github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1
10310 commits 10 branches 71 tags 33 MiB
Commit graph

10310 commits

This branch
This branch
All branches
Author SHA1 Message Date
celenityy
66a281875a
profiles: wget: allow ~/.local/share/wget (#6542) 
wget appears to require access to this directory for HSTS & HPKP.

Without access to this directory, I get the following error when running
wget:

    Failed to read HSTS data
    Failed to read HPKP data
    Failed to write HSTS file

This fixes it.
 2024-11-24 18:25:26 +00:00
Kelvin M. Klann
5804bb69a7 profiles: chatterino: fix include comments 
Make them match the comments in profile.template.

Command used to search for potential issues:

    $ git grep -E '# Allow [A-Z][A-Za-z]+ .* \(blacklisted'

Added on commit 3af6c4068 ("Add Chatterino profile", 2022-12-24) /
PR #5556.
 2024-11-19 16:23:36 -03:00
Kelvin M. Klann
7dacdf95e6
Update etc/inc/disable-programs.inc 2024-11-19 17:54:01 +00:00
Kelvin M. Klann
d3f68587fb
Merge pull request #6545 from haplo/anki-mpv-lua 
profiles: anki: fix opening, allow media & add to firecfg
 2024-11-19 17:52:12 +00:00
Fidel Ramos
c45e83e609 profiles: firecfg: enable anki 2024-11-19 14:45:02 -03:00
Fidel Ramos
024f421e30 profiles: anki: allow sound 
Anki needs sound access for recording and playing media.
 2024-11-19 14:44:59 -03:00
Fidel Ramos
3ec523f110 profiles: anki: allow lua 
Anki uses mpv to play media, which requires the lua interpreter.

Without this, anki displays this error in the console and falls back to
mplayer:

    mpv: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied
    Traceback (most recent call last):
    File "/usr/lib/python3.12/site-packages/aqt/sound.py", line 854, in setup_audio
    mpvManager = MpvManager(base_folder, media_folder)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/usr/lib/python3.12/site-packages/aqt/sound.py", line 408, in __init__
    super().__init__(window_id=None, debug=False)
    File "/usr/lib/python3.12/site-packages/aqt/mpv.py", line 442, in __init__
    super().__init__(*args, **kwargs)
    File "/usr/lib/python3.12/site-packages/aqt/mpv.py", line 104, in __init__
    self._start_socket()
    File "/usr/lib/python3.12/site-packages/aqt/mpv.py", line 194, in _start_socket
    raise MPVProcessError("unable to start process")
    aqt.mpv.MPVProcessError: unable to start process

    mpv too old or failed to open, reverting to mplayer
 2024-11-19 14:44:40 -03:00
Kelvin M. Klann
3a03bcd513 profiles: anki: allow mpv/mplayer 
Anki relies on mpv/mplayer for playing audio and video files.
 2024-11-19 14:44:33 -03:00
Fidel Ramos
c974e17361 profiles: anki: add mpv/mplayer to private-bin 
Without this change, Anki fails to start.

Fixes #6544.
 2024-11-19 13:31:54 -03:00
gcb
a27ffa4e1f irssi programs, reviewer comments 2024-11-19 12:45:46 +00:00
gcb
0a5466f09f no tpm,input 2024-11-19 12:31:48 +00:00
gcb
2c050099dc reviewer improvements 2024-11-18 20:36:26 +00:00
gcb
ce307ddd6d default whitelists 2024-11-18 20:29:48 +00:00
gcb
d74e17a6ae address reviewer comments 2024-11-18 20:15:15 +00:00
Gabriel
b2d2934a50
reviewer suggestion 
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
 2024-11-18 20:03:48 +00:00
Gabriel
dc3bad9087
reviewer suggestion 
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
 2024-11-18 20:03:36 +00:00
Gabriel
6e3b817c47
reviewer suggestion 
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
 2024-11-18 20:03:24 +00:00
Gabriel
b3a2b2e4d1
Merge branch 'netblue30:master' into gcb-patch-1 2024-11-18 17:06:38 +00:00
Kelvin M. Klann
ffa95cce31 README: fix typo of "several" 
This fixes the codespell job in CI[1]:

    $ make codespell
    Running codespell...
    ./README:1244: serveral ==> several
    make: *** [Makefile:393: codespell] Error 65

Added on commit 8e7996132 ("README file update", 2024-11-16).

