- Add new syscalls
- Add `execv`, `exit` and `futex` in `@default-keep`
- Add two new groups: `@memfd` and `@sandbox`
- Add `@memfd` and `@sandbox` in the `@system-service` group
- Move `memfd_create` from `@ipc` to `@memfd`
Thanks to @rusty-snake for information and suggestions.
Move them from the distclean target in the root Makefile.
Related commits:
* a1ff0c3fd ("testing", 2026-01-16)
* 2f6afc99d ("gcov testing", 2026-01-16)
Add paths in the same places as nodejs/npm paths.
Deno is a javascript runtime and development tool similar to nodejs.
The following paths seem to be intended for downloading and caching
dependencies (and apparently also artifacts from .ts to .js compilation)
globally during development (as can be done with ~/.npm):
* ~/.cache/deno
* ~/.deno
Note that this commit makes these paths read-only (as npm dependencies
are usually executable code), which may potentially affect users of the
runtime (like yt-dlp).
Related commits:
* f2de86464 ("tentative fix for yt-dlp/javaScript deno profile (#6999)",
2026-01-13)
- Remove `ni_syscall`, it's an invalid system call
- Remove `execveat` and `prctl` from `@process`, as it's present in `@default-keep` and always whitelisted
- Move `@default-keep` group before `@default-nodebuggers`, to keep the alphabetical order
- Move `execve` before `execveat`, to keep the alphabetical order
- Move `arch_prctl` from `@process` to `@default-keep`, it breaks glibc
- Move `mmap` and `mmap2` from `@file-system` to `@default-keep`, they break loading of shared libraries
- Move `mprotect` from `@system-service` to `@default-keep`, it breaks loading of shared libraries
- Move `epoll_ctl_old` and `epoll_wait_old` from `@io-event` to `@obsolete`
- Move `getrusage` from `@process` to `@resources`
- Allow to define `mincore` in `@resources`
Command used to search and replace:
$ perl -pi -e 's/\\\\-/\\-/g' src/man/*.in
This amends commit e256efe64 ("fix non-ASCII hypehens in manpages
(#5903)", 2026-01-08).
Fast, easy and free BitTorrent client (GTK4 GUI for transmission-daemon):
https://gitlab.gnome.org/World/Fragments
The profile is based on transmission-common and transmission-gtk profiles.
Only added dbus permissions and changed default paths.
