles.
Opened
#2888 [GH-ISSUE #5122] Change the oom_score_adj for a sandbox
Opened
#2889 [GH-ISSUE #5127] spectacle: cannot take screenshots (KDE Wayland)
Opened
#2890 [GH-ISSUE #5137] dnsmasq: libvirtd cannot start NAT interface: PATH environment variable not set
Opened
#2891 [GH-ISSUE #5139] Trying to get in contact for a security report
Opened
#2892 [GH-ISSUE #5138] vscode source control adding remote error
Opened
#2893 [GH-ISSUE #5146] gitlab-ci: Changes to free tier public projects
Opened
#2894 [GH-ISSUE #5143] psi-plus: cannot receive PGP-encrypted messages (writable-run-user)
Opened
#2895 [GH-ISSUE #5149] gitlab-ci: Automatically run CI checks for all applicable GitHub PRs
Opened
#2896 [GH-ISSUE #5156] build: seccomp filters and man pages are always being rebuilt
Opened
#2897 [GH-ISSUE #5153] Add a profile for Check Point's Ssl Network eXtender (SNX)
Opened
#2898 [GH-ISSUE #5155] make: --disable-ids
Opened
#2899 [GH-ISSUE #5157] unprivileged firejail
Opened
#2900 [GH-ISSUE #5162] transmission-gtk: very slow start due to private-lib
Opened
#2901 [GH-ISSUE #5169] vscodium: changes to settings do not persist (whitelisting issue)
Opened
#2902 [GH-ISSUE #5178] private-opt exceeds fcopy's 500MB limit.
Opened
#2903 [GH-ISSUE #5171] signal: cannot reconnect if started without internet connection (resolv.conf)
Opened
#2904 [GH-ISSUE #5179] kodi: can access non-media paths
Opened
#2905 [GH-ISSUE #5188] Update syscall tables and seccomp groups
Opened
#2906 [GH-ISSUE #5186] steam: Paradox Interactive Lancher does not open (missing whitelist)
Opened
#2907 [GH-ISSUE #5185] steam: World of Tanks Blitz fails with new GE-Proton (seccomp)
Opened
#2908 [GH-ISSUE #5191] Backports for CVE-2022-31214 fix
Opened
#2909 [GH-ISSUE #5190] Too many features
Opened
#2910 [GH-ISSUE #5195] firejail always creates an empty .zshrc
Opened
#2911 [GH-ISSUE #5198] mupdf: Error getpwuid: main.c:243 init_cfg: No such file or directory
Opened
#2912 [GH-ISSUE #5200] Remove --cgroups support
Opened
#2913 [GH-ISSUE #5196] Remove shell command (Weechat and Irssi cannot work with firejail if you use fish shell)
Opened
#2914 [GH-ISSUE #5205] firejail starting with systemd and different user well, but inside shell not.
Opened
#2915 [GH-ISSUE #5201] ci: Error: chroot feature is disabled in Firejail configuration file
Opened
#2916 [GH-ISSUE #5204] Autocomplete doesn't work in bash (when firejailed)
Opened
#2917 [GH-ISSUE #5207] Flood of seccomp audit log entries
Opened
#2918 [GH-ISSUE #5211] Transmission crashes in a second
Opened
#2919 [GH-ISSUE #5210] ci: Error: shell=none configured, but no program specified
Opened
#2920 [GH-ISSUE #5222] firefox-esr: util.c:931: create_empty_file_as_root: Assertion `s.st_uid == 0' failed
Opened
#2921 [GH-ISSUE #5217] enable-force-nonewprivs and join
Opened
#2922 [GH-ISSUE #5214] ci: Error: private-lib feature is disabled in Firejail configuration file
Opened
#2923 [GH-ISSUE #5229] Allow removing noexec from private mount points
Opened
#2924 [GH-ISSUE #5227] librewolf: cannot open new URLs into running instance 2
Opened
#2925 [GH-ISSUE #5226] skype: credentials are not persisted
Opened
#2926 [GH-ISSUE #5233] skype: icon in gnome-shell top bar does not show status
Opened
#2927 [GH-ISSUE #5235] Whitelist/blacklist paths while running
Opened
#2928 [GH-ISSUE #5230] /etc is unwritable on --chroot on debootstrap system
Opened
#2929 [GH-ISSUE #5236] rkhunter detects possible rootkit in /usr/local/bin/ping
Opened
#2930 [GH-ISSUE #5239] menulibre: Exec %f was not found in the tree (XFCE)
Opened
#2931 [GH-ISSUE #5240] On failing to remount a fuse filesystem, give warning instead of erroring out
Opened
#2932 [GH-ISSUE #5245] Firecfg still creates desktop files despite being disabled in firecfg.config
Opened
#2933 [GH-ISSUE #5241] Disable creation of wrapper for single binary
Opened
#2934 [GH-ISSUE #5246] google-chrome: real home is accessible with --private= (dbus)
Opened
#2935 [GH-ISSUE #5250] steam: Unhandled exception: illegal instruction in 64-bit code (seccomp)
Opened
#2936 [GH-ISSUE #5265] jetbrains-toolbox: "Invalid client serial" when using dbus-user=filter
Opened
#2937 [GH-ISSUE #5257] steam: profile creates a bunch of directories
Opened
#2938 [GH-ISSUE #5272] fcopy: cannot copy files with private-etc (ACLs)
Opened
#2939 [GH-ISSUE #5267] --build: Error: cannot open profile file
Opened
#2940 [GH-ISSUE #5269] Add Landlock support
Opened
#2941 [GH-ISSUE #5280] Allow U2F security keys by default
Opened
#2942 [GH-ISSUE #5277] qtox: audit log spam due to blocked netlink
Opened
#2943 [GH-ISSUE #5273] kate: program will not truly exit (AppImage) (dbus)
Opened
#2944 [GH-ISSUE #5291] chromium: umatrix does not show the list of domains
Opened
#2945 [GH-ISSUE #5288] Delimitate execution permissions for firejail
Opened
#2946 [GH-ISSUE #5281] audacity: error while loading shared libraries: lib-screen-geometry.so (AppArmor/private-bin)
Opened
#2947 [GH-ISSUE #5293] Slowdown with latest kernels
Opened
#2948 [GH-ISSUE #5297] Add electronapps-common.profile
Opened
#2949 [GH-ISSUE #5292] arduino: program does not start
Opened
#2950 [GH-ISSUE #5303] chromium: real home is accessible with --private= (dbus)
Opened
#2951 [GH-ISSUE #5306] Error while opening directory: fs.c:476 fs_tmpfs: No such file or directory (Fedora Silverblue)
Opened
#2952 [GH-ISSUE #5308] When using --private=/home/tests mode
Opened
#2953 [GH-ISSUE #5311] whalebird: program does not start (AppArmor/private-etc)
Opened
#2954 [GH-ISSUE #5316] apparmor: multiple DENIED entries in audit log after merging #5274
Opened
#2955 [GH-ISSUE #5312] --netlock does not work (Error: no valid sandbox)
Opened
#2956 [GH-ISSUE #5320] lutris: cannot open preferences: ModuleNotFoundError: No module named 'lsb_release'
Opened
#2957 [GH-ISSUE #5326] librewolf: Error: Can't find profile directory
Opened
#2958 [GH-ISSUE #5321] Double invocation breaks certain applications
Opened
#2959 [GH-ISSUE #5329] firefox: no audio with bluez-alsa on NixOS (dbus-system)
Opened
#2960 [GH-ISSUE #5336] firejail --private fails if the root user home directory is not /root
Opened
#2961 [GH-ISSUE #5333] firejail --private=. fails in some cases
Opened
#2962 [GH-ISSUE #5337] bleachbit: cannot securely delete the Trash
Opened
#2963 [GH-ISSUE #5339] Cannot unblacklist /usr/libexec in firefox-common.local
Opened
#2964 [GH-ISSUE #5338] No access to /tmp if blacklisted paths symlink to it
Opened
#2965 [GH-ISSUE #5340] discord: notifications are not shown
Opened
#2966 [GH-ISSUE #5346] Blacklisting symlink also blacklists the linked directory
Opened
#2967 [GH-ISSUE #5341] fcopy: use setfacl for extra hardening pathrules for specific users
Opened
#2968 [GH-ISSUE #5354] landlock: Leftover from #5315
Opened
#2969 [GH-ISSUE #5356] build: ids.config should only be installed when --enable-ids is set during configure
Opened
#2970 [GH-ISSUE #5358] ci: GitLab CI is broken (autoreconf)
Opened
#2971 [GH-ISSUE #5365] Hugin: missing GPS EXIF data in panorama output
Opened
#2972 [GH-ISSUE #5363] curl and wget profiles: shouldnt they be pretty much identical?
Opened
#2973 [GH-ISSUE #5367] discord: when not using firecfg, launching discord from CLI is prone to failure
Opened
#2974 [GH-ISSUE #5373] conky: cannot display process information
Opened
#2975 [GH-ISSUE #5379] firefox-esr: needs rule for dbus names org.mozilla.firefox_esr.*
Opened
#2976 [GH-ISSUE #5378] Yet another --private-etc symlink issue, with /etc/alternatives/
Opened
#2977 [GH-ISSUE #5383] firejail just went crazy
Opened
#2978 [GH-ISSUE #5385] qutebrowser profile exposes lots of stuff in /
Opened
#2979 [GH-ISSUE #5381] Libera IRC #firejail needs project registration
Opened
#2980 [GH-ISSUE #5392] evince: changes to settings are not persisted (gvfs)
Opened
#2981 [GH-ISSUE #5393] skypeforlinux: window freezes when sharing a file
Opened
#2982 [GH-ISSUE #5390] discord: Failed to move to new namespace (userns)
Opened
#2983 [GH-ISSUE #5406] An exec directive
Opened
#2984 [GH-ISSUE #5403] add unikernel support to restrict attack surface
Opened
#2985 [GH-ISSUE #5401] libreoffice: cannot start due to whitelist-run-common.inc
Opened
#2986 [GH-ISSUE #5410] gwenview: segfault due to noroot
Opened
#2987 [GH-ISSUE #5414] ktorrent: Cannot start application: No such file or directory
Opened
#2988 [GH-ISSUE #5411] Firejail AppImage or Portable version of Firejail?
Opened
#2989 [GH-ISSUE #5416] chromium: can't create /dev/zero (private-dev)
Opened
#2990 [GH-ISSUE #5428] QOwnNotes: cannot access whitelisted external media directory (disable-mnt)
Opened
#2991 [GH-ISSUE #5421] build: Some compiler warnings with musl
Opened
#2992 [GH-ISSUE #5436] torbrowser-launcher: can't open file '/usr/bin/torbrowser-launcher': [Errno 13] Permission denied (AppArmor)
Opened
#2993 [GH-ISSUE #5437] freetube: enable KDE Plasma multimedia control (mpris)
Opened
#2994 [GH-ISSUE #5433] build: cannot compile with --enable-apparmor on Arch Linux
Opened
#2995 [GH-ISSUE #5438] firefox: cannot send email links to thunderbird (dbus)
Opened
#2996 [GH-ISSUE #5441] disable-sys.inc
Opened
#2997 [GH-ISSUE #5440] Use restrict-namespaces in profiles
Opened
#2998 [GH-ISSUE #5447] firefox: cannot communicate with keepassxc
Opened
#2999 [GH-ISSUE #5448] claws-mail: local timezone is not used
Opened
#3000 [GH-ISSUE #5445] chafa: needs "shell none" for NixOS and/or Fish shell
Opened
#3001 [GH-ISSUE #5450] keepassxc: Warning: not remounting /run/user/1000/app/org.keepassxc.KeePassXC
Opened
#3002 [GH-ISSUE #5455] proposal: Deprecate blacklist/noblacklist
Opened
#3003 [GH-ISSUE #5460] librewolf: program is not sandboxed (unexpected .desktop filename)
Opened
#3004 [GH-ISSUE #5462] Regression: custom apparmor profile support resulted in broken Firefox
Opened
#3005 [GH-ISSUE #5463] deluge: downloads do not work without netlink protocol
Opened
#3006 [GH-ISSUE #5466] audacity: error while loading shared libraries: lib-project-rate.so
Opened
#3007 [GH-ISSUE #5474] gedit: failed to start while using ibus and dbproxy: "Failed to register: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown" (dbus)
Opened
#3008 [GH-ISSUE #5472] virtualbox: cannot access shared folders: Permission denied
Opened
#3009 [GH-ISSUE #5469] PPA installation: Key is stored in legacy trusted.gpg keyring (Linux Mint)
Opened
#3010 [GH-ISSUE #5477] claws-mail: seahorse pinentry is blocked
Opened
#3011 [GH-ISSUE #5482] Enable Dependabot security alerts for GitHub Actions
Opened
#3012 [GH-ISSUE #5480] vscodium: cannot use sudo nor ssh
Opened
#3013 [GH-ISSUE #5487] --private=dir can be bypassed without --dbus-user=filter (dbus)
Opened
#3014 [GH-ISSUE #5490] (Duplicate of #5489)
Opened
#3015 [GH-ISSUE #5491] transmission-cli: error: could not load the shared library (issue with private-lib)
Opened
#3016 [GH-ISSUE #5499] minecraft-launcher: minecraft does not work
Opened
#3017 [GH-ISSUE #5492] support for Kerberos/GSSAPI (e.g. browser SPNEGO)
Opened
#3018 [GH-ISSUE #5500] firefox: cannot access the microphone (possibly pipewire related)
Opened
#3019 [GH-ISSUE #5518] firefox: permissive access to /etc
Opened
#3020 [GH-ISSUE #5505] Empty mkdir's should be cleaned up
Opened
#3021 [GH-ISSUE #5510] Error chdir: sandbox.c:1117 sandbox: Permission denied
Opened
#3022 [GH-ISSUE #5524] “Error fbuilder: invalid program” when using --build
Opened
#3023 [GH-ISSUE #5528] brave: built-in tor connections are blocked
Opened
#3024 [GH-ISSUE #5532] audacity: error while loading shared libraries: lib-project-rate.so (private-bin)
Opened
#3025 [GH-ISSUE #5539] audacity: network access and sandbox violation report
Opened
#3026 [GH-ISSUE #5533] cinelerra-gg: program uses default.profile
Opened
#3027 [GH-ISSUE #5534] add olive video editor
Opened
#3028 [GH-ISSUE #5558] Unexpected TAB-completion behaviour in GDB that's hard to trace to the .inputrc and --tab options.
Opened
#3029 [GH-ISSUE #5545] /proc/config.gz blacklisted twice
Opened
#3030 [GH-ISSUE #5560] --X11=xephyr broken on Mint 21.1 or other Ubuntu 22.04 based OS
Opened
#3031 [GH-ISSUE #5572] vlc: program does not shutdown (AppArmor)
Opened
#3032 [GH-ISSUE #5568] Potentially broken chaining in electron redirect profiles
Opened
#3033 [GH-ISSUE #5581] Programs are not sandboxed by default in i3
Opened
#3034 [GH-ISSUE #5587] gamescope as x11 sandbox
Opened
#3035 [GH-ISSUE #5584] spotify: Error fcopy: invalid ownership for file /usr/bin/spotify
Opened
#3036 [GH-ISSUE #5585] Invalid --profile-path command line option
Opened
#3037 [GH-ISSUE #5601] qutebrowser: links do not open in the existing instance
Opened
#3038 [GH-ISSUE #5599] End-of-options indicator "--" leads to invalid shell invocation (fish shell)
Opened
#3039 [GH-ISSUE #5598] Profile with join-or-start option does not work with "--profile="
Opened
#3040 [GH-ISSUE #5605] Using end-of-options indicator "--" and blacklisting $SHELL causes Cannot start application
Opened
#3041 [GH-ISSUE #5603] [ignore] https://github.com/netblue30/firejail/projects/3#card-75760383
Opened
#3042 [GH-ISSUE #5606] End-of-options indicator "--" breaks firejail when login shell is set to /sbin/nologin
Opened
#3043 [GH-ISSUE #5615] libreoffice: cannot save files (AppArmor)
Opened
#3044 [GH-ISSUE #5608] private-etc rework broke profiles without resolv.conf in private-etc
Opened
#3045 [GH-ISSUE #5611] firefox: cursor does not unhide after moving (NixOS/sway)
Opened
#3046 [GH-ISSUE #5620] How to use /media in --chroot?
Opened
#3047 [GH-ISSUE #5617] Is it possible to blacklist all the .txt files recursively under a directory?
Opened
#3048 [GH-ISSUE #5619] mutt: cannot decrypt ~/.muttrc.gpg
Opened
#3049 [GH-ISSUE #5625] ssh: Mounting noexec /home/<homedir> not working.
Opened
#3050 [GH-ISSUE #5623] Torch cuda not working with firejail --noprofile
Opened
#3051 [GH-ISSUE #5636] chromium: different instances can talk to each other when --noprofile is used
Opened
#3052 [GH-ISSUE #5639] qutebrowser: cannot run userscripts
Opened
#3053 [GH-ISSUE #5640] firejail holds device mapper node preventing LUKS2/cryptsetup from being closed
Opened
#3054 [GH-ISSUE #5647] youtube-dl: cannot use AtomicParsley metadata downloader
Opened
#3055 [GH-ISSUE #5650] private-etc breaks with 'net none' and 'dns=foo'
Opened
#3056 [GH-ISSUE #5652] Error: cannot create /run/firejail/profile/... (new profile)
Opened
#3057 [GH-ISSUE #5659] Using end-of-options indicator "--" and private-bin causes Cannot start application: No such file or directory
Opened
#3058 [GH-ISSUE #5678] okular: cannot open file with --private= and --read-only=
Opened
#3059 [GH-ISSUE #5676] kitty + ssh: Error: too long arguments: argv[22] len (5056) >= MAX_ARG_LEN (4128)
Opened
#3060 [GH-ISSUE #5679] claws-mail: bsfilter plugin does not work
Opened
#3061 [GH-ISSUE #5680] firefox: cannot start directly on Debian 11.6 (low priority)
Opened
#3062 [GH-ISSUE #5683] One-shot copy single file into Firejail and let me run a parser against it
Opened
#3063 [GH-ISSUE #5684] --read-only-files and --read-only-folders to ensure --read-only only matches files/folders
Opened
#3064 [GH-ISSUE #5687] uvm lightweight vm support
Opened
#3065 [GH-ISSUE #5685] zfs mountpoints performance drops inside firejail sandbox
Opened
#3066 [GH-ISSUE #5692] rsync-download_only: private-bin is broken
Opened
#3067 [GH-ISSUE #5696] microsoft-edge-stable: cannot launch with default profile
Opened
#3068 [GH-ISSUE #5694] Fvwm "Restart" creates directory outside --private or --overlay-tmpfs sandbox?
Opened
#3069 [GH-ISSUE #5698] libreoffice: Warning: failed to launch javaldx
Opened
#3070 [GH-ISSUE #5704] gajim: cannot load plugins
Opened
#3071 [GH-ISSUE #5713] Add a macro for the current working directory
Opened
#3072 [GH-ISSUE #5703] Custom seccomp list and apparmor do not work well together
Opened
#3073 [GH-ISSUE #5721] ssh: errors accessing shell file from /usr/share when using fish and mosh
Opened
#3074 [GH-ISSUE #5716] claws-mail: ClamAV plugin fails with "Permission denied"
Opened
#3075 [GH-ISSUE #5723] Arch Linux: Cannot install/update AUR packages (fs_resolvconf: No such file or directory)
Opened
#3076 [GH-ISSUE #5727] build: --enable-private-lib is broken
Opened
#3077 [GH-ISSUE #5726] signal-desktop: program fails on startup
Opened
#3078 [GH-ISSUE #5738] PCSX2: profile needs to be converted for appimages
Opened
#3079 [GH-ISSUE #5745] steam: crashes with private-tmp (dbus)
Opened
#3080 [GH-ISSUE #5746] php-fpm: no internet access (--noprofile) (resolv.conf)
Opened
#3081 [GH-ISSUE #5747] CVE-2023-28100 and firejail
Opened
#3082 [GH-ISSUE #5751] ssh-agent: eval hangs without --deterministic-shutdown
Opened
#3083 [GH-ISSUE #5748] firejail --appimage doesn't have supplementary groups required for device access
Opened
#3084 [GH-ISSUE #5750] inside firejail running webserver, cant find latest live files
Opened
#3085 [GH-ISSUE #5766] Add whitelist directoryname with single quotes
Opened
#3086 [GH-ISSUE #5764] pidgin: program does not start
Opened
#3087 [GH-ISSUE #5767] linuxqq: private-bin needs bash due to shell script wrapper
Opened
#3088 [GH-ISSUE #5773] freeoffice-textmaker: cannot create unique identifier
Opened
#3089 [GH-ISSUE #5775] ping: socket: Operation not permitted (--net)
Opened
#3090 [GH-ISSUE #5778] build: error: ‘for’ loop initial declarations are only allowed in C99 mode
Opened
#3091 [GH-ISSUE #5790] keepassxc: cannot access freedesktop.org secret service
Opened
#3092 [GH-ISSUE #5785] gitlab-ci: The repository is not being mirrored from GitHub to GitLab
Opened
#3093 [GH-ISSUE #5787] Hard to do "secure by default" profiles
Opened
#3094 [GH-ISSUE #5793] evolution: Couldn't connect to accessibility bus
Opened
#3095 [GH-ISSUE #5797] How can I make all profiles private automatically on startup?
Opened
#3096 [GH-ISSUE #5803] ssh: Couldn't open /dev/null: Permission denied
Opened
#3097 [GH-ISSUE #5807] recoll: blacklisted paths are accessible (dbus)
Opened
#3098 [GH-ISSUE #5809] claws-mail: bogofilter fails to create wordlist.db
Opened
#3099 [GH-ISSUE #5813] WINE prefix error: no such file/c0000135
Opened
#3100 [GH-ISSUE #5816] ssh: sftp fails in nautilus with GNOME gvfs 1.53+ (ControlMaster, ControlPath)
Opened
#3101 [GH-ISSUE #5817] firefox: browser notifications do not appear in KDE notifications
Opened
#3102 [GH-ISSUE #5818] ci: cannot update the package index in debian:stretch
Opened
#3103 [GH-ISSUE #5827] Allow --caps.keep and newprivs for --chroot
Opened
#3104 [GH-ISSUE #5819] calibre: ImportError: /home/bandura/.local/lib/python3.9/site-packages/_dbus_bindings.cpython-39-x86_64-linux-gnu.so: failed to map segment from shared object
Opened
#3105 [GH-ISSUE #5821] No syscall table provided in firejail on ARM64 platform
Opened
#3106 [GH-ISSUE #5831] mattermost-desktop: cannot start
Opened
#3107 [GH-ISSUE #5832] firefox: Error: invalid --env setting (Debian)
Opened
#3108 [GH-ISSUE #5830] microsoft-edge: passwords and bookmarks do not persist (AppImage)
Opened
#3109 [GH-ISSUE #5854] bug with accessing whitelisted directories from lutris
Opened
#3110 [GH-ISSUE #5861] vmplayer: cannot work with firejail
Opened
#3111 [GH-ISSUE #5837] Add a profile for x2goserver
Opened
#3112 [GH-ISSUE #5863] libreoffice: cannot open URL in flatpak program (AppImage)
Opened
#3113 [GH-ISSUE #5870] dhclient-script: cannot update resolv.conf with read-only /etc
Opened
#3114 [GH-ISSUE #5869] google-chrome: blacklisted paths are accessible (dbus)
Opened
#3115 [GH-ISSUE #5872] firefox: dmesg: apparmor="DENIED" name="/opt/Firefox/update.test"
Opened
#3116 [GH-ISSUE #5873] Logging macros and improving error/warning messages
Opened
#3117 [GH-ISSUE #5874] "firecfg.conf" with list of disabled profiles
Opened
#3118 [GH-ISSUE #5878] virtualbox: Could not find VirtualBox installation. Please reinstall. (Gentoo)
Opened
#3119 [GH-ISSUE #5879] How to whitelist (permit user) to a single directory?
Opened
#3120 [GH-ISSUE #5877] nextcloud: cannot access ~/Nextcloud/Notes
Opened
#3121 [GH-ISSUE #5889] How do you unblacklist directories?
Opened
#3122 [GH-ISSUE #5891] libreoffice: cannot open a second document alsongside with the first one ("shell none")
Opened
#3123 [GH-ISSUE #5883] Wayland security context support
Opened
#3124 [GH-ISSUE #5899] firecfg: Support OpenDoas
Opened
#3125 [GH-ISSUE #5897] Shell script fails to kill-off child processes upon app closure and sandbox termination
Opened
#3126 [GH-ISSUE #5895] nautilus: How to make the entire sandbox inescapable and read-only?
Opened
#3127 [GH-ISSUE #5907] telegram: program asks to relogin on every launch
Opened
#3128 [GH-ISSUE #5903] docs: non-ASCII hyphens in commands - copy pasting them fails on command line
Opened
#3129 [GH-ISSUE #5906] build: Error: symbol `fopen64' is already defined (custom time/offset bits)
Opened
#3130 [GH-ISSUE #5908] Cannot open files in gocryptfs/securefs filesystem with firejailed programs
Opened
#3131 [GH-ISSUE #5921] mpv: mpv 0.36.0 + pipewire 0.3.75 dbus error
Opened
#3132 [GH-ISSUE #5925] GNOME Settings: vlc does not appear when trying to set default media player
Opened
#3133 [GH-ISSUE #5926] vscode: cannot access USB debugger
Opened
#3134 [GH-ISSUE #5929] keepassxc: dbus: D-Bus library appears to be incorrectly set up
Opened
#3135 [GH-ISSUE #5932] gramps: add the new xdg config directory
Opened
#3136 [GH-ISSUE #5939] inconsistent behavior when PATH in not set
Opened
#3137 [GH-ISSUE #5937] Profile report: Visual Studio Code
Opened
#3138 [GH-ISSUE #5938] 0ad: error while loading shared libraries: libmozjs-78.so.0 (OpenSUSE Tumbleweed)
Opened
#3139 [GH-ISSUE #5940] archlinux Update Account Information problems
Opened
#3140 [GH-ISSUE #5952] Harcoded /usr/lib profile entries do not apply to /usr/lib64 (Gentoo)
Opened
#3141 [GH-ISSUE #5948] lutris: cannot launch EA App
Opened
#3142 [GH-ISSUE #5965] Wrong syscall names for s390_pci_mmio_read and s390_pci_mmio_write
Opened
#3143 [GH-ISSUE #5963] brave: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
Opened
#3144 [GH-ISSUE #5961] chromium: no graceful termination with SIGINT
Opened
#3145 [GH-ISSUE #5982] firejail --ls reports wrong file sizes for large files
Opened
#3146 [GH-ISSUE #5971] discord: notifications are not shown
Opened
#3147 [GH-ISSUE #5975] nautilus: cannot connect through sftp
Opened
#3148 [GH-ISSUE #5992] Leave pipewire group along with audio group if logind is absent
Opened
#3149 [GH-ISSUE #5990] vscodium: cannot access Arduino code
Opened
#3150 [GH-ISSUE #5995] xpra crashes on Arch Linux
Opened
#3151 [GH-ISSUE #5999] Unable to switch input methods within the sandbox
Opened
#3152 [GH-ISSUE #6000] gwenview: cannot move files into Trash directory
Opened
#3153 [GH-ISSUE #6002] text-editors: cannot access all text files in the user home
Opened
#3154 [GH-ISSUE #6006] xauth command is hardcoded to /usr/bin/xauth
Opened
#3155 [GH-ISSUE #6010] Add gomuks
Opened
#3156 [GH-ISSUE #6008] Add tidal-hifi
Opened
#3157 [GH-ISSUE #6011] whitelist ${HOME}/Documents is not working
Opened
#3158 [GH-ISSUE #6018] firejail hangs trying to mount nfs-shares when offline
Opened
#3159 [GH-ISSUE #6015] vscodium: nodejs extension fails to execute a command correctly
Opened
#3160 [GH-ISSUE #6031] lximage-qt: Could not create AF_NETLINK socket (private-tmp)
Opened
#3161 [GH-ISSUE #6033] Zip the supplied profiles
Opened
#3162 [GH-ISSUE #6032] Support ${HOME} and ~ in --netfilter=
Opened
#3163 [GH-ISSUE #6034] nicotine: cannot start with fcitx dbus entries enabled
Opened
#3164 [GH-ISSUE #6035] lutris: Ubisoft Connect: Error at hooking API
Opened
#3165 [GH-ISSUE #6044] pavucontrol-qt: does not inherit system theme, icons and font
Opened
#3166 [GH-ISSUE #6046] Cannot whitelist ${RUNUSER}/gnupg
Opened
#3167 [GH-ISSUE #6047] keepassxc: tray icon does not appear (KDE/Plasma Wayland)
Opened
#3168 [GH-ISSUE #6056] virt-manager: cannot initialize network (Debian 12)
Opened
#3169 [GH-ISSUE #6058] Make whitelist handle symlinks in intermediate path
Opened
#3170 [GH-ISSUE #6071] clamtk: program fails to start
Opened
#3171 [GH-ISSUE #6057] contrib/syntax: firejail-profile.lang causes Gnome Editor to recognize every plain text document as "Firejail Profile"
Opened
#3172 [GH-ISSUE #6088] The tracing mechanism does not always properly handle an existing ld.so.preload file
Opened
#3173 [GH-ISSUE #6080] file-roller: cannot use "open with" (dbus/noroot)
Opened
#3174 [GH-ISSUE #6077] landlock: restrict tcp sockets
Opened
#3175 [GH-ISSUE #6094] flameshot: cannot start: Failed to open "/etc/machine-id"
Opened
#3176 [GH-ISSUE #6093] Userspace driver proxy for kernel managed by firejail
Opened
#3177 [GH-ISSUE #6097] chromium: blacklisted paths are accessible (dbus)
Opened
#3178 [GH-ISSUE #6098] docs: conflicting information about whether to use apparmor with firejail
Opened
#3179 [GH-ISSUE #6101] vlan setup launch
Opened
#3180 [GH-ISSUE #6100] keepassxc: cannot save database
Opened
#3181 [GH-ISSUE #6105] pulsar: help wanted to create a new profile
Opened
#3182 [GH-ISSUE #6106] lutris: MangoHud cannot load custom profiles
Opened
#3183 [GH-ISSUE #6103] geary: crash when showing email contents
Opened
#3184 [GH-ISSUE #6110] discord: Check failed: . : Permission denied (13)
Opened
#3185 [GH-ISSUE #6112] man: cannot use nvim as man pager
Opened
#3186 [GH-ISSUE #6113] firejail: fs_lib.c:56: find_in_path: Assertion \`geteuid() != 0' failed
Opened
#3187 [GH-ISSUE #6114] Release Notes and/or Wiki 0.9.58.* & 0.9.56-LTS inconsistencies
Opened
#3188 [GH-ISSUE #6115] build: cannot compile with landlock disabled on Ubuntu 16.04 (gcc 9.5.0)
Opened
#3189 [GH-ISSUE #6119] fractal: program does not start (missing whitelist)
Opened
#3190 [GH-ISSUE #6124] openttd: cannot connect to extension manager (--noprofile)
Opened
#3191 [GH-ISSUE #6123] openttd: cannot save game options
Opened
#3192 [GH-ISSUE #6121] dnsmasq: libvirtd cannot activate virtual network: PATH environment variable not set
Opened
#3193 [GH-ISSUE #6133] ARP probe failing due to gratuitous arp reply
Opened
#3194 [GH-ISSUE #6130] obs: black screen during screen capture and desktop portal error (pipewire)
Opened
#3195 [GH-ISSUE #6127] blacklist does not work for new files and folders without firejail restart
Opened
#3196 [GH-ISSUE #6137] private-etc exceeds 500MB limit due to large files symlinked in /etc/alternatives
Opened
#3197 [GH-ISSUE #6135] whitelisting nc does not work with disable-common.inc
Opened
#3198 [GH-ISSUE #6134] proxychains works but apparmor lib is not invoked
Opened
#3199 [GH-ISSUE #6145] End-of-options not honored when running under existing sandbox.
Opened
#3200 [GH-ISSUE #6144] Add support for running inside distrobox
Opened
#3201 [GH-ISSUE #6140] firejail --private --private-cwd 无法限制访问
Opened
#3202 [GH-ISSUE #6148] hashcat: cannot recognise any hashes (even its own generated with -m xxx --example-hashes) when run against a hash file
Opened
#3203 [GH-ISSUE #6146] keepassxc: cannot open without no3d (mesa regression)
Opened
#3204 [GH-ISSUE #6151] Cannot blacklist all but one gpu
Opened
#3205 [GH-ISSUE #6162] gwenview: Cannot access images on sftp:// URI
Opened
#3206 [GH-ISSUE #6152] Read profiles from /usr, in addition to /etc and ~/.config
Opened
#3207 [GH-ISSUE #6161] Permissions curious behaviour with private home
Opened
#3208 [GH-ISSUE #6171] tesseract: output contains firejail messages
Opened
#3209 [GH-ISSUE #6168] docs: mention built-in blacklists in man pages
Opened
#3210 [GH-ISSUE #6174] Make a PPA for Ubuntu 23.10 (Mantic Minotaur)
Opened
#3211 [GH-ISSUE #6188] Cannot start android emulator in firejail when virtualbox is running (KVM)
Opened
#3212 [GH-ISSUE #6175] linphone: v5.2.0: Failed to create OpenGL context for format QSurfaceFormat
Opened
#3213 [GH-ISSUE #6185] Add ${USER} macro (containing username of user who runs the firejail)
Opened
#3214 [GH-ISSUE #6191] lutris: gamescope is broken: /tmp/.X11-unix not owned by root or us (xwayland)
Opened
#3215 [GH-ISSUE #6190] build: --enable-analyzer throws warnings on Ubuntu 22.04 LTS
Opened
#3216 [GH-ISSUE #6189] mousepad: cannot edit any setting
Opened
#3217 [GH-ISSUE #6195] landlock: "Invalid argument" error when creating the ruleset
Opened
#3218 [GH-ISSUE #6197] mpv: cannot open files via dolphin
Opened
#3219 [GH-ISSUE #6199] Make a PPA for Ubuntu 23.04 (Lunar Lobster)
Opened
#3220 [GH-ISSUE #6206] Shell not starting on login
Opened
#3221 [GH-ISSUE #6208] x2goclient: no sound device
Opened
#3222 [GH-ISSUE #6204] mpv: profile breaks thumbfast thumbnails
Opened
#3223 [GH-ISSUE #6210] 127.0.0.1 should reference localhost, not the hostname
Opened
#3224 [GH-ISSUE #6212] ani-cli: profile breaks mpv-uosc
Opened
#3225 [GH-ISSUE #6213] Disable force-nonewprivs on a per-profile basis
Opened
#3226 [GH-ISSUE #6267] chromium: --private=<dir> not preserving cookies (browser config)
Opened
#3227 [GH-ISSUE #6224] build: libtrace(log) warnings on Alpine
Opened
#3228 [GH-ISSUE #6225] chromium: does not open unless ignoring whitelist-runuser-common.inc (hyprland)
Opened
#3229 [GH-ISSUE #6269] torbrowser: error: Tor exited during startup
Opened
#3230 [GH-ISSUE #6276] Game "Faster Than Light" with font issues (--noprofile)
Opened
#3231 [GH-ISSUE #6275] telegram: cannot open links in browser
Opened
#3232 [GH-ISSUE #6288] Firejail breaks process substitution
Opened
#3233 [GH-ISSUE #6282] build: warning: "_FORTIFY_SOURCE" redefined (Arch Linux)
Opened
#3234 [GH-ISSUE #6279] k3b: cannot detect all dvd drives due to private-dev
Opened
#3235 [GH-ISSUE #6306] lutris: Lutris 5.17 uses new paths and syscalls
Opened
#3236 [GH-ISSUE #6308] ssh: failure because it cannot access /etc/ssh/ssh_revoked_hosts
Opened
#3237 [GH-ISSUE #6296] Error fcopy: invalid ownership for file /etc/resolv.conf (chattr +i)
Opened
#3238 [GH-ISSUE #6310] keepassxc: failure to launch on Gentoo (private-etc)
Opened
#3239 [GH-ISSUE #6312] zoom: profile bypasses --private (mkdir/mkfile)
Opened
#3240 [GH-ISSUE #6317] firefox: whitelisting in ${RUNUSER} breaks Wayland and portals
Opened
#3241 [GH-ISSUE #6326] Return --force!
Opened
#3242 [GH-ISSUE #6332] vlc: cannot read MakeMKV's libmmbd for BDs decryption
Opened
#3243 [GH-ISSUE #6318] neovim: Cannot run neovim appimage (Linux Lite)
Opened
#3244 [GH-ISSUE #6352] libreoffice: cannot sign documents with GPG
Opened
#3245 [GH-ISSUE #6345] yelp: cannot open man pages
Opened
#3246 [GH-ISSUE #6335] wine: chdir error in bazzite linux (ostree)
Opened
#3247 [GH-ISSUE #6355] memory protection system call "mseal" is now in kernel 6.10
Opened
#3248 [GH-ISSUE #6360] Paths blacklisted using ${PATH} can't be unblacklisted using expanded paths (which works for other variables)
Opened
#3249 [GH-ISSUE #6358] docs: manpage should explain precedence of CLI options vs profile settings
Opened
#3250 [GH-ISSUE #6364] hashcat: failure with private-dev & private-bin
Opened
#3251 [GH-ISSUE #6371] Please add --home=dir option
Opened
#3252 [GH-ISSUE #6368] chromium: failure due to AppArmor user namespace errors
Opened
#3253 [GH-ISSUE #6372] Nvidia driver 550.90.07 needs access to /sys/module/nvidia*
Opened
#3254 [GH-ISSUE #6377] claws-mail: window doesn't paint / is unresponsive with "fancy" plugin
Opened
#3255 [GH-ISSUE #6373] DNS problem with "--net=eth0"
Opened
#3256 [GH-ISSUE #6379] ssh: cannot access private key stored in TPM (private-dev)
Opened
#3257 [GH-ISSUE #6386] steam: Steam beta won't start (dbus)
Opened
#3258 [GH-ISSUE #6381] Add a profile for prismlauncher
Opened
#3259 [GH-ISSUE #6388] wireguard: cannot connect to server (configuration issue)
Opened
#3260 [GH-ISSUE #6389] Cannot mount usb flash drive (modprobe.d)
Opened
#3261 [GH-ISSUE #6397] Can we force ipvlan for network?
