netblue30
fa075b62fb
enabled nettraces by default in the main build - you would need to be root to run these options
2023-10-24 09:13:27 -04:00
dependabot[bot]
62773e758a
build(deps): bump github/codeql-action from 2.22.3 to 2.22.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.3 to 2.22.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0116bc2df5...49abf0ba24
2023-10-23 16:47:44 +00:00
dependabot[bot]
c4b0d88fad
build(deps): bump actions/checkout from 4.1.0 to 4.1.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-10-23 16:46:42 +00:00
glitsj16
2e2c2327f2
profiles: support more msmtp configuration paths ( #6060 )
...
Since version 1.8.6 msmtp supports per-user configuration at either
~/.msmtprc (already supported by firejail) or
`$XDG_CONFIG_HOME/msmtp/config`. System-wide support can be placed at
/etc/msmtprc.
This adds the missing paths to the relevant .inc and .profile files.
Note that `blacklist ${HOME}/.msmtprc` is present on both
disable-common.inc and disable-programs.inc, so the new paths are added
to both files.
References:
https://wiki.archlinux.org/title/Msmtp#Basic_setup
https://marlam.de/msmtp/msmtp.html#Configuration-files
2023-10-22 23:51:12 +00:00
mammo0
ac63d80630
contrib/syntax: remove 'text/plain' from firejail-profile.lang.in ( #6059 )
...
The `mimetypes` property contains the section `text/plain`. This causes
for example the Gnome Editor to recognize every simple text file as a
firejail profile file. See this issue:
https://gitlab.gnome.org/GNOME/gnome-text-editor/-/issues/612
Fixes #6057 .
2023-10-22 23:50:42 +00:00
Kelvin M. Klann
123ab46938
RELNOTES: reword profiles item
...
For extra clarity.
Relates to #5987 .
2023-10-22 14:38:46 -03:00
Kelvin M. Klann
e5334dbe96
RELNOTES: add profile items
...
These profile-related changes seem significant enough to warrant
entries, as #6021 adds some guidance on the use of private-opt and #5987
standardizes the format of commented code in all profiles.
Relates to #5987 #6021 .
2023-10-18 21:09:53 -03:00
Kelvin M. Klann
c069a42205
RELNOTES: add ci item
...
Relates to #6026 .
2023-10-18 21:02:55 -03:00
glitsj16
1759055304
profiles: exchange private-opt with a whitelist ( #6021 )
...
* profiles: drop private-opt (existing whitelist)
* profiles: replace private-opt with whitelist
In most profiles.
Kept private-opt for enpass (~85MB), mate-dictionary (<20MB),
minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't
check: xmr-stak.
* docs: note potential issues with private-opt
2023-10-18 22:47:07 +00:00
Frostbyte4664
63c45f5de5
steam.profile: Allow Baba Is You ( #6054 )
2023-10-16 20:14:22 +00:00
dependabot[bot]
3f641c04a1
build(deps): bump github/codeql-action from 2.22.0 to 2.22.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.0 to 2.22.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2cb752a87e...0116bc2df5
2023-10-16 12:56:08 +00:00
glitsj16
bb3442a6af
ssmtp: allow (SUID) binary ( #6052 )
2023-10-15 14:34:03 +00:00
glitsj16
759af6ff1f
disable-common.inc: more SUID binaries ( #6051 )
2023-10-15 13:37:09 +00:00
Kelvin M. Klann
61d8d14ab7
Merge pull request #6049 from kmk3/dc-add-more-suid
...
disable-common.inc: add more suid programs
2023-10-15 12:00:03 +00:00
Kelvin M. Klann
c4f5a07d20
disable-common.inc: add more suid programs
...
Programs:
$ pacman -Qo fusermount3 groupmems mount.cifs wall write
/usr/bin/fusermount3 is owned by fuse3 3.16.1-1
/usr/bin/groupmems is owned by shadow 4.14.0-4
/usr/bin/mount.cifs is owned by cifs-utils 7.0-3
/usr/bin/wall is owned by util-linux 2.39.2-1
/usr/bin/write is owned by util-linux 2.39.2-1
2023-10-11 07:26:43 -03:00
Kelvin M. Klann
741dac237c
disable-common.inc: sort suid section
2023-10-11 07:18:04 -03:00
glitsj16
84ade11cbe
pavucontrol-qt: fix broken whitelisting in ${HOME} ( #6045 )
2023-10-09 18:23:53 +00:00
dependabot[bot]
16edbd8268
build(deps): bump github/codeql-action from 2.21.9 to 2.22.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.9 to 2.22.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ddccb87388...2cb752a87e
2023-10-09 08:08:13 +00:00
dependabot[bot]
202a079115
build(deps): bump step-security/harden-runner from 2.5.1 to 2.6.0
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](8ca2b8b2ec...1b05615854
2023-10-09 08:07:54 +00:00
glitsj16
e49f8885fe
tshark: CLI hardening ( #6040 )
2023-10-07 20:47:09 +00:00
glitsj16
670e46f42c
New profile: termshark ( #6039 )
...
* Create termshark.profile
* firecfg.config: add termshark support
* termshark: CLI hardening
2023-10-07 20:46:32 +00:00
glitsj16
8412db10ed
wireshark: fix access to dumpcap ( #6038 )
2023-10-07 20:45:24 +00:00
glitsj16
6a43e0d37f
nicotine: allow sound notifications ( #6037 )
2023-10-07 20:44:45 +00:00
glu8716
983402e958
nicotine: support Fcitx and dconf via dbus-user filter ( #6036 )
...
