github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-16 14:16:16 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6
10373 commits 10 branches 71 tags 33 MiB
Commit graph

4823 commits

Author SHA1 Message Date
Kelvin M. Klann
ada14900d2 profiles: floorp: add psd paths to firefox-common-addons 
This amends commit 5ec656714 ("profiles: floorp: add profile sync daemon
paths (#6683)", 2025-03-23).
 2025-03-23 14:26:06 -03:00
Sumimi~
5ec656714e
profiles: floorp: add profile sync daemon paths (#6683) 
Also, fix a typo.
 2025-03-23 17:09:50 +00:00
Kelvin M. Klann
24c4c7205d profiles: noprofile: add keep-shell-rc 
This amends commit d0a12f27d ("feature: add 'keep-shell-rc' flag and
option", 2023-01-30) / #5634.
 2025-03-23 11:54:17 -03:00
NetSysFire
c9dc1edfb7
profiles: godot: ignore noexec in home to fix addons (#6686) 
I had weird errors when working on a godot project:

    addons/godot-sqlite/bin/libgdsqlite.linux.template_debug.x86_64.so: failed to map segment from shared object.
    ERROR: Can't open GDExtension dynamic library: 'res://addons/godot-sqlite/gdsqlite.gdextension'.

These addons are executable files. Addons like these are common enough
and `noexec` breaks them. I confirmed that the change fixes this error
and allows loading addons.
 2025-03-22 21:02:06 +00:00
northboot
4e14f0a5f9
New profile: xarchiver (#6679) 
Lightweight desktop-independent archive manager.

https://github.com/ib/xarchiver
 2025-03-15 07:44:03 +00:00
northboot
bb7ea793e2
New profile: ouch (#6678) 
CLI utility for easily compressing and decompressing files and dirs.

https://github.com/ouch-org/ouch
 2025-03-10 11:00:00 +00:00
weebnix
ee1c264c5f
feature: block /dev/ntsync & add keep-dev-ntsync command (#6660) 
Changes:

* Block access to /dev/ntsync by default
* Add the `keep-dev-ntsync` command to allow access to /dev/ntsync (even
  if `private-dev` is used)
* Add `keep-dev-ntsync` to wine.profile and similar profiles

Closes #6655.
 2025-03-06 06:36:00 +00:00
Kelvin M. Klann
b269aa7e50
profiles: seahorse: add redirect org.gnome.seahorse.Application (#6673) 
Apparently the .desktop file for `seahorse` is located in the following
path:

* `/usr/share/applications/org.gnome.seahorse.Application.desktop`

Which ends in `Application.desktop` instead of `seahorse.desktop`,
leading to it not being automatically detected by firecfg.

So add a redirect profile and an entry in firecfg.config.

Related commits:

* bd9761508 ("Temp fix firecfg (#2634)", 2019-04-02)
* 8f69e9841 ("bugfix: firecfg: check full filename in check_profile()
  (#6674)", 2025-03-04).

Fixes #6658.

Relates to #2624.

Reported-by: @ginto37
Reported-by: @rusty-snake
 2025-03-06 06:11:54 +00:00
northboot
30ba35f0b3
New profile: remmina-file-wrapper (#6669) 
Remmina may install this wrapper binary on some distributions.

On Void Linux, this is the default binary launched via application
launchers (e.g. rofi):

    $ grep "Exec" /usr/share/applications/org.remmina.Remmina.desktop
    TryExec=remmina-file-wrapper
    Exec=remmina-file-wrapper %U
    [...]
 2025-02-28 11:24:44 +00:00
Kelvin M. Klann
e71f1172cc
Merge pull request #6666 from kmk3/ytmdesktop-add-redirect 
profiles: ytmdesktop: add redirect & whitelist /opt/ytmdesktop
 2025-02-26 12:06:26 +00:00
Kelvin M. Klann
985cb43eeb profiles: ytmdesktop: whitelist /opt/ytmdesktop 
From [1]:

    $ pacman -Qlq ytmdesktop
    [...]
    /opt/ytmdesktop/youtube-music-desktop-app
    /usr/bin/youtube-music-desktop-app
    /usr/share/applications/ytmdesktop.desktop

See also commit 175905530 ("profiles: exchange private-opt with a
whitelist (#6021)", 2023-10-18).

[1] https://github.com/netblue30/firejail/issues/6662#issuecomment-2681532969
 2025-02-25 18:14:47 -03:00
Kelvin M. Klann
4ec076a65c profiles: ytmdesktop: add a redirect for youtube-music-desktop-app 
Apparently the main binary has been renamed from `ytmdesktop` to
`youtube-music-desktop-app`[1]:

    $ pacman -Qlq ytmdesktop
    [...]
    /opt/ytmdesktop/youtube-music-desktop-app
    /usr/bin/youtube-music-desktop-app
    /usr/share/applications/ytmdesktop.desktop

So add a redirect for it.