Opened
#3262 [GH-ISSUE #6403] build: failure due to invalid --date option (ChromeOS)
Opened
#3263 [GH-ISSUE #6400] [meta] private-etc rework
Opened
#3264 [GH-ISSUE #6399] --private allows writing to the real ~/.bashrc (shell redirect)
Opened
#3265 [GH-ISSUE #6413] librewolf: cannot open new URLs into running instance 3
Opened
#3266 [GH-ISSUE #6414] build: error: ‘PROC_EVENT_COREDUMP’ undeclared on Linux <3.10
Opened
#3267 [GH-ISSUE #6406] Recommend using the PPA in the wordpress website as well
Opened
#3268 [GH-ISSUE #6426] Hardcoded tc command is not found on NixOS
Opened
#3269 [GH-ISSUE #6421] element-desktop: Unable to find Electron app at /usr/share/element/app
Opened
#3270 [GH-ISSUE #6416] c compiler cannot create executables inside firejail
Opened
#3271 [GH-ISSUE #6430] Cannot use tap device with --net=
Opened
#3272 [GH-ISSUE #6440] build: error: 'AUDIT_ARCH_AARCH64' undeclared on Linux <3.17
Opened
#3273 [GH-ISSUE #6442] bitwarden: using electron.profile blacklists ~/.config/Bitwarden
Opened
#3274 [GH-ISSUE #6445] firefox: Warning: I can run programs in /run/user/1000
Opened
#3275 [GH-ISSUE #6444] firefox: cannot drag and drop files from Dolphin
Opened
#3276 [GH-ISSUE #6447] mkdir command works even when the path is blacklisted
Opened
#3277 [GH-ISSUE #6457] Look for config files in /usr/local/etc/firejail/
Opened
#3278 [GH-ISSUE #6450] Crash when mountinfo contains line over 4096 bytes
Opened
#3279 [GH-ISSUE #6448] Harden memory-deny-write-execute against READ_IMPLIES_EXEC
Opened
#3280 [GH-ISSUE #6458] Add a directive like "include" that will fail if profile cannot be found
Opened
#3281 [GH-ISSUE #6459] Support "include" directive for conditionals and negative conditionals
Opened
#3282 [GH-ISSUE #6460] Multi-command syntax to reduce boilerplate
Opened
#3283 [GH-ISSUE #6465] flameshot: MESA: error: Failed to query drm device (intel/no3d)
Opened
#3284 [GH-ISSUE #6461] vscodium: missing profile redirect for codium
Opened
#3285 [GH-ISSUE #6462] [meta] Opening links outside of the sandbox
Opened
#3286 [GH-ISSUE #6481] Add profiles for gifsicle + gifski
Opened
#3287 [GH-ISSUE #6475] wesnoth: error while loading shared libraries: liblua++.so.5.4
Opened
#3288 [GH-ISSUE #6484] firefox: tts fails in reader view: cannot access espeak-ng
Opened
#3289 [GH-ISSUE #6491] Command to mount /proc with subset=pid
Opened
#3290 [GH-ISSUE #6490] Reintroduce shell feature
Opened
#3291 [GH-ISSUE #6487] Host file managers cannot find files in sandbox /proc with --private
Opened
#3292 [GH-ISSUE #6509] Nvidia driver 560.35.03 cannot access gpu
Opened
#3293 [GH-ISSUE #6505] librewolf: cannot open new URLs into running instance
Opened
#3294 [GH-ISSUE #6497] idea: UI freeze due to chromium + seccomp
Opened
#3295 [GH-ISSUE #6518] ctrl-g causes terminal emacs to exit.
Opened
#3296 [GH-ISSUE #6520] Wayland alternative to xephyr and xpra?
Opened
#3297 [GH-ISSUE #6532] Assertion failed: env_get("LD_PRELOAD") == NULL (run_symlink.c: run_symlink: 81)
Opened
#3298 [GH-ISSUE #6544] anki: program fails to open because it requires mpv
Opened
#3299 [GH-ISSUE #6547] Fine-grained permission to DBus for Dropbox Profile.
Opened
#3300 [GH-ISSUE #6540] Profile for zed editor.
Opened
#3301 [GH-ISSUE #6550] tesseract: ocrmypdf fails due to private-tmp
Opened
#3302 [GH-ISSUE #6553] How to specify the path of the firejail.config file?
Opened
#3303 [GH-ISSUE #6563] firefox: cannot open file chooser with "Save Page As..."
Opened
#3304 [GH-ISSUE #6576] anki: Cannot start application: No such file or directory
Opened
#3305 [GH-ISSUE #6566] Vulkan applications don't work even with --noprofile (nvidia)
Opened
#3306 [GH-ISSUE #6567] Firejail + tmux: tmux windows are labeled "firejail" instead of the actual application
Opened
#3307 [GH-ISSUE #6601] kwrite: saving files causes KService to act up, resetting default apps and more
Opened
#3308 [GH-ISSUE #6599] signal-desktop: private-etc @tls-ca breaks opening links under Plasma (kio)
Opened
#3309 [GH-ISSUE #6606] chromium: many DENIED entries in audit log after AppArmor upgrade from 3.1.x to 4.0.x
Opened
#3310 [GH-ISSUE #6614] signal-desktop: program does not work on Ubuntu 22.04
Opened
#3311 [GH-ISSUE #6618] pavucontrol: MESA: error: Failed to query drm device (no3d)
Opened
#3312 [GH-ISSUE #6610] build: libtrace: errors due to undeclared stat64/lstat64 structs (musl libc)
Opened
#3313 [GH-ISSUE #6619] build: building with --disable-sandbox-check breaks tests
Opened
#3314 [GH-ISSUE #6625] discord: Error: no suitable /usr/bin/discord executable found
Opened
#3315 [GH-ISSUE #6626] --private isn't enough to prevent generating dot files
Opened
#3316 [GH-ISSUE #6630] overlayfs "temporarily disabled" since 4 years 🧐
Opened
#3317 [GH-ISSUE #6634] zoom: program does not start (nvidia)
Opened
#3318 [GH-ISSUE #6637] Hardcoded iptables path causes issues on non-FHS systems like NixOS
Opened
#3319 [GH-ISSUE #6644] foliate: program does not work due to private-bin and bwrap
Opened
#3320 [GH-ISSUE #6642] NOTICE: Detuning locks due to high load per core (performance issue on server daemon)
Opened
#3321 [GH-ISSUE #6639] Cannot override read-only entry with --read-write option
Opened
#3322 [GH-ISSUE #6645] steam-session & firejail (steamos, other distros)
Opened
#3323 [GH-ISSUE #6646] firecfg: program symlinks are removed when not in firecfg.config
Opened
#3324 [GH-ISSUE #6649] Add a profile for zen web browser
Opened
#3325 [GH-ISSUE #6650] firecfg: microsoft-edge is not being sandboxed after running 'sudo firecfg'
Opened
#3326 [GH-ISSUE #6651] Add a profile for betterbird
Opened
#3327 [GH-ISSUE #6652] Add a profile for betterbird 2
Opened
#3328 [GH-ISSUE #6657] firecfg: gedit is not sandboxed (.desktop file)
Opened
#3329 [GH-ISSUE #6655] Include /dev/ntsync in private-dev
Opened
#3330 [GH-ISSUE #6658] firecfg: seahorse is not sandboxed (.desktop file)
Opened
#3331 [GH-ISSUE #6675] Firefox warning message about user namespace after upgrade to AppArmor 4
Opened
#3332 [GH-ISSUE #6665] dovecot: errors with disable-exec.inc
Opened
#3333 [GH-ISSUE #6662] ytmdesktop: new version renames the binary to youtube-music-desktop-app
Opened
#3334 [GH-ISSUE #6681] element-desktop: program does not start (apparmor + electron)
Opened
#3335 [GH-ISSUE #6684] firedragon: program does not start
Opened
#3336 [GH-ISSUE #6688] Cannot block keyboard/mouse input (multiseat)
Opened
#3337 [GH-ISSUE #6693] (Duplicate of #6065)
Opened
#3338 [GH-ISSUE #6695] Create a GitHub Project for 0.9.76
Opened
#3339 [GH-ISSUE #6696] landlock: cannot rename file or directory inside landlocked path
Opened
#3340 [GH-ISSUE #6702] Update Debian package / Ubuntu PPA to 0.9.74
Opened
#3341 [GH-ISSUE #6701] python3: --timeout does not kill the program (docker)
Opened
#3342 [GH-ISSUE #6700] librewolf: failed to detect pkcs11 opensc smartcard
Opened
#3343 [GH-ISSUE #6705] Error: preproc_lock_file: open: Permission denied (SELinux)
Opened
#3344 [GH-ISSUE #6703] Missing files when whitelisting /var/log (--writable-var-log)
Opened
#3345 [GH-ISSUE #6720] firefox: add new tridactylrc config path
Opened
#3346 [GH-ISSUE #6726] profile request: gradle
Opened
#3347 [GH-ISSUE #6725] Thunderbird cannot send emails via IMAP when email crypgraphic signing is enabled
Opened
#3348 [GH-ISSUE #6729] Deadlock on /run/firejail/firejail-run.lock when a firejailed process is suspended
Opened
#3349 [GH-ISSUE #6740] Cannot blacklist /run: disable_file: No such file or directory
Opened
#3350 [GH-ISSUE #6730] ssh: -f functionality broken
Opened
#3351 [GH-ISSUE #6731] Add a profile for LM-Studio
Opened
#3352 [GH-ISSUE #6742] add profile with only /bin /sbin /usr + partly /etc and optionally Wayland, X11, DRM and audio
Opened
#3353 [GH-ISSUE #6743] firefox: garbage chars for entire GUI + web pages
Opened
#3354 [GH-ISSUE #6741] firefox: gibberish chars with custom profile
Opened
#3355 [GH-ISSUE #6744] simple-scan: cannot open "save file" dialog
Opened
#3356 [GH-ISSUE #6746] Provide an option to mount the top directory temporary filesystem of a whitelisted directory without the noexec flag
Opened
#3357 [GH-ISSUE #6745] build: fnettrace: cannot execute binary file (cross-compilation)
Opened
#3358 [GH-ISSUE #6760] firefox: program not in sync with network adapter changes (VPN)
Opened
#3359 [GH-ISSUE #6758] rssguard: cannot launch: error while loading shared libraries: libluajit-5.1.so.2
Opened
#3360 [GH-ISSUE #6749] libreoffice: cannot use IBus
Opened
#3361 [GH-ISSUE #6762] wine: blacklisting python prevents gstreamer initialization
Opened
#3362 [GH-ISSUE #6767] ssh: --net=(none|interface) breaks ssh -X
Opened
#3363 [GH-ISSUE #6768] Login via SSH does not load proper Bash shell
Opened
#3364 [GH-ISSUE #6772] prismlauncher: cannot detect gamemode
Opened
#3365 [GH-ISSUE #6771] Electron apps not launching when default shell is not bash
Opened
#3366 [GH-ISSUE #6773] xkeyboard-config 2.45: cannot start many programs (new /usr/share path)
Opened
#3367 [GH-ISSUE #6774] zeal: program does not start
Opened
#3368 [GH-ISSUE #6776] Not clear why an app is being blocked by firejail
Opened
#3369 [GH-ISSUE #6778] man: Cannot start application: Permission denied (fish shell on Chimera Linux)
Opened
#3370 [GH-ISSUE #6782] foliate: cannot launch ebooks & GTK style is not followed
Opened
#3371 [GH-ISSUE #6788] qutebrowser: no image preview on reddit
Opened
#3372 [GH-ISSUE #6787] Search for .net files in ~/.config/firejail
Opened
#3373 [GH-ISSUE #6792] potential double-free in procevent_monitor (SAST Warning)
Opened
#3374 [GH-ISSUE #6793] buku: Error: no suitable /usr/bin/buku executable found (python-exec on Gentoo)
Opened
#3375 [GH-ISSUE #6797] ci: test: Error fcopy: invalid ownership for file /etc/localtime
Opened
#3376 [GH-ISSUE #6802] firefox: cannot create PWAs due to read-only ~/.local/share/applications
Opened
#3377 [GH-ISSUE #6798] private-etc: Error: invalid file type, /etc/login.defs. (file mode 640, OpenMandriva)
Opened
#3378 [GH-ISSUE #6800] librewolf: cannot open flatpak Zoom via gio
Opened
#3379 [GH-ISSUE #6813] neochat: cannot log in
Opened
#3380 [GH-ISSUE #6809] w3m: Initial page loads but cannot navigate an subsequent links
Opened
#3381 [GH-ISSUE #6811] build: debian packaging minor fixes
Opened
#3382 [GH-ISSUE #6814] kate: no internet connection
Opened
#3383 [GH-ISSUE #6815] kate: no internet connection
Opened
#3384 [GH-ISSUE #6820] netfilter: Error: the sandbox doesn't use a new network namespace
Opened
#3385 [GH-ISSUE #6821] Firejail outputs an empty profile file when --build=profile is run
Opened
#3386 [GH-ISSUE #6822] koreader: Error: failed to run /run/firejail/lib/fsec-print (whitelist in /usr/lib)
Opened
#3387 [GH-ISSUE #6827] keepassxc: cannot start program (dbus/machine-id)
Opened
#3388 [GH-ISSUE #6833] Support AppImages using zstd compression
Opened
#3389 [GH-ISSUE #6835] Create a GitHub Project for 0.9.78
Opened
#3390 [GH-ISSUE #6831] Allow interpolation in env values: env XDG_CACHE_HOME=${HOME}/.cache-firejail
Opened
#3391 [GH-ISSUE #6838] vscode: cannot access ~/.local/share/fish/fish_history
Opened
#3392 [GH-ISSUE #6837] firefox: xkbcommon: ERROR: failed to add default include path /usr/share/X11/xkb
Opened
#3393 [GH-ISSUE #6839] thunderbird: Failed to connect to Wayland display
Opened
#3394 [GH-ISSUE #6842] Update Debian package to 0.9.76
Opened
#3395 [GH-ISSUE #6853] ci: Replicate Debian CI jobs in our GitLab CI
Opened
#3396 [GH-ISSUE #6843] librewolf: UI has graphic corruption (NixOS, 3d + private-etc)
Opened
#3397 [GH-ISSUE #6860] startx: GUI does not respond to keyboard input
Opened
#3398 [GH-ISSUE #6855] kontact: Cannot save feed list to ~/.local/share/akregator/data//feeds.opml
Opened
#3399 [GH-ISSUE #6857] chromium: ERR_INTERNET_DISCONNECTED: cannot connect to the Internet
Opened
#3400 [GH-ISSUE #6863] discord: clicking tray icon triggers remote control input access request
Opened
#3401 [GH-ISSUE #6861] element-desktop: program does not start
Opened
#3402 [GH-ISSUE #6865] firecfg: telegram-desktop desktop file valid but described as 'not a .desktop file'
Opened
#3403 [GH-ISSUE #6882] firefox: --allow-debuggers: PTRACE_TRACEME: Permission denied (AppArmor)
Opened
#3404 [GH-ISSUE #6880] firefox: xkbcommon: ERROR: failed to add default include path /usr/share/X11/xkb
Opened
#3405 [GH-ISSUE #6866] wine: noinput breaks joysticks
Opened
#3406 [GH-ISSUE #6889] firejail(1) man page does not say what is the current working directory inside the jail
Opened
#3407 [GH-ISSUE #6896] --profile=FILE with just a filename has security implications and should be highly discouraged
Opened
#3408 [GH-ISSUE #6883] firefox: ~/.mailcap should be whitelisted to get the default helper applications
Opened
#3409 [GH-ISSUE #6899] browsers: cannot read/write to ~/Applications even when with noblacklist/whitelist
Opened
#3410 [GH-ISSUE #6897] torbrowser-launcher: cannot launch the browser
Opened
#3411 [GH-ISSUE #6901] "Capability-limited" firejail packages to limit SUID privilege escalation risks
Opened
#3412 [GH-ISSUE #6906] File dialog crashes (gdk-pixbuf2 + glycin + bwrap)
Opened
#3413 [GH-ISSUE #6908] webstorm: node: Warning: an existing sandbox was detected
Opened
#3414 [GH-ISSUE #6910] playonlinux: Cannot start application: Permission denied
Opened
#3415 [GH-ISSUE #6913] torbrowser-launcher: crash when uploading files (glycin)
Opened
#3416 [GH-ISSUE #6912] claws-mail: program fails to start (bwrap)
Opened
#3417 [GH-ISSUE #6911] playonlinux: Cannot start application: Permission denied
Opened
#3418 [GH-ISSUE #6915] swww: Error: "/run/user/1000/wayland-1-swww-daemon..sock" is an invalid filename
Opened
#3419 [GH-ISSUE #6914] encrypted home
Opened
#3420 [GH-ISSUE #6921] /home/user is mounted with noexec when --private is used
Opened
#3421 [GH-ISSUE #6927] firefox: file picker is not sandboxed
Opened
#3422 [GH-ISSUE #6929] Portable version for Windows
Opened
#3423 [GH-ISSUE #6922] deadbeef: cannot start program
Opened
#3424 [GH-ISSUE #6935] Add a profile for gemini-cli
Opened
#3425 [GH-ISSUE #6932] IPV6 DNS: net.c:137:try_proto(): socket(): Operation not supported (95)
Opened
#3426 [GH-ISSUE #6934] librewolf: crash on open file dialog (kde plasma)
Opened
#3427 [GH-ISSUE #6939] Unable to blacklist file with \ character in filename
Opened
#3428 [GH-ISSUE #6941] lutris: fails to start: No image loaders are configured
Opened
#3429 [GH-ISSUE #6940] audacity: crash when opening file dialog
Opened
#3430 [GH-ISSUE #6945] slack: cannot upload files
Opened
#3431 [GH-ISSUE #6944] anydesk: program does not open (gdk-pixbuf)
Opened
#3432 [GH-ISSUE #6943] akonadi_control: akonadictl fails to start
Opened
#3433 [GH-ISSUE #6956] Some system calls can not be whitelisted
Opened
#3434 [GH-ISSUE #6950] firefox: crash when saving an image / opening the file browser dialog (glycin)
Opened
#3435 [GH-ISSUE #6946] firefox: program stutters and bad performance
Opened
#3436 [GH-ISSUE #6966] Error: Firejail configuration file /etc/firejail/firejail.config not found (private-etc)
Opened
#3437 [GH-ISSUE #6967] librewolf: program does not load system fonts properly
Opened
#3438 [GH-ISSUE #6968] ssh: cannot connect to dbus-system com.intel.tss2.TctiTabrmd
Opened
#3439 [GH-ISSUE #6979] vlc: two notifications are displayed for track change
Opened
#3440 [GH-ISSUE #6973] vlc: icon in taskbar has black background instead of transparent
Opened
#3441 [GH-ISSUE #6974] kate: links open in KMenuEditor instead of firefox
Opened
#3442 [GH-ISSUE #6984] Remove --disable-globalcfg configure option
Opened
#3443 [GH-ISSUE #6981] Firejailed Thunderbird can't open links in Firejailed Firefox (Separate jails) when /usr/local/bin/firefox exists at thunderbird launch. Discord also had trouble opening links but its usage of private-bin works around this issue
Opened
#3444 [GH-ISSUE #6982] Kernel 6.19 merged ipe check good for every container
Opened
#3445 [GH-ISSUE #6994] Remove overlayfs support/--overlay commands
Opened
#3446 [GH-ISSUE #6995] Remove Intrusion Detection System (IDS)/fids
Opened
#3447 [GH-ISSUE #6993] ping: Name or service not known (/etc/hosts)
Opened
#3448 [GH-ISSUE #6999] yt-dlp: No supported JavaScript runtime could be found (deno)
Opened
#3449 [GH-ISSUE #7007] tests: make test-appimage fails on Arch and Debian 13
Opened
#3450 [GH-ISSUE #7002] firefox: crash when dragging a bookmark (glycin)
Opened
#3451 [GH-ISSUE #7009] feature: add --allow-bwrap command / fbwrap program
Opened
#3452 [GH-ISSUE #7018] Create a GitHub Project for 0.9.80
Opened
#3453 [GH-ISSUE #7008] firecfg: snap programs break due to firejail symlinks
Opened
#3454 [GH-ISSUE #7022] steam: gamescope: scopebuddy: perl: Permission denied
Opened
#3455 [GH-ISSUE #7019] steam: steamtinkerlaunch: not found
Opened
#3456 [GH-ISSUE #7020] steam: can't launch ubisoft games
Opened
#3457 [GH-ISSUE #7033] google-chrome: no input possible in searchbar and fields
Opened
#3458 [GH-ISSUE #7025] build: 0.9.78: release tag is in the wrong commit (version 0.9.79)
Opened
#3459 [GH-ISSUE #7030] yt-dlp: Unable to access browser cookies for authenticated downloads
Opened
#3460 [GH-ISSUE #7035] flameshot: Access error: uid 1000, last mount name:/ dir:/run/user/1000/gvfs type:fuse.gvfsd-fuse - invalid whitelist mount
Opened
#3461 [GH-ISSUE #7038] Not keeping all mounts
Opened
#3462 [GH-ISSUE #7037] paths containing ".." are valid, why are they refused?
Opened
#3463 [GH-ISSUE #7040] Firefox 147+ now uses XDG paths
Opened
#3464 [GH-ISSUE #7046] Hide/Mask firejail process (pid 1) inside sandbox
Opened
#3465 [GH-ISSUE #7047] Be able to choose uid/gid inside sandbox
Opened
#3466 [GH-ISSUE #7053] Split noaudio to nosound and nomic
Opened
#3467 [GH-ISSUE #7054] Add link-local addresses to 'nolocal' firewall configs
Opened
#3468 [GH-ISSUE #7048] Random hostname is not set & localhost is missing from /etc/hosts
Opened
#3469 [GH-ISSUE #7056] firefox: cannot find existing firefox profiles
Opened
#3470 [GH-ISSUE #7057] tor-browser does not work with firejail: Warning fcopy: cannot create symbolic link /etc/alternatives/js
Opened
#3471 [GH-ISSUE #7058] io_uring filtering
Opened
#3472 [GH-ISSUE #7060] Update Ubuntu PPA to 0.9.76
Opened
#3473 [GH-ISSUE #7062] xorg: Authorization required, but no authorization protocol specified
Opened
#3474 [GH-ISSUE #7063] --seccomp= accepts invalid syscall names without warning
Opened
#3475 [GH-ISSUE #7072] jailcheck: no results for sandboxed applications
Opened
#3476 [GH-ISSUE #7070] blink-common: Is caps.keep sys_admin necessary?
Opened
#3477 [GH-ISSUE #7069] Add --keep-hostname command
Opened
#3478 [GH-ISSUE #7081] fbwrap sleeps instead of waiting for child to exit, does not preserve return code
Opened
#3479 [GH-ISSUE #7078] AppArmor profile does not grant userns permissions
Opened
#3480 [GH-ISSUE #7091] build: remove ./configure --disable-man option
Opened
#3481 [GH-ISSUE #7092] build: remove ./configure --disable-usertmpfs option
Opened
#3482 [GH-ISSUE #7093] feature: add apparmor profiles for --nettrace command
Opened
#3483 [GH-ISSUE #7094] modif: make Xephyr default for --x11 option
Opened
#3484 [GH-ISSUE #7105] Create a GitHub Project for 0.9.82
Opened
#3485 [GH-ISSUE #7097] fractal: cannot view multimedia due to glycin/bwrap
Opened
#3486 [GH-ISSUE #7096] Add a profile for Heroic Games Launcher
Opened
#3487 [GH-ISSUE #7107] torbrowser: cannot start program
Opened
#3488 [GH-ISSUE #7108] build: ../../src/lib/syscall.c:913:9: error: expected expression before ‘}’ token (Fails to build on i686, kernel 3.8)
Opened
#3489 [GH-ISSUE #7115] element: Error: no suitable /usr/bin/element-desktop executable found
Opened
#3490 [GH-ISSUE #7116] vscode: no window shows up on wayland (hyprland/gentoo)
Opened
#3491 [GH-ISSUE #7118] telegram: cannot access custom whitelisted path
Opened
#3492 [GH-ISSUE #7117] Add a way to fake files in /proc
Opened
#3493 [GH-ISSUE #7121] firefox: incorrect timezone
Opened
#3494 [GH-ISSUE #7128] chromium: browsers crash on launch
Opened
#3495 [GH-ISSUE #7130] man: 'xterm': unknown terminal type.
Opened
#3496 [GH-ISSUE #7134] MPV will not open
Opened
#3497 [GH-ISSUE #7132] can't disable blacklist of ~/.config/firejail
Opened
#3498 [GH-ISSUE #7133] fontforge: sandboxed libreoffice compilation on Gentoo uses LD_PRELOAD, triggers assertion failures
Opened
#3499 [GH-ISSUE #7140] firejail intercepts arguments
Opened
#3500 [GH-ISSUE #7138] Support wireguard adapters for --net option
Opened
#3501 [GH-ISSUE #7144] Add support for queue leasing and AF_XDP
Opened
#3502 [PR #16] [MERGED] Block access to history files
Opened
#3503 [PR #18] [CLOSED] Fix typos in the firejail-profile manpage
Opened
#3504 [PR #13] [MERGED] Fix potential null pointer dereference in netfilter
Opened
#3505 [PR #19] [MERGED] Fix typos in firejail-profile manpage
Opened
#3506 [PR #17] [MERGED] A bit more for CVE-2015-4495
Opened
#3507 [PR #23] [CLOSED] Some profile work (jitsi/[he]xchat)
Opened
#3508 [PR #21] [MERGED] Implement the --private-home option
Opened
#3509 [PR #20] [MERGED] Create a .gitignore file for firejail
Opened
#3510 [PR #26] [MERGED] Call realpath to resolve symlinks correctly in disable_file
Opened
#3511 [PR #24] [CLOSED] Profile work (jitsi / [he]xchat)
Opened
#3512 [PR #27] [MERGED] Fix typos in firejail and firejail-profile man
Opened
#3513 [PR #29] [MERGED] Replace get_link with realpath
Opened
#3514 [PR #28] [MERGED] Fix some compiler warnings
Opened
#3515 [PR #30] [MERGED] Update disable-mgmt.inc
Opened
#3516 [PR #32] [MERGED] Support ~ in blacklist and profile includes
Opened
#3517 [PR #33] [MERGED] Support filenames with spaces in the blacklist option
Opened
#3518 [PR #34] [MERGED] Fix the 'make install' command for new bash completion location
Opened
#3519 [PR #35] [MERGED] Compile with -W -Wall -Werror
Opened
#3520 [PR #38] [MERGED] Fix arguments passed to child process during execvp in --shell=none mode
Opened
#3521 [PR #41] [MERGED] Support --enable-fatal-warnings in all Makefiles
Opened
#3522 [PR #43] [MERGED] Fix typo in usage.c
Opened
#3523 [PR #42] [MERGED] Implement the expand_home util function
Opened
#3524 [PR #48] [MERGED] Rewrite globbing code to fix various minor issues
Opened
#3525 [PR #46] [MERGED] Use generic.profile by default
Opened
#3526 [PR #51] [MERGED] Add tags file and vim temporary files to .gitignore
Opened
#3527 [PR #52] [MERGED] Clean up some fragile uses of strncmp.
Opened
#3528 [PR #53] [MERGED] Noblacklist
Opened
#3529 [PR #55] [MERGED] Stop blacklisting from traversing . and .. after a glob
Opened
#3530 [PR #60] [MERGED] added install-strip, make install now without strip.
Opened
#3531 [PR #66] [MERGED] Add seccomp errno filter support
Opened
#3532 [PR #77] [MERGED] use configure options in Makefile
Opened
#3533 [PR #78] [CLOSED] standalone rpm spec
Opened
#3534 [PR #73] [MERGED] Add a profile for Spotify
Opened
#3535 [PR #79] [MERGED] switch project url to github
Opened
#3536 [PR #81] [MERGED] update url in rpm spec
Opened
#3537 [PR #88] [MERGED] Update pidgin.profile
Opened
#3538 [PR #89] [MERGED] add a few new items to blacklist
Opened
#3539 [PR #96] [MERGED] fix libtrace for musl libc
Opened
#3540 [PR #100] [MERGED] Create Steam profile
Opened
#3541 [PR #85] [MERGED] Correct typo
Opened
#3542 [PR #102] [MERGED] Use configured libdir instead of $prefix/lib
Opened
#3543 [PR #129] [MERGED] Allow firefox theming with non-global themes
Opened
#3544 [PR #130] [MERGED] Fixed Skype profile: was a copy of Steam profile
Opened
#3545 [PR #113] [MERGED] Added profile for Conkeror Browser
Opened
#3546 [PR #134] [MERGED] Fix warnings by clang-analyzer (scan-build)
Opened
#3547 [PR #148] [MERGED] Add '"' chars around every argument passed to bash
Opened
#3548 [PR #145] [MERGED] Fix #144
Opened
#3549 [PR #135] [MERGED] add some other whitelisting for theme and core firefox related functionality on Linux
Opened
#3550 [PR #150] [MERGED] keep original file permissions
Opened
#3551 [PR #161] [MERGED] Add weechat profile
Opened
#3552 [PR #174] [MERGED] clarify firejail-profile manpage
Opened
#3553 [PR #169] [MERGED] blacklist ncat
Opened
#3554 [PR #177] [MERGED] add 'hostname' command to profile
Opened
#3555 [PR #179] [MERGED] add rtorrent profile
Opened
#3556 [PR #180] [MERGED] add google-chrome{,-stable,-beta,-unstable}.profile
Opened
#3557 [PR #185] [CLOSED] blacklist recently-used.xbel*
Opened
#3558 [PR #186] [MERGED] add parole.profile
Opened
#3559 [PR #187] [MERGED] whitelist keysnail config for firefox
Opened
#3560 [PR #193] [MERGED] Make the build reproducible
Opened
#3561 [PR #194] [MERGED] Fix typos
Opened
#3562 [PR #210] [MERGED] Disallow access to kdbx files
Opened
#3563 [PR #198] [MERGED] use UTMP_FILE to check for its existence
Opened
#3564 [PR #202] [MERGED] Allow netlink for Spotify
Opened
#3565 [PR #213] [MERGED] dynamic allocation of noblacklist buffer
Opened
#3566 [PR #217] [CLOSED] Adds support for tmpfs-based profiles (profile-sync-daemon)
Opened
#3567 [PR #224] [MERGED] Don't blacklist recently-used.xbel
Opened
#3568 [PR #236] [MERGED] Adding Seamonkey profiles
Opened
#3569 [PR #227] [MERGED] blacklist /usr/local/sbin
Opened
#3570 [PR #244] [MERGED] changed typo in man file (namely --debug-blackilsts)
Opened
#3571 [PR #243] [MERGED] Fixing lintian warnings
Opened
#3572 [PR #255] [MERGED] Fix symlink invocation for programs placing symlinks in $PATH
Opened
#3573 [PR #250] [MERGED] Added Telegram profile
Opened
#3574 [PR #251] [MERGED] Blacklisting ~/.local/share/kwalletd
Opened
#3575 [PR #257] [MERGED] Make the sandbox process reap all children.
Opened
#3576 [PR #262] [MERGED] add Mathematica profile
Opened
#3577 [PR #264] [MERGED] add uGet profile
Opened
#3578 [PR #267] [MERGED] Add alternative location for muttrc
Opened
#3579 [PR #265] [MERGED] remove duplicate include from uGet profile
Opened
#3580 [PR #268] [MERGED] Fix for systems that don't have CAP_SYSLOG
Opened
#3581 [PR #269] [MERGED] Include <sys/socket.h> for sa_family_t (RHEL 6.6)
Opened
#3582 [PR #272] [MERGED] Typos
Opened
#3583 [PR #275] [MERGED] add mupen64plus profile
Opened
#3584 [PR #274] [MERGED] Make additional vimrc files; .xscreensaver file read only
Opened
#3585 [PR #289] [MERGED] Fix problem with relative path in storage_find function
Opened
#3586 [PR #292] [CLOSED] Fix building on systems without bash
Opened
#3587 [PR #293] [MERGED] Fix memory leak
Opened
#3588 [PR #299] [CLOSED] Add epiphany profile
Opened
#3589 [PR #297] [MERGED] RPM build fixes
Opened
#3590 [PR #300] [MERGED] Adding cherrytree profile
Opened
#3591 [PR #302] [MERGED] Add Polari profile
Opened
#3592 [PR #314] [MERGED] Epiphany: Fix settings being saved but not loaded
Opened
#3593 [PR #304] [MERGED] profile for wesnoth
Opened
#3594 [PR #315] [MERGED] edit wesnoth profile (small fix)
Opened
#3595 [PR #317] [MERGED] man/firejail.txt: note you don't need --ip6= with SLAAC
Opened
#3596 [PR #319] [MERGED] Add compile-time option to restrict --net= to root only
Opened
#3597 [PR #337] [MERGED] Added profiles for vivaldi
Opened
#3598 [PR #340] [MERGED] fix typo
Opened
#3599 [PR #323] [MERGED] Fix manual typo
Opened
#3600 [PR #345] [MERGED] More rpm fixes
Opened
#3601 [PR #346] [MERGED] add hedgewars profile (whitelist)
Opened
#3602 [PR #363] [MERGED] Forward exit code from child process
Opened
#3603 [PR #365] [MERGED] Add profile for qutebrowser.
Opened
#3604 [PR #349] [MERGED] Created Atril profile
Opened
#3605 [PR #368] [CLOSED] add restrictions to chromium browser profile
Opened
#3606 [PR #371] [MERGED] fs_etc: continue to copy files if one fails.
Opened
#3607 [PR #378] [MERGED] Add qTox profile
Opened
#3608 [PR #387] [MERGED] fix flashpeak-slimjet profile typos
Opened
#3609 [PR #391] [CLOSED] fix seccomp filter (32bit/64bit)
Opened
#3610 [PR #392] [MERGED] Fix xephyr methods referring to xpra
Opened
#3611 [PR #405] [MERGED] "/etc/password" -> "/etc/passwd"
Opened
#3612 [PR #406] [MERGED] add cmus.profile
Opened
#3613 [PR #415] [MERGED] profile.c: add --net <iface>
Opened
#3614 [PR #409] [MERGED] Allow alternative opera config path
Opened
#3615 [PR #416] [MERGED] Minor profile.c change
Opened
#3616 [PR #427] [MERGED] Paths fix
Opened
#3617 [PR #432] [MERGED] Pale Moon profile && python blacklists
Opened
#3618 [PR #436] [MERGED] Abrowser profile, based on Firefox
Opened
#3619 [PR #438] [CLOSED] added new 0ad profile
Opened
#3620 [PR #428] [MERGED] Profile cleanup
Opened
#3621 [PR #434] [MERGED] Separated thunderbird/icedove profiles
Opened
#3622 [PR #442] [CLOSED] Proposed
Opened
#3623 [PR #439] [CLOSED] GitHub stroking out on my end. :)
Opened
#3624 [PR #443] [MERGED] Use "~" in package name
Opened
#3625 [PR #444] [MERGED] add new files to rpm
Opened
#3626 [PR #449] [MERGED] warzone2100 profile
Opened
#3627 [PR #453] [MERGED] added gpredict profile
Opened
#3628 [PR #450] [MERGED] Blacklist vera crypt
Opened
#3629 [PR #451] [MERGED] Removed thunderbird todo
Opened
#3630 [PR #454] [MERGED] fs.c: correct debug message
Opened
#3631 [PR #456] [MERGED] added google-play-music-desktop-player profile
Opened
#3632 [PR #466] [MERGED] HexChat/Atril profile fix
Opened
#3633 [PR #468] [MERGED] fix "clean/clear" typos
Opened
#3634 [PR #457] [MERGED] Aweather && Stellarium
Opened
#3635 [PR #473] [MERGED] Temp fix for #472
Opened
#3636 [PR #474] [MERGED] Create quiterss.profile
Opened
#3637 [PR #476] [MERGED] blacklisted additional terminals
Opened
#3638 [PR #478] [MERGED] Fixes for hexchat.profile
Opened
#3639 [PR #479] [MERGED] cyberfox profile
Opened
#3640 [PR #485] [CLOSED] Make some tests more robust
Opened
#3641 [PR #486] [MERGED] Make some tests more robust
Opened
#3642 [PR #488] [MERGED] Fixes for ls.exp and trace.exp
Opened
#3643 [PR #490] [MERGED] Mark skipped tests differently
Opened
#3644 [PR #491] [MERGED] test/filters: some additional checks about testing environment
Opened
#3645 [PR #492] [MERGED] cherrytree.profile fix
Opened
#3646 [PR #495] [MERGED] blacklisted g++
Opened
#3647 [PR #499] [MERGED] Use locale-independent sorting
Opened
#3648 [PR #505] [MERGED] Proposed
Opened
#3649 [PR #502] [MERGED] Xapps
Opened
#3650 [PR #515] [MERGED] update seccomp default list in firejail-profile
Opened
#3651 [PR #517] [MERGED] mcabber.profile
Opened
#3652 [PR #518] [MERGED] mcabber.profile: use empty /etc
Opened
#3653 [PR #519] [MERGED] cmus.profile: use empty /etc
Opened
#3654 [PR #521] [MERGED] Revert "cmus.profile: use empty /etc"
Opened
#3655 [PR #526] [CLOSED] fix manual: --whitelist dir inside --read-only dir
Opened
#3656 [PR #533] [MERGED] Some fixes
Opened
#3657 [PR #534] [MERGED] Extra profiles (Psi+, Corebird, Konversation)
Opened
#3658 [PR #537] [MERGED] Make restricted-network prevent use of netfilter
Opened
#3659 [PR #536] [MERGED] Enable using the NO_NEW_PRIVS prctl(2) flag
Opened
#3660 [PR #538] [MERGED] Extend profiles to use the new nonewprivs feature
Opened
#3661 [PR #539] [CLOSED] Various
Opened
#3662 [PR #540] [MERGED] Brave
Opened
#3663 [PR #542] [CLOSED] Various
Opened
#3664 [PR #558] [MERGED] added profile for franz messenger
Opened
#3665 [PR #564] [MERGED] Set $APPIMAGE and $APPDIR environment variables
Opened
#3666 [PR #568] [MERGED] kwallet typo
Opened
#3667 [PR #575] [MERGED] skip ip6 test if filter table not available
Opened
#3668 [PR #579] [MERGED] Complete disable-common.inc
Opened
#3669 [PR #577] [MERGED] noqueue not exposed on older kernels; pfifo_fast is default qdisc
Opened
#3670 [PR #580] [MERGED] added libreoffice profile
Opened
#3671 [PR #582] [CLOSED] .
Opened
#3672 [PR #586] [MERGED] mpv.profile: make youtube-dl work
Opened
#3673 [PR #585] [MERGED] Proposed
Opened
#3674 [PR #584] [MERGED] Add profile for Firefox ESR
Opened
#3675 [PR #591] [MERGED] Fixed conffiles warning for soffice
Opened
#3676 [PR #596] [MERGED] add a firejail profile for strings
Opened
#3677 [PR #598] [MERGED] Committer: Paupiah Yashvi <yash@hackers.mu>
Opened
#3678 [PR #599] [MERGED] cpio sandbox profile for decompression
Opened
#3679 [PR #597] [MERGED] xz decompressor
Opened
#3680 [PR #601] [MERGED] Audacity
Opened
#3681 [PR #602] [MERGED] tighten disable-devel.inc
Opened
#3682 [PR #603] [MERGED] fix some typos
Opened
#3683 [PR #614] [MERGED] Telegram
Opened
#3684 [PR #613] [MERGED] Fix improper quoting of arguments
Opened
#3685 [PR #616] [MERGED] disable-common: Blacklist ~/.config/keybase
Opened
#3686 [PR #617] [MERGED] Fix chdir bug in libtracelog
Opened
#3687 [PR #621] [MERGED] Proposed
Opened
#3688 [PR #622] [MERGED] correction no. 2
Opened
#3689 [PR #620] [MERGED] Various
Opened
#3690 [PR #624] [MERGED] Mousetrap
Opened
#3691 [PR #626] [MERGED] restrict Dropbox to its own directories
Opened
#3692 [PR #628] [MERGED] Jitsi
Opened
#3693 [PR #634] [MERGED] Pidgin private-bin conversion
Opened
#3694 [PR #629] [MERGED] Additional fixes of command line quoting
Opened
#3695 [PR #638] [MERGED] Blacklist .gnomerc
Opened
#3696 [PR #643] [MERGED] Eom
Opened
#3697 [PR #646] [MERGED] Fix spelling errors found by lintian
Opened
#3698 [PR #653] [MERGED] disable-passwdmgr.inc: Don't leak keepassx config
Opened
#3699 [PR #652] [MERGED] Two fixes to --join behaviour
Opened
#3700 [PR #654] [MERGED] Add profile for uudeview
Opened
#3701 [PR #657] [MERGED] Some test fixes
Opened
#3702 [PR #659] [MERGED] Improve profile list
Opened
#3703 [PR #660] [MERGED] Add new skypeforlinux profile.