[1] https://github.com/netblue30/firejail/actions/runs/11874111807/job/33089673920
 2024-11-18 11:44:27 -03:00
netblue30
559e4039bc static IP map update 2024-11-16 18:36:34 -05:00
netblue30
8e7996132b README file update 2024-11-16 18:36:09 -05:00
gcb
e986d0b59a used the template 2024-11-08 15:35:36 +00:00
gcb
a7e1430a96 initial syncthing support 2024-11-08 15:07:08 +00:00
Kelvin M. Klann
d01e1779d6 RELNOTES: improve modif item 
Format and add missing PR reference.

Relates to #5378 #5957.
 2024-11-08 07:40:55 -03:00
Kelvin M. Klann
a11d1536a6 RELNOTES: add profile items 
Relates to #6533 #6534.
 2024-11-08 07:36:54 -03:00
Kelvin M. Klann
26be7180fa
profiles: game-launchers: disable nou2f (#6534) 
While gamepads apparently work fine in the Steam client itself, `nou2f`
appears to make gamepads unresponsive inside certain games while using
"Steam Input" (possibly due to `nou2f` blocking access to `/dev/hidraw*`
devices).

This issue reportedly affects at least the following games on Steam:
"Undertale", "Persona 4 Golden" and "Persona 5 Royal".

Disable nou2f to ensure that gamepads can be used.

Relates to #6523.

Reported-by: @opqriu
 2024-11-08 10:34:00 +00:00
Kelvin M. Klann
096d5a2a2d
profiles: firecfg.config: disable dnsmasq (#6533) 
There are multiple reports in #6121 that dnsmasq does not work when
called by libvirt:

    $ sudo virsh net-start default
    error: Failed to start network default
    error: internal error: Child process (VIR_BRIDGE_NAME=virbr0 /usr/local/bin/dnsmasq [...]) unexpected exit status 1: Error: PATH environment variable not set

Also, note that this is a server program, so it might be better to
disable it by default anyway.

Reported-by: @marek22k
 2024-11-08 10:33:26 +00:00
Kelvin M. Klann
9f1d2c7ed5 RELNOTES: add docs and profile items 
Relates to #3314 #6524 #6526 #6531.
 2024-11-06 23:36:21 -03:00
Kelvin M. Klann
9a3dc2c0c3
keepassxc: allow access to ssh-agent socket (#6531) 
Fixes #3314.

Relates to #6529.
 2024-11-07 02:30:28 +00:00
Ted Robertson
d763fb73ca
docs: clarify intro and build section in README (#6524) 
Make the introduction friendlier for non-kernel geeks and clarify the
build section.

Relates to #4049.
 2024-11-04 18:58:24 +00:00
dependabot[bot]
4ded6b7774 build(deps): bump github/codeql-action from 3.26.10 to 3.27.0 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.10 to 3.27.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e2b3eafc8d...662472033e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-01 16:41:26 +00:00
dependabot[bot]
d1ffe4532a build(deps): bump actions/checkout from 4.2.0 to 4.2.2 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](d632683dd7...11bd71901b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-01 16:41:18 +00:00
Ted Robertson
cf02e8dd4f
docs: fix typos of --enable-selinux configure option (#6526) 2024-10-31 18:48:37 +00:00
Ted Robertson
bb04e83eb3 docs: use GitHub issues as the bug reporting address 2024-10-30 09:04:03 -03:00
Kelvin M. Klann
b2be4870d1 RELNOTES: add feature items 
Relates to #6435 #6514 #6515.
 2024-10-25 11:23:24 -03:00
Kelvin M. Klann
040c42c54c
profiles: firefox-esr: allow /etc/firefox-esr (#6515) 
This path is apparently used on Debian.