* Update nicotine.profile
* dbus.user set to filter
2023-10-07 20:44:10 +00:00
netblue30
2a8621cd94
Merge pull request #6009 from jtrv/tidal-hifi
...
New profile: tidal-hifi
2023-10-05 09:07:02 -04:00
netblue30
0617a70f4d
Merge pull request #6026 from kmk3/ci-allow-manual-run
...
ci: allow running workflows manually
2023-10-05 09:05:10 -04:00
netblue30
eb517f9abf
Merge pull request #6030 from glitsj16/np-floorp
...
New profile: floorp
2023-10-05 09:04:34 -04:00
glitsj16
067d1a827f
Create brz.profile and bzr.profile ( #6028 )
...
From Breezy's documentation[1] [2]:
> Breezy is a friendly fork of the Bazaar (bzr) project, hosted on
> http://bazaar.canonical.com/ . It is backwards compatibility with
> Bazaar's disk format and protocols. One of the key differences with
> Bazaar is that Breezy runs on Python 3, rather than on Python 2.
breezy is also the drop-in replacement for bazaar on Arch Linux since
pacman 6.0.2-8[3].
> By default, Breezy provides support for both the Bazaar and Git file
> formats.
Note: The profile is implemented as a git redirect.
[1] https://github.com/breezy-team/breezy
[2] https://www.breezy-vcs.org/
[3] c68a4e6602
2023-10-03 20:09:34 +00:00
glitsj16
ac8c2191ec
New profile: lettura ( #6027 )
...
* disable-programs.inc: add lettura support
* Create lettura.profile
* firecfg.config: add lettura
2023-10-03 20:08:17 +00:00
glitsj16
0ed7ba1b88
disable-programs.inc: fix sorting
2023-10-02 16:48:12 +00:00
dependabot[bot]
f3fc98499f
build(deps): bump github/codeql-action from 2.21.8 to 2.21.9
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.8 to 2.21.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6a28655e3d...ddccb87388
2023-10-02 16:22:06 +00:00
glitsj16
1af1f0320e
Create floorp.profile
2023-10-02 16:10:23 +00:00
glitsj16
1f94e71d32
disable-programs.inc: add floorp support
2023-10-02 16:08:51 +00:00
glitsj16
3fb54ae844
disable-common.inc: add foot to 'bad terminals' section ( #6025 )
2023-09-28 12:28:00 +00:00
Kelvin M. Klann
e796ba1349
ci: allow running workflows manually
...
Add `on.workflow_dispatch`.
See:
* https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatch
* https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
2023-09-26 12:24:14 -03:00
glitsj16
72edd9667b
youtubemusic-nativefier: fix include .local name ( #6020 )
2023-09-26 04:19:16 +00:00
glitsj16
20d43a6772
profiles: dpkg fix ( #6019 )
2023-09-26 04:18:28 +00:00
jtrv
441588e20a
New profile: tidal-hifi ( #6008 )
...
modified src/firecfg/firecfg.config to add tidal-hifi
created etc/profile-m-z/tidal-hifi.profile
closes : #6008
Apply suggestions from code review
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
2023-09-25 12:18:39 -07:00
dependabot[bot]
91533c4394
build(deps): bump github/codeql-action from 2.21.7 to 2.21.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.7 to 2.21.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04daf014b5...6a28655e3d
2023-09-25 17:22:34 +00:00
dependabot[bot]
bfacd86527
build(deps): bump actions/checkout from 4.0.0 to 4.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
2023-09-25 17:22:23 +00:00
Kelvin M. Klann
f5534fb600
profiles: fix path of system-log-common.profile
...
This amends commit dd5539012#5996 )",
2023-09-23).
Commands used:
git mv \
etc/profile-m-z/profile-m-z/profile-m-z/system-log-common.profile \
etc/profile-m-z/system-log-common.profile
rmdir etc/profile-m-z/profile-m-z/profile-m-z/
rmdir etc/profile-m-z/profile-m-z/
2023-09-23 01:02:34 -03:00
pirate486743186
d90cd8915e
create fluffychat.profile ( #6007 )
...
Co-authored-by: pirate486743186 <>
2023-09-23 01:44:33 +00:00
glitsj16
9690ce753b
mocp: hardening ( #6017 )
2023-09-23 01:43:43 +00:00
glitsj16
5de32c19d6
mocp: fix networking ( #6016 )
2023-09-23 01:43:13 +00:00
glitsj16
dd55390120
profiles: refactor log viewers ( #5996 )
...
* profiles: refactor log viewers
Introduces system-log-common.profile as a common profile for existing
GUI log viewer applications.
* system-log-common: enable no3d
2023-09-23 01:42:08 +00:00
Kelvin M. Klann
27c3e97989
Merge pull request #5993 from kmk3/modif-keep-pipewire-group
...
modif: keep pipewire group unless nosound is used
2023-09-20 15:46:12 +00:00
Kelvin M. Klann
0091caf80c
modif: keep pipewire group unless nosound is used
...
This group is apparently used on Gentoo[1].
Currently only the "audio" supplementary group is kept.
Fixes #5992 .
See also commit f32938669#4851 .
[1] https://wiki.gentoo.org/wiki/PipeWire
Reported-by: @amano-kenji
2023-09-20 12:23:31 -03:00
archaon616
f90770fb83
steam.profile: Allow Factorio ( #6012 )
...
Add directories to config so Factorio runs correctly.
2023-09-19 18:04:31 +00:00
Frostbyte4664
fe5df9b5d5
Add blender-3.6 redirect ( #6013 )
2023-09-18 14:17:58 +00:00
glitsj16
e5aad6cdc0
gwenview: add Trash support ( #6001 )
2023-09-18 14:15:32 +00:00