Opened
#3704 [PR #658] [MERGED] Allow BitlBee to write /var/lib/bitlbee
Opened
#3705 [PR #661] [MERGED] Fix command line quoting on joining, move quoting code to functions
Opened
#3706 [PR #662] [MERGED] Suggestions to release process
Opened
#3707 [PR #665] [MERGED] Add profiles for tar (gtar), unzip and unrar
Opened
#3708 [PR #664] [MERGED] Allow recursive mkdir (Closes #305)
Opened
#3709 [PR #663] [MERGED] Include mkuid.sh in "make dist"
Opened
#3710 [PR #668] [MERGED] Improve libtrace / libtracelog
Opened
#3711 [PR #672] [MERGED] Add uudeview to detect_quiet()
Opened
#3712 [PR #673] [MERGED] Simplify installation of profiles and manpages
Opened
#3713 [PR #679] [MERGED] Change hardcoded Xephyr options to close window at exit of last client.
Opened
#3714 [PR #681] [MERGED] add --private-template=directory option
Opened
#3715 [PR #684] [MERGED] Checkmate
Opened
#3716 [PR #687] [MERGED] Typo
Opened
#3717 [PR #691] [MERGED] Pair of small fixes
Opened
#3718 [PR #694] [MERGED] typo #688
Opened
#3719 [PR #689] [MERGED] tar profile and test fixes
Opened
#3720 [PR #695] [MERGED] Busybox workaround + expand ${PATH} macro in noblacklist entries
Opened
#3721 [PR #696] [MERGED] Fixed & tightened gnome-chess
Opened
#3722 [PR #701] [MERGED] rewrite of X11 support
Opened
#3723 [PR #709] [MERGED] Gather shell selection code in one place
Opened
#3724 [PR #702] [MERGED] Added more overlay options
Opened
#3725 [PR #711] [MERGED] Sandy shores
Opened
#3726 [PR #713] [MERGED] Fixed #712
Opened
#3727 [PR #716] [MERGED] Create inox.profile
Opened
#3728 [PR #717] [MERGED] x11 fixes
Opened
#3729 [PR #714] [MERGED] Fixes remaining issues related to #704
Opened
#3730 [PR #722] [MERGED] tightened profiles
Opened
#3731 [PR #723] [MERGED] Add profile support for Slack
Opened
#3732 [PR #728] [MERGED] Add profile for Gajim IM client
Opened
#3733 [PR #727] [MERGED] Small fixes (icecat.profile, disable-common.inc and whitelist-common.inc)
Opened
#3734 [PR #724] [MERGED] Fix Spotify - "private-bin spotify" prevents Spotify loading
Opened
#3735 [PR #729] [MERGED] run_no_sandbox fix
Opened
#3736 [PR #734] [MERGED] join fixes
Opened
#3737 [PR #743] [MERGED] additional batch of chown/chmod changes
Opened
#3738 [PR #735] [MERGED] Fix error in Slack profile
Opened
#3739 [PR #751] [MERGED] Fix spelling error
Opened
#3740 [PR #742] [MERGED] Tighten security
Opened
#3741 [PR #752] [MERGED] another typo
Opened
#3742 [PR #757] [MERGED] extra dosbox files
Opened
#3743 [PR #755] [MERGED] Profile tightening
Opened
#3744 [PR #753] [MERGED] Fix chmod/umask problem
Opened
#3745 [PR #758] [MERGED] Option to fix .desktop files for firecfg
Opened
#3746 [PR #761] [MERGED] minor fixes
Opened
#3747 [PR #763] [MERGED] small fixes
Opened
#3748 [PR #766] [MERGED] fix read_pid
Opened
#3749 [PR #769] [MERGED] xpra fix
Opened
#3750 [PR #771] [MERGED] use enum for enumeration
Opened
#3751 [PR #773] [MERGED] Add option to block X11
Opened
#3752 [PR #776] [MERGED] small --x11=block fixes
Opened
#3753 [PR #782] [MERGED] Accept /mnt in --whitelist option
Opened
#3754 [PR #788] [MERGED] Add netlink to --protocols in steam profile
Opened
#3755 [PR #798] [MERGED] Quiet SSH config
Opened
#3756 [PR #790] [MERGED] Update okular.profile
Opened
#3757 [PR #809] [MERGED] Fixed typo in comment
Opened
#3758 [PR #805] [MERGED] join-or-start option
Opened
#3759 [PR #808] [MERGED] Added tracelog
Opened
#3760 [PR #813] [CLOSED] Quickfix for problem found in SELinux that affects Firejail too.
Opened
#3761 [PR #815] [MERGED] CVE-2016-7545 fix improvement
Opened
#3762 [PR #822] [MERGED] If .Xauthority is symlink, skip and warn
Opened
#3763 [PR #819] [CLOSED] Yet another atempt to improve CVE-2016-7545 fix
Opened
#3764 [PR #826] [MERGED] Added profiles for feh, ranger and zathura
Opened
#3765 [PR #828] [MERGED] hardened profiles and fixed blacklisting
Opened
#3766 [PR #829] [MERGED] Fix typos found by lintian
Opened
#3767 [PR #830] [CLOSED] fixed issue with /sbin and /usr/sbin
Opened
#3768 [PR #835] [MERGED] fixed recovery issue
Opened
#3769 [PR #852] [MERGED] Allow evince to access /tmp
Opened
#3770 [PR #851] [MERGED] fixed database not found error
Opened
#3771 [PR #854] [MERGED] new profiles
Opened
#3772 [PR #856] [MERGED] minor fixes
Opened
#3773 [PR #857] [MERGED] add xpdf profile
Opened
#3774 [PR #859] [MERGED] added /srv in whitelist option
Opened
#3775 [PR #860] [MERGED] Whitelist Arch's chromium-flags.conf to Chromium
Opened
#3776 [PR #865] [MERGED] added profiles for eog and evolution
Opened
#3777 [PR #867] [MERGED] Misc fixes
Opened
#3778 [PR #870] [MERGED] Tightened Spotify profile
Opened
#3779 [PR #871] [MERGED] Alphabetise
Opened
#3780 [PR #866] [CLOSED] blacklisted common suid programms
Opened
#3781 [PR #872] [MERGED] Extra profiles
Opened
#3782 [PR #881] [MERGED] Added profiles for display (imagemagick) and wire
Opened
#3783 [PR #874] [MERGED] Minor fixes
Opened
#3784 [PR #885] [MERGED] Added a profile for mumble
Opened
#3785 [PR #878] [MERGED] Adding XDG-compat fontconfig's fonts path
Opened
#3786 [PR #890] [MERGED] Improvements for Zathura profile
Opened
#3787 [PR #893] [MERGED] Added profile for zoom.us messanger
Opened
#3788 [PR #891] [MERGED] various changes
Opened
#3789 [PR #898] [MERGED] adopted wire profile
Opened
#3790 [PR #899] [MERGED] Blacklist ecryptfs files
Opened
#3791 [PR #900] [MERGED] completed ecryptfs blacklist
Opened
#3792 [PR #901] [MERGED] do not blacklist msmtprc in mutt
Opened
#3793 [PR #916] [MERGED] fixed missing profiles
Opened
#3794 [PR #912] [MERGED] Guayadeque profile
Opened
#3795 [PR #920] [MERGED] various fixes
Opened
#3796 [PR #923] [MERGED] explain audit for seccomp logging
Opened
#3797 [PR #924] [MERGED] Many new profiles
Opened
#3798 [PR #941] [MERGED] New profiles: pluma and xed
Opened
#3799 [PR #943] [CLOSED] Fixed buggy typo (my fault)
Opened
#3800 [PR #936] [MERGED] added wget profile
Opened
#3801 [PR #945] [MERGED] Cryptocat
Opened
#3802 [PR #946] [MERGED] Added 10 new profiles
Opened
#3803 [PR #949] [MERGED] gajim fix
Opened
#3804 [PR #953] [MERGED] Added profiles for truecrypt and zuluCrypt
Opened
#3805 [PR #951] [MERGED] blacklisted various program files
Opened
#3806 [PR #957] [MERGED] qutebrowser fixes
Opened
#3807 [PR #963] [MERGED] Wireshark
Opened
#3808 [PR #960] [MERGED] block dbus ipc
Opened
#3809 [PR #962] [MERGED] Correct and tighten QuiteRss profile
Opened
#3810 [PR #967] [MERGED] make ipc blacklist more reliable
Opened
#3811 [PR #978] [MERGED] Add keepassx2 profile
Opened
#3812 [PR #979] [MERGED] Correct skanlite.profile
Opened
#3813 [PR #990] [MERGED] Implement the --allow-private-blacklist option
Opened
#3814 [PR #988] [MERGED] Added symlink fixer.
Opened
#3815 [PR #991] [MERGED] appimage: pass commandline arguments
Opened
#3816 [PR #993] [MERGED] Replace keepassx whitelisting with keepass whitelisting
Opened
#3817 [PR #994] [MERGED] profile improvements
Opened
#3818 [PR #1004] [MERGED] allow multiple private-argv
Opened
#3819 [PR #1002] [MERGED] main: guess_shell: use $SHELL variable if set
Opened
#3820 [PR #1006] [MERGED] Update gnome-mplayer.profile
Opened
#3821 [PR #1009] [CLOSED] Blacklists common mount points like /mnt
Opened
#3822 [PR #1021] [MERGED] Improved fix_private-bin.py a bit: added commandline arguments, metainfo and breadth-first search
Opened
#3823 [PR #1010] [MERGED] Don't touch aliases
Opened
#3824 [PR #1017] [MERGED] Add FossaMail profile
Opened
#3825 [PR #1024] [MERGED] Add references to CVEs in release notes
Opened
#3826 [PR #1025] [MERGED] Add references to CVEs in release notes
Opened
#3827 [PR #1026] [MERGED] Reference new CVEs
Opened
#3828 [PR #1033] [MERGED] evolution.profile: add local mail dirs
Opened
#3829 [PR #1027] [MERGED] Reference new CVEs
Opened
#3830 [PR #1035] [MERGED] disable-common: Make mutt and msmtp's rc files read-only
Opened
#3831 [PR #1034] [MERGED] etc: Support local customizations in *.inc
Opened
#3832 [PR #1037] [MERGED] typo in changelog
Opened
#3833 [PR #1036] [MERGED] disable-common: Make directories commonly found in $PATH read-only
Opened
#3834 [PR #1052] [MERGED] etc/Cryptocat: Fix missing app name
Opened
#3835 [PR #1044] [MERGED] Make ~/.local read-only
Opened
#3836 [PR #1053] [MERGED] added update scripts
Opened
#3837 [PR #1056] [MERGED] blacklist GNOME keyring and Konqueror
Opened
#3838 [PR #1061] [MERGED] uzbl-browser.profile: enabled support for pass password-manager
Opened
#3839 [PR #1060] [MERGED] added uzbl-browser.profile (refs #825)
Opened
#3840 [PR #1062] [MERGED] Add support for joining a persistent, named network namespace.
Opened
#3841 [PR #1064] [MERGED] Prevent tmux connecting to an existing session
Opened
#3842 [PR #1068] [MERGED] Fix for uudeview
Opened
#3843 [PR #1089] [MERGED] Security filters
Opened
#3844 [PR #1079] [MERGED] fixing --hosts-file privelege check
Opened
#3845 [PR #1099] [MERGED] added iridium browser profile
Opened
#3846 [PR #1100] [CLOSED] Rewrite X11 handling and add --x11=xvfb mode.
Opened
#3847 [PR #1103] [MERGED] Update unbound profile to block 3D acceleration.
Opened
#3848 [PR #1106] [MERGED] Tighten keepassx
Opened
#3849 [PR #1108] [MERGED] Thunar
Opened
#3850 [PR #1124] [MERGED] keepass browser integration, lastpass
Opened
#3851 [PR #1118] [MERGED] fixing and tidying up Keepass(x) profiles
Opened
#3852 [PR #1145] [CLOSED] profile for engrampa
Opened
#3853 [PR #1146] [MERGED] profile for engrampa
Opened
#3854 [PR #1147] [MERGED] profile for scribus
Opened
#3855 [PR #1149] [MERGED] complete autostart blacklist for KDE
Opened
#3856 [PR #1151] [MERGED] Handles #1150
Opened
#3857 [PR #1152] [MERGED] blacklist X11 startup scripts
Opened
#3858 [PR #1154] [MERGED] New profile: mousepad
Opened
#3859 [PR #1155] [MERGED] enable/disable join support in /etc/firejail/firejail.config
Opened
#3860 [PR #1153] [MERGED] syscall list update
Opened
#3861 [PR #1156] [MERGED] profile enhancements
Opened
#3862 [PR #1163] [MERGED] blacklist more KDE files
Opened
#3863 [PR #1164] [MERGED] firecfg: create ~/.local/share/applications directory if it doesn't exist
Opened
#3864 [PR #1159] [MERGED] Adds icedove directories in thunderbird profile
Opened
#3865 [PR #1165] [MERGED] blacklist krunnerrc
Opened
#3866 [PR #1166] [MERGED] blacklist more KDE files
Opened
#3867 [PR #1181] [MERGED] restrict more KDE files
Opened
#3868 [PR #1174] [MERGED] firejail.config cleanup
Opened
#3869 [PR #1177] [MERGED] various profile fixes and enhancements
Opened
#3870 [PR #1182] [MERGED] tidy up
Opened
#3871 [PR #1184] [MERGED] add new syscalls in default seccomp filter
Opened
#3872 [PR #1186] [MERGED] Add Go, Rust, and OpenSSL to disable-devel.conf
Opened
#3873 [PR #1188] [CLOSED] Allow fish_config
Opened
#3874 [PR #1190] [MERGED] mediathekview profile
Opened
#3875 [PR #1194] [MERGED] various profile enhancements
Opened
#3876 [PR #1195] [MERGED] blacklist attic and borg
Opened
#3877 [PR #1201] [MERGED] new baloo profile
Opened
#3878 [PR #1198] [MERGED] Okular and Gwenview profiles, Baloo blacklist
Opened
#3879 [PR #1205] [MERGED] Add a script to build a .deb with custom configure options
Opened
#3880 [PR #1208] [MERGED] fix baloo_file.profile (x11 isolation)
Opened
#3881 [PR #1207] [MERGED] Fix fj-mkdeb.py not functional when installed
Opened
#3882 [PR #1219] [MERGED] Add a profile for Dino
Opened
#3883 [PR #1209] [MERGED] --quiet fixes
Opened
#3884 [PR #1214] [MERGED] make Baloo experiment more meaningful
Opened
#3885 [PR #1220] [MERGED] Harden some profiles
Opened
#3886 [PR #1221] [MERGED] Add a profile for Kodi
Opened
#3887 [PR #1222] [MERGED] Add a profile for meld
Opened
#3888 [PR #1224] [MERGED] Fix gtk theme loading in Dino
Opened
#3889 [PR #1223] [MERGED] Add a profile for Arduino IDE
Opened
#3890 [PR #1226] [MERGED] Harden 8 more profiles
Opened
#3891 [PR #1225] [MERGED] Add a profile for youtube-dl
Opened
#3892 [PR #1228] [MERGED] Add a profile for Viking
Opened
#3893 [PR #1229] [MERGED] Add some programs to firecfg
Opened
#3894 [PR #1239] [MERGED] noexec ~/.local/share
Opened
#3895 [PR #1232] [MERGED] Harden more profiles
Opened
#3896 [PR #1242] [CLOSED] Add noexec ~/.local/share to all profiles using noexec ~
Opened
#3897 [PR #1252] [MERGED] update k3b profile
Opened
#3898 [PR #1253] [MERGED] Add overlay configuration to profiles
Opened
#3899 [PR #1254] [MERGED] Prevent running shells recursively
Opened
#3900 [PR #1260] [MERGED] blacklist file-manager python scripts
Opened
#3901 [PR #1262] [MERGED] complete icons whitelist
Opened
#3902 [PR #1265] [MERGED] blacklist keepass plugins
Opened
#3903 [PR #1266] [MERGED] harden baloo_file
Opened
#3904 [PR #1263] [CLOSED] Disable file managers from firecfg by default
Opened
#3905 [PR #1269] [MERGED] gimp profile fix
Opened
#3906 [PR #1270] [MERGED] completing noexec
Opened
#3907 [PR #1283] [CLOSED] allow python3 for youtube-dl in MPV profile
Opened
#3908 [PR #1279] [MERGED] Fix VLC GUI artifacts #1277
Opened
#3909 [PR #1278] [MERGED] make seccomp optional again
Opened
#3910 [PR #1284] [MERGED] allow python and python3 for youtube-dl in MPV profile
Opened
#3911 [PR #1288] [MERGED] added floader files
Opened
#3912 [PR #1296] [MERGED] WIP: --novideo option
Opened
#3913 [PR #1297] [MERGED] Add fish-shell history and config to disable-common.inc
Opened
#3914 [PR #1295] [MERGED] Clementine seccomp update
Opened
#3915 [PR #1304] [MERGED] gnome-calculator profile fix
Opened
#3916 [PR #1307] [MERGED] minor bugfix: Correctly dereference "subdirname" variable
Opened
#3917 [PR #1315] [CLOSED] pulseaudio with whitelisting
Opened
#3918 [PR #1317] [MERGED] Fix lintian warning package-contains-timestamped-gzip
Opened
#3919 [PR #1322] [MERGED] Add profile for Waterfox and update profile for Cyberfox
Opened
#3920 [PR #1343] [MERGED] Fix typo in usage example command
Opened
#3921 [PR #1345] [MERGED] Update Waterfox and Cyberfox profile
Opened
#3922 [PR #1357] [MERGED] Add profile for Liferea
Opened
#3923 [PR #1358] [MERGED] fix empty-string assignment
Opened
#3924 [PR #1354] [MERGED] More fixes for #1349 and 1acfd077b124cbfc8ed257f0c0aacf4f4cbaba38
Opened
#3925 [PR #1359] [MERGED] Fix race condition when setting up /run/firejail files (#1013)
Opened
#3926 [PR #1360] [MERGED] Allow env for youtube-dl in mpv profile
Opened
#3927 [PR #1363] [MERGED] Allow ~/.netrc for youtube-dl
Opened
#3928 [PR #1365] [MERGED] Harden 50 profiles
Opened
#3929 [PR #1367] [MERGED] Harden profiles
Opened
#3930 [PR #1369] [MERGED] Add profile for Peek
Opened
#3931 [PR #1372] [MERGED] Fix permission denied for chromium-flags.conf in Arch
Opened
#3932 [PR #1373] [MERGED] Add a profile for SILENTARMY
Opened
#3933 [PR #1377] [MERGED] Fix .java after e2449ae7d25925cec444ac08bbfb9cbc7199e647
Opened
#3934 [PR #1374] [MERGED] Add profiles for IntelliJ IDEA and Android Studio
Opened
#3935 [PR #1379] [MERGED] Add quiet to exiftool profile
Opened
#3936 [PR #1380] [CLOSED] tidy up of disable-common.inc
Opened
#3937 [PR #1389] [CLOSED] Fix wget breaking rkhunter
Opened
#3938 [PR #1390] [MERGED] Fix #1383
Opened
#3939 [PR #1393] [MERGED] Improve mount handling
Opened
#3940 [PR #1394] [MERGED] Fix typo usr->user
Opened
#3941 [PR #1397] [MERGED] Add access to trash for eog
Opened
#3942 [PR #1402] [MERGED] /proc/sys can be nosuid,noexec,nodev
Opened
#3943 [PR #1399] [MERGED] Private /lib feature
Opened
#3944 [PR #1403] [MERGED] Block some obsolete or unusual syscalls
Opened
#3945 [PR #1407] [MERGED] Add Electron and Riot profiles
Opened
#3946 [PR #1408] [MERGED] Zoom cache dir
Opened
#3947 [PR #1411] [MERGED] Add a profile for arm
Opened
#3948 [PR #1409] [MERGED] Fix typo for fnet moveif invocation on 2nd interface.
Opened
#3949 [PR #1410] [MERGED] Improve seccomp printing
Opened
#3950 [PR #1412] [MERGED] Improve loading of seccomp filter and memory-deny-write-execute feature
Opened
#3951 [PR #1415] [MERGED] Tentative implementation for #1405
Opened
#3952 [PR #1416] [MERGED] telegram is called telegram-desktop in Debian
Opened
#3953 [PR #1423] [MERGED] Add some /proc dirs to firejail apparmor profile
Opened
#3954 [PR #1421] [MERGED] Fix #1420
Opened
#3955 [PR #1424] [MERGED] Apparmor: update whitelist path for kde
Opened
#3956 [PR #1426] [MERGED] Apparmor: add local configuration
Opened
#3957 [PR #1428] [MERGED] Change ${HOME}/.local/share/kservices5 to read-only
Opened
#3958 [PR #1430] [MERGED] profile fixes
Opened
#3959 [PR #1427] [MERGED] Unify all profiles
Opened
#3960 [PR #1431] [MERGED] Add 8 new profiles
Opened
#3961 [PR #1432] [MERGED] Gwenview: drop kbuildsycoca5 from private-bin
Opened
#3962 [PR #1436] [MERGED] Add a profile for Gnome Twitch
Opened
#3963 [PR #1435] [MERGED] Update firecfg.config and add a wireshark-* alias
Opened
#3964 [PR #1433] [MERGED] various profile fixes
Opened
#3965 [PR #1437] [MERGED] fix steam startup with >=llvm-4
Opened
#3966 [PR #1438] [MERGED] Change KDE4 services folder to read-only
Opened
#3967 [PR #1442] [MERGED] various little profile fixes and enhancements
Opened
#3968 [PR #1443] [MERGED] Automatically build each commit on Travis CI and upload
Opened
#3969 [PR #1444] [MERGED] Harden 18 profiles using private-bin
Opened
#3970 [PR #1445] [CLOSED] comment private-dev in VLC
Opened
#3971 [PR #1448] [MERGED] Match RPM license tag with license set in COPYING
Opened
#3972 [PR #1449] [CLOSED] Add License field to Debian control file
Opened
#3973 [PR #1452] [MERGED] Add a profile alias for Firefox Nightly
Opened
#3974 [PR #1451] [MERGED] more novideo options, enhanced mediathekview
Opened
#3975 [PR #1453] [MERGED] Add TuxGuitar profile
Opened
#3976 [PR #1460] [MERGED] fix tuxguitar comments
Opened
#3977 [PR #1461] [MERGED] Fix notv placement
Opened
#3978 [PR #1465] [MERGED] fix smplayer for mpv
Opened
#3979 [PR #1466] [MERGED] Fix nodvd placement
Opened
#3980 [PR #1468] [MERGED] firejail profile for torbrowser-launcher
Opened
#3981 [PR #1469] [MERGED] Add novideo and noexec /tmp to Tor browsers
Opened
#3982 [PR #1473] [CLOSED] Dino: Fix file downloads
Opened
#3983 [PR #1472] [MERGED] unbreak k3b
Opened
#3984 [PR #1475] [MERGED] some fixes and enhancements
Opened
#3985 [PR #1477] [MERGED] new MuseScore profile
Opened
#3986 [PR #1482] [MERGED] Update waterfox.profile
Opened
#3987 [PR #1484] [MERGED] Fix Gnome 2048 under wayland
Opened
#3988 [PR #1485] [MERGED] Add pass to common blacklist
Opened
#3989 [PR #1483] [MERGED] fix simple-scan
Opened
#3990 [PR #1488] [MERGED] Various changes
Opened
#3991 [PR #1489] [MERGED] profile fixes and enhancements
Opened
#3992 [PR #1494] [MERGED] Allow private-bin parameters to be absolute paths
Opened
#3993 [PR #1495] [MERGED] Support for gnome-shell integration extension in Waterfox
Opened
#3994 [PR #1493] [MERGED] Fix #1492
Opened
#3995 [PR #1496] [MERGED] Fix MulitMC5 and Xonotic
Opened
#3996 [PR #1500] [MERGED] firejail profile for itch.io desktop app
Opened
#3997 [PR #1501] [MERGED] Tweak itch.io profile
Opened
#3998 [PR #1511] [MERGED] improve servers, harden musescore
Opened
#3999 [PR #1512] [MERGED] Fix logging for servers
Opened
#4000 [PR #1503] [MERGED] enhance and fix profiles (mostly novideo additions)
Opened
#4001 [PR #1515] [MERGED] Fix Spotify #1513
Opened
#4002 [PR #1519] [MERGED] Add a profile for Yandex Browser
Opened
#4003 [PR #1517] [MERGED] Added profile for yandex-browser (beta)
Opened
#4004 [PR #1523] [MERGED] add smtube (add-on for smplayer) to private-bin
Opened
#4005 [PR #1526] [MERGED] tighten some capability sets further
Opened
#4006 [PR #1524] [MERGED] firejail profile for smtube
Opened
#4007 [PR #1532] [MERGED] Fix broken audio in Slack
Opened
#4008 [PR #1530] [MERGED] cleanup snap profile
Opened
#4009 [PR #1528] [MERGED] syscalls blacklisted twice
Opened
#4010 [PR #1533] [MERGED] remount ~/.config/pulse with noexec
Opened
#4011 [PR #1536] [MERGED] Add a profile for Minetest
Opened
#4012 [PR #1538] [MERGED] Fix gitg diff not showing
Opened
#4013 [PR #1544] [MERGED] localhost mail fix for mutt
Opened
#4014 [PR #1542] [MERGED] Update waterfox.profile
Opened
#4015 [PR #1548] [MERGED] goobox enhancements
Opened
#4016 [PR #1549] [MERGED] harden baloo, clementine
Opened
#4017 [PR #1552] [MERGED] Add a profile for Terasology
Opened
#4018 [PR #1551] [MERGED] little KDE app enhancements
Opened
#4019 [PR #1554] [CLOSED] harden corebird
Opened
#4020 [PR #1555] [MERGED] Upstream many profiles from various sources
Opened
#4021 [PR #1558] [MERGED] Set shell none for ssh-agent configuration
Opened
#4022 [PR #1561] [MERGED] fix usage of STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 in steam.profile
Opened
#4023 [PR #1571] [MERGED] Update quiterss.profile
Opened
#4024 [PR #1565] [MERGED] Some profiles
Opened
#4025 [PR #1577] [MERGED] Update waterfox.profile
Opened
#4026 [PR #1582] [MERGED] Add profile for gnome-ring
Opened
#4027 [PR #1587] [MERGED] Enumerate root directories in apparmor profile
Opened
#4028 [PR #1596] [MERGED] Update manpages to use HTTPS links
Opened
#4029 [PR #1593] [MERGED] Create signal-desktop.profile
Opened
#4030 [PR #1604] [MERGED] Addition of RLIMIT_AS
Opened
#4031 [PR #1613] [CLOSED] Add Popcorn-Time profile
Opened
#4032 [PR #1637] [MERGED] profiles: keepassxc: add machine-id to private-etc
Opened
#4033 [PR #1643] [MERGED] Update franz.profile to work with version 5 upwards
Opened
#4034 [PR #1647] [MERGED] Blacklist the Electron Cash Wallet
Opened
#4035 [PR #1617] [CLOSED] Merge pull request #1 from netblue30/master
Opened
#4036 [PR #1657] [MERGED] Blacklist s3cmd and s3fs configs
Opened
#4037 [PR #1664] [MERGED] qtox needs libstdc++.so.6
Opened
#4038 [PR #1676] [MERGED] libtrace/libtrace.c: add missing limits.h include
Opened
#4039 [PR #1662] [MERGED] In Testing: (Re)add disable-mnt to common browser profiles.
Opened
#4040 [PR #1681] [MERGED] Profiles updates
Opened
#4041 [PR #1687] [MERGED] Added environment variable QML_DISABLE_DISK_CACHE=1 to okular.profile.
Opened
#4042 [PR #1696] [MERGED] Blacklist ~/.ethereum
Opened
#4043 [PR #1691] [MERGED] Fix Deluge
Opened
#4044 [PR #1689] [MERGED] disable-common.inc: read-only access to ~/.ssh/authorized_keys
Opened
#4045 [PR #1697] [MERGED] Blacklist the monero wallets directory
Opened
#4046 [PR #1700] [MERGED] inox edgy flavours fix (doesnt work history and extensions)
Opened
#4047 [PR #1706] [MERGED] Blacklist the Dash Core wallet directory
Opened
#4048 [PR #1701] [MERGED] tor flavours
Opened
#4049 [PR #1704] [MERGED] Add "sylpheed" to profiles
Opened
#4050 [PR #1708] [MERGED] Fix #1702 - Couldn't start 'minetest' in Debian Testing
Opened
#4051 [PR #1710] [MERGED] Add profile for "playonlinux"
Opened
#4052 [PR #1713] [MERGED] Apparmor: fix broken file dialogs in kde plasma
Opened
#4053 [PR #1714] [CLOSED] Create Popcorn-Time.profile
Opened
#4054 [PR #1733] [MERGED] chore(.gitignore) ignore built packages
Opened
#4055 [PR #1715] [MERGED] Create discord-canary.profile
Opened
#4056 [PR #1738] [MERGED] add new syscalls from glibc 2.26-10
Opened
#4057 [PR #1751] [MERGED] chromium canary (inox-family)
Opened
#4058 [PR #1744] [MERGED] fixes for the keepassxc 2.2.5 version
Opened
#4059 [PR #1758] [MERGED] Apparmor: minor fixes
Opened
#4060 [PR #1745] [MERGED] Apparmor: restrict access to writable files
Opened
#4061 [PR #1761] [MERGED] Allow Spotify to run Zenity
Opened
#4062 [PR #1762] [MERGED] add localtime to private-etc to make qtox show correct time
Opened
#4063 [PR #1763] [MERGED] Update remmina.profile
Opened
#4064 [PR #1764] [MERGED] Add seccomp filters for remmina, from an strace session connecting via RDP
Opened
#4065 [PR #1766] [MERGED] Apparmor: fix various denials
Opened
#4066 [PR #1774] [MERGED] Unify all Chromium and Firefox based browser profiles
Opened
#4067 [PR #1775] [MERGED] Apparmor: don't duplicate userspace /run/user restrictions
Opened
#4068 [PR #1776] [MERGED] Apparmor: blacklist /proc and /sys access from firejail
Opened
#4069 [PR #1777] [MERGED] playonlinux: unblacklist perl usage
Opened
#4070 [PR #1779] [MERGED] Add a profile for Vivaldi Snapshot
Opened
#4071 [PR #1780] [MERGED] Add a profile for bitcoin-qt
Opened
#4072 [PR #1787] [MERGED] .Xauthority moved from blacklist to read-only
Opened
#4073 [PR #1783] [CLOSED] viewnior needs access to X
Opened
#4074 [PR #1802] [CLOSED] Don't enable profiles which may be used for system administrtion
Opened
#4075 [PR #1806] [CLOSED] kate: allow system-wide read access
Opened
#4076 [PR #1820] [MERGED] Fix compilation with musl
Opened
#4077 [PR #1821] [CLOSED] Musixmatch support
Opened
#4078 [PR #1827] [MERGED] Add support for the devil musixmatch
Opened
#4079 [PR #1825] [CLOSED] WIP: Recalibration of D-Bus access, see #1822
Opened
#4080 [PR #1828] [MERGED] gnome-recipes profile
Opened
#4081 [PR #1829] [MERGED] evince fixes
Opened
#4082 [PR #1831] [MERGED] private-lib fix
Opened
#4083 [PR #1835] [MERGED] Adding thunderbird-beta and Blender-28
Opened
#4084 [PR #1830] [CLOSED] whitelist-common.inc fixes for several profiles
Opened
#4085 [PR #1837] [MERGED] WIP: Blacklist common programming interpreters.
Opened
#4086 [PR #1840] [CLOSED] fix immutable settings
Opened
#4087 [PR #1843] [MERGED] recalibrate dbus access, deploy nodbus option
Opened
#4088 [PR #1848] [MERGED] Add a section for cloud-providers to the default block-list
Opened
#4089 [PR #1849] [MERGED] Added a basic profile for gcloud
Opened
#4090 [PR #1851] [MERGED] Fix private-lib
Opened
#4091 [PR #1852] [MERGED] Fix private-lib again
Opened
#4092 [PR #1853] [MERGED] Create gnome-logs.profile
Opened
#4093 [PR #1859] [MERGED] Allow perl
Opened
#4094 [PR #1854] [MERGED] add --noautopulse arg for complex pulse setups
Opened
#4095 [PR #1860] [MERGED] syntax fixup
Opened
#4096 [PR #1861] [MERGED] mpd config modernizing
Opened
#4097 [PR #1862] [MERGED] consistent pid/PID usage
Opened
#4098 [PR #1863] [MERGED] Config support fixup
Opened
#4099 [PR #1864] [MERGED] Update enchant profile
Opened
#4100 [PR #1865] [CLOSED] Potential fixes for Firefox 60
Opened
#4101 [PR #1867] [MERGED] Soundconverter needs python
Opened
#4102 [PR #1868] [MERGED] Disable memory-deny-write-execute
Opened
#4103 [PR #1870] [MERGED] atool fixes
Opened
#4104 [PR #1873] [MERGED] atool 'redirect' profiles
Opened
#4105 [PR #1874] [CLOSED] fix settings - disable nodus
Opened
#4106 [PR #1875] [MERGED] fix sqlitebrowser blacklist
Opened
#4107 [PR #1882] [MERGED] Fix profile for last version (musixmatch)
Opened
#4108 [PR #1884] [MERGED] Add Discord profile
Opened
#4109 [PR #1881] [CLOSED] Allow firefox to access proxychains' local config.
Opened
#4110 [PR #1888] [MERGED] Amend Discord profile
Opened
#4111 [PR #1886] [MERGED] allow java in some more profiles
Opened
#4112 [PR #1890] [MERGED] fix bitblbee doubled-up private-dev option
Opened
#4113 [PR #1892] [MERGED] correct spelling
Opened
#4114 [PR #1891] [MERGED] Fix firefox common addons
Opened
#4115 [PR #1894] [MERGED] Repairing programs
Opened
#4116 [PR #1898] [MERGED] Add CLion profile
Opened
#4117 [PR #1904] [MERGED] avoid TESTING warning in firefox-common-addons.inc
Opened
#4118 [PR #1900] [MERGED] Add WebStorm profile
Opened
#4119 [PR #1903] [MERGED] priv tweaks
Opened
#4120 [PR #1905] [MERGED] typo in disable-common.inc
Opened
#4121 [PR #1906] [MERGED] Re-enable join-or-start
Opened
#4122 [PR #1909] [MERGED] Add AnyDesk profile
Opened
#4123 [PR #1910] [MERGED] Add XMind profile
Opened
#4124 [PR #1911] [MERGED] Enable KVM on Android Studio
Opened
#4125 [PR #1914] [MERGED] Update Gajim profile
Opened
#4126 [PR #1915] [MERGED] Add nvm to list of disabled interpreters
Opened
#4127 [PR #1916] [MERGED] Amend WebStorm profile
Opened
#4128 [PR #1918] [MERGED] priv tweak
Opened
#4129 [PR #1919] [MERGED] Add --keep-var-tmp and associated profile option
Opened
#4130 [PR #1922] [MERGED] Allow GNOME Shell integration in unzip
Opened
#4131 [PR #1923] [MERGED] add disable-interpreters.inc to gnome-logs
Opened
#4132 [PR #1924] [MERGED] add note for 'volatile' storage support
Opened
#4133 [PR #1932] [MERGED] Fixes to make Blender with AMD GPU work under firejail (#1931)
Opened
#4134 [PR #1933] [MERGED] profile for sayonara player
Opened
#4135 [PR #1934] [MERGED] profile for qmmp
Opened
#4136 [PR #1935] [MERGED] disable tracelog in firefox-common.profile
Opened
#4137 [PR #1954] [MERGED] Add dictionary access to Slack
Opened
#4138 [PR #1943] [CLOSED] Krita: Enable python and KDE (ksyscoca)
Opened
#4139 [PR #1958] [CLOSED] travis: update to bionic
Opened
#4140 [PR #1936] [CLOSED] add whitelist-common.inc to qmmp profile
Opened
#4141 [PR #1969] [CLOSED] Allow Telegram to use Netlink sockets
Opened
#4142 [PR #1976] [MERGED] Fix DjVu opening in Evince
Opened
#4143 [PR #1996] [MERGED] Add gnome-mpv profile
Opened
#4144 [PR #1977] [MERGED] Fix installing skins on qmmp.profile
Opened
#4145 [PR #1997] [MERGED] Add riot-desktop redirect profile, create Riot config directory
Opened
#4146 [PR #1998] [MERGED] Amend Wire profiles
Opened
#4147 [PR #1999] [MERGED] Create tor-browser-en directory, add missing bin programs
Opened
#4148 [PR #2000] [MERGED] Create tor-browser-* directories
Opened
#4149 [PR #2003] [MERGED] Revert private cache enabled by default
Opened
#4150 [PR #2007] [MERGED] include globals.local only once
Opened
#4151 [PR #2010] [MERGED] don't include globals.local twice (take two)
Opened
#4152 [PR #2015] [MERGED] i'm modifying inox-hard (aur)
Opened
#4153 [PR #2012] [MERGED] 7z redirect profiles
Opened
#4154 [PR #2020] [MERGED] Fix Gajim 1.0.3 startup on Fedora 28.
Opened
#4155 [PR #2022] [MERGED] discord: added localtime and ld.so.cache to private-etc to fix wrong time and "discord: error while loading shared libraries: libstdc++.so.6: cannot open shared object file: No such file or directory"
Opened
#4156 [PR #2025] [MERGED] Creating the gradio profile and editing the geary profile
Opened
#4157 [PR #2052] [MERGED] Create standardnotes-desktop.profile
Opened
#4158 [PR #2033] [MERGED] additional whitelist hardening
Opened
#4159 [PR #2054] [CLOSED] firefox-beta
Opened
#4160 [PR #2055] [MERGED] added firefox-beta.profile
Opened
#4161 [PR #2056] [MERGED] noblacklist added for standardnotes-desktop
Opened
#4162 [PR #2058] [MERGED] Add netlink protocol
Opened
#4163 [PR #2060] [MERGED] WIP: Add new disable-xdg.inc
Opened
#4164 [PR #2057] [CLOSED] Make ktorrent actually work
Opened
#4165 [PR #2063] [MERGED] created flameshot profile
Opened
#4166 [PR #2076] [MERGED] Add various vim related profiles
Opened
#4167 [PR #2079] [MERGED] Add Beaker browser
Opened
#4168 [PR #2081] [MERGED] Add descriptions to profiles
Opened
#4169 [PR #2091] [CLOSED] Create pybitmessage.profile
Opened
#4170 [PR #2092] [MERGED] Create pybitmessage.profile
Opened
#4171 [PR #2093] [CLOSED] profiles: add auto-generated private-etc lines to all profiles
Opened
#4172 [PR #2096] [CLOSED] Remove nogroups from audio player profiles
Opened
#4173 [PR #2094] [MERGED] Update disable-common.inc
Opened
#4174 [PR #2104] [MERGED] hardening evince, dbus not needed
Opened
#4175 [PR #2105] [MERGED] created jdownloader profile
Opened
#4176 [PR #2115] [MERGED] Amend gnome-music profile
Opened
#4177 [PR #2123] [CLOSED] Fix incorrect whitelist-path handling
Opened
#4178 [PR #2130] [MERGED] FIX-2045: Fix command name parsing for program paths with spaces.
Opened
#4179 [PR #2127] [MERGED] fixed vim missing from firecfg.config
Opened
#4180 [PR #2131] [MERGED] fixed discord not able to check for updates
Opened
#4181 [PR #2133] [CLOSED] added keep-dev-shm so firefox-sync works
Opened
#4182 [PR #2144] [MERGED] Write-protection for thumbnailer dir
Opened
#4183 [PR #2141] [MERGED] Update appimage size calculation to newest code from libappimage.