Relates to #5518 #6400 #6435.

Reported-by: @Boruch-Baum
 2024-10-25 14:20:27 +00:00
celenityy
bfa00e385e
profiles: thunderbird: allow /etc/thunderbird (#6514) 
This fixes access to Thunderbird system policies, which can be set
system-wide via `/etc/thunderbird/policies/policies.json`.

Users can also use this directory to set different default preferences.

Relates to #6400 #6435.
 2024-10-23 21:05:58 +00:00
Foxreef
07ff98385f
profiles: steam: add ~/.config/UNDERTALE (#6503) 
Whitelist ~/.config/UNDERTALE to allow the game to save.
 2024-10-11 06:55:13 +00:00
Kelvin M. Klann
116f7bf833 RELNOTES: add private-etc rework feature item 
And move the #6104 item into it.

Relates to #5518 #5608 #5609 #5629 #5638 #5641 #5642 #5643 #5650 #5655.
Relates to #5681 #5737 #5844 #5989 #6016 #6104 #6400.
 2024-10-04 21:07:15 -03:00
Kelvin M. Klann
f2b0d91ae9 RELNOTES: add profile items 
Relates to #6444 #6498 #6499.
 2024-10-04 18:12:17 -03:00
Kelvin M. Klann
aa6b08ffd0
profiles: firefox-common: allow org.freedesktop.portal.Documents (#6499) 
This fixes drag and drop for at least Dolphin.

Fixes #6444.

Reported-by: @Utini2000
Suggested-by: @rusty-snake
 2024-10-04 21:11:04 +00:00
Kelvin M. Klann
ff2c7bd10d profiles: kube: sort dbus entries 
This amends commit 7df28c1ed ("New profiles for balsa,trojita,kube
(#3603)", 2020-09-03).
 2024-10-01 12:06:48 -03:00
Kelvin M. Klann
3470a3721e profiles: signal-desktop: sort dbus entries 
This amends commit 047d86f46 ("Add access to D-Bus freedesktop.org
secret API", 2024-10-01) / PR #6498.
 2024-10-01 11:54:42 -03:00
netblue30
c926850b5b
Merge pull request #6494 from netblue30/dependabot/github_actions/github/codeql-action-3.26.10 
build(deps): bump github/codeql-action from 3.26.6 to 3.26.10
 2024-10-01 10:47:32 -04:00
netblue30
0c470aa6c5
Merge pull request #6495 from netblue30/dependabot/github_actions/actions/checkout-4.2.0 
build(deps): bump actions/checkout from 4.1.7 to 4.2.0
 2024-10-01 10:47:14 -04:00
netblue30
3be06e1bcf
Merge pull request #6496 from netblue30/dependabot/github_actions/step-security/harden-runner-2.10.1 
build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1
 2024-10-01 10:46:56 -04:00
netblue30
80aaa8c806
Merge pull request #6498 from corsac-s/patch-1 
profiles: signal-desktop - Add access to D-Bus freedesktop.org secret API
 2024-10-01 10:46:22 -04:00
Yves-Alexis Perez
047d86f46e
Add access to D-Bus freedesktop.org secret API 
Signal recently started storing a local key in the freedesktop.org secret API so allow access in the profile
 2024-10-01 12:08:06 +02:00
dependabot[bot]
a7918b0575
build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.1 to 2.10.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](5c7944e73c...91182cccc0)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-01 06:51:41 +00:00
dependabot[bot]
65fd5bbaaa
build(deps): bump actions/checkout from 4.1.7 to 4.2.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](692973e3d9...d632683dd7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-01 06:51:37 +00:00