Opened
#4184 [PR #2138] [MERGED] Fix incorrect --list and --tree output under certain circumstances
Opened
#4185 [PR #2152] [CLOSED] Improve profile handling
Opened
#4186 [PR #2156] [MERGED] Improve include handling
Opened
#4187 [PR #2159] [MERGED] allow overriding of disable-mnt with noblacklist
Opened
#4188 [PR #2157] [CLOSED] Fix 2155 - Add user-profiles configuration option.
Opened
#4189 [PR #2161] [MERGED] Fix file.profile
Opened
#4190 [PR #2158] [MERGED] Add support for rudimentary conditionals in profiles
Opened
#4191 [PR #2162] [MERGED] new profile QMediathekView
Opened
#4192 [PR #2164] [MERGED] New profile aria2c
Opened
#4193 [PR #2163] [MERGED] Harden strings.profile
Opened
#4194 [PR #2165] [MERGED] Authenticator
Opened
#4195 [PR #2166] [MERGED] Create checkbashisms.profile
Opened
#4196 [PR #2167] [MERGED] Fix GTK theme and some hardening
Opened
#4197 [PR #2169] [MERGED] New profile devilspie
Opened
#4198 [PR #2168] [MERGED] New profile devilspie2
Opened
#4199 [PR #2170] [MERGED] New profile easystroke
Opened
#4200 [PR #2171] [MERGED] New profile desktop (a.k.a. github-desktop)
Opened
#4201 [PR #2172] [MERGED] New profile min
Opened
#4202 [PR #2174] [MERGED] Alias profile for xzdec
Opened
#4203 [PR #2173] [MERGED] Redirect profiles for bsdtar
Opened
#4204 [PR #2177] [MERGED] Add gzip aliases
Opened
#4205 [PR #2178] [MERGED] Fix atool for UID/GID > 1000
Opened
#4206 [PR #2179] [MERGED] Add some more cpio aliases
Opened
#4207 [PR #2181] [MERGED] New profile gnome pie
Opened
#4208 [PR #2180] [MERGED] Create artha.profile
Opened
#4209 [PR #2182] [MERGED] New profile mencoder
Opened
#4210 [PR #2183] [MERGED] New profile nitroshare
Opened
#4211 [PR #2184] [MERGED] Add artha & nitroshare to disable-programs.inc
Opened
#4212 [PR #2186] [MERGED] Fix issue #2148: Make sure firejail can find helper programs in sandbox regardless of options.
Opened
#4213 [PR #2185] [MERGED] New profile masterpdfeditor
Opened
#4214 [PR #2189] [MERGED] Add Bitwarden to blacklisted PW manager files
Opened
#4215 [PR #2190] [CLOSED] Revert "Fix issue #2148: Make sure firejail can find helper programs in sandbox regardless of options."
Opened
#4216 [PR #2191] [MERGED] Update gnome-pie profile
Opened
#4217 [PR #2193] [MERGED] Make --join return exit code of the invoked program
Opened
#4218 [PR #2198] [MERGED] Fix docs to more correctly list the syscalls in the @default seccomp group.
Opened
#4219 [PR #2192] [MERGED] The path in ld.so.preload should point to RUN_FIREJAIL_LIB_DIR, as LIBDIR may not exist.
Opened
#4220 [PR #2199] [MERGED] Fix #2142: Firefox appimage fails because it needs non-default seccomp
Opened
#4221 [PR #2201] [MERGED] Add nou2f to all profiles
Opened
#4222 [PR #2227] [MERGED] Expanded the comment about nodbus breaking stuff
Opened
#4223 [PR #2218] [MERGED] experimental: remounts child mount points as well
Opened
#4224 [PR #2213] [MERGED] git.profile: Disable blacklist for default Oh My Zsh directory
Opened
#4225 [PR #2235] [MERGED] Fix typo in brackets.profile
Opened
#4226 [PR #2236] [MERGED] Add description to dig.profile
Opened
#4227 [PR #2238] [MERGED] Reorganize whois.profile
Opened
#4228 [PR #2237] [MERGED] Update enpass.profile
Opened
#4229 [PR #2240] [MERGED] Fix tar.profile on Debian based distributions
Opened
#4230 [PR #2241] [MERGED] Fix seccomp in mpd.profile
Opened
#4231 [PR #2243] [MERGED] Fix gpg.profile for Arch users
Opened
#4232 [PR #2245] [MERGED] Add 'quiet' to atool.profile
Opened
#4233 [PR #2244] [MERGED] Update file.profile
Opened
#4234 [PR #2246] [MERGED] Use ${HOME} instead of ~ in dig.profile
Opened
#4235 [PR #2247] [MERGED] Add new config option to disable U2F in browsers, enabled by default
Opened
#4236 [PR #2249] [MERGED] Sort whitelist-common.inc alphabetically
Opened
#4237 [PR #2250] [MERGED] Fix spacing in disable-common.inc
Opened
#4238 [PR #2251] [MERGED] Fix alphabetical sort
Opened
#4239 [PR #2253] [MERGED] Have appimage handling be the same with or with out special -- argument.
Opened
#4240 [PR #2254] [MERGED] Add better documentation for "-c" option.
Opened
#4241 [PR #2255] [MERGED] Allow prefixing colon to profile argument of --profile to for a profile search
Opened
#4242 [PR #2260] [MERGED] Fix Evince profile
Opened
#4243 [PR #2266] [MERGED] Consistency fixes for alias profiles
Opened
#4244 [PR #2265] [MERGED] Misc. typos
Opened
#4245 [PR #2268] [MERGED] Fix easystroke.profile
Opened
#4246 [PR #2271] [MERGED] Add quiet option to transmission-cli profile
Opened
#4247 [PR #2275] [MERGED] allowing local python* in mpv and youtube-dl #2262
Opened
#4248 [PR #2276] [MERGED] refactor private-cache and tmpfs
Opened
#4249 [PR #2272] [MERGED] removing vim and ranger from firecfg
Opened
#4250 [PR #2277] [MERGED] New profile ocenaudio
Opened
#4251 [PR #2278] [MERGED] Update kdenlive.profile
Opened
#4252 [PR #2279] [MERGED] allowing youtube-dl and python in gnome-mpv
Opened
#4253 [PR #2280] [MERGED] new profile mpsyt.profile
Opened
#4254 [PR #2281] [MERGED] restricting more, HOME and tmp in mpsyt.profile
Opened
#4255 [PR #2285] [CLOSED] add HAS_NODBUS conditional, ${RUNUSER} makro
Opened
#4256 [PR #2293] [MERGED] enable apparmor in libreoffice profile
Opened
#4257 [PR #2294] [MERGED] Add a profile for thunderbird-wayland
Opened
#4258 [PR #2297] [MERGED] enforce nonewprivs instead of seccomp for chroot sandboxes
Opened
#4259 [PR #2295] [MERGED] Fix bibletime.profile
Opened
#4260 [PR #2298] [MERGED] New profile for supertuxkart.
Opened
#4261 [PR #2299] [MERGED] fix netstats typo in man firejail
Opened
#4262 [PR #2308] [MERGED] Update disable-common.inc, disable-programs.inc.
Opened
#4263 [PR #2319] [MERGED] Add a profile for ghostwriter
Opened
#4264 [PR #2313] [MERGED] Fix gajim.profile
Opened
#4265 [PR #2328] [MERGED] Fix ocenaudio profile
Opened
#4266 [PR #2327] [MERGED] Correctly set address length in arp frames
Opened
#4267 [PR #2331] [CLOSED] update mps-youtube profile
Opened
#4268 [PR #2334] [CLOSED] restrict audacious profile
Opened
#4269 [PR #2344] [MERGED] Update gajim.profile
Opened
#4270 [PR #2347] [MERGED] add google earth pro, update google earth profile
Opened
#4271 [PR #2349] [MERGED] comment machine-id in libreoffice.profile
Opened
#4272 [PR #2352] [MERGED] Harden eog profile
Opened
#4273 [PR #2350] [MERGED] Add new clawsker profile
Opened
#4274 [PR #2353] [MERGED] Harden gnome-calculator profile
Opened
#4275 [PR #2354] [MERGED] Create gcalccmd.profile
Opened
#4276 [PR #2356] [MERGED] Unbreak currency conversion for gnome-calculator
Opened
#4277 [PR #2366] [CLOSED] add nyx, crow, fix g earth pro
Opened
#4278 [PR #2358] [CLOSED] Update peek.profile
Opened
#4279 [PR #2372] [MERGED] additional blacklisting
Opened
#4280 [PR #2362] [MERGED] Refactoring github-desktop profile and firecfg
Opened
#4281 [PR #2373] [MERGED] Fix gnome-maps
Opened
#4282 [PR #2386] [MERGED] Temporary fix for noexec ${HOME} breakage
Opened
#4283 [PR #2384] [MERGED] remove nodbus from MPRIS client profiles
Opened
#4284 [PR #2382] [CLOSED] Create firefox-wayland.profile
Opened
#4285 [PR #2390] [MERGED] Retain local apparmor customizations
Opened
#4286 [PR #2391] [MERGED] Add a profile for klavaro
Opened
#4287 [PR #2398] [MERGED] Fix snap.profile description
Opened
#4288 [PR #2392] [MERGED] Add netlink to QMediathekView
Opened
#4289 [PR #2394] [MERGED] changes fixing keepassxc auto-type
Opened
#4290 [PR #2403] [MERGED] minor fixes to keepassxc, thunderbird and pluma
Opened
#4291 [PR #2402] [MERGED] Snap
Opened
#4292 [PR #2412] [MERGED] Add profiles for mypaint & mypaint-ora-thumbnailer
Opened
#4293 [PR #2409] [MERGED] New profile: webui-aria2
Opened
#4294 [PR #2415] [MERGED] Add 'alternatives' to all private-etc lines
Opened
#4295 [PR #2418] [MERGED] Alphabetize fixes for webstorm.profile
Opened
#4296 [PR #2420] [MERGED] Add mpdris2 profile
Opened
#4297 [PR #2422] [MERGED] Create nano.profile
Opened
#4298 [PR #2421] [MERGED] Openssh
Opened
#4299 [PR #2424] [MERGED] Add gconf-editor profile
Opened
#4300 [PR #2423] [MERGED] Add dconf-editor profile
Opened
#4301 [PR #2425] [MERGED] Add exfalso profile
Opened
#4302 [PR #2427] [MERGED] Add subdownloader profile
Opened
#4303 [PR #2426] [MERGED] Add font-manager profile
Opened
#4304 [PR #2428] [MERGED] Add assogiate profile
Opened
#4305 [PR #2430] [CLOSED] Update .travis.yml
Opened
#4306 [PR #2431] [MERGED] fix start-tor-browser.desktop.profile
Opened
#4307 [PR #2435] [MERGED] Harden devilspie{2} profiles
Opened
#4308 [PR #2436] [MERGED] Add machine-id comment
Opened
#4309 [PR #2437] [MERGED] Streamline machine-id comment
Opened
#4310 [PR #2438] [MERGED] Add devhelp profile
Opened
#4311 [PR #2439] [MERGED] Reverts
Opened
#4312 [PR #2442] [MERGED] Add machine-id note to man firejail
Opened
#4313 [PR #2441] [MERGED] masterpdfeditor cleanup
Opened
#4314 [PR #2440] [MERGED] Revert machine-id comment mess (part 2)
Opened
#4315 [PR #2443] [MERGED] Fix include in enchant redirect profiles
Opened
#4316 [PR #2444] [MERGED] Harden gnome-recipes.profile
Opened
#4317 [PR #2451] [MERGED] Harden checkbashisms.profile
Opened
#4318 [PR #2450] [MERGED] Harden arch-audit.profile
Opened
#4319 [PR #2445] [CLOSED] Add 'video' to profile options
Opened
#4320 [PR #2452] [MERGED] Harden clipit.profile
Opened
#4321 [PR #2453] [MERGED] Create new dconf/gsettings profiles
Opened
#4322 [PR #2455] [MERGED] Harden enchant.profile
Opened
#4323 [PR #2456] [MERGED] Harden exiftool.profile
Opened
#4324 [PR #2454] [MERGED] Harden dig.profile
Opened
#4325 [PR #2457] [MERGED] Harden ffmpeg.profile
Opened
#4326 [PR #2458] [MERGED] Harden file.profile
Opened
#4327 [PR #2459] [MERGED] Harden git.profile
Opened
#4328 [PR #2461] [MERGED] Harden gnome-logs.profile
Opened
#4329 [PR #2460] [MERGED] Harden gnome-calculator.profile
Opened
#4330 [PR #2463] [MERGED] Harden gucharmap.profile
Opened
#4331 [PR #2462] [MERGED] Harden gnome-maps.profile
Opened
#4332 [PR #2465] [MERGED] Harden inkscape.profile
Opened
#4333 [PR #2464] [MERGED] Harden img2txt.profile
Opened
#4334 [PR #2466] [MERGED] Harden less.profile
Opened
#4335 [PR #2467] [MERGED] Harden mediainfo.profile
Opened
#4336 [PR #2468] [MERGED] Harden file-roller.profile
Opened
#4337 [PR #2470] [MERGED] Harden gpicview.profile
Opened
#4338 [PR #2473] [MERGED] Fix inkscape.profile
Opened
#4339 [PR #2469] [MERGED] Harden eog.profile
Opened
#4340 [PR #2474] [MERGED] Streamline Include comment for relevant profiles
Opened
#4341 [PR #2475] [CLOSED] Archivers
Opened
#4342 [PR #2479] [MERGED] Sort items alphabetically in man firejail
Opened
#4343 [PR #2476] [MERGED] Reintroduce whitelist-var-common.inc
Opened
#4344 [PR #2478] [MERGED] Remove double entree from bsdtar.profile
Opened
#4345 [PR #2483] [MERGED] Add new profile for redshift
Opened
#4346 [PR #2481] [MERGED] gnome-mpv -> celluloid
Opened
#4347 [PR #2484] [MERGED] Add new profile for netactview
Opened
#4348 [PR #2485] [MERGED] Add new profile for gnome-nettool
Opened
#4349 [PR #2486] [MERGED] Add new profile for gnome-system-log
Opened
#4350 [PR #2487] [MERGED] Add new profile for hardinfo
Opened
#4351 [PR #2488] [MERGED] Add new profile for regextester
Opened
#4352 [PR #2490] [MERGED] Add new profile for secret-tool
Opened
#4353 [PR #2491] [MERGED] Add new profile for seahorse
Opened
#4354 [PR #2489] [MERGED] Add new profile for gnome-keyring
Opened
#4355 [PR #2492] [MERGED] Add new profile for d-feet
Opened
#4356 [PR #2493] [MERGED] Add new profile for pavucontrol
Opened
#4357 [PR #2494] [MERGED] Add new profile for xfce4-mixer
Opened
#4358 [PR #2495] [MERGED] Fix mpDris2 for Debian/Ubuntu
Opened
#4359 [PR #2498] [MERGED] Add new profile for geekbench
Opened
#4360 [PR #2499] [MERGED] Add new profile for gnome-schedule
Opened
#4361 [PR #2500] [MERGED] Add new profile for simplescreenrecorder
Opened
#4362 [PR #2501] [MERGED] Add new profile for sysprof
Opened
#4363 [PR #2502] [MERGED] Add new profile for transgui
Opened
#4364 [PR #2504] [CLOSED] mdwx: block memfd_create
Opened
#4365 [PR #2508] [MERGED] Fix regextester
Opened
#4366 [PR #2509] [MERGED] Fix hardinfo
Opened
#4367 [PR #2510] [MERGED] Fix netactview
Opened
#4368 [PR #2511] [MERGED] Pavucontrol
Opened
#4369 [PR #2512] [CLOSED] Fix machine-id for xfce4-mixerXfce4 mixer
Opened
#4370 [PR #2515] [MERGED] Fix private-lib in regextester profile
Opened
#4371 [PR #2516] [MERGED] Refactor Transmission profiles
Opened
#4372 [PR #2520] [MERGED] Fix typos in geekbench.profile
Opened
#4373 [PR #2521] [MERGED] Fix typo in gpicview.profile
Opened
#4374 [PR #2517] [MERGED] 'noexec /tmp' not causing the problem i thought it was
Opened
#4375 [PR #2522] [MERGED] Drop hardinfo profile
Opened
#4376 [PR #2523] [MERGED] Fix pavucontrol
Opened
#4377 [PR #2524] [MERGED] Add dirname to private-bin in spectre-meltdown-checker.profile
Opened
#4378 [PR #2526] [MERGED] mdwx changes for sysprof profiles
Opened
#4379 [PR #2525] [MERGED] Hardening and added network functionality in sqlitebrowser.profile
Opened
#4380 [PR #2527] [MERGED] Fixes for evince profiles
Opened
#4381 [PR #2528] [MERGED] Add gconf + redirect profiles
Opened
#4382 [PR #2532] [MERGED] Add ffmpeg redirect profiles
Opened
#4383 [PR #2529] [MERGED] Update ffmpeg.profile
Opened
#4384 [PR #2533] [MERGED] Add new ffmpegthumbnailer profile
Opened
#4385 [PR #2530] [MERGED] Update evince.profile (add private-cache)
Opened
#4386 [PR #2534] [MERGED] Harden gnome-clocks.profile
Opened
#4387 [PR #2535] [MERGED] Create nomacs.profile
Opened
#4388 [PR #2536] [MERGED] Add fakeroot support for makepkg on Arch
Opened
#4389 [PR #2537] [CLOSED] Add ffmpeg redirect profiles to firecfg
Opened
#4390 [PR #2539] [MERGED] Add code-oss profile
Opened
#4391 [PR #2540] [MERGED] Add code-oss config directory
Opened
#4392 [PR #2541] [MERGED] Add comments to firefox-common.profile
Opened
#4393 [PR #2542] [MERGED] Support local override for code-oss
Opened
#4394 [PR #2544] [MERGED] Alphabetical ordering of firecfg.config
Opened
#4395 [PR #2545] [MERGED] More alphabetical ordering of firecfg.config
Opened
#4396 [PR #2546] [MERGED] Add recently added (redirect) profiles to firecfg.conf
Opened
#4397 [PR #2549] [MERGED] Fix #2548
Opened
#4398 [PR #2552] [MERGED] ipc-namespace causing problems with file-roller
Opened
#4399 [PR #2553] [MERGED] Update feh-network.inc
Opened
#4400 [PR #2554] [MERGED] Fix possible typo
Opened
#4401 [PR #2555] [MERGED] Fixes for artha
Opened
#4402 [PR #2556] [MERGED] Fix clawsker for older GTK2 versions
Opened
#4403 [PR #2558] [MERGED] Fix dconf-editor
Opened
#4404 [PR #2557] [MERGED] Fixes for d-feet
Opened
#4405 [PR #2559] [MERGED] Fix devhelp
Opened
#4406 [PR #2560] [MERGED] Support older versions of file-roller
Opened
#4407 [PR #2561] [MERGED] Support older versions of font-manager
Opened
#4408 [PR #2563] [MERGED] Fix gnome-pie
Opened
#4409 [PR #2564] [MERGED] Fix gnome-schedule
Opened
#4410 [PR #2562] [MERGED] Harden galculator
Opened
#4411 [PR #2565] [MERGED] Fixes for gnome-system-log
Opened
#4412 [PR #2567] [MERGED] Fix masterpdfeditor
Opened
#4413 [PR #2566] [MERGED] Harden gucharmap
Opened
#4414 [PR #2568] [MERGED] Fix simplescreenrecorder
Opened
#4415 [PR #2569] [MERGED] Fix and harden soundconverter
Opened
#4416 [PR #2570] [MERGED] Fix and harden viewnior
Opened
#4417 [PR #2572] [MERGED] Fix and harden meld
Opened
#4418 [PR #2571] [MERGED] Fixes and comment for eog/eom
Opened
#4419 [PR #2573] [MERGED] viewnior is completely broken with 'hostname viewnior'
Opened
#4420 [PR #2574] [MERGED] Add new profiles for lrzip and friends
Opened
#4421 [PR #2575] [MERGED] Drop ipc-namespace from viewnior.profile
Opened
#4422 [PR #2577] [MERGED] Harden meld.profile
Opened
#4423 [PR #2576] [MERGED] add disable-exec.inc to all profiles with apparmor
Opened
#4424 [PR #2580] [MERGED] Drop private-home from gucharmap profile
Opened
#4425 [PR #2581] [MERGED] exiftool needs access to the /usr/bin/vendor_perl directory in archlinux
Opened
#4426 [PR #2582] [MERGED] Harden qtox
Opened
#4427 [PR #2584] [MERGED] Harden youtube-dl.profile
Opened
#4428 [PR #2583] [MERGED] Harden Minetest
Opened
#4429 [PR #2585] [MERGED] Update firejail.txt
Opened
#4430 [PR #2586] [MERGED] Avoid including globals.local twice
Opened
#4431 [PR #2587] [MERGED] Fix incorrect parsing of --keep-var-tmp command
Opened
#4432 [PR #2592] [MERGED] Fixes for seahorse/seahorse-tool
Opened
#4433 [PR #2588] [MERGED] Streamline 'Allow python' options
Opened
#4434 [PR #2594] [MERGED] Hardening compressors
Opened
#4435 [PR #2595] [MERGED] fixes for aria2c not resolving domain names
Opened
#4436 [PR #2596] [MERGED] ffmpegthumbnailer breaks in ranger with private-cache enabled
Opened
#4437 [PR #2598] [MERGED] Re-order options in ssh-agent.profile
Opened
#4438 [PR #2600] [MERGED] Seahorse revisited
Opened
#4439 [PR #2599] [MERGED] Fix seahorse.profile seahorse-tool.profile
Opened
#4440 [PR #2601] [MERGED] Follow-up on flatpak/snap support
Opened
#4441 [PR #2602] [MERGED] mount runtime seccomp files read-only
Opened
#4442 [PR #2604] [MERGED] pavucontrol does not work with ipc-namespace
Opened
#4443 [PR #2606] [MERGED] Harden easystroke
Opened
#4444 [PR #2603] [MERGED] Fix assogiate's private-bin
Opened
#4445 [PR #2614] [MERGED] Add kid3, kid3-cli, kid3-qt
Opened
#4446 [PR #2611] [MERGED] Add freemind
Opened
#4447 [PR #2622] [MERGED] Fix dconf-editor access to glib schemas
Opened
#4448 [PR #2620] [MERGED] Refactor pidgin as whitelist profile
Opened
#4449 [PR #2615] [MERGED] Add VCS support to meld
Opened
#4450 [PR #2625] [MERGED] add gnuchess to play against computer
Opened
#4451 [PR #2626] [MERGED] Add anki.profile
Opened
#4452 [PR #2630] [MERGED] Fix gnome-logs.profile
Opened
#4453 [PR #2628] [MERGED] Fixes for man firejail
Opened
#4454 [PR #2627] [MERGED] Fix typo's in firecfg util.c
Opened
#4455 [PR #2631] [MERGED] Add warning about nodbus breaking evince two-page-view on some systems
Opened
#4456 [PR #2632] [CLOSED] Add ignore for feh to allow internet access
Opened
#4457 [PR #2633] [MERGED] private-bin breaks --join for filezilla
Opened
#4458 [PR #2634] [MERGED] Temp fix firecfg
Opened
#4459 [PR #2635] [MERGED] Add autokey profiles
Opened
#4460 [PR #2636] [MERGED] Fix assogiate
Opened
#4461 [PR #2639] [MERGED] Fix git in some IDE's
Opened
#4462 [PR #2640] [MERGED] Fix typo in gnome-chess.profile
Opened
#4463 [PR #2646] [MERGED] Fix networking for transmission-show and transmission-remote
Opened
#4464 [PR #2641] [MERGED] Add cheese.profile
Opened
#4465 [PR #2647] [MERGED] More disable-exec stuff
Opened
#4466 [PR #2648] [MERGED] Fixes https://github.com/netblue30/firejail/issues/2547
Opened
#4467 [PR #2649] [MERGED] Add a conditional to control DRM/noexec exception for browsers
Opened
#4468 [PR #2651] [MERGED] Add .pythonrc.py to disable-common.inc
Opened
#4469 [PR #2650] [MERGED] fixed electrum not resolving domains
Opened
#4470 [PR #2652] [MERGED] Profiles for gramps, newsboat and freeoffice
Opened
#4471 [PR #2654] [MERGED] Follow upstream changes in authenticator.profile
Opened
#4472 [PR #2656] [MERGED] Fix PostScript file opening in Evince
Opened
#4473 [PR #2659] [MERGED] SMPlayer: Add support for python and youtube-dl
Opened
#4474 [PR #2660] [MERGED] Gajim: Allow reading of system-wide Flatpak locale
Opened
#4475 [PR #2672] [MERGED] Support Enpass v6
Opened
#4476 [PR #2673] [MERGED] Add Bitwarden profile
Opened
#4477 [PR #2676] [MERGED] Refactor min as chromium redirect profile
Opened
#4478 [PR #2674] [MERGED] Comment fixes
Opened
#4479 [PR #2677] [MERGED] Drop noblacklist ${DOWNLOADS} in bitwarden.profile
Opened
#4480 [PR #2679] [MERGED] Add vim syntax and ftdetect files
Opened
#4481 [PR #2680] [MERGED] Mumble: add new path for client data
Opened
#4482 [PR #2684] [MERGED] Whitespace fix
Opened
#4483 [PR #2687] [MERGED] Update keepassxc.profile
Opened
#4484 [PR #2682] [CLOSED] disable seccomp for gimp
Opened
#4485 [PR #2688] [MERGED] nodbus enhancements
Opened
#4486 [PR #2691] [MERGED] cantata.profile
Opened
#4487 [PR #2694] [MERGED] Propagate --quiet to children Firejail'ed processes
Opened
#4488 [PR #2701] [MERGED] glibc missing O_PATH definition on CentOS 6
Opened
#4489 [PR #2697] [MERGED] dbus: make --nodbus block also system D-Bus socket
Opened
#4490 [PR #2704] [MERGED] Create meteo-qt.profile
Opened
#4491 [PR #2705] [MERGED] Cosmetic changes for pidgin.profile
Opened
#4492 [PR #2712] [MERGED] Add private-cwd option to control working directory within jail
Opened
#4493 [PR #2708] [MERGED] Refactor eog and eom profiles with common redirect
Opened
#4494 [PR #2710] [MERGED] Add Microsoft Teams for Linux (Electron) profile
Opened
#4495 [PR #2714] [MERGED] Add meteo-qt info
Opened
#4496 [PR #2715] [MERGED] Add deterministic-exit-code option
Opened
#4497 [PR #2719] [MERGED] Harden gnome-chess
Opened
#4498 [PR #2724] [MERGED] Create SECURITY.md
Opened
#4499 [PR #2727] [MERGED] Create qgis.profile
Opened
#4500 [PR #2716] [MERGED] Re-add 'shell none' to gpg.profile
Opened
#4501 [PR #2732] [CLOSED] improve/add support for arbitrary home directories
Opened
#4502 [PR #2735] [MERGED] Extend profile.template with comments
Opened
#4503 [PR #2736] [MERGED] Create allow-INTERPETER.inc
Opened
#4504 [PR #2734] [MERGED] Add profile for links and xlinks
Opened
#4505 [PR #2737] [MERGED] Fix typo in template
Opened
#4506 [PR #2740] [MERGED] hostname reordering
Opened
#4507 [PR #2742] [MERGED] Fix comment in gimp.profile
Opened
#4508 [PR #2745] [MERGED] template profile: update private-etc templates
Opened
#4509 [PR #2741] [MERGED] Typo fix in brackets.profile
Opened
#4510 [PR #2746] [MERGED] firefox-common-addons.inc: + tridactyl
Opened
#4511 [PR #2751] [MERGED] Make lua commented in profile template
Opened
#4512 [PR #2754] [MERGED] Create syscalls file
Opened
#4513 [PR #2753] [MERGED] Add davfs2 secrets file to blacklist
Opened
#4514 [PR #2756] [CLOSED] Fix cheese
Opened
#4515 [PR #2759] [MERGED] Mention macros in profile.template
Opened
#4516 [PR #2757] [MERGED] Make it possible for cheese app to save pictures too
Opened
#4517 [PR #2769] [MERGED] Streamline mdwe comment
Opened
#4518 [PR #2764] [MERGED] Fix youtube video in totem
Opened
#4519 [PR #2766] [MERGED] automatically fixed all private-{bin,etc} lines
Opened
#4520 [PR #2771] [MERGED] mount new proc filesystem earlier
Opened
#4521 [PR #2773] [MERGED] Refactoring as whitelist profile
Opened
#4522 [PR #2774] [MERGED] chromium: disable nodbus
Opened
#4523 [PR #2778] [MERGED] Sort private-lib
Opened
#4524 [PR #2775] [MERGED] Add profile for udiskie
Opened
#4525 [PR #2780] [MERGED] Sort caps.keep and seccomp.drop options
Opened
#4526 [PR #2779] [MERGED] More sorting private-etc
Opened
#4527 [PR #2781] [MERGED] allow nodbus in thunderbird profile
Opened
#4528 [PR #2784] [MERGED] Improve profile PRs (Related to #2739)
Opened
#4529 [PR #2783] [MERGED] Fix spotify.profile
Opened
#4530 [PR #2785] [MERGED] Fix typo in man firejail [--x11]
Opened
#4531 [PR #2788] [MERGED] Arch Linux specific changes
Opened
#4532 [PR #2789] [MERGED] Tighten SSH with nodbus
Opened
#4533 [PR #2800] [MERGED] Hardening a few profiles
Opened
#4534 [PR #2796] [MERGED] Silence xauth output in src/firejail/x11.c
Opened
#4535 [PR #2802] [MERGED] Streamline redirect profiles
Opened
#4536 [PR #2803] [MERGED] Streamline redirect profiles (follow-up)
Opened
#4537 [PR #2814] [MERGED] Change include/redirect logic in autokey profiles
Opened
#4538 [PR #2815] [MERGED] Update wording in templates
Opened
#4539 [PR #2806] [MERGED] Add fonts to private-etc in udiskie profile
Opened
#4540 [PR #2816] [MERGED] Fixes
Opened
#4541 [PR #2817] [MERGED] Revert #2816 (except gconf-editor)
Opened
#4542 [PR #2822] [MERGED] Unbreak gconf-editor
Opened
#4543 [PR #2819] [MERGED] Add alias for pavucontrol (Qt version)
Opened
#4544 [PR #2818] [MERGED] profiles: thunderbird: add comment to allow opening links in firefox
Opened
#4545 [PR #2823] [MERGED] Remove mdwe from sqlitebrowser
Opened
#4546 [PR #2825] [MERGED] Fixes #2821, riot-desktop
Opened
#4547 [PR #2827] [MERGED] Fix #2826
Opened
#4548 [PR #2828] [CLOSED] seccomp prevents riot-desktop from launching
Opened
#4549 [PR #2832] [MERGED] Add electron4 to allow wire-desktop to launch on Arch Linux
Opened
#4550 [PR #2835] [MERGED] Fix #2834
Opened
#4551 [PR #2836] [MERGED] Add youtube-dl config handling
Opened
#4552 [PR #2843] [MERGED] Add OWD and ARGV0 environment variables. Correctly create APPIMAGE envvar.
Opened
#4553 [PR #2837] [MERGED] Harden qpdfview.profile with nodbus
Opened
#4554 [PR #2844] [MERGED] Fix issue #561. Refactor/Optimize code to get and use pid and process name.
Opened
#4555 [PR #2845] [MERGED] improve support for home directories outside /home
Opened
#4556 [PR #2847] [MERGED] Add redirects for mpg123
Opened
#4557 [PR #2848] [MERGED] Sort private-bin in obs.profile
Opened
#4558 [PR #2850] [MERGED] Update pid.c
Opened
#4559 [PR #2851] [MERGED] Update libpostexecseccomp.c
Opened
#4560 [PR #2856] [MERGED] Make 'allow-debuggers' configurable in profiles
Opened
#4561 [PR #2855] [MERGED] ipc-namespace breaks galculator on archlinux
Opened
#4562 [PR #2858] [MERGED] issues with electron-based apps. see issue #2854
Opened
#4563 [PR #2870] [CLOSED] Adding sort.py to .travis.yml
Opened
#4564 [PR #2861] [MERGED] document profile support for allow-debuggers in firejail-profile man page
Opened
#4565 [PR #2871] [MERGED] Create rsync.profile
Opened
#4566 [PR #2879] [MERGED] qpdfview: Fix issue when opening a file from file manager
Opened
#4567 [PR #2881] [MERGED] Add Zulip profile
Opened
#4568 [PR #2884] [MERGED] Update itch profile
Opened
#4569 [PR #2883] [MERGED] Add Whalebird profile
Opened
#4570 [PR #2885] [MERGED] Add new Tor Browser alias
Opened
#4571 [PR #2886] [MERGED] noblacklist but no blacklist
Opened
#4572 [PR #2898] [MERGED] added 'noblacklist ${PICTURES}' to mpv.profile
Opened
#4573 [PR #2900] [MERGED] Fix QOwnNotes path
Opened
#4574 [PR #2890] [MERGED] Fix #2866 -- private-etc needed fedora-release
Opened
#4575 [PR #2902] [MERGED] Add zstd (redirect) profile(s)
Opened
#4576 [PR #2903] [MERGED] Add unzstd profile
Opened
#4577 [PR #2904] [MERGED] Place quiet option cfr. all other profiles
Opened
#4578 [PR #2907] [MERGED] Fix quiet option in archiver redirect profiles
Opened
#4579 [PR #2909] [MERGED] get_user() do not use the unreliable getlogin()
Opened
#4580 [PR #2911] [MERGED] remove x11 xorg
Opened
#4581 [PR #2913] [MERGED] Prevent quiet option output leakage
Opened
#4582 [PR #2915] [MERGED] tighten private-bin and etc for torbrowser-launcher.profile
Opened
#4583 [PR #2919] [MERGED] Profiles: add I2P
Opened
#4584 [PR #2920] [MERGED] Refactor transmission profiles
Opened
#4585 [PR #2921] [MERGED] Introduce allow-common-devel.inc
Opened
#4586 [PR #2926] [MERGED] Allow exceptions to seccomp lists
Opened
#4587 [PR #2927] [MERGED] Use new seccomp syntax
Opened
#4588 [PR #2928] [MERGED] Add further seccomp groups
Opened
#4589 [PR #2929] [MERGED] seccomp fix: allow numeric syscalls
Opened
#4590 [PR #2935] [MERGED] Fix profile builder
Opened
#4591 [PR #2937] [CLOSED] Fix seccomp for firefox, kate, and others
Opened
#4592 [PR #2949] [MERGED] Add ar profile
Opened
#4593 [PR #2940] [MERGED] update seccomp in man firejail
Opened
#4594 [PR #2939] [MERGED] Revert changes in #2928 to seccomp group @default
Opened
#4595 [PR #2957] [MERGED] Fix #2899
Opened
#4596 [PR #2960] [MERGED] Update SkypeForLinux profile for latest version
Opened
#4597 [PR #2964] [CLOSED] Deleted Clamav.profile cause it breaks AV completely
Opened
#4598 [PR #2962] [MERGED] "Net None" Option Breaks Functionality
Opened
#4599 [PR #2965] [MERGED] Removed disable-interpreters.inc from w3m.profile
Opened
#4600 [PR #2972] [MERGED] whitelist-usr-share-common.inc
Opened
#4601 [PR #2971] [MERGED] Add allow-debuggers to steam.profile
Opened
#4602 [PR #2973] [MERGED] Adding sort.py to GitLab CI
Opened
#4603 [PR #2981] [CLOSED] Update evince
Opened
#4604 [PR #2978] [MERGED] KeePassXC: Added a warning regarding tray icon
Opened
#4605 [PR #2982] [MERGED] Move chroot entirely from path based to file descriptor based mounts
Opened
#4606 [PR #2992] [MERGED] Wusc fixes
Opened
#4607 [PR #3002] [MERGED] Profiles: add signal-cli profile
Opened
#4608 [PR #2998] [MERGED] Fix ebook-viewer/calibre on manjaro
Opened
#4609 [PR #2999] [CLOSED] Close #2995
Opened
#4610 [PR #3004] [MERGED] Fix #2995
Opened
#4611 [PR #3005] [MERGED] Add wusc to more profiles
Opened
#4612 [PR #3011] [MERGED] Add Comment Mentioning that nodbus Breaks Native Notifications
Opened
#4613 [PR #3010] [MERGED] Update main.c
Opened
#4614 [PR #3014] [MERGED] profiles: waterfox: rework profile
Opened
#4615 [PR #3019] [MERGED] Slack profile: use temporary cache
Opened
#4616 [PR #3021] [MERGED] Wusc fixes for profiles allowing perl
Opened
#4617 [PR #3037] [MERGED] Resolve #3029: drop outdated Skype profile
Opened
#4618 [PR #3028] [MERGED] Update QOwnNotes.profile
Opened
#4619 [PR #3032] [MERGED] dia apparently wants access to python and crashes without
Opened
#4620 [PR #3044] [MERGED] RFC: profiles: allow nc in ssh profile by default
Opened
#4621 [PR #3051] [MERGED] Add babl/gegl support for gimp
Opened
#4622 [PR #3055] [MERGED] New profile: audio-recorder
Opened
#4623 [PR #3054] [MERGED] Add profanity profile
Opened
#4624 [PR #3053] [MERGED] Add new electron-mail profile
Opened
#4625 [PR #3056] [MERGED] Add new profile: cameramonitor
Opened
#4626 [PR #3057] [MERGED] Add new profile: ddgtk
Opened
#4627 [PR #3058] [MERGED] Add new profile: drawio
Opened
#4628 [PR #3059] [MERGED] Add new profile: gmpc
Opened
#4629 [PR #3060] [MERGED] Add new profile: unf
Opened
#4630 [PR #3061] [MERGED] Add new profile: gist
Opened
#4631 [PR #3062] [MERGED] Add redirect profile for gist-paste
Opened
#4632 [PR #3064] [MERGED] Fix profile: ffmpeg
Opened
#4633 [PR #3077] [MERGED] gpg additions
Opened
#4634 [PR #3065] [MERGED] Minor profile tweaks.
Opened
#4635 [PR #3083] [MERGED] Add gzip redirect profiles
Opened
#4636 [PR #3086] [CLOSED] remove read access from fs log file
Opened
#4637 [PR #3087] [MERGED] Fix Brave's native sandbox
Opened
#4638 [PR #3088] [MERGED] Add brave redirect profiles
Opened
#4639 [PR #3091] [MERGED] Rework thunderbird.profile
Opened
#4640 [PR #3093] [MERGED] add join timeout and make it configurable
Opened
#4641 [PR #3094] [MERGED] Add ephemeral profile
Opened
#4642 [PR #3098] [CLOSED] profiles: firecfg: disable CLI archivers
Opened
#4643 [PR #3097] [MERGED] profiles: firecfg: disable CLI archivers
Opened
#4644 [PR #3102] [MERGED] DHCP client support
Opened
#4645 [PR #3108] [MERGED] Fix wusc in mpv
Opened
#4646 [PR #3111] [MERGED] Get rid of #2302
Opened
#4647 [PR #3115] [MERGED] Add barrier profile
Opened
#4648 [PR #3120] [MERGED] Gentoo fixes
Opened
#4649 [PR #3114] [MERGED] Allow Tor Browser to run /usr/bin/id
Opened
#4650 [PR #3123] [MERGED] Update i2prouter profile, and remove from firecfg
Opened
#4651 [PR #3128] [MERGED] Allow sound for hexchat
Opened
#4652 [PR #3134] [MERGED] cmus: allow access to resolv.conf
Opened
#4653 [PR #3131] [MERGED] allow chroot syscall where apps depend on QtWebengine
Opened
#4654 [PR #3143] [MERGED] aria2c fixes
Opened
#4655 [PR #3149] [MERGED] Blacklisting openrc paths by defaults
Opened
#4656 [PR #3150] [CLOSED] Fix missing lib libmfx.so.1 for ffmpeg
Opened
#4657 [PR #3152] [MERGED] Add profile for offical Linux Teams application
Opened
#4658 [PR #3154] [MERGED] Update whois.profile
Opened
#4659 [PR #3151] [MERGED] Fix missing lib libmfx.so.1 (standardnotes-desktop)
Opened
#4660 [PR #3156] [MERGED] print rejected character in invalid filenames
Opened
#4661 [PR #3155] [MERGED] profiles: whitelist transmission-daemon config directory
Opened
#4662 [PR #3159] [MERGED] Add profiles for common (la)tex commands
Opened
#4663 [PR #3161] [MERGED] blacklist ${RUNUSER}/wayland-* in every profile with blacklist /tmp/.X11-unix or x11 none
Opened
#4664 [PR #3160] [MERGED] hardenings for various profiles
Opened
#4665 [PR #3162] [MERGED] refactor claws-mail and sylpheed as whitelist profiles
Opened
#4666 [PR #3163] [MERGED] make devilspie2 redircet to devilspie
Opened
#4667 [PR #3167] [MERGED] clarify dropping python2 support in meld.profile
Opened
#4668 [PR #3166] [MERGED] fixes for 'blacklist ${RUNUSER}/wayland-*'
Opened
#4669 [PR #3168] [MERGED] Fix typos in fs_bin.c
Opened
#4670 [PR #3172] [MERGED] Fix firefox (#3171)
Opened
#4671 [PR #3176] [CLOSED] Move more whitelisting into firefox-common.profile
Opened
#4672 [PR #3177] [MERGED] Allow request_key syscall for udiskie
Opened
#4673 [PR #3178] [MERGED] Allow mbind syscall for GIMP
Opened
#4674 [PR #3180] [MERGED] move copyright statement to 2020 (part 1)
Opened
#4675 [PR #3181] [MERGED] move copyright to 2020 (part 2)
Opened
#4676 [PR #3182] [MERGED] move copyright statement to 2020 (part 3)
Opened
#4677 [PR #3183] [CLOSED] fix test catchsignal-master.sh
Opened
#4678 [PR #3187] [MERGED] allow-*.local customizations
Opened
#4679 [PR #3186] [MERGED] blacklist gjs in disable-interpreters
Opened
#4680 [PR #3188] [MERGED] refactor some profiles as electron redirects
Opened
#4681 [PR #3190] [MERGED] DHCP client code quality fixes
Opened
#4682 [PR #3194] [MERGED] profiles: whitelist /usr/share/doc
Opened
#4683 [PR #3195] [MERGED] fix missing global include documentation
Opened
#4684 [PR #3193] [MERGED] updates for zathura.profile
Opened
#4685 [PR #3207] [MERGED] Fixing the bug in 189772034b211578aca59540d7277f45da4f45d2 breaking meld
Opened
#4686 [PR #3208] [MERGED] Fixes for fix_private-bin.py
Opened
#4687 [PR #3229] [MERGED] Whitelist more /usr/share for okular and others
Opened
#4688 [PR #3209] [MERGED] include wvc to more profiles
Opened
#4689 [PR #3231] [MERGED] Add support for SELinux labeling
Opened
#4690 [PR #3234] [MERGED] Allow exec from /usr/libexec & co. with AppArmor
Opened
#4691 [PR #3239] [MERGED] Harden dhcp by checking for /sbin/dhclient
Opened
#4692 [PR #3243] [MERGED] profiles: mpv: allow lua
Opened
#4693 [PR #3242] [MERGED] integrate AppArmor with join options
Opened
#4694 [PR #3241] [MERGED] Harden sbox_run by using fexecve instead of execvp
Opened
#4695 [PR #3246] [MERGED] profiles: blacklist more lua paths
Opened
#4696 [PR #3251] [MERGED] add xournal.profile
Opened
#4697 [PR #3256] [CLOSED] support netcat variants
Opened
#4698 [PR #3253] [CLOSED] nvim
Opened
#4699 [PR #3255] [MERGED] conky needs lua
Opened
#4700 [PR #3259] [MERGED] discord 0.10 | fix #3247
Opened
#4701 [PR #3265] [MERGED] Fine-grained DBus sandboxing
Opened
#4702 [PR #3271] [MERGED] profiles: whitelist firefox/thunderbird default directories
Opened
#4703 [PR #3273] [MERGED] zoom.profile: fix zoom SSO workflow
Opened
#4704 [PR #3268] [MERGED] remount hardening: move to file descriptor based mounts
Opened
#4705 [PR #3275] [MERGED] add name or private directory being used to the window title when xpra is being used
Opened
#4706 [PR #3276] [MERGED] seccomp: allow defining separate filters for 32-bit arch
Opened
#4707 [PR #3278] [MERGED] new condition: HAS_NOSOUND
Opened
#4708 [PR #3292] [MERGED] steam.profile: correctly blacklist unneeded directories in user's home
Opened
#4709 [PR #3286] [MERGED] Whitelist runuser common
Opened
#4710 [PR #3293] [MERGED] Update wire-desktop.profile
Opened
#4711 [PR #3294] [MERGED] profiles: thunderbird: harden and enable opening links in Firefox
Opened
#4712 [PR #3296] [MERGED] Create ferdi.profile
Opened
#4713 [PR #3298] [MERGED] fsec-print: print address of BPF_JA jump in hex
Opened
#4714 [PR #3300] [MERGED] Added compatibility with BetterDiscord
Opened
#4715 [PR #3301] [MERGED] Changeable seccomp error action
Opened
#4716 [PR #3305] [MERGED] Mention --seccomp.32 etc in usage
Opened
#4717 [PR #3317] [MERGED] Speedup the buildsystem
Opened
#4718 [PR #3310] [MERGED] Preserve CFLAGS given to configure in common.mk.in
Opened
#4719 [PR #3315] WIP: feature: Firejail as a service
Opened
#4720 [PR #3319] [MERGED] Simple sanity checks for arguments and environment
Opened
#4721 [PR #3322] [MERGED] Filter environment variables
Opened
#4722 [PR #3325] [CLOSED] WIP: improve firejail's error messaging
Opened
#4723 [PR #3324] [MERGED] Alphabetically order firejail.config
Opened
#4724 [PR #3326] [MERGED] profiles: add dbus filters
Opened
#4725 [PR #3327] [MERGED] Add bug report template
Opened
#4726 [PR #3331] [CLOSED] Don't change default xpra window title
Opened
#4727 [PR #3334] [MERGED] Request behavior change description in bug reports
Opened
#4728 [PR #3338] [CLOSED] bug report template on github
Opened
#4729 [PR #3337] [MERGED] Build improvements
Opened
#4730 [PR #3339] [MERGED] early decision in bug report if using git version
Opened
#4731 [PR #3340] [MERGED] Improvements for syscalls.sh contib file
Opened
#4732 [PR #3348] [MERGED] Add new profile: nicotine
Opened
#4733 [PR #3347] [MERGED] Clarify that file globbing occurs only at start
Opened
#4734 [PR #3359] [MERGED] 32bit ARM syscall table
Opened
#4735 [PR #3362] [MERGED] Profile for jitsi-meet-desktop
Opened
#4736 [PR #3364] [CLOSED] github issues improvements
Opened
#4737 [PR #3370] [CLOSED] github issue template ask unusual setups,debug warnings/errors
Opened
#4738 [PR #3365] [CLOSED] profiles: refactor file managers into file-manager-common
Opened
#4739 [PR #3373] [MERGED] update --build
Opened
#4740 [PR #3380] [MERGED] Add steam-runtime alias
Opened
#4741 [PR #3375] [MERGED] profiles: refactor file managers into file-manager-common
Opened
#4742 [PR #3387] [MERGED] Print status of SELinux support with --version
Opened
#4743 [PR #3382] [MERGED] firecfg: Only use fix_desktop_files automatically when run through sudo
Opened
#4744 [PR #3386] [MERGED] Increase MAX_ENVS to 256
Opened
#4745 [PR #3394] [MERGED] various hardening from my locals
Opened
#4746 [PR #3390] [MERGED] Disable browser drm by default.
Opened
#4747 [PR #3401] [MERGED] Build improvements
Opened
#4748 [PR #3395] [MERGED] docs: bug_report.md: clarify and ask for more specific information
Opened
#4749 [PR #3397] [MERGED] Follow-up for #3326
Opened
#4750 [PR #3405] [MERGED] add ommitted scripts from contrib
Opened
#4751 [PR #3406] [MERGED] DBus filtering enhancements
Opened
#4752 [PR #3409] [MERGED] Add several games to steam and disable-programs
Opened
#4753 [PR #3410] [MERGED] add new profile: plv
Opened
#4754 [PR #3411] [MERGED] disable-shell.inc
Opened
#4755 [PR #3418] [MERGED] Allow google-chrome access to the custom flags files in ~/.config.
Opened
#4756 [PR #3414] [MERGED] Configure Debian package with AA and SELinux options
Opened
#4757 [PR #3433] [MERGED] Update dino-im.profile
Opened
#4758 [PR #3430] [MERGED] Add Ubuntu's renamed version of dino
Opened
#4759 [PR #3422] [MERGED] Add configure options when building rpm
Opened
#4760 [PR #3437] [MERGED] new profile: mocp
Opened
#4761 [PR #3435] [MERGED] rework make realinstall and uninstall
Opened
#4762 [PR #3442] [MERGED] prioritize installing via OS
Opened
#4763 [PR #3438] [MERGED] harden mpg123.profile
Opened
#4764 [PR #3440] [MERGED] Man pages: were missing info about .profile .local resolution
Opened
#4765 [PR #3444] [MERGED] Set quiet in w3m profile
Opened
#4766 [PR #3445] [MERGED] man: minor clarifications to man pages
Opened
#4767 [PR #3450] [MERGED] enable apparmor support by default in update_deb.sh
Opened
#4768 [PR #3455] [MERGED] Ignore read-only mount of emacs configuration in the emacs profile.
Opened
#4769 [PR #3459] [MERGED] Add strawberry profile
Opened
#4770 [PR #3463] [MERGED] Fix qt5ct colour schemes and QSS
Opened
#4771 [PR #3467] [MERGED] Add strawberry profile to README{,.md} & RELNOTES
Opened
#4772 [PR #3470] [MERGED] Allow python3 in totem profile
Opened
#4773 [PR #3472] [MERGED] Use whitelisting for video players
Opened
#4774 [PR #3469] [CLOSED] corrections to the vlc profile
Opened
#4775 [PR #3486] [MERGED] fixes for /var/mail in mail clients
Opened
#4776 [PR #3487] [MERGED] clarify writing to /var/mail and /var/spool/mail in apparmor
Opened
#4777 [PR #3490] [MERGED] noblacklist a config file in konversation profile
Opened
#4778 [PR #3493] [MERGED] Blacklist .local/share/kxmlgui5 and allow access only for applications which use it.
Opened
#4779 [PR #3489] [MERGED] Okular profile fixes
Opened
#4780 [PR #3496] [MERGED] Whitelist /usr/share/hplip for simple-scan
Opened
#4781 [PR #3497] [MERGED] Fixed Blender profile being unable to import numpy
Opened
#4782 [PR #3499] [MERGED] Update disable-common.inc
Opened
#4783 [PR #3502] [MERGED] Ignore SIGTTOU during flush_stdin()
Opened
#4784 [PR #3505] [MERGED] hardening some profiles
Opened
#4785 [PR #3511] [MERGED] fix #3404
Opened
#4786 [PR #3516] [MERGED] fixing busybox workaround
Opened
#4787 [PR #3517] [MERGED] add element-desktop redirect profile
Opened
#4788 [PR #3518] [MERGED] Hardend Zoom profile
Opened
#4789 [PR #3519] [MERGED] Hardend Signal desktop profile
Opened
#4790 [PR #3520] [MERGED] Add Mattermost desktop profile
Opened
#4791 [PR #3521] [MERGED] integrate join(-or-start) with dbus options (partial fix)
Opened
#4792 [PR #3529] [MERGED] Update telegram.profile
Opened
#4793 [PR #3525] [MERGED] New profile for homebank
Opened
#4794 [PR #3526] [CLOSED] Add vmware profile
Opened
#4795 [PR #3532] [CLOSED] Added cawbird profile
Opened
#4796 [PR #3533] [MERGED] Added cawbird profile
Opened
#4797 [PR #3537] [MERGED] Update virtualbox.profile
Opened
#4798 [PR #3535] [MERGED] Added freetube profile
Opened
#4799 [PR #3538] [MERGED] Added minecraft-launcher profile
Opened
#4800 [PR #3542] [MERGED] Added youtube-viewer profile with Gtk frontends
Opened
#4801 [PR #3543] [MERGED] Github-desktop: Add chroot to seccomp
Opened
#4802 [PR #3547] [MERGED] Added xfce4-screenshooter profile
Opened
#4803 [PR #3550] [MERGED] Added mtpaint profile
Opened
#4804 [PR #3548] [MERGED] fix typo in multicast CIDR
Opened
#4805 [PR #3553] [MERGED] Added Nuclear profile
Opened
#4806 [PR #3555] [MERGED] Added minitube profile
Opened
#4807 [PR #3558] [MERGED] add profile for sushi
Opened
#4808 [PR #3556] [MERGED] Added lyx profile
Opened
#4809 [PR #3559] [MERGED] harden bandwidth command
Opened
#4810 [PR #3560] [MERGED] Added git-cola profile
Opened
#4811 [PR #3561] [MERGED] Various profiles
Opened
#4812 [PR #3564] [MERGED] Add profile for otter-browser
Opened
#4813 [PR #3566] [MERGED] Various profiles # 2
Opened
#4814 [PR #3569] [MERGED] seccomp: logging
Opened
#4815 [PR #3571] [MERGED] add --include
Opened
#4816 [PR #3572] [MERGED] hardening: run plugins with dumpable flag cleared
Opened
#4817 [PR #3574] [MERGED] annotate some functions as non-returning
Opened
#4818 [PR #3573] [MERGED] mkdeb.sh should not use files outside $CODE_DIR
Opened
#4819 [PR #3577] [MERGED] Add profile for twitch,youtube,youtube-music; fix git-cola ,add cola
Opened
#4820 [PR #3587] [MERGED] add whitelist items for uim
Opened
#4821 [PR #3583] [MERGED] Fix nomacs
Opened
#4822 [PR #3588] [MERGED] Fix private-etc of electron-mail, fix geary,minitube
Opened
#4823 [PR #3592] [MERGED] Allow video for Signal profile
Opened
#4824 [PR #3590] [MERGED] New profile for man,psi,smuxi; fix pidgin
Opened
#4825 [PR #3594] [MERGED] cat option
Opened
#4826 [PR #3603] [MERGED] New profiles for balsa,trojita,kube
Opened
#4827 [PR #3619] [MERGED] Fixes smplayer
Opened
#4828 [PR #3621] [MERGED] Update fj-mkdeb.py
Opened
#4829 [PR #3607] [MERGED] Switch mails to whitelisting
Opened
#4830 [PR #3622] [MERGED] New disable include: disable-write-mnt.inc
Opened
#4831 [PR #3624] [CLOSED] Syscalls py (#3106)
Opened
#4832 [PR #3650] [MERGED] Create codeql-analysis.yml
Opened
#4833 [PR #3651] [MERGED] Create build.yml
Opened
#4834 [PR #3642] [MERGED] Update bug_report.md
Opened
#4835 [PR #3652] [MERGED] added configure option to disable man pages
Opened
#4836 [PR #3653] [MERGED] fix command test in jail_prober.py
Opened
#4837 [PR #3657] [MERGED] Fix SELinux crash
Opened
#4838 [PR #3660] [MERGED] Fix AppArmor 3.0 support (closes #3659)
Opened
#4839 [PR #3656] [MERGED] Update vmware.profile
Opened
#4840 [PR #3664] [MERGED] Allowing links in netns
Opened
#4841 [PR #3667] [MERGED] Update wire-desktop.profile (again)
Opened
#4842 [PR #3672] [MERGED] Updated fix_private-bin.py shebang to use env python3 like other contrib/*.py scripts
Opened
#4843 [PR #3670] [MERGED] build: enable CI build with scan-build
Opened
#4844 [PR #3674] [MERGED] Apply --rmenv immediately to help to avoid the env var length check
Opened
#4845 [PR #3675] [MERGED] Strip out \r's.
Opened
#4846 [PR #3676] [MERGED] Allow --tmpfs and --bind inside $HOME for unprivileged users
Opened
#4847 [PR #3683] [MERGED] Fix blu-ray playback with libaacs
Opened
#4848 [PR #3688] [MERGED] profiles: chromium: rework & add new profiles
Opened
#4849 [PR #3679] [MERGED] Update virtualbox.profile
Opened
#4850 [PR #3692] [CLOSED] let tests fail build
Opened
#4851 [PR #3694] [MERGED] check that profiles are sorted
Opened
#4852 [PR #3698] [MERGED] profiles: celluloid: allow lua
Opened
#4853 [PR #3703] [MERGED] Remove redundant read-only item
Opened
#4854 [PR #3700] [MERGED] fix #3699 -- Firefox can't inhibit screensavers/screen blanking
Opened
#4855 [PR #3704] [MERGED] Update okular.profile to support cbr files
Opened
#4856 [PR #3705] [CLOSED] Improve firejail exec failure logging
Opened
#4857 [PR #3716] [MERGED] Remove nou2f in ssh profile
Opened
#4858 [PR #3710] [CLOSED] Exec failure logging
Opened
#4859 [PR #3717] [MERGED] Add spectacle's profile
Opened
#4860 [PR #3708] [CLOSED] sync to 0.9.64
Opened
#4861 [PR #3719] [MERGED] ci: enable test-fs tests on github-ci
Opened
#4862 [PR #3734] [MERGED] Update linphone profile
Opened
#4863 [PR #3742] [MERGED] Add profile for straw-viewer
Opened
#4864 [PR #3740] [MERGED] minetest.profile: whitelist /usr/share/games/minetest
Opened
#4865 [PR #3746] [MERGED] install libraries needed by fcopy when using private-lib
Opened
#4866 [PR #3747] [MERGED] Add profile for authenticator-rs, improve falkon
Opened
#4867 [PR #3751] [MERGED] disable-shell.inc: add mksh shell
Opened
#4868 [PR #3750] [MERGED] Dbus fixes
Opened
#4869 [PR #3748] [MERGED] evince.profile: noblacklist bookmark folder
Opened
#4870 [PR #3752] [MERGED] reimplement --get using --cat
Opened
#4871 [PR #3757] [MERGED] from my overrides
Opened
#4872 [PR #3760] [MERGED] keepassxc.profile: Fix hang due to seccomp
Opened
#4873 [PR #3762] [MERGED] reimplement --private-cache using --tmpfs
Opened
#4874 [PR #3763] [CLOSED] Minetest profile fix
Opened
#4875 [PR #3766] [MERGED] Miscellaneous whitelist-runuser-common fixes
Opened
#4876 [PR #3764] [MERGED] minetest: Enable rm
Opened
#4877 [PR #3768] [MERGED] add gnome-shell search-provider file to firefox.profile
Opened
#4878 [PR #3771] [MERGED] disable dbus in QMediathekView
Opened
#4879 [PR #3772] [MERGED] use openat2 syscall when available
Opened
#4880 [PR #3778] [MERGED] Fix building C# projects in Godot
Opened
#4881 [PR #3779] [MERGED] Update build.yml
Opened
#4882 [PR #3803] [MERGED] Update yelp.profile
Opened
#4883 [PR #3802] [MERGED] harden sysprof
Opened
#4884 [PR #3791] [MERGED] Improvements to balsa,fractal,gajim,trojita
Opened
#4885 [PR #3807] [MERGED] profiles: refactor electron.profile and electron-based programs
Opened
#4886 [PR #3808] [MERGED] integrate relevant options into server.profile
Opened
#4887 [PR #3812] [MERGED] Create firejail-welcome.s
Opened
#4888 [PR #3811] [MERGED] refactor playonlinux as wine redirect
Opened
#4889 [PR #3810] [MERGED] Dc add ldns
Opened
#4890 [PR #3813] [MERGED] curl HSTS cache support
Opened
#4891 [PR #3816] [MERGED] New profiles for alacarte,tootle,photoflare
Opened
#4892 [PR #3818] [MERGED] streamline comments in inc files
Opened
#4893 [PR #3819] [MERGED] rename whitelist-players.inc to whitelist-player-common.inc
Opened
#4894 [PR #3821] [MERGED] Fix sound in games using FMOD
Opened
#4895 [PR #3820] [MERGED] Refactor archivers
Opened
#4896 [PR #3824] [MERGED] re-enable nogroups with a comment in zoom.profile
Opened
#4897 [PR #3825] [MERGED] rename softmaker-common.inc to softmaker-common.profile
Opened
#4898 [PR #3826] [MERGED] Runuser fixes
Opened
#4899 [PR #3827] [MERGED] Refactor archivers ii
Opened
#4900 [PR #3828] [MERGED] Dc add dns
Opened
#4901 [PR #3829] [MERGED] disable-shell.inc: add oksh
Opened
#4902 [PR #3832] [MERGED] Archiver fixes - drop private-bin
Opened
#4903 [PR #3830] [MERGED] archiver fixes
Opened
#4904 [PR #3834] [MERGED] profiles: archivers: drop disable-common and disable-programs
Opened
#4905 [PR #3839] [MERGED] x11=none: don't fail on abstract socket if netns …
Opened
#4906 [PR #3847] [MERGED] Small fixes
Opened
#4907 [PR #3848] [MERGED] Add profiles for MS Edge dev build for Linux and Librewolf
Opened
#4908 [PR #3849] [MERGED] Email part (2)
Opened
#4909 [PR #3850] [MERGED] join: add fexecve fallback for shells
Opened
#4910 [PR #3852] [MERGED] Implement netns in profiles, closes #3846
Opened
#4911 [PR #3853] [MERGED] New profile for CoyIM
Opened
#4912 [PR #3854] [MERGED] profiles: add redirect from matrix-mirage to mirage
Opened
#4913 [PR #3863] [MERGED] fix #3859
Opened
#4914 [PR #3859] [MERGED] really fix running kernel config check
Opened
#4915 [PR #3864] [MERGED] Add first version of zsh completion
Opened
#4916 [PR #3866] [MERGED] Add profile for npm
Opened
#4917 [PR #3869] [MERGED] drop doubled disable-exec in signal-desktop
Opened
#4918 [PR #3870] [MERGED] new profile: tutanota-desktop
Opened
#4919 [PR #3867] [MERGED] return to non-dumpable plugins
Opened
#4920 [PR #3873] [MERGED] harden liferea
Opened
#4921 [PR #3875] [MERGED] electron redirect fixes
Opened
#4922 [PR #3879] [MERGED] Whitelist Bohemia Interactive config dir for Steam
Opened
#4923 [PR #3876] [MERGED] refactor nodejs applications (npm & yarn)
Opened
#4924 [PR #3880] [MERGED] discord-common.profile: Fix audio support
Opened
#4925 [PR #3885] [MERGED] ssh: Refactor, fix bugs & harden
Opened
#4926 [PR #3882] [MERGED] fix ordering in ssh.profile
Opened
#4927 [PR #3887] [MERGED] new profile: agetpkg
Opened
#4928 [PR #3886] [MERGED] add new profiles: lsar & unar (ar redirects)
Opened
#4929 [PR #3888] [MERGED] new profile: mdr
Opened
#4930 [PR #3890] [MERGED] new profile: qnapi
Opened
#4931 [PR #3889] [MERGED] add new profile: shotwell
Opened
#4932 [PR #3893] [MERGED] bug_report.md: improve wording (upstream/duplicates)
Opened
#4933 [PR #3895] [MERGED] newsboat: add lynx support
Opened
#4934 [PR #3896] [MERGED] Add new allow include allow-bin-sh.inc
Opened
#4935 [PR #3897] [MERGED] Update telegram.profile
Opened
#4936 [PR #3899] [MERGED] Create nolocal6.net
Opened
#4937 [PR #3901] [MERGED] harden plv.profile
Opened
#4938 [PR #3900] [MERGED] Add $PATH expansion to private-lib
Opened
#4939 [PR #3902] [MERGED] add new profile: pkglog
Opened
#4940 [PR #3903] [MERGED] private-lib: add new timetrace
Opened
#4941 [PR #3908] [MERGED] Update bibletime.profile, add new whitelist
Opened
#4942 [PR #3913] [MERGED] Update vmware.profile
Opened
#4943 [PR #3916] [MERGED] Misc comment fixes
Opened
#4944 [PR #3915] [MERGED] profiles: google-earth: refactor
Opened
#4945 [PR #3917] [CLOSED] profiles: fix cheese, authenticator & harden liferea
Opened
#4946 [PR #3918] [MERGED] Add profile for kdiff3
Opened
#4947 [PR #3921] [MERGED] revert #3920
Opened
#4948 [PR #3920] [MERGED] remove noblacklist without blacklist
Opened
#4949 [PR #3923] [MERGED] google-earth-pro: fix private-bin & add extensive comment on sandboxing
Opened
#4950 [PR #3922] [MERGED] streamline 'Allow xxx' comments
Opened
#4951 [PR #3924] [CLOSED] follow-up fixes for #3914
Opened
#4952 [PR #3929] [MERGED] tests: improve check for sound capabilities
Opened
#4953 [PR #3930] [CLOSED] manpage: clarify seccomp behavior
Opened
#4954 [PR #3926] [MERGED] Disable the webkit2gtk-4.0 sandbox in bijiben
Opened
#4955 [PR #3932] [MERGED] add quiet to lzdiff/lzmadec
Opened
#4956 [PR #3931] [MERGED] follow-up fixes for #3914
Opened
#4957 [PR #3934] [MERGED] Seccomp error action fixes
Opened
#4958 [PR #3935] [MERGED] Add profile for avidemux
Opened
#4959 [PR #3944] [MERGED] Update spectacle.profile
Opened
#4960 [PR #3936] [MERGED] Fix minor typo in firecfg's manual page
Opened
#4961 [PR #3946] [MERGED] Add profile for Gemini
Opened
#4962 [PR #3955] [MERGED] use ${DOWNLOADS} in lutris.profile
Opened
#4963 [PR #3947] [MERGED] add a /usr/share whitelist item for uim
Opened
#4964 [PR #3950] [MERGED] disable-interpreters.inc: blacklist the other libmozjs
Opened
#4965 [PR #3956] [MERGED] Organize archivers
Opened
#4966 [PR #3961] [MERGED] etc: use ${DOCUMENTS} macro where appropriate
Opened
#4967 [PR #3967] [MERGED] configure*: fix typo of HAVE_USERTMPFS
Opened
#4968 [PR #3964] [MERGED] Revert "etc: use ${DOCUMENTS} macro where appropriate"
Opened
#4969 [PR #3966] [MERGED] Add a comment in some profiles to allow screen sharing
Opened
#4970 [PR #3969] [MERGED] add support for faccessat2 syscall
Opened
#4971 [PR #3970] [MERGED] small man fixes
Opened
#4972 [PR #3984] [MERGED] profiles: firefox: add new keepassxc socket paths
Opened
#4973 [PR #3974] [MERGED] Always allow empty environment variables
Opened
#4974 [PR #3985] [MERGED] Sort.py updates
Opened
#4975 [PR #3983] [MERGED] New profile: Quodlibet
Opened
#4976 [PR #3988] [MERGED] add apparmor to torbrowser-launcher
Opened
#4977 [PR #3990] [MERGED] Follow-up fixes for torbrowser-launcher
Opened
#4978 [PR #3993] [MERGED] fixes for profile.template
Opened
#4979 [PR #3994] [MERGED] contrib/firejail-welcome.sh: fix copyright year
Opened
#4980 [PR #3995] [MERGED] fix private-bin in jitsi-meet-desktop
Opened
#4981 [PR #3997] [MERGED] Create nextcloud-desktop.profile
Opened
#4982 [PR #4001] [MERGED] profiles: signal-desktop: remove invalid ignore include-xdg.inc
Opened
#4983 [PR #4000] [MERGED] Fix patch-util not having access to libdl.so
Opened
#4984 [PR #3998] [MERGED] Upstreaming a set of fixes from Sailfish's packaging
Opened
#4985 [PR #4002] [MERGED] ipcalc: misc fixes
Opened
#4986 [PR #4003] [MERGED] Minor fixes for vmware
Opened
#4987 [PR #4004] [MERGED] add PATH_FCOPY to private-lib automatically
Opened
#4988 [PR #4007] [MERGED] fix firecfg links in restrictive sandboxes
Opened
#4989 [PR #4005] [MERGED] new profile: lzop
Opened
#4990 [PR #4008] [MERGED] add new profile for gget
Opened
#4991 [PR #4009] [MERGED] Allow changing protocol list after initial set
Opened
#4992 [PR #4010] [MERGED] Add --mkdir and --mkfile CLI options
Opened
#4993 [PR #4016] [MERGED] Create rtv-addons.inc
Opened
#4994 [PR #4015] [MERGED] dbus.c: check_object_path: Allow /StatusNotifierWatcher
Opened
#4995 [PR #4019] [MERGED] fix protocol list
Opened
#4996 [PR #4021] [MERGED] Force nnp compile time
Opened
#4997 [PR #4023] [CLOSED] adding pipe-viewer profile
Opened
#4998 [PR #4022] [CLOSED] fix audit 'syscalls check' output
Opened
#4999 [PR #4024] [MERGED] Makefile improvements
Opened
#5000 [PR #4028] [MERGED] Rename archiver-common.inc
Opened
#5001 [PR #4025] [CLOSED] add support for "play with..."
Opened
#5002 [PR #4031] [MERGED] Rename firefox-common-addons.inc
Opened
#5003 [PR #4029] [MERGED] Rename feh-network.inc
Opened
#5004 [PR #4030] [MERGED] Rename chromium-common-hardened.inc
Opened
#5005 [PR #4036] [MERGED] Add new condition ?HAS_PRIVATE:
Opened
#5006 [PR #4035] [MERGED] Improve error messages
Opened
#5007 [PR #4037] [MERGED] adding support for "play with..." extension
Opened
#5008 [PR #4040] [MERGED] sandbox setup: postpone fslogger
Opened
#5009 [PR #4038] [MERGED] Zsh completion improvements
Opened
#5010 [PR #4041] [MERGED] sandbox setup: postpone library preloading
Opened
#5011 [PR #4042] [MERGED] private-lib hardening
Opened
#5012 [PR #4043] [MERGED] private-lib: mask /usr/local/lib[,64] directories, too
Opened
#5013 [PR #4045] [MERGED] private-lib: move to mount-only
Opened
#5014 [PR #4048] [MERGED] Grammar
Opened
#5015 [PR #4051] [MERGED] Fix "Could not create AF_NETLINK socket"
Opened
#5016 [PR #4064] [MERGED] newsboat/newsbeuter corrections
Opened
#5017 [PR #4068] [MERGED] atril support for cbz, cbr, cbt, cb7
Opened
#5018 [PR #4069] [MERGED] New profiles: hasher-common and checksum tools
Opened
#5019 [PR #4065] [MERGED] man firejail: fix --dbus-{system,user}.log requirement
Opened
#5020 [PR #4071] [MERGED] Commons of opengl-game-wrapper.sh
Opened
#5021 [PR #4079] [MERGED] Add profile for youtube-dl-gui & some other changes
Opened
#5022 [PR #4083] [MERGED] Improve English in the PR template
Opened
#5023 [PR #4082] [MERGED] Improve English in default profile template
Opened
#5024 [PR #4084] [MERGED] Clarify what the Description comment is for
Opened
#5025 [PR #4085] [MERGED] Document enabling debugging for Node.js
Opened
#5026 [PR #4094] [MERGED] fixing engrampa profile
Opened
#5027 [PR #4097] [MERGED] Fix typo policies
Opened
#5028 [PR #4095] [MERGED] make appimage mounts private to sandbox
Opened
#5029 [PR #4098] [MERGED] Create bcompare.profile
Opened
#5030 [PR #4100] [MERGED] Clarify novideo
Opened
#5031 [PR #4101] [MERGED] [minor] qcomicbook and pipe-viewer in disable-programs
Opened
#5032 [PR #4117] [MERGED] profiles: nheko: fix paths
Opened
#5033 [PR #4116] [MERGED] Update vmware.profile & dbus-policy for amarok
Opened
#5034 [PR #4102] [MERGED] fixing dbus filtering for engrampa
Opened
#5035 [PR #4119] [MERGED] [minor] .cache/youtube-viewer in disable-programs.inc
Opened
#5036 [PR #4121] [MERGED] fix private-lib in clawsker.profile
Opened
#5037 [PR #4125] [MERGED] fixes for gnome-logs
Opened
#5038 [PR #4126] [MERGED] Rename chromium-common-hardened and feh-network …
Opened
#5039 [PR #4128] [MERGED] reorganizing youtube-viewers
Opened
#5040 [PR #4139] [MERGED] makefiles: replace character class with plain char
Opened
#5041 [PR #4140] [MERGED] Follow up for #4126
Opened
#5042 [PR #4148] [MERGED] Improve comments in apparmor files
Opened
#5043 [PR #4149] [MERGED] Add localtime to signal-desktop's profile.
Opened
#5044 [PR #4141] [MERGED] Improve issue template
Opened
#5045 [PR #4155] [MERGED] dropbox: allow python3, fix for issue #4150
Opened
#5046 [PR #4159] [MERGED] New profile: Librewolf Nightly
Opened
#5047 [PR #4161] [MERGED] allow notifications + comment fixes
Opened
#5048 [PR #4164] [MERGED] Update Librewolf profile and Add Sway profile
Opened
#5049 [PR #4165] [MERGED] Encourage making overrides in *.local files
Opened
#5050 [PR #4167] [MERGED] WebStorm: allow Dolphin to access its config file
Opened
#5051 [PR #4170] [MERGED] steam: some more games added
Opened
#5052 [PR #4172] [CLOSED] Update nodejs-common: enable npx, clarify
Opened
#5053 [PR #4174] [MERGED] Minor Fixes
Opened
#5054 [PR #4176] [MERGED] Fix typo
Opened
#5055 [PR #4180] [MERGED] Fix typo (adivsory -> advisory)
Opened
#5056 [PR #4179] [MERGED] Add examples how to allow browser access to Gnome extensions connector
Opened
#5057 [PR #4188] [MERGED] Create tmux.profile
Opened
#5058 [PR #4196] [MERGED] profstats - fix printf for include globals
Opened
#5059 [PR #4193] [MERGED] add passwd to private-etc
Opened
#5060 [PR #4200] [MERGED] unblock tor support in brave
Opened
#5061 [PR #4203] [MERGED] Add FireDragon profile
Opened
#5062 [PR #4204] [MERGED] man: corrections regarding --private-FOO options
Opened
#5063 [PR #4207] [CLOSED] [WIP] refactor vivaldi profiles
Opened
#5064 [PR #4209] [MERGED] Map /dev/input with "--private-dev", add "--no-input" option to disable it
Opened
#5065 [PR #4215] [MERGED] Add support for subdirs in private-etc
Opened
#5066 [PR #4217] [MERGED] Delete *.profie
Opened
#5067 [PR #4219] [MERGED] Some minor changes
Opened
#5068 [PR #4225] [MERGED] steam.profile: fix rogue legacy paths and syntax
Opened
#5069 [PR #4221] [CLOSED] Added Kotatogram-Desktop & Other Fixes
Opened
#5070 [PR #4229] [MERGED] Whitelist2
Opened
#5071 [PR #4226] [MERGED] Rework sort_protocol (sort.py)
Opened
#5072 [PR #4231] [MERGED] fix regextester
Opened
#5073 [PR #4232] [MERGED] add FAQ references to firefox.profile
Opened
#5074 [PR #4230] [MERGED] New profile for neochat
Opened
#5075 [PR #4233] [MERGED] harden audio-recorder
Opened
#5076 [PR #4234] [MERGED] support older gstreamer setups in xfce4-mixer
Opened
#5077 [PR #4242] [MERGED] profiles: wireshark: disable seccomp
Opened
#5078 [PR #4240] [MERGED] profiles: whitelist mozilla (webext) extensions in chromium profile
Opened
#5079 [PR #4239] [MERGED] Add noinput to all profiles with private-dev
Opened
#5080 [PR #4245] [MERGED] some wireshark hardening
Opened
#5081 [PR #4248] [CLOSED] [WIP] joplin cli profile
Opened
#5082 [PR #4251] [MERGED] whitelist /var/lib/aspell in whitelist-var-common.inc
Opened
#5083 [PR #4254] [MERGED] pluma broken with memory-deny-write-execute
Opened
#5084 [PR #4255] [MERGED] Node.js stack refactoring
Opened
#5085 [PR #4257] [MERGED] read-write fixes
Opened
#5086 [PR #4258] [MERGED] revert comment changes from #4257
Opened
#5087 [PR #4266] [MERGED] fix: discord logout on opening twice
Opened
#5088 [PR #4259] [MERGED] contrib/vim: add missing noinput command to syn match
Opened
#5089 [PR #4260] [MERGED] Add songrec
Opened
#5090 [PR #4269] [CLOSED] profile.template: add missing noautopulse option
Opened
#5091 [PR #4271] [MERGED] Follow-up for #4165
Opened
#5092 [PR #4277] [MERGED] CI: build with clang 11
Opened
#5093 [PR #4276] [MERGED] Harden device access in default.profile
Opened
#5094 [PR #4273] [MERGED] Try to fix #2310 -- Can't create run directory without suid-root
Opened
#5095 [PR #4278] [MERGED] rename noautopulse to keep-config-pulse
Opened
#5096 [PR #4283] [MERGED] profiles: lutris: allow bin paths and gamemode dbus
Opened
#5097 [PR #4287] [MERGED] Restrict /usr/libexec
Opened
#5098 [PR #4284] [MERGED] Add cargo.profile
Opened
#5099 [PR #4286] [MERGED] add support for cargo toml/non-toml files
Opened
#5100 [PR #4288] [MERGED] Create whitelist-run-common.inc
Opened
#5101 [PR #4290] [MERGED] profiles: zoom: allow ~/Documents/Zoom
Opened
#5102 [PR #4291] [MERGED] fixes for eb30ce5 (new profiles)
Opened
#5103 [PR #4293] [MERGED] configure*: fix build with non-bash /bin/sh
Opened
#5104 [PR #4300] [MERGED] CI: build with GCC 11
Opened
#5105 [PR #4302] [MERGED] Whitelist2 follow-up
Opened
#5106 [PR #4307] [MERGED] Refine appimage example in docs
Opened
#5107 [PR #4315] [CLOSED] added size specifier for rlimit-as.
Opened
#5108 [PR #4316] [MERGED] Configure improvements
Opened
#5109 [PR #4317] [MERGED] [minor] gunzip profile broken
Opened
#5110 [PR #4318] [MERGED] Update vim syntax highlighting
Opened
#5111 [PR #4320] [MERGED] reorganizing links browsers
Opened
#5112 [PR #4326] [MERGED] cmdline.c: optionally quote the resulting command line
Opened
#5113 [PR #4325] [MERGED] jail_prober: enable absolut include directives
Opened
#5114 [PR #4327] [MERGED] Correct typo in telegram-desktop profile
Opened
#5115 [PR #4330] [MERGED] add firejail.config switch for private-{bin,etc,opt,srv}
Opened
#5116 [PR #4332] [MERGED] Refactor bitwarden as electron redirect
Opened
#5117 [PR #4334] [MERGED] Fix sort error in profile.template
Opened
#5118 [PR #4333] [MERGED] creating googler and ddgr profiles
Opened
#5119 [PR #4338] [MERGED] mcomix profile creation
Opened
#5120 [PR #4340] [MERGED] augment seccomp lists in firejail.config
Opened
#5121 [PR #4342] [MERGED] minor fix googler profile
Opened
#5122 [PR #4343] [MERGED] tightening zathura profile
Opened
#5123 [PR #4344] [MERGED] creating qcomicbook profile
Opened
#5124 [PR #4345] [CLOSED] Add allow-pandoc.local
Opened
#5125 [PR #4347] [MERGED] Update w3m.profile
Opened
#5126 [PR #4348] [MERGED] Update weechat.profile
Opened
#5127 [PR #4350] [MERGED] creating alpine.profile
Opened
#5128 [PR #4356] [MERGED] profiles: add profile for tin news reader
Opened
#5129 [PR #4349] [MERGED] Misc hardening + refactoring
Opened
#5130 [PR #4360] [MERGED] gcov: add missing gcov.h includes
Opened
#5131 [PR #4365] [MERGED] Fix sndio support
Opened
#5132 [PR #4370] [MERGED] allow access to pkgconfig
Opened
#5133 [PR #4369] [MERGED] rtv profile correction
Opened
#5134 [PR #4368] [MERGED] Address #3872 with changes in pipewire for Firefox and Chromium
Opened
#5135 [PR #4371] [MERGED] Correct amule.profile for upnp
Opened
#5136 [PR #4373] [MERGED] gcov: fix build failure with gcc 11.1.0
Opened
#5137 [PR #4374] [MERGED] fs_home.c: run more code with euid of the user
Opened
#5138 [PR #4375] [MERGED] remove kcmp from seccomp default drop list
Opened
#5139 [PR #4376] [MERGED] gcov: use no-op functions if not enabled
Opened
#5140 [PR #4388] [MERGED] allow/deny in zsh completion
Opened
#5141 [PR #4389] [MERGED] Create profcleaner.sh
Opened
#5142 [PR #4392] [MERGED] LC_ALL=C sort disable-programs.inc
Opened
#5143 [PR #4391] [MERGED] Update Clion profile and Add Clion EAP profile
Opened
#5144 [PR #4390] [MERGED] Exclude allow/deny move in profile from git blame
Opened
#5145 [PR #4399] [CLOSED] rkhunter fix
Opened
#5146 [PR #4407] [MERGED] Fix Firefox 'Profile not found' - whitelist /run/user/xxx/firefox
Opened
#5147 [PR #4412] [MERGED] Update telegram.profile
Opened
#5148 [PR #4413] [MERGED] Add new command checklist to CONTRIBUTING.md
Opened
#5149 [PR #4410] [MERGED] Revert "move whitelist/blacklist to allow/deny"
Opened
#5150 [PR #4419] [MERGED] add ncdu2 redirect profile
Opened
#5151 [PR #4420] [MERGED] ordering and additions
Opened
#5152 [PR #4427] [MERGED] IDS fixes
Opened
#5153 [PR #4438] [MERGED] Added quiet to some CLI profiles
Opened
#5154 [PR #4434] [MERGED] Added ${HOME}/Private blacklist to disable-common
Opened
#5155 [PR #4461] [MERGED] Move disable-passwordmgr.inc into disable-common.inc/disable-programs…
Opened
#5156 [PR #4462] [MERGED] Create disable-X11.inc
Opened
#5157 [PR #4470] [MERGED] Update celluloid.profile
Opened
#5158 [PR #4467] [MERGED] Give fbuilder full original environment
Opened
#5159 [PR #4473] [CLOSED] Add profile for Beyond All Reason
Opened
#5160 [PR #4475] [MERGED] telegram.profile: whitelist /usr/share/TelegramDesktop
Opened
#5161 [PR #4476] [MERGED] Fix hanging arp_check
Opened
#5162 [PR #4479] [MERGED] Issue template improvements
Opened
#5163 [PR #4481] [MERGED] README.md: add artix linux to distro list
Opened
#5164 [PR #4477] [MERGED] multimc5: fix exec of LWJGL libraries
Opened
#5165 [PR #4484] [MERGED] creating gallery-dl.profile
Opened
#5166 [PR #4485] [MERGED] updating youtube-viewers-common.profile
Opened
#5167 [PR #4486] [MERGED] create yt-dlp.profile
Opened
#5168 [PR #4487] [MERGED] .git-blame-ignore-revs: add revert of allow/deny move
Opened
#5169 [PR #4493] [MERGED] fix duplicate globals
Opened
#5170 [PR #4497] [CLOSED] WIP: Minor cleanup
Opened
#5171 [PR #4501] [MERGED] Blacklist Exodus wallet
Opened
#5172 [PR #4502] [MERGED] Revert "allow/deny help and man pages"
Opened
#5173 [PR #4507] [MERGED] Fix broken DNS resolution on Arch Linux using systemd-resolved
Opened
#5174 [PR #4510] [MERGED] Add new condition ALLOW_TRAY
Opened
#5175 [PR #4513] [CLOSED] telegram: Enable private-bin
Opened
#5176 [PR #4514] [MERGED] telegram: Enable private-bin
Opened
#5177 [PR #4515] [MERGED] Rework issue templates
Opened
#5178 [PR #4521] [MERGED] Create disable-proc.inc
Opened
#5179 [PR #4519] [MERGED] Add profiles for build-systems (/package-managers)
Opened
#5180 [PR #4533] [MERGED] rework exitcodes
Opened
#5181 [PR #4546] [MERGED] Let programs outside librewolf sandbox open new tabs in librewolf
Opened
#5182 [PR #4560] [MERGED] Remove /etc/hosts is_link check
Opened
#5183 [PR #4559] [MERGED] Add ld.so.preload to all private-etc lines
Opened
#5184 [PR #4556] [MERGED] Fix #4555 - Allow evince to read .cbz file format
Opened
#5185 [PR #4561] [MERGED] Issue template improvements2
Opened
#5186 [PR #4564] [MERGED] Create goldendict.profile
Opened
#5187 [PR #4572] [MERGED] Add missing final newlines
Opened
#5188 [PR #4573] [MERGED] Fix many typos
Opened
#5189 [PR #4571] [MERGED] Use complete license file
Opened
#5190 [PR #4574] [MERGED] Fix shellcheck warnings
Opened
#5191 [PR #4575] [MERGED] Trim excess whitespace
Opened
#5192 [PR #4585] [MERGED] add more EUID improvements
Opened
#5193 [PR #4579] [MERGED] fix compilation on musl (#4578)
Opened
#5194 [PR #4583] [MERGED] firejail.h: add missing linux/limits.h include & include cleanup
Opened
#5195 [PR #4586] [MERGED] trace, tracelog: don't truncate /etc/ld.so.preload in sandbox
Opened
#5196 [PR #4587] [MERGED] profiles: vscodium: add missing paths & codium redirect
Opened
#5197 [PR #4593] [MERGED] Revert "allow/deny fbuilder"
Opened
#5198 [PR #4591] [MERGED] s/S_IWRITE/S_IWUSR/
Opened
#5199 [PR #4590] [MERGED] Read mount id also on legacy kernels
Opened
#5200 [PR #4594] [MERGED] build: allow building with address sanitizer
Opened
#5201 [PR #4596] New profile: luarocks
Opened
#5202 [PR #4600] [MERGED] Add profiles for imv, retroarch, and torbrowser
Opened
#5203 [PR #4599] [MERGED] Use ?ALLOW_TRAY: (#4510) in profiles
Opened
#5204 [PR #4606] [MERGED] libtrace.c: use realpath instead of readlink to avoid PATH_MAX
Opened
#5205 [PR #4612] [MERGED] blobwars: add path to game assets compatible with Arch
Opened
#5206 [PR #4610] [MERGED] Fix misc in get_group_id
Opened
#5207 [PR #4613] [MERGED] Drop noinput for games with joystick/gamepad support
Opened
#5208 [PR #4622] [MERGED] Fix jumpnbump for Arch users
Opened
#5209 [PR #4621] [MERGED] Fix tremulous profile for Arch users
Opened
#5210 [PR #4624] [MERGED] Fix warsow profile for Arch users
Opened
#5211 [PR #4628] [MERGED] add basic Firejail support to AppArmor base abstraction (#3226)
Opened
#5212 [PR #4634] [MERGED] [minor] update mpv.profile
Opened
#5213 [PR #4635] [MERGED] deterministic-shutdown option
Opened
#5214 [PR #4632] [MERGED] Consider nosound and novideo when keeping groups & misc refactors
Opened
#5215 [PR #4643] [MERGED] Profile Checks
Opened
#5216 [PR #4652] [MERGED] Fix TOCTOU/CodeQL CWE-367 warnings (easy ones + fs.c)
Opened
#5217 [PR #4656] [CLOSED] WIP: Build firejail with meson
Opened
#5218 [PR #4675] [MERGED] more ssh fixes
Opened
#5219 [PR #4669] [MERGED] Relocate firecfg.config to /etc/firejail/
Opened
#5220 [PR #4676] [MERGED] Make env/arg sanity check failure messages more useful
Opened
#5221 [PR #4678] [CLOSED] update yt-dlp.profile
Opened
#5222 [PR #4679] [MERGED] update yt-dlp.profile
Opened
#5223 [PR #4681] [MERGED] Add OpenStego profile
Opened
#5224 [PR #4680] [MERGED] disable-common.inc: fix paths of slock and physlock
Opened
#5225 [PR #4688] [MERGED] Update firejail-local for Brave + ipfs
Opened
#5226 [PR #4690] [MERGED] Fix inconsistent descriptions of machine-id option
Opened
#5227 [PR #4724] [MERGED] Add a profile for Flatseal
Opened
#5228 [PR #4712] [MERGED] Configure improvements2
Opened
#5229 [PR #4695] [MERGED] build: Stop linking pthread
Opened
#5230 [PR #4725] [MERGED] Keep some groups regardless of nogroups and restore nogroups on nvidia
Opened
#5231 [PR #4726] [MERGED] Add monero-project blacklist to disable-programs.inc
Opened
#5232 [PR #4727] [MERGED] additional electron blacklists
Opened
#5233 [PR #4730] [MERGED] profstats cleanup
Opened
#5234 [PR #4729] [MERGED] goldendict: whitelist path to documentation and locales
Opened
#5235 [PR #4735] [MERGED] etc/profile-a-l/display.profile: additions needed on Gentoo
Opened
#5236 [PR #4732] [MERGED] Fix keeping certain groups with nogroups
Opened
#5237 [PR #4736] [CLOSED] Stop creating unused ~/.TelegramDesktop
Opened
#5238 [PR #4740] [MERGED] Implement a whitelist-ro command
Opened
#5239 [PR #4743] [MERGED] Add CachyBrowser profile
Opened
#5240 [PR #4744] [MERGED] dino.profile: netlink protocol is required for audio/video calls.
Opened
#5241 [PR #4747] [MERGED] Skype profile tweaks
Opened
#5242 [PR #4748] [MERGED] README.md: Mention security situation on Ubuntu and recommend PPA
Opened
#5243 [PR #4752] [MERGED] elinks.profile: Fix missing access to liblua
Opened
#5244 [PR #4755] [MERGED] yt-dlp: add missing paths & mpv.profile: whitelist paths for yt-dlp
Opened
#5245 [PR #4759] [MERGED] Allow /opt/tor-browser for Tor Browser profile
Opened
#5246 [PR #4771] [MERGED] Revert allow/deny leftovers
Opened
#5247 [PR #4776] [MERGED] allow lua in highlight.profile
Opened
#5248 [PR #4774] [MERGED] CI: pin GitHub actions to SHAs and use Dependabot to update them
Opened
#5249 [PR #4779] [MERGED] Fix teams ignoring input sources e.g. microphones
Opened
#5250 [PR #4781] [MERGED] Whitelist ${HOME}/.local/opt/tor-browser to make tor-browser work
Opened
#5251 [PR #4782] [MERGED] Whitelist /usr/share/nextcloud to allow access to translation files.
Opened
#5252 [PR #4803] [MERGED] Bump github/codeql-action from 1.0.24 to 1.0.26
Opened
#5253 [PR #4783] [MERGED] profiles: telegram: allow opening links (xdg-open)
Opened
#5254 [PR #4802] [MERGED] Fix clipgrab profile (yt-dlp requires python)
Opened
#5255 [PR #4807] [MERGED] skypeforlinux: Whitelist downloads directory
Opened
#5256 [PR #4824] [MERGED] add notable profile
Opened
#5257 [PR #4827] [MERGED] noprinters: add missing items & add to profile.template
Opened
#5258 [PR #4828] [MERGED] profiles: allow /usr/share/webext in chromium profile
Opened
#5259 [PR #4826] [MERGED] RPCS3 profile
Opened
#5260 [PR #4829] [MERGED] Seafile
Opened
#5261 [PR #4830] [MERGED] profiles: ordering fixes
Opened
#5262 [PR #4831] [MERGED] Blacklist rxvt after the blacklist of Perl.
Opened
#5263 [PR #4838] [MERGED] profiles: fix librewolf
Opened
#5264 [PR #4832] [MERGED] Add DBus filter rules specific to firefox-developer-edition
Opened
#5265 [PR #4840] [MERGED] profiles: mediathekview: fixes
Opened
#5266 [PR #4841] [MERGED] New profile: nvim (neovim)
Opened
#5267 [PR #4843] [MERGED] Noblacklist rxvt in allow-perl.inc
Opened
#5268 [PR #4852] [MERGED] Add wget2 support
Opened
#5269 [PR #4851] [MERGED] Keep vglusers group unless no3d is used (virtualgl)
Opened
#5270 [PR #4853] [MERGED] wget2 fixes
Opened
#5271 [PR #4856] [MERGED] keep-fd option (#4845)
Opened
#5272 [PR #4861] [MERGED] Bump github/codeql-action from 1.0.26 to 1.0.27
Opened
#5273 [PR #4862] [MERGED] steam.profile: allow /etc/vulkan
Opened
#5274 [PR #4863] [MERGED] {lutris,wine}.profile: allow ~/.cache/wine
Opened
#5275 [PR #4864] [MERGED] steam.profile: allow ~/.config/MangoHud
Opened
#5276 [PR #4865] [MERGED] gitlab-ci: fix debian_ci build (dh_missing hostnames)
Opened
#5277 [PR #4870] [MERGED] profiles: enable deterministic shutdown for ssh
Opened
#5278 [PR #4872] [MERGED] signal-desktop: fix opening links in Firefox
Opened
#5279 [PR #4868] [MERGED] Blacklist rclone, 1Password, Ledger Live and cointop
Opened
#5280 [PR #4873] [MERGED] add a profile for cointop
Opened
#5281 [PR #4874] [MERGED] New profile: 1password
Opened
#5282 [PR #4877] [MERGED] Bump github/codeql-action from 1.0.27 to 1.0.29
Opened
#5283 [PR #4878] [MERGED] build option: add AppImage support
Opened
#5284 [PR #4881] [MERGED] RELNOTES: add bugfixes
Opened
#5285 [PR #4885] [MERGED] Bump github/codeql-action from 1.0.29 to 1.0.30
Opened
#5286 [PR #4886] [MERGED] Fix a typo in README.md
Opened
#5287 [PR #4897] [MERGED] librewolf: use new d-bus message bus
Opened
#5288 [PR #4894] [MERGED] Allow common access to EGL External platform configuration directory
Opened
#5289 [PR #4889] [MERGED] RELNOTES: add security-related items
Opened
#5290 [PR #4901] [MERGED] mediainfo.profile: add quiet
Opened
#5291 [PR #4898] [MERGED] shellcheck.profile: remove mdwe
Opened
#5292 [PR #4908] [MERGED] Bump github/codeql-action from 1.0.30 to 1.0.31
Opened
#5293 [PR #4902] [MERGED] Organize relnotes
Opened
#5294 [PR #4903] [MERGED] profiles: keepass*: remove nou2f & add note about private-dev
Opened
#5295 [PR #4911] [MERGED] push changelog date, so that it's different from the previous one
Opened
#5296 [PR #4912] [MERGED] CI: replace centos (EOL) with almalinux
Opened
#5297 [PR #4915] [MERGED] keepassx: restore nou2f
Opened
#5298 [PR #4916] [MERGED] Refer to firejail.config in configuration files
Opened
#5299 [PR #4918] [MERGED] testing: fix expect matching of numbers
Opened
#5300 [PR #4919] [MERGED] Fix iridium.profile
Opened
#5301 [PR #4920] [MERGED] Update security policy for 0.9.68 release
Opened
#5302 [PR #4943] [MERGED] Bump github/codeql-action from 1.0.31 to 1.1.0
Opened
#5303 [PR #4933] [MERGED] Disable/comment message about nogroups being ignored
Opened
#5304 [PR #4934] [CLOSED] WIP: README.md: Update project page
Opened
#5305 [PR #4946] [MERGED] firejail.config: add warning about allow-tray
Opened
#5306 [PR #4948] [MERGED] Improve dino.profile.
Opened
#5307 [PR #4950] [MERGED] man.profile: remove read-only tmp to fix mandoc
Opened
#5308 [PR #4958] [MERGED] profiles: wireshark: disable private-dev
Opened
#5309 [PR #4957] [MERGED] add onionshare redirects
Opened
#5310 [PR #4959] [MERGED] hardening onionshare-gui.profile
Opened
#5311 [PR #4963] [MERGED] wireshark.profile: Add dac_read_search to caps.keep
Opened
#5312 [PR #4967] [MERGED] Bump github/codeql-action from 1.1.0 to 1.1.2
Opened
#5313 [PR #4966] [MERGED] Add support for changing appearance of the Qt6 apps with qt6ct
Opened
#5314 [PR #4964] [MERGED] qbittorrent.profile: fix data directory location
Opened
#5315 [PR #4970] [MERGED] hardening zeal.profile
Opened
#5316 [PR #4976] [MERGED] gconf-editor fix
Opened
#5317 [PR #4977] [MERGED] fix globals.local in mupdf & redirects
Opened
#5318 [PR #4981] [CLOSED] ffplay: fix private-etc
Opened
#5319 [PR #4985] [MERGED] whitelist restructuring
Opened
#5320 [PR #4979] [CLOSED] [firejail] Add ability to disable user profiles at compile time. OMP#…
Opened
#5321 [PR #4989] [MERGED] Bump github/codeql-action from 1.1.2 to 1.1.3
Opened
#5322 [PR #4990] [MERGED] Add ability to disable user profiles at compile time
Opened
#5323 [PR #4992] [MERGED] geary fixes
Opened
#5324 [PR #4999] [MERGED] opera fixes/hardening
Opened
#5325 [PR #5001] [MERGED] add opera-developer.profile
Opened
#5326 [PR #5002] [MERGED] more fixes for opera-beta
Opened
#5327 [PR #5003] [MERGED] fix sylpheed
Opened
#5328 [PR #5005] [MERGED] man: drop redundant whitelisting handled by wusc
Opened
#5329 [PR #5009] [MERGED] drop redundant ignore in chromium-based browsers
Opened
#5330 [PR #5007] [MERGED] whitelist /usr/share/gnupg2 for consistency
Opened
#5331 [PR #5013] [MERGED] Blacklist scala devel stuff
Opened
#5332 [PR #5017] [MERGED] Fix newest Steam client and Proton ≥ 5.13
Opened
#5333 [PR #5020] [MERGED] Bump actions/checkout from 2.4.0 to 3
Opened
#5334 [PR #5026] [MERGED] profiles: fix whitelisting in electron apps
Opened
#5335 [PR #5028] [MERGED] gcov: fix gcov functions always declared as dummy
Opened
#5336 [PR #5029] [MERGED] steam.profile: allow "${HOME}/.prey"
Opened
#5337 [PR #5040] [MERGED] minor cleanups, no functional changes
Opened
#5338 [PR #5042] [MERGED] mupdf refactoring cfr. https://github.com/netblue30/firejail/discussions/4993
Opened
#5339 [PR #5041] [MERGED] opera fixes
Opened
#5340 [PR #5043] [MERGED] man: mention that the protocol command accumulates
Opened
#5341 [PR #5044] [MERGED] Bump github/codeql-action from 1.1.3 to 1.1.4
Opened
#5342 [PR #5053] [MERGED] pip: fixes
Opened
#5343 [PR #5051] [CLOSED] [WIP] Node.js refactoring - again
Opened
#5344 [PR #5052] [MERGED] docs: mention inconsistent homedir bug involving --private=dir
Opened
#5345 [PR #5054] [MERGED] cmake: fix local override & wusc
Opened
#5346 [PR #5056] [MERGED] ocenaudio hardening
Opened
#5347 [PR #5061] [MERGED] ping: (extra) hardening
Opened
#5348 [PR #5060] [MERGED] build(deps): bump github/codeql-action from 1.1.4 to 1.1.5
Opened
#5349 [PR #5058] [MERGED] Node.js stack refactoring
Opened
#5350 [PR #5066] [MERGED] megaglest.profile: Add allow-lua.inc
Opened
#5351 [PR #5069] [CLOSED] whitelist-common.inc: remove redundant read-only entries
Opened
#5352 [PR #5071] [MERGED] profiles: blacklist and make ~/Applications dir read-only
Opened
#5353 [PR #5072] [MERGED] Fix Hugin profile.
Opened
#5354 [PR #5077] [MERGED] disable-common.inc: make ~/.config/pkcs11 read-only
Opened
#5355 [PR #5078] [MERGED] docs: mention capabilities(7) on --caps
Opened
#5356 [PR #5084] [MERGED] man: typo fixes
Opened
#5357 [PR #5087] [MERGED] teams: drop doubled option
Opened
#5358 [PR #5088] [MERGED] Allow resolution of .local names with avahi-daemon in the apparmor profile
Opened
#5359 [PR #5092] [MERGED] harden vlc
Opened
#5360 [PR #5090] [MERGED] build(deps): bump github/codeql-action from 1.1.5 to 2.1.6
Opened
#5361 [PR #5093] [MERGED] more snap blacklisting
Opened
#5362 [PR #5108] [MERGED] build(deps): bump actions/checkout from 3.0.0 to 3.0.1
Opened
#5363 [PR #5097] [MERGED] steam: add HotLine Miami
Opened
#5364 [PR #5102] [MERGED] build(deps): bump github/codeql-action from 2.1.6 to 2.1.8
Opened
#5365 [PR #5114] [MERGED] Stop warning on safe supplementary group clean
Opened
#5366 [PR #5115] [MERGED] Whitelist electron-flags.conf for all versions of electron
Opened
#5367 [PR #5119] [MERGED] build(deps): bump actions/checkout from 3.0.1 to 3.0.2
Opened
#5368 [PR #5128] [MERGED] build(deps): bump github/codeql-action from 2.1.8 to 2.1.9
Opened
#5369 [PR #5121] [MERGED] hostnames.c: fix mismatched dealloc (fclose -> pclose)
Opened
#5370 [PR #5129] [MERGED] Prevent empty /usr/share in google-chrome profiles
Opened
#5371 [PR #5131] [MERGED] Whitelist for NixOS to resolve binary paths in user environment
Opened
#5372 [PR #5132] [MERGED] NixOS fix OpenGL app support
Opened
#5373 [PR #5134] [MERGED] fzenity: fix dead store
Opened
#5374 [PR #5133] [MERGED] configure*: remove ultimately unused INSTALL and RANLIB check macros
Opened
#5375 [PR #5136] feature: add keep-xattrs option
Opened
#5376 [PR #5140] [MERGED] build: deduplicate configure-time vars into new config files
Opened
#5377 [PR #5142] [MERGED] Makefile.in: stop running distclean on dist
Opened
#5378 [PR #5141] [MERGED] nvim: add XDG_STATE_HOME path
Opened
#5379 [PR #5144] [MERGED] build(deps): bump github/codeql-action from 2.1.9 to 2.1.10
Opened
#5380 [PR #5147] [MERGED] ci: fix --version not printing compile-time features
Opened
#5381 [PR #5148] [MERGED] ci: print version after install & fix apparmor support on build_apparmor
Opened
#5382 [PR #5154] [MERGED] mkdeb.sh.in: pass remaining arguments to ./configure
Opened
#5383 [PR #5158] [MERGED] seamonkey.profile: support enigmail/gpg
Opened
#5384 [PR #5152] [MERGED] updates for wget2
Opened
#5385 [PR #5159] [MERGED] Kate fixes
Opened
#5386 [PR #5161] [CLOSED] Update transmission profile for DBus notifications
Opened
#5387 [PR #5165] [MERGED] minor fixes for git.profile
Opened
#5388 [PR #5163] [MERGED] build(deps): bump github/codeql-action from 2.1.10 to 2.1.11
Opened
#5389 [PR #5167] [MERGED] profiles: move blacklist of /etc/profile.d & blacklist /etc/profile
Opened
#5390 [PR #5170] [MERGED] ids.config: add missing global shell paths
Opened
#5391 [PR #5172] [MERGED] disable-shell.inc: add global shell paths from ids.config
Opened
#5392 [PR #5174] [MERGED] Revert "I am preparing a point release for next week, fixes and small…
Opened
#5393 [PR #5176] [MERGED] mkdeb.sh.in: stop enabling apparmor
Opened
#5394 [PR #5175] [MERGED] Add comment for enabling D-Bus desktop notifications to transmission-{gtk,qt}
Opened
#5395 [PR #5177] [MERGED] build(deps): bump github/codeql-action from 2.1.11 to 2.1.12
Opened
#5396 [PR #5182] [MERGED] Revert "Makefile.in: stop running distclean on dist"
Opened
#5397 [PR #5187] [CLOSED] profiles: steam: add path for Paradox Interactive Launcher
Opened
#5398 [PR #5189] [MERGED] docs: fix typo in firejail-welcome.sh
Opened
#5399 [PR #5184] [MERGED] RELNOTES: add new and removed profiles
Opened
#5400 [PR #5202] profiles: nodejs-common: fix node-gyp failing to build canvas
Opened
#5401 [PR #5203] [MERGED] fix artha and add dbus-user filtering
Opened
#5402 [PR #5213] [MERGED] Transmission fixes: drop private-lib
Opened
#5403 [PR #5206] [MERGED] build: fix file mode of shell scripts (644 -> 755)
Opened
#5404 [PR #5209] [MERGED] Remove shell none from profiles
Opened
#5405 [PR #5216] [MERGED] test/fs: enable private-lib in firejail.config
Opened
#5406 [PR #5219] [MERGED] build: reduce autoconf input files from 32 to 2
Opened
#5407 [PR #5224] [MERGED] build(deps): bump github/codeql-action from 2.1.12 to 2.1.14
Opened
#5408 [PR #5223] [MERGED] profiles: steam: add path for Paradox Interactive Launcher
Opened
#5409 [PR #5231] [MERGED] build(deps): bump github/codeql-action from 2.1.14 to 2.1.15
Opened
#5410 [PR #5237] [MERGED] add Colossal Order to steam.profile
Opened
#5411 [PR #5238] [MERGED] aria2c.profile: allow access to ~/.cache/winetricks
Opened
#5412 [PR #5242] [MERGED] Warn when encountering EIO during remount
Opened
#5413 [PR #5247] [MERGED] RELNOTES: add build items (plus commands)
Opened
#5414 [PR #5248] [MERGED] build: add dist build directory to .gitignore
Opened
#5415 [PR #5249] [MERGED] ci: ignore git-related paths and the project license
Opened
#5416 [PR #5251] [MERGED] build: add autoconf auto-generation comment to input files
Opened
#5417 [PR #5254] [MERGED] build(deps): bump github/codeql-action from 2.1.15 to 2.1.16
Opened
#5418 [PR #5259] [MERGED] introduce new option restrict-namespaces
Opened
#5419 [PR #5253] [MERGED] remmina.profile: allow python3
Opened
#5420 [PR #5270] [MERGED] viewnior.profile: allow accessing /usr/share/viewnior
Opened
#5421 [PR #5271] [MERGED] improve force-nonewprivs security guarantees
Opened
#5422 [PR #5275] [MERGED] ci: bump ubuntu to 22.04 and use newer compilers / analyzers
Opened
#5423 [PR #5274] [MERGED] Add support for custom AppArmor profiles (--apparmor=)
Opened
#5424 [PR #5278] [MERGED] neomutt: Avoid creating empty files/directories
Opened
#5425 [PR #5282] [MERGED] build(deps): bump github/codeql-action from 2.1.16 to 2.1.17
Opened
#5426 [PR #5283] [MERGED] build: Add files make uninstall forgot to remove
Opened
#5427 [PR #5284] [MERGED] build: config.sh.in: quote variables and fix shellcheck issues
Opened
#5428 [PR #5285] [MERGED] vmware.profile: snapshot requires /etc/mtab
Opened
#5429 [PR #5289] [MERGED] new profile: gdu
Opened
#5430 [PR #5290] [MERGED] docs: mention risk of SUID binaries and also firejail-users(5)
Opened
#5431 [PR #5296] [MERGED] docs: set vim filetype on man pages for syntax highlighting
Opened
#5432 [PR #5299] [MERGED] makepkg: add description
Opened
#5433 [PR #5298] [MERGED] electron-mail.profile refactoring
Opened
#5434 [PR #5300] [MERGED] audacity: disable apparmor
Opened
#5435 [PR #5301] [MERGED] build(deps): bump github/codeql-action from 2.1.17 to 2.1.18
Opened
#5436 [PR #5302] [MERGED] makedeb profile creation
Opened
#5437 [PR #5309] [MERGED] microsoft-edge.profile rewritten for stable channel and moved microsoft-edge{,-beta,-dev} from private-opt to whitelist
Opened
#5438 [PR #5305] [CLOSED] profiles: rename email-common to claws-sylpheed-common
Opened
#5439 [PR #5304] [CLOSED] profiles: clarify userns comments & fix comment on electron.profile
Opened
#5440 [PR #5310] [MERGED] build: add and use TARNAME instead of NAME for paths
Opened
#5441 [PR #5315] [MERGED] Add Landlock support to Firejail
Opened
#5442 [PR #5317] [MERGED] Fix an AppArmor profile denial issue with ptrace reading and signals
Opened
#5443 [PR #5322] [MERGED] man.profile needs additional private-etc items on arch
Opened
#5444 [PR #5323] [MERGED] profiles: steam: fix seccomp breakage with newer Proton-GE (process_vm_readv)
Opened
#5445 [PR #5325] [MERGED] profiles: tutanota-desktop: fixes and improvements
Opened
#5446 [PR #5330] [MERGED] tuir.profile creation
Opened
#5447 [PR #5334] [MERGED] build(deps): bump github/codeql-action from 2.1.18 to 2.1.19
Opened
#5448 [PR #5331] [MERGED] lbry-viewer.profile create
Opened
#5449 [PR #5343] [CLOSED] profiles: firefox-common: enable tracelog
Opened
#5450 [PR #5344] [MERGED] docs: note that blacklist/whitelist follow symlinks
Opened
#5451 [PR #5345] [MERGED] build(deps): bump github/codeql-action from 2.1.19 to 2.1.21
Opened
#5452 [PR #5347] [MERGED] Revert "Add Landlock support to Firejail"
Opened
#5453 [PR #5348] [MERGED] Fix Firefox 'Profile not found' for psd (v6.45)
Opened
#5454 [PR #5349] [MERGED] docs: Typo fixes
Opened
#5455 [PR #5353] [MERGED] Make /etc/ssh/ssh_config.d visible for ssh
Opened
#5456 [PR #5352] [MERGED] fix opening links in firefox youtube-viewers-common.profile
Opened
#5457 [PR #5355] [MERGED] Add profile for chafa
Opened
#5458 [PR #5359] [CLOSED] docs: fix spacing & typo in Landlock section of README.md
Opened
#5459 [PR #5357] [MERGED] build: only install ids.config when --enable-ids is set
Opened
#5460 [PR #5360] [MERGED] profiles: firefox-common: streamline dbus filtering
Opened
#5461 [PR #5361] [MERGED] docs: Add IRC channel info to README.md
Opened
#5462 [PR #5366] [MERGED] docs: man: Note that some commands can be disabled in firejail.config
Opened
#5463 [PR #5368] [MERGED] profiles: discord: fix issues with command-line usage
Opened
#5464 [PR #5362] [MERGED] build(deps): bump github/codeql-action from 2.1.21 to 2.1.22
Opened
#5465 [PR #5369] [CLOSED] [ignore] Test sort.py collate
Opened
#5466 [PR #5370] [MERGED] build: Remove deprecated syntax and modernize shell test scripts
Opened
#5467 [PR #5374] [MERGED] profiles: arduino: allow devel paths
Opened
#5468 [PR #5375] [MERGED] build(deps): bump github/codeql-action from 2.1.22 to 2.1.24
Opened
#5469 [PR #5371] [MERGED] profiles: allow perl/exiftool on the relevant profiles
Opened
#5470 [PR #5376] [MERGED] .git-blame-ignore-revs: change format and add Landlock v1
Opened
#5471 [PR #5377] [MERGED] RELNOTES: dedup/reword/sort/add
Opened
#5472 [PR #5386] [MERGED] mpv: whitelist mpv-mpris
Opened
#5473 [PR #5382] [MERGED] build(deps): bump github/codeql-action from 2.1.24 to 2.1.25
Opened
#5474 [PR #5380] [CLOSED] profiles: firefox: allow owning org.mozilla.firefox_esr.*
Opened
#5475 [PR #5387] [MERGED] profiles: blacklist sudo/doas paths in /etc
Opened
#5476 [PR #5388] docs: clarify filesystem directives
Opened
#5477 [PR #5398] [MERGED] docs: Add gist note to bug_report.md
Opened
#5478 [PR #5394] [MERGED] build(deps): bump github/codeql-action from 2.1.25 to 2.1.26
Opened
#5479 [PR #5389] [MERGED] Harden qutebrowser profile
Opened
#5480 [PR #5399] [CLOSED] mpv: whitelist mpv-mpris in lib64
Opened
#5481 [PR #5400] [MERGED] Revert "mpv: whitelist mpv-mpris (#5386)"
Opened
#5482 [PR #5402] [MERGED] docs: Make appimage examples consistent with --appimage option short description
Opened
#5483 [PR #5409] [MERGED] build(deps): bump actions/checkout from 3.0.2 to 3.1.0
Opened
#5484 [PR #5415] [MERGED] ktorrent.profile: fix mkfile without mkdir & comment legacy paths
Opened
#5485 [PR #5408] [MERGED] build(deps): bump github/codeql-action from 2.1.26 to 2.1.27
Opened
#5486 [PR #5429] [MERGED] build: sort.py improvements
Opened
#5487 [PR #5431] [MERGED] build: Fix musl warnings
Opened
#5488 [PR #5432] [MERGED] build(deps): bump github/codeql-action from 2.1.27 to 2.1.28
Opened
#5489 [PR #5439] [MERGED] [StepSecurity] ci: Harden GitHub Actions
Opened
#5490 [PR #5442] [MERGED] profiles: fixes for brave/evince/whalebird
Opened
#5491 [PR #5443] [MERGED] build(deps): bump github/codeql-action from 2.1.28 to 2.1.29
Opened
#5492 [PR #5451] [MERGED] docs: clarify that --appimage should appear before --profile
Opened
#5493 [PR #5449] [MERGED] lutris.profile: fix running League of Legends
Opened
#5494 [PR #5446] [CLOSED] firejail/checkcfg: fix xephyr-extra-params size
Opened
#5495 [PR #5452] [CLOSED] profiles: keepassxc: add new socket location
Opened
#5496 [PR #5453] [CLOSED] profiles: keepassxc: whitelist ~/.config/keepassxc
Opened
#5497 [PR #5456] [MERGED] Add godot3 redirect
Opened
#5498 [PR #5454] [CLOSED] profiles: keepassxc: allow access to the wayland socket
Opened
#5499 [PR #5458] [MERGED] build(deps): bump github/codeql-action from 2.1.29 to 2.1.31
Opened
#5500 [PR #5457] [CLOSED] firefox-common.profile: allow semtimedop syscall
Opened
#5501 [PR #5459] [MERGED] Add python3 support/fixes to nicotine
Opened
#5502 [PR #5464] [MERGED] profiles: deluge: add netlink to list of allowed protocols
Opened
#5503 [PR #5473] [MERGED] build(deps): bump step-security/harden-runner from 1.5.0 to 2.0.0
Opened
#5504 [PR #5467] [MERGED] Add support for cinelerra-gg
Opened
#5505 [PR #5475] [MERGED] Add --apparmor-replace (workaround for apparmor profile stacking bug)
Opened
#5506 [PR #5476] [MERGED] fix: PyCharm profiles
Opened
#5507 [PR #5478] [MERGED] build: deduplicate makefiles
Opened
#5508 [PR #5484] [MERGED] profiles: email-common: add localtime to private-etc
Opened
#5509 [PR #5481] [MERGED] ci: sort and ignore more paths
Opened
#5510 [PR #5485] [MERGED] ci: whitelist needed endpoints and block access to sudo
Opened
#5511 [PR #5486] [MERGED] firefox-common.profile: Add DRM support when using psd
Opened
#5512 [PR #5493] [MERGED] docs: add more Firefox examples to the firejail-local AppArmor profile
Opened
#5513 [PR #5488] [MERGED] build: fix formatting and misc in configure
Opened
#5514 [PR #5497] [MERGED] firefox-common-addons: fix whitelisting in ${RUNUSER}
Opened
#5515 [PR #5496] [MERGED] kcalc.profile: fix mkfile without mkdir & comment legacy paths
Opened
#5516 [PR #5498] [MERGED] spotify.profile: allow spotify-adblock paths
Opened
#5517 [PR #5506] [MERGED] build(deps): bump github/codeql-action from 2.1.31 to 2.1.35
Opened
#5518 [PR #5504] [MERGED] build: actually set LDFLAGS/LIBS & stop overriding CFLAGS/LDFLAGS
Opened
#5519 [PR #5502] [MERGED] Add basic gtksourceview language-spec (file type detection/syntax highlighting for profiles)
Opened
#5520 [PR #5516] [MERGED] New profile: tesseract
Opened
#5521 [PR #5517] [MERGED] private-etc: always reference 'alternatives'
Opened
#5522 [PR #5523] [MERGED] build(deps): bump github/codeql-action from 2.1.35 to 2.1.36
Opened
#5523 [PR #5521] [MERGED] clipit hardening
Opened
#5524 [PR #5522] [MERGED] Avidemux tools support
Opened
#5525 [PR #5527] [MERGED] profiles: Add support for Qt6
Opened
#5526 [PR #5526] [MERGED] qutebrowser: fix whitelisting for wusc
Opened
#5527 [PR #5535] [MERGED] build(deps): bump actions/checkout from 3.1.0 to 3.2.0
Opened
#5528 [PR #5536] [MERGED] build(deps): bump github/codeql-action from 2.1.36 to 2.1.37
Opened
#5529 [PR #5537] [MERGED] add restrict-namespaces to (almost) all applicable profiles
Opened
#5530 [PR #5538] [MERGED] audacity: support more config locations
Opened
#5531 [PR #5540] [MERGED] audacity: networking updates
Opened
#5532 [PR #5542] [MERGED] disable-common.inc: add gnome-console to disabled terminals
Opened
#5533 [PR #5543] [MERGED] seahorse refactoring
Opened
#5534 [PR #5541] [MERGED] Fix mDNS name resolution with wrc
Opened
#5535 [PR #5544] [MERGED] New profile: ssmtp
Opened
#5536 [PR #5546] [MERGED] spectre-meltdown-checker: fixes
Opened
#5537 [PR #5547] [MERGED] Revert "remove make deb and use make deb-apparmor to build packages"
Opened
#5538 [PR #5548] [MERGED] profiles: clarify that duplicated blacklisting of /proc/config.gz is intentional
Opened
#5539 [PR #5549] [MERGED] gpg-agent: sort private-bin (even though it's commented)
Opened
#5540 [PR #5550] [MERGED] gpg: fix private-bin
Opened
#5541 [PR #5551] [CLOSED] Add new (redirect) profile: dirmngr
Opened
#5542 [PR #5553] [MERGED] profiles: blacklist google-drive-ocamlfuse config
Opened
#5543 [PR #5554] [MERGED] docs: Fix broken Restrict-DBus wiki link on profile.template
Opened
#5544 [PR #5556] [MERGED] New profile: chatterino
Opened
#5545 [PR #5557] [MERGED] window manager profiles: fix browser/electron internal sandboxes
Opened
#5546 [PR #5563] [MERGED] New profiles: linuxqq/qq
Opened
#5547 [PR #5565] [MERGED] profiles: geary: allow opening hyperlinks via dbus
Opened
#5548 [PR #5569] [MERGED] profiles: electron: fix hardening include/comment
Opened
#5549 [PR #5567] [MERGED] profiles: ytmdesktop: fix typo in comment
Opened
#5550 [PR #5564] [MERGED] profiles: email: allow pinentry and opening links in Firefox via dbus
Opened
#5551 [PR #5571] [MERGED] profiles: email-common: refactor
Opened
#5552 [PR #5574] [CLOSED] feature: add fireurl
Opened
#5553 [PR #5573] [CLOSED] profiles: vlc: disable apparmor
Opened
#5554 [PR #5577] [MERGED] build: make shell commands more portable in firejail.vim
Opened
#5555 [PR #5576] [MERGED] build(deps): bump actions/checkout from 3.2.0 to 3.3.0
Opened
#5556 [PR #5578] [MERGED] modif: Prevent sandbox name from containing only digits
Opened
#5557 [PR #5583] [MERGED] profiles: QMediathekView: harden
Opened
#5558 [PR #5579] [CLOSED] profiles: ssh: allow ~/.ansible/cp
Opened
#5559 [PR #5586] [MERGED] docs: Remove invalid --profile-path from --help
Opened
#5560 [PR #5589] [MERGED] docs: remove apparmor options in --help when building without apparmor support
Opened
#5561 [PR #5591] [MERGED] modif: stop hiding blacklisted files in /etc by default and add a new etc-no-blacklisted option
Opened
#5562 [PR #5593] [MERGED] build(deps): bump github/codeql-action from 2.1.37 to 2.1.38
Opened
#5563 [PR #5592] [MERGED] build(deps): bump step-security/harden-runner from 2.0.0 to 2.1.0
Opened
#5564 [PR #5594] [MERGED] profiles: email-common: allow timezone to fix libical
Opened
#5565 [PR #5595] [MERGED] Rename etc-no-blacklisted to etc-hide-blacklisted
Opened
#5566 [PR #5596] [MERGED] profiles: zoom: whitelist ~/.config/zoom.conf
Opened
#5567 [PR #5600] [MERGED] modif: Stop forwarding own double-dash to the shell
Opened
#5568 [PR #5604] [CLOSED] profiles: abiword: remove no3d to fix libEGL warning
Opened
#5569 [PR #5602] [MERGED] profiles: profanity: fix notifications (dbus)
Opened
#5570 [PR #5609] [MERGED] profiles: fix private-etc (add missing resolv.conf)
Opened
#5571 [PR #5613] [MERGED] modif: Escape control characters of the command line
Opened
#5572 [PR #5624] [MERGED] profiles: qutebrowser: add passwd to private-etc
Opened
#5573 [PR #5614] [MERGED] build(deps): bump github/codeql-action from 2.1.38 to 2.1.39
Opened
#5574 [PR #5618] [MERGED] profiles: qutebrowser: fix links not opening in the existing instance
Opened
#5575 [PR #5627] [MERGED] build: auto-generate syntax files
Opened
#5576 [PR #5626] [MERGED] profiles: mutt: add ~/.mutthistory & reduce amount of paths created
Opened
#5577 [PR #5629] [MERGED] profiles: atool: fix private-etc (add missing resolv.conf)
Opened
#5578 [PR #5630] [MERGED] profiles: warzone2100: add paths for Arch Linux
Opened
#5579 [PR #5633] [MERGED] build(deps): bump github/codeql-action from 2.1.39 to 2.2.1
Opened
#5580 [PR #5631] [MERGED] profiles: inkscape: harden & allow saving settings via dbus
Opened
#5581 [PR #5634] [MERGED] feature: add "keep-shell-rc" command and option
Opened
#5582 [PR #5638] [MERGED] etc_groups.h: sort groups alphabetically
Opened
#5583 [PR #5635] [MERGED] profiles: disable-common.inc: add more ro editor/browser paths
Opened
#5584 [PR #5637] [MERGED] build: mark most phony targets as such
Opened
#5585 [PR #5641] [MERGED] profiles: private-etc fixes
Opened
#5586 [PR #5642] [MERGED] profiles: ephemeral: use new private-etc @groups syntax
Opened
#5587 [PR #5643] [MERGED] profiles: whois: re-fix private-etc
Opened
#5588 [PR #5646] [MERGED] New profile: parsecd
Opened
#5589 [PR #5645] Revert "private-etc: big profile changes"
Opened
#5590 [PR #5648] [MERGED] profiles: misc changes and self-ref fixes in ghostwriter/peek
Opened
#5591 [PR #5649] [MERGED] profiles: qutebrowser: allow userscripts by default
Opened
#5592 [PR #5653] [MERGED] profiles: blacklist sendgmail config
Opened
#5593 [PR #5651] [CLOSED] profiles: gnome-logs: fix missing machine-id in private-etc
Opened
#5594 [PR #5654] [MERGED] build: mkdeb.sh: pass all arguments to ./configure
Opened
#5595 [PR #5656] [MERGED] profiles: archiver-common: add mkinitcpio to private-etc
Opened
#5596 [PR #5655] [MERGED] profiles: archivers: drop private-etc now that it's in archiver-common
Opened
#5597 [PR #5657] [CLOSED] New profiles: lz4 and redirects
Opened
#5598 [PR #5660] [MERGED] profiles: transmission-cli: allow web client
Opened
#5599 [PR #5663] [MERGED] profiles: disable-common: prevent access to LUKS keyfile
Opened
#5600 [PR #5661] [MERGED] build(deps): bump github/codeql-action from 2.2.1 to 2.2.4
Opened
#5601 [PR #5664] [MERGED] Update copyright to 2023
Opened
#5602 [PR #5666] [MERGED] profiles: wusc: allow /usr/share/hyphen
Opened
#5603 [PR #5667] [MERGED] legal: selinux.c: Split Copyright notice & use same license as upstream
Opened
#5604 [PR #5665] [MERGED] profiles: foliate: fix .local include name
Opened
#5605 [PR #5668] [MERGED] build: deb: enable apparmor by default & remove deb-apparmor
Opened
#5606 [PR #5669] [MERGED] profiles: disable-common.inc: add systemd v253 blacklists
Opened
#5607 [PR #5671] [MERGED] profiles: apostrophe: drop whitelist covered by wusc
Opened
#5608 [PR #5675] [MERGED] New profiles: qpdf and redirects
Opened
#5609 [PR #5674] [MERGED] build: Fix whitespace and add .editorconfig
Opened
#5610 [PR #5677] [MERGED] feature: Print the argument when failing with "too long arguments"
Opened
#5611 [PR #5681] [MERGED] profiles: iagno: sort whitelist
Opened
#5612 [PR #5686] [MERGED] profiles: clarify userns comments
Opened
#5613 [PR #5682] [MERGED] profiles: parsecd: sort misc
Opened
#5614 [PR #5689] [MERGED] build(deps): bump step-security/harden-runner from 2.1.0 to 2.2.0
Opened
#5615 [PR #5690] [MERGED] build(deps): bump github/codeql-action from 2.2.4 to 2.2.5
Opened
#5616 [PR #5691] [MERGED] New profiles: jami and postman
Opened
#5617 [PR #5697] [MERGED] profiles: microsoft-edge: fixes, hardening and redirect
Opened
#5618 [PR #5695] [MERGED] profiles: rsync-download_only: fix .local include name
Opened
#5619 [PR #5693] [MERGED] docs: RELNOTES: fix typo
Opened
#5620 [PR #5700] [MERGED] profiles: bulk rename electron to electron-common
Opened
#5621 [PR #5702] [MERGED] profiles: drop hostname option from all profiles
Opened
#5622 [PR #5707] [MERGED] New profile: ani-cli
Opened
#5623 [PR #5706] [MERGED] New profile: lobster
Opened
#5624 [PR #5705] [MERGED] profiles: gajim: allow loading plugins
Opened
#5625 [PR #5708] [MERGED] modif: Forbid control chars in names and restrict hostname
Opened
#5626 [PR #5710] [MERGED] New profile: mov-cli
Opened
#5627 [PR #5711] [MERGED] profiles: mpv: improve and clarify comments
Opened
#5628 [PR #5714] [MERGED] New profile: porn-cli
Opened
#5629 [PR #5715] [MERGED] profiles: refactor youtube-dl and yt-dlp
Opened
#5630 [PR #5717] [MERGED] bugfix: fix examples in firejail-local AppArmor profile
Opened
#5631 [PR #5718] [MERGED] profiles: email-common: allow bsfilter
Opened
#5632 [PR #5728] [MERGED] profiles: refactor chromium/electron into blink-common
Opened
#5633 [PR #5719] [MERGED] profiles: email-common: allow clamav
Opened
#5634 [PR #5722] [MERGED] profiles: youtube-viewers: refactor and add gtk-youtube-viewers-common
Opened
#5635 [PR #5729] [MERGED] New profiles: discord redirects (DiscordPTB, discord-ptb)
Opened
#5636 [PR #5730] [MERGED] build(deps): bump step-security/harden-runner from 2.2.0 to 2.2.1
Opened
#5637 [PR #5731] [MERGED] build(deps): bump github/codeql-action from 2.2.5 to 2.2.6
Opened
#5638 [PR #5733] [MERGED] profiles: ani-cli: fix private-bin
Opened
#5639 [PR #5732] [MERGED] build: add missing HAVE_PRIVATE_LIB var
Opened
#5640 [PR #5734] [MERGED] profiles: engrampa: hardening
Opened
#5641 [PR #5735] [MERGED] profiles: streamline seccomp socket comment
Opened
#5642 [PR #5736] [MERGED] profiles: file-roller: slight hardening
Opened
#5643 [PR #5737] [MERGED] fs_etc.c: conditionally create /etc/resolv.conf
Opened
#5644 [PR #5739] [MERGED] build(deps): bump github/codeql-action from 2.2.6 to 2.2.7
Opened
#5645 [PR #5740] [MERGED] build(deps): bump actions/checkout from 3.3.0 to 3.4.0
Opened
#5646 [PR #5741] [MERGED] util.c: add and use ascii-only char functions
Opened
#5647 [PR #5744] [MERGED] profiles: keepassxc: allow offering the Secret Service
Opened
#5648 [PR #5742] [MERGED] ci: always update the package db before installing packages
Opened
#5649 [PR #5753] [CLOSED] profiles: ssh-agent: hardening
Opened
#5650 [PR #5752] [CLOSED] profiles: ssh-agent: add deterministic-shutdown
Opened
#5651 [PR #5755] [MERGED] profiles: allow lxqt config dir
Opened
#5652 [PR #5759] [CLOSED] build(deps): bump github/codeql-action from 2.2.7 to 2.2.8
Opened
#5653 [PR #5757] [MERGED] docs: markdown formatting and misc improvements
Opened
#5654 [PR #5760] [MERGED] build(deps): bump actions/checkout from 3.4.0 to 3.5.0
Opened
#5655 [PR #5761] [MERGED] New profile: standard-notes
Opened
#5656 [PR #5763] [MERGED] profiles: move read-only config entries to disable-common.inc
Opened
#5657 [PR #5770] [MERGED] profiles: pidgin: allow netlink
Opened
#5658 [PR #5768] [MERGED] profiles: standardnotes-desktop: fix custom (cursor) theme support
Opened
#5659 [PR #5776] [MERGED] build(deps): bump github/codeql-action from 2.2.7 to 2.2.9
Opened
#5660 [PR #5777] [MERGED] profiles: softmaker-common: add fstab to private-etc
Opened
#5661 [PR #5780] [MERGED] New profile: url-eater
Opened
#5662 [PR #5781] [MERGED] build(deps): bump github/codeql-action from 2.2.9 to 2.2.11
Opened
#5663 [PR #5783] [MERGED] ci: fix codeql unable to download its own bundle
Opened
#5664 [PR #5784] [MERGED] ci: split configure/build/install commands on gitlab
Opened
#5665 [PR #5782] [MERGED] build(deps): bump step-security/harden-runner from 2.2.1 to 2.3.0
Opened
#5666 [PR #5788] [MERGED] build(deps): bump github/codeql-action from 2.2.11 to 2.2.12
Opened
#5667 [PR #5794] [MERGED] profiles: standardize on just "GTK" on comments
Opened
#5668 [PR #5795] [MERGED] ci: fix swapped name/email arguments in debian_ci
Opened
#5669 [PR #5789] [MERGED] build(deps): bump actions/checkout from 3.5.0 to 3.5.2
Opened
#5670 [PR #5799] [MERGED] profiles: pycharm-professional: fix .local include name
Opened
#5671 [PR #5800] [MERGED] build(deps): bump github/codeql-action from 2.2.12 to 2.3.0
Opened
#5672 [PR #5802] [MERGED] ci: formatting and misc improvements
Opened
#5673 [PR #5801] [MERGED] build(deps): bump step-security/harden-runner from 2.3.0 to 2.3.1
Opened
#5674 [PR #5805] [MERGED] profiles: element-desktop: allow notifications
Opened
#5675 [PR #5806] [MERGED] bugfix: arp.c: ensure positive timeout on select(2)
Opened
#5676 [PR #5808] [MERGED] profiles: qutebrowser: update mpris name for qutebrowser-qt6
Opened
#5677 [PR #5811] [MERGED] build(deps): bump github/codeql-action from 2.3.0 to 2.3.2
Opened
#5678 [PR #5810] [MERGED] profiles: email-common: fix bogofilter/bsfilter support
Opened
#5679 [PR #5812] [MERGED] docs: add uninstall instructions to README.md
Opened
#5680 [PR #5815] [MERGED] ci: run for every branch instead of just master
Opened
#5681 [PR #5822] [MERGED] build(deps): bump step-security/harden-runner from 2.3.1 to 2.4.0
Opened
#5682 [PR #5826] [MERGED] profiles: block local python
Opened
#5683 [PR #5823] [MERGED] build(deps): bump github/codeql-action from 2.3.2 to 2.3.3
Opened
#5684 [PR #5824] [CLOSED] profiles: mcomix: allow exec in ${HOME}
Opened
#5685 [PR #5829] [MERGED] modif: Improve --version/--help & print version on startup
Opened
#5686 [PR #5841] [MERGED] build(deps): bump github/codeql-action from 2.3.3 to 2.3.5
Opened
#5687 [PR #5846] [MERGED] build(deps): bump github/codeql-action from 2.3.5 to 2.3.6
Opened
#5688 [PR #5844] [MERGED] profiles: firefox: fix private-etc
Opened
#5689 [PR #5842] [MERGED] build: enable compiler warnings by default
Opened
#5690 [PR #5847] [MERGED] profiles: lobster: sync with upstream changes
Opened
#5691 [PR #5850] [MERGED] contrib/vim: match profile files more broadly
Opened
#5692 [PR #5853] [CLOSED] build(deps): bump github/codeql-action from 2.3.6 to 2.13.4
Opened
#5693 [PR #5856] [MERGED] modif: Standardize and add missing name/hostname checks
Opened
#5694 [PR #5852] [MERGED] build(deps): bump actions/checkout from 3.5.2 to 3.5.3
Opened
#5695 [PR #5857] [MERGED] ci: standardize apt-get update/install & misc improvements
Opened
#5696 [PR #5859] [MERGED] build: remove -mretpoline and NO_EXTRA_CFLAGS
Opened
#5697 [PR #5860] [MERGED] build(deps): bump github/codeql-action from 2.3.6 to 2.20.0
Opened
#5698 [PR #5865] [MERGED] profiles: vmware improvements and new redirect
Opened
#5699 [PR #5864] [MERGED] build: disable all built-in implicit make rules
Opened
#5700 [PR #5866] [MERGED] build: organize and standardize make vars and targets
Opened
#5701 [PR #5867] [MERGED] build(deps): bump github/codeql-action from 2.20.0 to 2.20.1
Opened
#5702 [PR #5868] [MERGED] build(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1
Opened
#5703 [PR #5871] [MERGED] modif: improve errExit error messages
Opened
#5704 [PR #5880] [MERGED] profiles: virtualbox: fix private-etc for Gentoo
Opened
#5705 [PR #5876] [MERGED] feature: firecfg: add firecfg.d & add ignore command
Opened
#5706 [PR #5881] [MERGED] New profile: rssguard
Opened
#5707 [PR #5884] [MERGED] profiles: mov-cli: fix private-etc
Opened
#5708 [PR #5886] [MERGED] profiles: torbrowser-launcher: hardening
Opened
#5709 [PR #5885] [MERGED] profiles: lobster: allow writing to ~/.local/share/applications
Opened
#5710 [PR #5887] [MERGED] New profile: mullvad-browser
Opened
#5711 [PR #5890] [MERGED] build(deps): bump github/codeql-action from 2.20.1 to 2.20.3
Opened
#5712 [PR #5892] [MERGED] profiles: ani-cli: fix private-bin
Opened
#5713 [PR #5893] [MERGED] profiles: feh: fixes & hardening
Opened
#5714 [PR #5894] [MERGED] modif: drop deprecated 'shell' option references
Opened
#5715 [PR #5898] [MERGED] build: simplify code related to seccomp filters/man pages
Opened
#5716 [PR #5900] [MERGED] feature: add doas support in firecfg and jailcheck
Opened
#5717 [PR #5902] [CLOSED] profiles: bleachbit: allow erasing Trash contents
Opened
#5718 [PR #5905] [MERGED] profiles: fix misc in kmail/transmission-qt & add kontact.profile
Opened
#5719 [PR #5904] [MERGED] build(deps): bump github/codeql-action from 2.20.3 to 2.20.4
Opened
#5720 [PR #5909] [MERGED] profiles: sqlitebrowser: add ~/.local/share/sqlitebrowser
Opened
#5721 [PR #5910] [MERGED] profiles: remove /usr/share/vulkan already whitelisted by wusc
Opened
#5722 [PR #5914] [MERGED] profiles: firefox-common: refactor wusc
Opened
#5723 [PR #5913] [MERGED] profiles: thunderbird: dbus hardening
Opened
#5724 [PR #5911] [MERGED] build: fix hardcoded make & remove unnecessary distclean targets
Opened
#5725 [PR #5915] [MERGED] build(deps): bump github/codeql-action from 2.20.4 to 2.21.0
Opened
#5726 [PR #5916] [MERGED] build: dist and asc improvements
Opened
#5727 [PR #5917] [CLOSED] profiles: mpv: allow access to dbus system bus
Opened
#5728 [PR #5919] [MERGED] profiles: fixes and cleanups for opening links with firefox
Opened
#5729 [PR #5918] [MERGED] profiles: fix whitespace & improve misc comments
Opened
#5730 [PR #5920] [MERGED] New profile: sniffnet
Opened
#5731 [PR #5922] [MERGED] profiles: audacious: dbus and misc hardening
Opened
#5732 [PR #5924] [MERGED] profiles: mov-cli: allow ~/.config/mov-cli
Opened
#5733 [PR #5923] [MERGED] profiles: spotify: dbus and misc hardening
Opened
#5734 [PR #5927] [MERGED] build: fix some shellcheck issues & use config.sh in more scripts
Opened
#5735 [PR #5931] [MERGED] build(deps): bump github/codeql-action from 2.21.0 to 2.21.2
Opened
#5736 [PR #5930] [MERGED] build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0
Opened
#5737 [PR #5934] [MERGED] New profile: reader
Opened
#5738 [PR #5935] [MERGED] New profile: daisy
Opened
#5739 [PR #5936] [CLOSED] profiles: mpv: add new XDG_STATE_HOME path
Opened
#5740 [PR #5933] [MERGED] profiles: gramps: add new config directory
Opened
#5741 [PR #5941] [MERGED] profiles: mpv: add XDG_CACHE_HOME & missing paths
Opened
#5742 [PR #5942] [MERGED] build: firecfg.config sorting improvements
Opened
#5743 [PR #5943] [MERGED] New profile: journal viewer
Opened
#5744 [PR #5944] [MERGED] profiles: 0ad: include allow-gjs.inc
Opened
#5745 [PR #5946] [MERGED] profiles: improvements to profiles using private
Opened
#5746 [PR #5947] [MERGED] New profile: clac
Opened
#5747 [PR #5951] [MERGED] profiles: mpd: allow mpris2 (dbus)
Opened
#5748 [PR #5950] [CLOSED] profiles: safeguard single line comments
Opened
#5749 [PR #5953] [MERGED] ci: update step-security/harden-runner and update allowed endpoints
Opened
#5750 [PR #5954] [MERGED] profiles: ani-cli: allow mktemp
Opened
#5751 [PR #5955] [MERGED] build: codespell improvements
Opened
#5752 [PR #5956] [MERGED] build: add missing makefile dep & syntax improvements
Opened
#5753 [PR #5958] [MERGED] build(deps): bump github/codeql-action from 2.21.2 to 2.21.3
Opened
#5754 [PR #5957] [MERGED] modif: fcopy: use lstat when copying directory
Opened
#5755 [PR #5960] [MERGED] ci: whitelist paths, reorganize workflows & speed-up tests
Opened
#5756 [PR #5966] [CLOSED] build(deps): bump github/codeql-action from 2.21.3 to 2.21.4
Opened
#5757 [PR #5968] [MERGED] profiles: move fakeroot blacklisting to disable-devel.inc
Opened
#5758 [PR #5970] [MERGED] profiles: fix access to patch
Opened
#5759 [PR #5969] [MERGED] profiles: move ~/.rustup blacklist to disable-programs.inc
Opened
#5760 [PR #5976] [MERGED] bugfix: Fix wrong syscall names for s390_pci_mmio_{read,write}
Opened
#5761 [PR #5978] [MERGED] profiles: discord-common: harden & allow notifications
Opened
#5762 [PR #5983] [MERGED] build(deps): bump github/codeql-action from 2.21.2 to 2.21.5
Opened
#5763 [PR #5981] [MERGED] profiles: wusc: allow /usr/share/locale-langpack (LC_MESSAGES)
Opened
#5764 [PR #5979] [MERGED] build(deps): bump actions/checkout from 3.5.3 to 3.6.0
Opened
#5765 [PR #5984] [MERGED] ci: fix dependabot duplicated workflow runs
Opened
#5766 [PR #5986] [MERGED] profiles: neochat: Allow netlink
Opened
#5767 [PR #5989] [MERGED] profiles: transgui: fix private-etc & harden
Opened
#5768 [PR #5991] [MERGED] profiles: add missing Arduino paths
Opened
#5769 [PR #5987] [MERGED] profiles: standardize commented code and eol comments
Opened
#5770 [PR #5993] [MERGED] modif: keep pipewire group unless nosound is used
Opened
#5771 [PR #5994] [MERGED] profiles: telegram: allow ~/.local/share/telegram-desktop
Opened
#5772 [PR #5998] [MERGED] build(deps): bump actions/checkout from 3.6.0 to 4.0.0
Opened
#5773 [PR #5996] [MERGED] profiles: refactor log viewers
Opened
#5774 [PR #6001] [MERGED] profiles: gwenview: add Trash support
Opened
#5775 [PR #6007] [MERGED] New profile: fluffychat
Opened
#5776 [PR #6009] [MERGED] New profile: tidal-hifi
Opened
#5777 [PR #6013] [MERGED] New profiles: blender redirect (blender-3.6)
Opened
#5778 [PR #6012] [MERGED] profiles: steam: add ~/.factorio (Factorio)
Opened
#5779 [PR #6016] [MERGED] profiles: mocp: fix networking in private-etc
Opened
#5780 [PR #6014] [MERGED] build(deps): bump github/codeql-action from 2.21.5 to 2.21.7
Opened
#5781 [PR #6017] [MERGED] profiles: mocp: hardening
Opened
#5782 [PR #6019] [MERGED] profiles: fix access to dpkg
Opened
#5783 [PR #6020] [MERGED] profiles: youtubemusic-nativefier: fix .local include name
Opened
#5784 [PR #6021] [MERGED] profiles: replace private-opt with whitelist & document private-opt issues
Opened
#5785 [PR #6022] [CLOSED] profiles: drop private-opt none
Opened
#5786 [PR #6023] [MERGED] build(deps): bump actions/checkout from 4.0.0 to 4.1.0
Opened
#5787 [PR #6025] [MERGED] profiles: disable-common: add foot to "bad terminals" section
Opened
#5788 [PR #6024] [MERGED] build(deps): bump github/codeql-action from 2.21.7 to 2.21.8
Opened
#5789 [PR #6027] [MERGED] New profile: lettura
Opened
#5790 [PR #6026] [MERGED] ci: allow running workflows manually
Opened
#5791 [PR #6028] [MERGED] New profile: brz
Opened
#5792 [PR #6029] [MERGED] build(deps): bump github/codeql-action from 2.21.8 to 2.21.9
Opened
#5793 [PR #6030] [MERGED] New profile: floorp
Opened
#5794 [PR #6036] [MERGED] profiles: nicotine: allow dconf and fix fcitx (dbus)
Opened
#5795 [PR #6037] [MERGED] profiles: nicotine: allow sound notifications
Opened
#5796 [PR #6038] [MERGED] profiles: wireshark: allow dumpcap
Opened
#5797 [PR #6040] [MERGED] profiles: tshark: cli hardening
Opened
#5798 [PR #6042] [MERGED] build(deps): bump step-security/harden-runner from 2.5.1 to 2.6.0
Opened
#5799 [PR #6039] [MERGED] New profile: termshark
Opened
#5800 [PR #6043] [MERGED] build(deps): bump github/codeql-action from 2.21.9 to 2.22.0
Opened
#5801 [PR #6045] [MERGED] profiles: pavucontrol-qt: disable whitelisting in ${HOME}
Opened
#5802 [PR #6052] [MERGED] profiles: ssmtp: allow (SUID) binary
Opened
#5803 [PR #6051] [MERGED] profiles: disable-common: add more suid programs 2
Opened
#5804 [PR #6053] [MERGED] build(deps): bump github/codeql-action from 2.22.0 to 2.22.3
Opened
#5805 [PR #6049] [MERGED] profiles: disable-common: add more suid programs
Opened
#5806 [PR #6054] [MERGED] profiles: steam: add ~/.local/share/Baba_Is_You
Opened
#5807 [PR #6060] [MERGED] profiles: support more msmtp configuration paths
Opened
#5808 [PR #6059] [MERGED] contrib/syntax: remove 'text/plain' from firejail-profile.lang.in
Opened
#5809 [PR #6061] [MERGED] build(deps): bump github/codeql-action from 2.22.3 to 2.22.4
Opened
#5810 [PR #6062] [MERGED] build(deps): bump actions/checkout from 4.1.0 to 4.1.1
Opened
#5811 [PR #6063] [MERGED] profiles: nodejs-common: add support for pnpm
Opened
#5812 [PR #6064] [MERGED] profiles: disable-programs: remove duplicated entries
Opened
#5813 [PR #6066] [MERGED] profiles: steam: allow process_vm_readv syscall
Opened
#5814 [PR #6067] [MERGED] profiles: lutris: allow more syscalls
Opened
#5815 [PR #6070] [MERGED] build: sort.py: use case-sensitive sorting
Opened
#5816 [PR #6072] [MERGED] profiles: discord: allow /usr/share/discord
Opened
#5817 [PR #6074] [MERGED] profiles: clamtk: fix scanning
Opened
#5818 [PR #6073] [MERGED] build(deps): bump github/codeql-action from 2.22.4 to 2.22.5
Opened
#5819 [PR #6075] [MERGED] profiles: freshclam: fix .local include
Opened
#5820 [PR #6078] [MERGED] feature: add Landlock support
Opened
#5821 [PR #6083] [MERGED] New profile: tiny-rdm
Opened
#5822 [PR #6087] [MERGED] modif: lookup xauth in PATH
Opened
#5823 [PR #6086] [MERGED] bugfix: fix displaying of large file sizes in --ls
Opened
#5824 [PR #6095] [MERGED] build(deps): bump github/codeql-action from 2.22.5 to 2.22.7
Opened
#5825 [PR #6096] [MERGED] build(deps): bump step-security/harden-runner from 2.6.0 to 2.6.1
Opened
#5826 [PR #6099] [CLOSED] profiles: steam: noblacklist ~/.config/unity3d
Opened
#5827 [PR #6104] [MERGED] ci: re-enable sort.py
Opened
#5828 [PR #6107] [MERGED] profiles: lutris: allow mangohud
Opened
#5829 [PR #6108] [MERGED] build(deps): bump github/codeql-action from 2.22.7 to 2.22.8
Opened
#5830 [PR #6109] [MERGED] feature: expand simple macros in more commands
Opened
#5831 [PR #6116] [MERGED] firecfg.config: drop geary
Opened
#5832 [PR #6120] [MERGED] profiles: curl: add ~/.config/curlrc
Opened
#5833 [PR #6118] [MERGED] profiles: minecraft-launcher: allow keyring access
Opened
#5834 [PR #6122] [MERGED] build(deps): bump github/codeql-action from 2.22.8 to 2.22.9
Opened
#5835 [PR #6117] [MERGED] profiles: steam: add ~/Zomboid (Project Zomboid)
Opened
#5836 [PR #6125] [MERGED] landlock: move commands into profile and add landlock.enforce
Opened
#5837 [PR #6128] [MERGED] profiles: mpv: whitelist /usr/share/mpv
Opened
#5838 [PR #6129] [MERGED] Revert "lookup xauth in PATH"
Opened
#5839 [PR #6126] [MERGED] build: mkrpm.sh: append instead of override configure args
Opened
#5840 [PR #6131] [MERGED] profiles: obs: allow lua
Opened
#5841 [PR #6136] [MERGED] build(deps): bump github/codeql-action from 2.22.9 to 3.22.11
Opened
#5842 [PR #6139] [MERGED] build(deps): bump github/codeql-action from 3.22.11 to 3.22.12
Opened
#5843 [PR #6143] [MERGED] profiles: man: allow perl
Opened
#5844 [PR #6149] [CLOSED] Exit if firejail is not SUID
Opened
#5845 [PR #6150] [MERGED] profiles: use only /usr/share/lua*
Opened
#5846 [PR #6153] [MERGED] firecfg: use ignorelist also for .profile/.desktop files
Opened
#5847 [PR #6155] [MERGED] profiles: lobster: allow basename
Opened
#5848 [PR #6156] [MERGED] build(deps): bump github/codeql-action from 3.22.12 to 3.23.0
Opened
#5849 [PR #6157] Fix duplicate address detection (ARP)
Opened
#5850 [PR #6154] [MERGED] profiles: add redirect profiles for gtk video frontends
Opened
#5851 [PR #6158] [MERGED] build: use full paths on compile/link targets
Opened
#5852 [PR #6159] [MERGED] build: use CPPFLAGS instead of INCLUDE in compile targets
Opened
#5853 [PR #6164] [MERGED] build: automatically generate header dependencies
Opened
#5854 [PR #6163] [MERGED] build(deps): bump github/codeql-action from 3.23.0 to 3.23.1
Opened
#5855 [PR #6172] [MERGED] bugfix: print version to stderr on startup
Opened
#5856 [PR #6173] [MERGED] profiles: tesseract: add quiet
Opened
#5857 [PR #6176] [MERGED] build(deps): bump github/codeql-action from 3.23.1 to 3.23.2
Opened
#5858 [PR #6178] [MERGED] ci: add timeout limits
Opened
#5859 [PR #6179] [CLOSED] ci: codeql: add the language to the category
Opened
#5860 [PR #6180] [MERGED] New profile: rawtherapee
Opened
#5861 [PR #6181] [MERGED] New profile: electron-cash
Opened
#5862 [PR #6182] [MERGED] profiles: crawl: allow lua
Opened
#5863 [PR #6183] [MERGED] profiles: geeqie: allow lua
Opened
#5864 [PR #6184] [MERGED] security: fix sscanf rv checks (CodeQL)
Opened
#5865 [PR #6186] [MERGED] build: improve main clean target
Opened
#5866 [PR #6187] [MERGED] landlock: split .special into .makeipc and .makedev
Opened
#5867 [PR #6194] [MERGED] build(deps): bump github/codeql-action from 3.23.2 to 3.24.0
Opened
#5868 [PR #6193] [MERGED] build(deps): bump step-security/harden-runner from 2.6.1 to 2.7.0
Opened
#5869 [PR #6196] [MERGED] build: mkrpm.sh improvements
Opened
#5870 [PR #6192] [CLOSED] profiles: lutris: add comment for gamescope workaround
Opened
#5871 [PR #6200] [MERGED] landlock: fix struct initialization
Opened
#5872 [PR #6202] [MERGED] profiles: enchant-lsmod-2: redirect to enchant-2
Opened
#5873 [PR #6201] [MERGED] profiles: gnome-keyring: harden & add gnome-keyring-daemon
Opened
#5874 [PR #6203] [CLOSED] landlock: sort options in man pages
Opened
#5875 [PR #6214] [MERGED] build(deps): bump github/codeql-action from 3.24.0 to 3.24.3
Opened
#5876 [PR #6211] [MERGED] profiles: nextcloud: add dbus-user.own & document dbus service
Opened
#5877 [PR #6216] [MERGED] profiles: multimc: fix instances not running & harden
Opened
#5878 [PR #6217] [MERGED] build: move errExit macro into inline function
Opened
#5879 [PR #6218] [MERGED] profiles: drop paths already in wusc
Opened
#5880 [PR #6219] [MERGED] New profile: ledger-live-desktop
Opened
#5881 [PR #6222] [MERGED] build: allow overriding certain tools & sync targets with CI
Opened
#5882 [PR #6223] [MERGED] build(deps): bump github/codeql-action from 3.24.3 to 3.24.5
Opened
#5883 [PR #6226] [MERGED] New profile: gnome-boxes
Opened
#5884 [PR #6227] [MERGED] New profile: virt-manager
Opened
#5885 [PR #6228] [MERGED] landlock: use "landlock.fs." prefix in filesystem commands
Opened
#5886 [PR #6230] [MERGED] build: reduce hardcoding and inconsistencies
Opened
#5887 [PR #6233] [MERGED] New profile: deadlink
Opened
#5888 [PR #6232] [MERGED] New profile: cloneit
Opened
#5889 [PR #6231] [MERGED] New profile: bpftop
Opened
#5890 [PR #6234] [MERGED] New profile: dexios
Opened
#5891 [PR #6235] [MERGED] New profile: editorconfiger
Opened
#5892 [PR #6237] [MERGED] New profile: green-recorder
Opened
#5893 [PR #6236] [MERGED] New profile: erd
Opened
#5894 [PR #6238] [MERGED] profiles: virt-manager: block /usr/libexec
Opened
#5895 [PR #6239] [MERGED] profiles: gnome-boxes: block /usr/libexec
Opened
#5896 [PR #6241] [MERGED] New profiles: lz4 and redirects
Opened
#5897 [PR #6245] [MERGED] New profile: lyriek
Opened
#5898 [PR #6243] [MERGED] New profile: koreader
Opened
#5899 [PR #6244] [MERGED] New profile: localsend_app
Opened
#5900 [PR #6247] [MERGED] New profile: mimetype
Opened
#5901 [PR #6246] [MERGED] New profile: metadata-cleaner
Opened
#5902 [PR #6249] [MERGED] New profile: qt5ct
Opened
#5903 [PR #6248] [CLOSED] New profile: pacseek
Opened
#5904 [PR #6250] [MERGED] New profile: qt6ct
Opened
#5905 [PR #6251] [MERGED] New profile: rymdport
Opened
#5906 [PR #6252] [CLOSED] New profile: session messenger
Opened
#5907 [PR #6253] [MERGED] New profile: statusof
Opened
#5908 [PR #6254] [MERGED] New profile: textroom
Opened
#5909 [PR #6255] [MERGED] New profile: tqemu
Opened
#5910 [PR #6256] [MERGED] New profile: tvnamer
Opened
#5911 [PR #6257] [MERGED] profiles: deny access to ~/.config/autostart
Opened
#5912 [PR #6259] [MERGED] New profile: session-desktop
Opened
#5913 [PR #6260] [MERGED] landlock: use PATH macro in landlock-common.inc
Opened
#5914 [PR #6258] [MERGED] profiles: ssh: whitelist gcr-ssh-agent unix socket
Opened
#5915 [PR #6261] [MERGED] build: sort.py: filter empty and duplicate items
Opened
#5916 [PR #6262] [CLOSED] firecfg.config: add floorp
Opened
#5917 [PR #6264] [MERGED] build(deps): bump github/codeql-action from 3.24.5 to 3.24.6
Opened
#5918 [PR #6263] [MERGED] profiles: firecfg.config: add floorp
Opened
#5919 [PR #6265] [MERGED] profiles: makepkg: fix ordering
Opened
#5920 [PR #6266] [MERGED] profiles: remove blacklisting of qt5ct/qt6ct paths
Opened
#5921 [PR #6268] [MERGED] docs: firecfg: note different .desktop naming schemes
Opened
#5922 [PR #6272] [MERGED] profiles: qt6ct: add dbus-filtering rules
Opened
#5923 [PR #6277] [MERGED] build(deps): bump actions/checkout from 4.1.1 to 4.1.2
Opened
#5924 [PR #6270] [MERGED] torbrowser-launcher fixes (AppArmor/profile)
Opened
#5925 [PR #6278] [MERGED] build(deps): bump github/codeql-action from 3.24.6 to 3.24.7
Opened
#5926 [PR #6280] [MERGED] profiles: k3b: disable private-dev to fix dvd drive detection
Opened
#5927 [PR #6284] [MERGED] Remove profile: porn-cli
Opened
#5928 [PR #6285] [MERGED] profiles: firefox: add org.kde.kdeconnect to plasma comment
Opened
#5929 [PR #6283] [MERGED] build: fix "warning: "_FORTIFY_SOURCE" redefined"
Opened
#5930 [PR #6286] [MERGED] profiles: replace x11 socket blacklist with disable-X11.inc
Opened
#5931 [PR #6287] [MERGED] profiles: refactor qemu into qemu-common
Opened
#5932 [PR #6289] [MERGED] profiles: sort blacklist sections
Opened
#5933 [PR #6291] [MERGED] build(deps): bump github/codeql-action from 3.24.7 to 3.24.9
Opened
#5934 [PR #6290] [MERGED] build: sort.py: add and require -i to edit in-place
Opened
#5935 [PR #6292] [MERGED] profiles: pkglog: x11 hardening
Opened
#5936 [PR #6293] [MERGED] New profile: gh (GitHub CLI)
Opened
#5937 [PR #6298] [MERGED] profiles: add allow-nodejs.inc to profile.template
Opened
#5938 [PR #6295] [CLOSED] build: build with -D_FORTIFY_SOURCE=3 if available
Opened
#5939 [PR #6299] [MERGED] profiles: add allow-php.inc to profile.template
Opened
#5940 [PR #6294] [MERGED] profiles: rename disable-X11.inc to disable-x11.inc
Opened
#5941 [PR #6300] [MERGED] profiles: clarify and add opengl-game to profile.template
Opened
#5942 [PR #6302] [MERGED] docs: warn about limitations of landlock
Opened
#5943 [PR #6304] [MERGED] profiles: mov-cli: remove ffmpeg & allow more paths
Opened
#5944 [PR #6303] [MERGED] build(deps): bump github/codeql-action from 3.24.9 to 3.24.10
Opened
#5945 [PR #6305] [MERGED] landlock: amend empty functions and comments
Opened
#5946 [PR #6307] [MERGED] bugfix: fix startup race condition for /run/firejail directory
Opened
#5947 [PR #6309] [MERGED] profiles: allow-ssh: allow /etc/ssh/ssh_revoked_hosts
Opened
#5948 [PR #6311] WIP: Meson build
Opened
#5949 [PR #6315] [MERGED] New profile: axel
Opened
#5950 [PR #6314] [MERGED] New profile: obsidian
Opened
#5951 [PR #6319] [CLOSED] build(deps): bump actions/checkout from 4.1.2 to 4.1.3
Opened
#5952 [PR #6320] [CLOSED] build(deps): bump github/codeql-action from 3.24.10 to 3.25.1
Opened
#5953 [PR #6322] [MERGED] profiles: fluffychat: remove option present in disable-common.inc
Opened
#5954 [PR #6321] [MERGED] profiles: audacity: allow networking by default
Opened
#5955 [PR #6323] [MERGED] build(deps): bump actions/checkout from 4.1.2 to 4.1.4
Opened
#5956 [PR #6324] [MERGED] build(deps): bump github/codeql-action from 3.24.10 to 3.25.3
Opened
#5957 [PR #6328] [MERGED] New profile: d-spy
Opened
#5958 [PR #6329] New profile: koi
Opened
#5959 [PR #6327] [MERGED] New profile: loupe
Opened
#5960 [PR #6331] [MERGED] profiles: hexchat: allow lua/downloads and harden
Opened
#5961 [PR #6330] [MERGED] build(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1
Opened
#5962 [PR #6336] [MERGED] build(deps): bump actions/checkout from 4.1.4 to 4.1.5
Opened
#5963 [PR #6334] [MERGED] profiles: steam: update novideo comment for webcam motion trackers
Opened
#5964 [PR #6333] [MERGED] profiles: loupe: harden and disable apparmor
Opened
#5965 [PR #6337] [MERGED] build(deps): bump github/codeql-action from 3.25.3 to 3.25.4
Opened
#5966 [PR #6338] [MERGED] ci: make dependabot updates monthly and bump PR limit
Opened
#5967 [PR #6340] [MERGED] profiles: hexchat: add noprinters
Opened
#5968 [PR #6339] [MERGED] build: sort.py: use -i by default and add -n
Opened
#5969 [PR #6342] [MERGED] build: add strip target and simplify install targets
Opened
#5970 [PR #6341] [MERGED] New profile: nhex
Opened
#5971 [PR #6343] [MERGED] build: remove clean dependency from cppcheck targets
Opened
#5972 [PR #6346] [MERGED] build(deps): bump actions/checkout from 4.1.5 to 4.1.6
Opened
#5973 [PR #6348] [MERGED] profiles: streamline Firefox URL opening support
Opened
#5974 [PR #6347] [MERGED] build(deps): bump github/codeql-action from 3.25.4 to 3.25.5
Opened
#5975 [PR #6349] [MERGED] profiles: yelp: add Firefox URL open support
Opened
#5976 [PR #6353] [MERGED] profiles: libreoffice: support signing documents with GPG
Opened
#5977 [PR #6354] [MERGED] build: allow overriding common tools
Opened
#5978 [PR #6361] [MERGED] profiles: blacklist i3 IPC socket & dir except for i3 itself
Opened
#5979 [PR #6359] [MERGED] docs: add precedence info to manpage & fix noblacklist example
Opened
#5980 [PR #6362] [MERGED] build(deps): bump github/codeql-action from 3.25.5 to 3.25.7
Opened
#5981 [PR #6363] [MERGED] build(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0
Opened
#5982 [PR #6365] [MERGED] New profile: armcord
Opened
#5983 [PR #6367] [MERGED] bugfix: fix various resource leaks
Opened
#5984 [PR #6366] [MERGED] build: standardize install commands
Opened
#5985 [PR #6369] [MERGED] bugfix: profstats: fix restrict-namespaces max count
Opened
#5986 [PR #6376] [MERGED] profiles: hashcat: support newer configuration paths
Opened
#5987 [PR #6378] [MERGED] profiles: claws-mail: add ~/.cache/claws-mail
Opened
#5988 [PR #6382] [MERGED] docs: bug_report.md: use absolute path in 'steps to reproduce'
Opened
#5989 [PR #6380] [MERGED] modif: private-dev: keep /dev/kfd unless no3d is used
Opened
#5990 [PR #6383] [MERGED] profiles: claws-mail: note no3d issue with "fancy" plugin
Opened
#5991 [PR #6387] [MERGED] modif: keep /sys/module/nvidia* if prop driver and no no3d
Opened
#5992 [PR #6392] [MERGED] profiles: fractal: add ~/.local/share/fractal
Opened
#5993 [PR #6390] [MERGED] feature: add notpm command & keep tpm devices in private-dev
Opened
#5994 [PR #6391] [MERGED] profiles: keepassxc: add new socket location
Opened
#5995 [PR #6394] [MERGED] build(deps): bump actions/checkout from 4.1.6 to 4.1.7
Opened
#5996 [PR #6395] [MERGED] build(deps): bump github/codeql-action from 3.25.7 to 3.25.11
Opened
#5997 [PR #6396] [MERGED] build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1
Opened
#5998 [PR #6398] [MERGED] docs: man: format and sort some private- items
Opened
#5999 [PR #6401] [MERGED] bugfix: remove --noautopulse from --help and zsh comp
Opened
#6000 [PR #6404] [MERGED] build: improve reliability/portability of date command usage
Opened
#6001 [PR #6407] [MERGED] docs: clarify that other tools may not be in PPA
Opened
#6002 [PR #6412] [MERGED] profiles: firecfg: disable spectacle
Opened
#6003 [PR #6415] [MERGED] bugfix: firemon: skip coredump if unsupported
Opened
#6004 [PR #6408] [MERGED] profiles: okular: fix "Print to PDF"
Opened
#6005 [PR #6418] [MERGED] profiles: bijiben: update webkit var and disable in firecfg
Opened
#6006 [PR #6419] [MERGED] profiles: ssh: allow gpgagent socket for custom homedir
Opened
#6007 [PR #6420] [MERGED] profiles: refactor dbus debugger profiles
Opened
#6008 [PR #6422] [MERGED] New profile: dtui
Opened
#6009 [PR #6423] [MERGED] docs: add build_issue.md issue template
Opened
#6010 [PR #6424] [MERGED] profiles: element-desktop: allow /usr/share/element
Opened
#6011 [PR #6425] [MERGED] docs: man: improve blacklist/whitelist examples with spaces
Opened
#6012 [PR #6428] [MERGED] build(deps): bump github/codeql-action from 3.25.11 to 3.25.15
Opened
#6013 [PR #6429] [MERGED] profiles: blacklist sway IPC socket
Opened
#6014 [PR #6427] [MERGED] build(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0
Opened
#6015 [PR #6431] [MERGED] feature: fshaper.sh: support tc on NixOS
Opened
#6016 [PR #6432] [CLOSED] profiles: firecfg.config: disable spectacle 2
Opened
#6017 [PR #6435] [MERGED] profiles: firefox-common: fix private-etc in includers
Opened
#6018 [PR #6436] WIP: feature: add support for wayland-security-context-v1
Opened
#6019 [PR #6441] [CLOSED] build: fix undeclared AUDIT_ARCH_AARCH64 on Linux <3.17
Opened
#6020 [PR #6443] [MERGED] profiles: bitwarden: improvements and new bitwarden-desktop redirect
Opened
#6021 [PR #6451] [MERGED] docs: man: sort commands (firejail.1)
Opened
#6022 [PR #6454] [MERGED] build(deps): bump github/codeql-action from 3.25.15 to 3.26.6
Opened
#6023 [PR #6455] [MERGED] build(deps): bump step-security/harden-runner from 2.9.0 to 2.9.1
Opened
#6024 [PR #6463] [MERGED] New profile: singularity (Endgame: Singularity)
Opened
#6025 [PR #6468] [MERGED] profiles: video: add ~/.dvdcss
Opened
#6026 [PR #6469] [MERGED] profiles: evolution: add /tmp/evolution-* & disable private-tmp
Opened
#6027 [PR #6472] [MERGED] docs: man: fix bold in command TPs
Opened
#6028 [PR #6471] [MERGED] docs: github: streamline environment in issue templates
Opened
#6029 [PR #6473] [MERGED] profiles: librewolf: add new dbus name (io.gitlab.firefox)
Opened
#6030 [PR #6474] [MERGED] docs: man: fix wrong escapes
Opened
#6031 [PR #6476] [MERGED] profiles: wesnoth: allow lua
Opened
#6032 [PR #6479] [MERGED] profiles: ssh: add ${RUNUSER}/gvfsd-sftp
Opened
#6033 [PR #6477] [MERGED] profiles: firecfg: disable text editors
Opened
#6034 [PR #6478] [MERGED] profiles: nextcloud: fix access to ~/Nextcloud
Opened
#6035 [PR #6486] [MERGED] profiles: browsers: centralize/sync/improve comments
Opened
#6036 [PR #6494] [MERGED] build(deps): bump github/codeql-action from 3.26.6 to 3.26.10
Opened
#6037 [PR #6496] [MERGED] build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1
Opened
#6038 [PR #6495] [MERGED] build(deps): bump actions/checkout from 4.1.7 to 4.2.0
Opened
#6039 [PR #6498] [MERGED] profiles: signal-desktop: allow org.freedesktop.secrets (dbus)
Opened
#6040 [PR #6499] [MERGED] profiles: firefox-common: allow org.freedesktop.portal.Documents
Opened
#6041 [PR #6503] [MERGED] profiles: steam: add ~/.config/UNDERTALE
Opened
#6042 [PR #6514] [MERGED] profiles: thunderbird: allow /etc/thunderbird
Opened
#6043 [PR #6515] [MERGED] profiles: firefox-esr: allow /etc/firefox-esr
Opened
#6044 [PR #6524] [MERGED] docs: clarify intro and build section in README
Opened
#6045 [PR #6504] [CLOSED] feature: create the link only if its endpoint is available
Opened
#6046 [PR #6525] [MERGED] docs: use GitHub issues as the bug reporting address
Opened
#6047 [PR #6528] [MERGED] build(deps): bump github/codeql-action from 3.26.10 to 3.27.0
Opened
#6048 [PR #6526] [MERGED] docs: fix typos of --enable-selinux configure option
Opened
#6049 [PR #6527] [MERGED] build(deps): bump actions/checkout from 4.2.0 to 4.2.2
Opened
#6050 [PR #6531] [MERGED] profiles: keepassxc: allow access to ssh-agent socket
Opened
#6051 [PR #6533] [MERGED] profiles: firecfg: disable dnsmasq
Opened
#6052 [PR #6536] [MERGED] New profile: syncthing
Opened
#6053 [PR #6542] [MERGED] profiles: wget: allow ~/.local/share/wget
Opened
#6054 [PR #6534] [MERGED] profiles: game-launchers: disable nou2f
Opened
#6055 [PR #6545] [MERGED] profiles: anki: fix opening, allow media & add to firecfg
Opened
#6056 [PR #6549] [MERGED] New profile: irssi
Opened
#6057 [PR #6552] [MERGED] profiles: tesseract: disable private-tmp to fix ocrmypdf
Opened
#6058 [PR #6555] [MERGED] profiles: ensure allow-lua where mpv is allowed
Opened
#6059 [PR #6551] [MERGED] profiles: wget: unify wget2 into wget profile
Opened
#6060 [PR #6556] [MERGED] build: sort.py: strip whitespace in profiles
Opened
#6061 [PR #6557] [MERGED] profiles: video-players: add missing /usr/share paths
Opened
#6062 [PR #6561] [MERGED] build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2
Opened
#6063 [PR #6560] [MERGED] build(deps): bump github/codeql-action from 3.27.0 to 3.27.5
Opened
#6064 [PR #6558] [MERGED] New profile: prismlauncher
Opened
#6065 [PR #6565] [MERGED] profiles: clamav: add /etc/clamav
Opened
#6066 [PR #6562] [MERGED] build: sort.py: add -h option for help
Opened
#6067 [PR #6577] [MERGED] New profile: b3sum (blake3)
Opened
#6068 [PR #6571] [MERGED] profiles: disable-common: add bubblejail paths
Opened
#6069 [PR #6574] [MERGED] feature: add aarch64 syscalls
Opened
#6070 [PR #6578] [MERGED] profiles: firecfg: fix sha384sum & add b2sum/cksum
Opened
#6071 [PR #6579] [MERGED] bugfix: parse --debug before using it
Opened
#6072 [PR #6581] [MERGED] profiles: anki: fix dark mode detection & misc changes
Opened
#6073 [PR #6582] [MERGED] profiles: refactor com.github.johnfactotum.Foliate into foliate.profile
Opened
#6074 [PR #6580] [CLOSED] profiles: improve anki and foliate & add new profiles
Opened
#6075 [PR #6584] [MERGED] New profile: buku
Opened
#6076 [PR #6583] [MERGED] New profile: aria2p/aria2rpc
Opened
#6077 [PR #6586] [MERGED] New profile: monero-wallet-cli
Opened
#6078 [PR #6587] [MERGED] New profile: ncmpcpp
Opened
#6079 [PR #6588] [MERGED] New profile: nsxiv
Opened
#6080 [PR #6585] [MERGED] New profile: hledger/hledger-ui
Opened
#6081 [PR #6589] [MERGED] New profile: pyradio
Opened
#6082 [PR #6591] [MERGED] bugfix: do not interact with dbus directory if dbus proxy is disabled
Opened
#6083 [PR #6590] [MERGED] New profile: tremc
Opened
#6084 [PR #6592] [MERGED] feature: add --disable-sandbox-check configure flag
Opened
#6085 [PR #6593] [MERGED] build: sort.py: fix whitespace in entire profile
Opened
#6086 [PR #6594] [MERGED] build: sort.py: quote diff lines
Opened
#6087 [PR #6596] [MERGED] build(deps): bump github/codeql-action from 3.27.5 to 3.28.0
Opened
#6088 [PR #6605] [MERGED] modif: clarify error messages in profile.c
Opened
#6089 [PR #6598] [MERGED] bugfix: fix possible memory leak in fs_home.c
Opened
#6090 [PR #6607] [MERGED] docs: github: add program name/version to bug_report.md
Opened
#6091 [PR #6609] [MERGED] profiles: aria2p: disable x11 and clipboard managers
Opened
#6092 [PR #6616] [MERGED] New profile: device-flasher.linux (CalyxOS)
Opened
#6093 [PR #6620] [MERGED] build: rename print-version target to installcheck
Opened
#6094 [PR #6622] [MERGED] docs: improve whitelist and blacklist descriptions in man pages
Opened
#6095 [PR #6623] [CLOSED] build(config.mk.in): add comment explaining the different flags
Opened
#6096 [PR #6624] [MERGED] docs: update distribution table & add note in SECURITY.md
Opened
#6097 [PR #6635] [MERGED] build(deps): bump github/codeql-action from 3.28.0 to 3.28.8
Opened
#6098 [PR #6627] [MERGED] ci: check-c: run all checks in parallel mode
Opened
#6099 [PR #6632] [MERGED] docs: clarify unmaintained status of overlayfs in configure.ac
Opened
#6100 [PR #6636] [MERGED] build(deps): bump step-security/harden-runner from 2.10.2 to 2.10.4
Opened
#6101 [PR #6640] [MERGED] profiles: torbrowser-launcher: move path from dc to dp
Opened
#6102 [PR #6648] [CLOSED] profiles: qutebrowser: add @sound to private-etc
Opened
#6103 [PR #6653] [MERGED] docs: note that --build may generate a non-functional profile
Opened
#6104 [PR #6641] [MERGED] profiles: tor: add memory-deny-write-execute
Opened
#6105 [PR #6659] [CLOSED] profiles: thunderbird: fix access to wayland socket
Opened
#6106 [PR #6654] [MERGED] New profile: vesktop
Opened
#6107 [PR #6660] [MERGED] feature: block /dev/ntsync & add keep-dev-ntsync command
Opened
#6108 [PR #6666] [MERGED] profiles: ytmdesktop: add redirect & whitelist /opt/ytmdesktop
Opened
#6109 [PR #6664] [MERGED] modif: keep plugdev group unless nou2f is used
Opened
#6110 [PR #6669] [MERGED] New profile: remmina-file-wrapper
Opened
#6111 [PR #6670] [CLOSED] docs: clarify --noprofile and mention --profile=noprofile
Opened
#6112 [PR #6672] [MERGED] build(deps): bump github/codeql-action from 3.28.8 to 3.28.10
Opened
#6113 [PR #6671] [MERGED] build(deps): bump step-security/harden-runner from 2.10.4 to 2.11.0
Opened
#6114 [PR #6673] [MERGED] profiles: seahorse: add redirect org.gnome.seahorse.Application
Opened
#6115 [PR #6674] [MERGED] bugfix: firecfg: check full .desktop filename in check_profile()
Opened
#6116 [PR #6676] [MERGED] build: remove cppcheck-old target/job
Opened
#6117 [PR #6678] [MERGED] New profile: ouch
Opened
#6118 [PR #6677] [CLOSED] docs: clarify to run "sudo firecfg" as a normal (desktop) user
Opened
#6119 [PR #6679] [MERGED] New profile: xarchiver
Opened
#6120 [PR #6680] [MERGED] contrib/vim: add ftplugin file (based on cfg.vim)
Opened
#6121 [PR #6683] [MERGED] profiles: floorp: add profile sync daemon paths
Opened
#6122 [PR #6686] [MERGED] profiles: godot: ignore noexec in home to fix addons
Opened
#6123 [PR #6689] [MERGED] profiles: firefox: add comment about creating PWA shortcuts
Opened
#6124 [PR #6687] [MERGED] profiles: split commands that increase/reduce access
Opened
#6125 [PR #6697] [MERGED] build(deps): bump github/codeql-action from 3.28.10 to 3.28.13
Opened
#6126 [PR #6698] [MERGED] modif: block TPM devices & turn notpm command into keep-dev-tpm
Opened
#6127 [PR #6707] [MERGED] profiles: godot: remove noinput so gamepads work
Opened
#6128 [PR #6704] [MERGED] feature: use globbing in hardcoded numbered /dev paths
Opened
#6129 [PR #6706] [MERGED] docs: improve URL formatting in man pages
Opened
#6130 [PR #6709] [MERGED] profiles: fix include of deprecated disable-X11.inc (uppercase)
Opened
#6131 [PR #6708] [MERGED] profiles: add more xorg paths
Opened
#6132 [PR #6711] [MERGED] modif: improve error messages in mountinfo.c
Opened
#6133 [PR #6710] [MERGED] feature: add warn command
Opened
#6134 [PR #6713] [MERGED] build: use TARNAME in SYSCONFDIR/VARDIR
Opened
#6135 [PR #6712] [MERGED] bugfix: fix flock debug messages going to stderr
Opened
#6136 [PR #6715] [MERGED] build: add localstatedir and use in VARDIR
Opened
#6137 [PR #6716] [MERGED] modif: use "Error:" in errExit message
Opened
#6138 [PR #6719] [MERGED] modif: keep /dev/tpmrm devices if keep-dev-tpm is used
Opened
#6139 [PR #6718] [MERGED] modif: keep tss group if keep-dev-tpm is used
Opened
#6140 [PR #6721] [MERGED] profiles: firefox: add alternative tridactylrc path
Opened
#6141 [PR #6724] [MERGED] modif: keep tcm/tcmrm devices if keep-dev-tpm is used
Opened
#6142 [PR #6727] [MERGED] build(deps): bump github/codeql-action from 3.28.13 to 3.28.16
Opened
#6143 [PR #6732] [MERGED] profiles: remove mkdir ~/.pki
Opened
#6144 [PR #6728] [MERGED] build(deps): bump step-security/harden-runner from 2.11.0 to 2.12.0
Opened
#6145 [PR #6734] [MERGED] bugfix: add missing selinux relabeling for /dev paths
Opened
#6146 [PR #6735] [MERGED] profiles: mpv: remove mkfile ~/.netrc
Opened
#6147 [PR #6737] [MERGED] build: replace _SYSCONFDIR_ with @sysconfdir@
Opened
#6148 [PR #6738] [MERGED] profiles: discord-common: add env to private-bin
Opened
#6149 [PR #6747] [MERGED] modif: improve "Failed mount" error messages in util.c
Opened
#6150 [PR #6736] [MERGED] profiles: curl: allow ~/.netrc
Opened
#6151 [PR #6750] [MERGED] bugfix: fix potential deadlock with flock + SIGTSTP
Opened
#6152 [PR #6755] [MERGED] profiles: firecfg: disable checksum programs
Opened
#6153 [PR #6753] [CLOSED] New profile: elixir
Opened
#6154 [PR #6751] [MERGED] New profile: ansel
Opened
#6155 [PR #6756] [CLOSED] profiles: centralize nvm allow line (archivers/hashers)
Opened
#6156 [PR #6759] [MERGED] profiles: rssguard: allow lua
Opened
#6157 [PR #6766] [MERGED] build(deps): bump github/codeql-action from 3.28.16 to 3.28.18
Opened
#6158 [PR #6763] [MERGED] profiles: wine: allow python to fix Epic Games Launcher
Opened
#6159 [PR #6761] [MERGED] feature: use non-blocking flock calls
Opened
#6160 [PR #6775] [MERGED] profiles: wusc: add /usr/share/xkeyboard-config-2
Opened
#6161 [PR #6777] [MERGED] profiles: chafa: quiet output
Opened
#6162 [PR #6779] [MERGED] profiles: ani-cli: add mpv to private-etc for plugins access
Opened
#6163 [PR #6781] profiles: mpv: add private-etc
Opened
#6164 [PR #6780] [MERGED] profiles: ripperx/sound-juicer: fix profile name typos
Opened
#6165 [PR #6783] [MERGED] profiles: use private-etc groups in more profiles
Opened
#6166 [PR #6784] [MERGED] profiles: firecfg: disable foliate
Opened
#6167 [PR #6785] [MERGED] profiles: finish converting private-opt to whitelist
Opened
#6168 [PR #6791] [MERGED] profiles: replace hosts.conf with host.conf in private-etc
Opened
#6169 [PR #6789] [CLOSED] build: sort.py: replace items in private-etc with groups
Opened
#6170 [PR #6794] [MERGED] build(deps): bump step-security/harden-runner from 2.12.0 to 2.12.2
Opened
#6171 [PR #6795] [MERGED] build(deps): bump github/codeql-action from 3.28.18 to 3.29.2
Opened
#6172 [PR #6801] [MERGED] modif: improve fcopy error messages in check()
Opened
#6173 [PR #6803] [MERGED] bugfix: fcopy: add /usr/share + "runner:root" exception to fix CI
Opened
#6174 [PR #6804] [MERGED] modif: fcopy: try normal case first instead of last in check()
Opened
#6175 [PR #6805] [MERGED] docs: clarify --private bug in man pages
Opened
#6176 [PR #6806] [MERGED] bugfix: fix "Not enforcing Landlock" message always being printed
Opened
#6177 [PR #6807] [MERGED] docs: fix man formatting of landlock.enforce
Opened
#6178 [PR #6808] [MERGED] bugfix: fcopy: allow /etc/resolv.conf owned by systemd-resolve
Opened
#6179 [PR #6810] [CLOSED] profiles: w3m: add xdg folders and allow x11
Opened
#6180 [PR #6812] [CLOSED] profiles: rtv: allow x11 and wayland
Opened
#6181 [PR #6816] [MERGED] profiles: makedeb: allow dpkg
Opened
#6182 [PR #6819] [MERGED] profiles: allow org.kde.kwalletd6 for Plasma 6 systems
Opened
#6183 [PR #6823] [MERGED] profiles: kate: fix network access
Opened
#6184 [PR #6818] [CLOSED] build: debian: packaging improvements
Opened
#6185 [PR #6824] [MERGED] modif: improve new network namespace error message
Opened
#6186 [PR #6825] [MERGED] modif: improve error messages in sandbox.c/sbox.c
Opened
#6187 [PR #6832] [MERGED] ci: upgrade debian:buster to debian:bullseye
Opened
#6188 [PR #6828] [MERGED] profiles: keepassxc: add x11 group to private-etc
Opened
#6189 [PR #6829] [MERGED] profiles: xreader: disable no3d to fix startup
Opened
#6190 [PR #6840] [MERGED] bugfix: add NULL check for cmdline in find_child()
Opened
#6191 [PR #6844] [MERGED] bugfix: remove /usr/share + "runner:root" CI workaround
Opened
#6192 [PR #6848] [MERGED] build(deps): bump step-security/harden-runner from 2.12.2 to 2.13.0
Opened
#6193 [PR #6845] [MERGED] ci: allow new github domain for codeql download
Opened
#6194 [PR #6846] [MERGED] bugfix: firemon: avoid cmd double-free in procevent_monitor
Opened
#6195 [PR #6849] [MERGED] build(deps): bump github/codeql-action from 3.29.2 to 3.29.5
Opened
#6196 [PR #6850] [MERGED] docs: add debian ci/ubuntu ppa links to README.md
Opened
#6197 [PR #6852] [MERGED] profiles: thunderbird: fix ignoring wruc
Opened
#6198 [PR #6854] [MERGED] bugfix: firemon: fix inconsistent debug message format
Opened
#6199 [PR #6851] [MERGED] docs: man: improve strace usage and add refs
Opened
#6200 [PR #6856] [MERGED] modif: firemon: improve debug message code
Opened
#6201 [PR #6858] [MERGED] docs: github: clarify how to attach logs
Opened
#6202 [PR #6859] [MERGED] bugfix: fix potential infinite loop in checkcfg (-fanalyzer)
Opened
#6203 [PR #6864] [MERGED] ci: speed-up main build & add build-gcc
Opened
#6204 [PR #6862] [MERGED] ci: standardize "apt-get install" step name
Opened
#6205 [PR #6867] [MERGED] profiles: wine: disable noinput so gamepads work
Opened
#6206 [PR #6868] [MERGED] build: cppcheck: ignore src/lib/syscalls.c
Opened
#6207 [PR #6871] [MERGED] bugfix: firecfg: fix parsing filenames with multiple ".desktop"
Opened
#6208 [PR #6872] [MERGED] bugfix: firemon: fix potential memory leak in procevent_monitor
Opened
#6209 [PR #6869] [MERGED] bugfix: fnettrace-icmp: fix uninitialized vars (cppcheck)
Opened
#6210 [PR #6873] [MERGED] ci: codespell: upgrade ubuntu-22.04 to ubuntu-24.04
Opened
#6211 [PR #6874] [MERGED] ci: cppcheck: upgrade ubuntu-22.04 to ubuntu-24.04
Opened
#6212 [PR #6875] [MERGED] profiles: qutebrowser: whitelist /usr/share/pdf.js
Opened
#6213 [PR #6876] [MERGED] profiles: firefox-common: add a comment about mpris
Opened
#6214 [PR #6877] [MERGED] build: cppcheck: use --check-level=exhaustive
Opened
#6215 [PR #6878] [MERGED] feature: add arg-max-count / arg-max-len to firejail.config
Opened
#6216 [PR #6879] [MERGED] profiles: qutebrowser: add comment about qute-pass support
Opened
#6217 [PR #6885] [MERGED] profiles: organize blacklist sections as per profile.template
Opened
#6218 [PR #6886] [MERGED] build(deps): bump actions/checkout from 4.2.2 to 5.0.0
Opened
#6219 [PR #6884] [MERGED] profiles: add missing mailcap entries
Opened
#6220 [PR #6887] [MERGED] build(deps): bump github/codeql-action from 3.29.7 to 3.29.11
Opened
#6221 [PR #6888] [MERGED] profiles: hashcat: fix runtime errors
Opened
#6222 [PR #6890] [MERGED] modif: rlimit: allow uppercase suffixes
Opened
#6223 [PR #6893] [MERGED] modif: rlimit: improve error messages
Opened
#6224 [PR #6891] [MERGED] modif: rlimit: use uppercase suffixes in the code/docs
Opened
#6225 [PR #6894] [MERGED] docs: rlimit: improve text and use base-2 units
Opened
#6226 [PR #6895] [MERGED] tests: rlimit: add missing tests for rlimit-as / rlimit-cpu
Opened
#6227 [PR #6907] [MERGED] profiles: wusc: add /usr/share/glycin-loaders
Opened
#6228 [PR #6904] [MERGED] profiles: godot: allow ~/.local/share/Trash
Opened
#6229 [PR #6900] [MERGED] new profile: trivalent
Opened
#6230 [PR #6909] [MERGED] profiles: wusc: add /usr/share/gtk-4.0
Opened
#6231 [PR #6917] [MERGED] build(deps): bump github/codeql-action from 3.29.11 to 3.30.5
Opened
#6232 [PR #6918] [MERGED] build(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1
Opened
#6233 [PR #6923] [MERGED] profiles: mullvad-browser: allow readlink and realpath
Opened
#6234 [PR #6920] [MERGED] profiles: blink-common-hardened: disable noroot to fix saving files
Opened
#6235 [PR #6930] [MERGED] docs: man: clarify what ipc-namespace affects
Opened
#6236 [PR #6936] [MERGED] new profile: gemini
Opened
#6237 [PR #6942] [MERGED] bugfix: fix French translation for ${PICTURES} macro
Opened
#6238 [PR #6937] [MERGED] profiles: steam: allow ~/.local/share/doublefine
Opened
#6239 [PR #6947] [MERGED] profiles: wusc: add /usr/share/gtksourceview-5
Opened
#6240 [PR #6948] [MERGED] bugfix: add missing macros in profile.template
Opened
#6241 [PR #6949] [MERGED] tests: man: fix timeout error
Opened
#6242 [PR #6952] [MERGED] feature: add --xephyr-extra-params= command
Opened
#6243 [PR #6951] [MERGED] feature: add env-max-count / env-max-len to firejail.config
Opened
#6244 [PR #6954] [MERGED] build(deps): bump github/codeql-action from 3.30.5 to 4.31.2
Opened
#6245 [PR #6955] [MERGED] tests: man: disable test due to timeout
Opened
#6246 [PR #6958] [CLOSED] bugfix: correct directory traversal checking logic
Opened
#6247 [PR #6960] [MERGED] build: add script to generate syscall headers
Opened
#6248 [PR #6961] [MERGED] modif: update and add syscalls for several architectures
Opened
#6249 [PR #6962] [MERGED] docs: improve build/install commands
Opened
#6250 [PR #6963] [MERGED] docs: always use full path to program in examples
Opened
#6251 [PR #6964] [MERGED] docs: add distribution-specific build/install instructions
Opened
#6252 [PR #6969] [MERGED] bugfix: check for --quiet/--debug earlier during init
Opened
#6253 [PR #6965] [MERGED] docs: clarify that only latest and dev versions are supported
Opened
#6254 [PR #6971] [MERGED] bugfix: do sandbox check before checkcfg()
Opened
#6255 [PR #6970] [CLOSED] bugfix: make checkcfg init/cfg vars global
Opened
#6256 [PR #6972] [MERGED] modif: check for --version during early init
Opened
#6257 [PR #6976] [MERGED] build(deps): bump actions/checkout from 5.0.0 to 6.0.0
Opened
#6258 [PR #6977] [MERGED] build(deps): bump github/codeql-action from 4.31.2 to 4.31.5
Opened
#6259 [PR #6978] [MERGED] build(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2
Opened
#6260 [PR #6975] [MERGED] profiles: ssh: add ${RUNUSER}/openssh_agent socket path
Opened
#6261 [PR #6980] [MERGED] profiles: brave: add org.mpris.MediaPlayer2.brave.*
Opened
#6262 [PR #6996] [MERGED] new profile: srb2
Opened
#6263 [PR #6985] [MERGED] profiles: electrum: add noblacklist /usr/share/fonts
Opened
#6264 [PR #6990] [MERGED] build: update gen-syscalls.sh
Opened
#6265 [PR #6998] [CLOSED] update system call groups
Opened
#6266 [PR #7000] [MERGED] modif: include new generated syscall headers
Opened
#6267 [PR #7001] profiles: freetube: allow mpv integration
Opened
#6268 [PR #7004] [MERGED] build: add sort-profiles target for sort.py
Opened
#6269 [PR #7003] [MERGED] ci: codeql-cpp: print config.log if configure fails
Opened
#6270 [PR #7005] [MERGED] new profile: openra
Opened
#6271 [PR #7010] [MERGED] new profile: gzdoom
Opened
#6272 [PR #7011] [MERGED] build(deps): bump github/codeql-action from 4.31.5 to 4.31.9
Opened
#6273 [PR #7013] [MERGED] build(deps): bump actions/checkout from 6.0.0 to 6.0.1
Opened
#6274 [PR #7012] [MERGED] build(deps): bump step-security/harden-runner from 2.13.2 to 2.14.0
Opened
#6275 [PR #7014] [MERGED] new profile: quakespasm
Opened
#6276 [PR #7015] fix zulip profile
Opened
#6277 [PR #7023] [MERGED] new profile: fragments
Opened
#6278 [PR #7017] [MERGED] ci: gitlab: install missing git-buildpackage dependency
Opened
#6279 [PR #7021] [CLOSED] syscall.c: fix indentation of syscall groups
Opened
#6280 [PR #7024] [MERGED] modif: reorganize & update syscall groups (syscall.c) - part 1
Opened
#6281 [PR #7026] [CLOSED] new profile: zen-bin, zen-browser
Opened
#6282 [PR #7027] [MERGED] sort syscalls in syscall groups (syscall.c) - part 2
Opened
#6283 [PR #7029] [MERGED] new profile: zen, zen-bin, zen-browser
Opened
#6284 [PR #7032] [MERGED] profiles: add deno paths
Opened
#6285 [PR #7034] [MERGED] modif: update syscall groups (syscall.c) - part 3
Opened
#6286 [PR #7039] [MERGED] docs: update syscall groups (syscalls.txt) - part 4
Opened
#6287 [PR #7042] [MERGED] modif: add missing syscalls in groups & fix setrlimit
Opened
#6288 [PR #7043] [MERGED] profiles: vesktop: fix screen sharing
Opened
#6289 [PR #7044] [MERGED] modif: place some syscalls with access to a clock into @default-keep
Opened
#6290 [PR #7045] [MERGED] modif: move other syscalls considered deprecated into @obsolete
Opened
#6291 [PR #7049] [MERGED] feature: add a new option --debug-syscall-groups - part 1
Opened
#6292 [PR #7051] [MERGED] build(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1
Opened
#6293 [PR #7052] [MERGED] build(deps): bump actions/checkout from 6.0.1 to 6.0.2
Opened
#6294 [PR #7050] [MERGED] build(deps): bump github/codeql-action from 4.31.9 to 4.32.0
Opened
#6295 [PR #7055] [MERGED] add a new option --debug-syscall-groups - part 2
Opened
#6296 [PR #7059] [MERGED] profiles: fix allowing netcat
Opened
#6297 [PR #7064] [MERGED] docs: man: fix arch for syscall map in seccomp example
Opened
#6298 [PR #7061] [MERGED] profiles: firefox: add new ~/.config/mozilla dir
Opened
#6299 [PR #7065] [MERGED] docs: man: clarify --debug-syscalls for seccomp
Opened
#6300 [PR #7066] bugfix: error on invalid syscall name in seccomp
Opened
#6301 [PR #7067] whitelist: allow placing an overlay into the sandbox
Opened
#6302 [PR #7071] new profile: zed-editor, zed
Opened
#6303 [PR #7068] [MERGED] build: fix discarded const qualifier compiler warnings
Opened
#6304 [PR #7076] profiles: add whitelist-vr.inc
Opened
#6305 [PR #7074] [MERGED] modif: improve feature disabled warning/error messages
Opened
#6306 [PR #7077] [MERGED] bugfix: map sandbox hostname to ipv6 in /etc/hosts
Opened
#6307 [PR #7079] [MERGED] bugfix: add localhost lines to /etc/hosts
Opened
#6308 [PR #7080] modif: allow userns in firejail-default apparmor profile
Opened
#6309 [PR #7083] [MERGED] profiles: disable-programs: add lact paths
Opened
#6310 [PR #7084] [MERGED] profiles: mumble: include whitelist-runuser-common
Opened
#6311 [PR #7085] [MERGED] build(deps): bump step-security/harden-runner from 2.14.1 to 2.15.0
Opened
#6312 [PR #7086] [MERGED] build(deps): bump github/codeql-action from 4.32.0 to 4.32.4
Opened
#6313 [PR #7098] [MERGED] bugfix: lib: fix memory leaks in syscall_in_list()
Opened
#6314 [PR #7095] [MERGED] modif: replace --keep-hostname with new --hostname-randomize
Opened
#6315 [PR #7099] [MERGED] tests: fix strace color probing in allow-debuggers & seccomp-ptrace
Opened
#6316 [PR #7100] [MERGED] new profile: halloy IRC client
Opened
#6317 [PR #7103] [MERGED] profiles: firefox-common: allow auto light/dark theme switching
Opened
#6318 [PR #7102] [MERGED] profiles: blobby: allow lua
Opened
#6319 [PR #7106] [MERGED] docs: man: fix typo in example
Opened
#6320 [PR #7109] [MERGED] build: fix empty lists in syscall.c breaking compilation
Opened
#6321 [PR #7110] [MERGED] docs: recommend .deb or building from source on debian/ubuntu
Opened
#6322 [PR #7112] [MERGED] profiles: disable-exec: add mount points
Opened
#6323 [PR #7114] [MERGED] profiles: steam: allow ~/.cache/nvidia to improve game performance
Opened
#6324 [PR #7119] [CLOSED] profiles: steam: allow ~/.local/share/godot
Opened
#6325 [PR #7120] [MERGED] profiles: disable-common: add xfce clipman path
Opened
#6326 [PR #7122] [MERGED] build(deps): bump github/codeql-action from 4.32.4 to 4.35.1
Opened
#6327 [PR #7123] [MERGED] build(deps): bump step-security/harden-runner from 2.15.0 to 2.16.1
Opened
#6328 [PR #7124] [MERGED] build: remove unused install.sh
Opened
#6329 [PR #7126] docs: use official Arch Linux package in README
Opened
#6330 [PR #7127] [MERGED] build: merge fnettrace headers into fnettrace_common.h
Opened
#6331 [PR #7129] [MERGED] modif: stop following symlinks to /dev/null on disable
Opened
#6332 [PR #7135] [MERGED] new profile: opencode
Opened
#6333 [PR #7131] profiles: man: add terminfo
Opened
#6334 [PR #7136] [MERGED] new profile: pi
Opened
#6335 [PR #7141] [MERGED] build: deb: add conflict with firejail-profiles
Opened
#6336 [PR #7142] feature: firecfg: add and use firejail-symlink wrapper
Opened
#6337 [PR #7143] [MERGED] profiles: torbrowser-launcher: add no3d
Opened
#6338 [PR #7146] [MERGED] test: fix unescaped newlines in error messages
Opened
#6339 [PR #7147] [MERGED] test: improve tests related to macros
Opened
#6340 [PR #7148] build: remove etc-fixes directory
Opened
#6341 [PR #7149] [MERGED] profiles: steam: allow more 3d cache paths
Opened
#6342 [PR #7153] [MERGED] new profile: ephoto
Opened
#6343 [PR #7152] profiles: torbrowser-launcher: add getconf to private-bin,dri-access, glxtest
Opened
#6344 [PR #7151] [MERGED] feature: allow subpaths in xdg macros
Opened
#6345 [PR #7154] [MERGED] security: create ~/.config/firejail to prevent sandbox escape
Opened
#6346 [PR #7155] [MERGED] build(deps): bump github/codeql-action from 4.35.1 to 4.35.2
Opened
#6347 [PR #7156] [MERGED] build(deps): bump step-security/harden-runner from 2.16.1 to 2.19.0
Opened
#6348 [PR #7157] feature: add ${PROJECTS} macro