Fixes #6662.

[1] https://github.com/netblue30/firejail/issues/6662#issuecomment-2681532969

Reported-by: @Dieterbe
 2025-02-25 18:14:47 -03:00
amano-kenji
76509024ef
New profile: nsxiv (#6588) 
https://nsxiv.codeberg.page/
 2025-02-23 08:56:57 +00:00
Alpha
82d5587f2c
New profile: vesktop (#6654) 
https://github.com/Vencord/Vesktop
 2025-02-21 14:10:35 +00:00
Kelvin M. Klann
e82d3a367f profiles: gimp: fix sorting 
This amends commit 2b3a70efe ("fix gimp profile", 2025-02-14).
 2025-02-15 02:45:32 -03:00
netblue30
2b3a70efef fix gimp profile 2025-02-14 12:35:10 -05:00
cobratbq
4e0e77b0f9
profiles: torbrowser-launcher: move path from dc to dp (#6640) 
The other tor-browser paths are in disable-programs.inc, so move
~/.local/opt/tor-browser from disable-common.inc to disable-programs.inc.
 2025-02-12 04:29:03 +00:00
amano-kenji
cf12c66059
New profile: pyradio (#6589) 
https://github.com/coderholic/pyradio
 2025-02-10 23:20:56 +00:00
amano-kenji
22e8632c78
New profile: ncmpcpp (#6587) 
https://github.com/ncmpcpp/ncmpcpp
 2025-02-10 23:16:28 +00:00
amano-kenji
a2e97e9967
New profile: hledger/hledger-ui (#6585) 
https://hledger.org/
 2025-02-10 23:15:34 +00:00
Danny van Heumen
3d3b265184 profiles: tor: add memory-deny-write-execute 
Tested by running tor (as a client) for more than 7 hours with
continuous traffic.

Note: Not tested as a relay.
 2025-02-05 21:06:59 -03:00
Lucas
a6f26b6e3c
New profile: device-flasher.linux (CalyxOS) (#6616) 
The CalyxOS CLI device flasher.
 2025-02-01 16:48:39 +00:00
amano-kenji
5a42f0ee47
profiles: anki: fix dark mode detection & misc changes (#6581) 
Relates to #6545.
 2025-01-16 12:53:08 +00:00
Kelvin M. Klann
04572ef426
profiles: aria2p: disable x11 and clipboard managers (#6609) 
aria2p is a command-line tool, so these should not be needed (and it's
unclear how/why they would be used by the program).

See also:
https://github.com/netblue30/firejail/pull/6583#discussion_r1912891807

Added on commit c869f11d5 ("New profile: aria2p/aria2rpc", 2024-12-27) /
PR #6583.
 2025-01-16 02:05:17 +00:00
Kelvin M. Klann
47467c3551 profiles: monero-wallet-cli: fix missing EOL at EOF 
This amends commit a7bf93426 ("New profile: monero-wallet-cli",
2024-12-27) / PR #6586.
 2025-01-13 06:07:50 -03:00
netblue30
ff770369a9
Merge pull request #6590 from amano-kenji/tremc 
New profile: tremc
 2025-01-12 17:15:58 -05:00
netblue30
7c59aea1f7
Merge pull request #6586 from amano-kenji/monero 
New profile: monero-wallet-cli
 2025-01-12 17:14:36 -05:00
netblue30
f666560ba8
Merge pull request #6584 from amano-kenji/buku 
New profile: buku
 2025-01-12 17:13:07 -05:00
netblue30
b2a17264a6
Merge pull request #6583 from amano-kenji/aria2 
New profile: aria2p/aria2rpc
 2025-01-12 17:12:28 -05:00
amano-kenji
9aaf505431
profiles: refactor com.github.johnfactotum.Foliate into foliate.profile (#6582) 
On Gentoo Linux, there is `/usr/bin/foliate` instead of
`/usr/bin/com.github.johnfactotum.Foliate`.
 2025-01-06 16:42:30 +00:00
Kelvin M. Klann
4782399ea8 profiles: singularity: fix profile path 
Commands used to check for issues:

    $ git ls-files 'etc/profile-a-l/' | grep 'etc/profile-a-l/[m-z]'
    etc/profile-a-l/singularity.profile
    $ git ls-files 'etc/profile-m-z/' | grep 'etc/profile-a-l/[a-l]'
    $

Command used to fix the path:

    $ git mv \
      etc/profile-a-l/singularity.profile \
      etc/profile-m-z/singularity.profile

Relates to #6463.
 2025-01-04 11:55:29 -03:00
amano.kenji
92f39fdf4a
New profile: buku 
https://github.com/jarun/buku
 2024-12-30 13:45:03 +00:00
Kelvin M. Klann
c222b7f692
build: sort.py: fix whitespace in entire profile (#6593) 
Changes:

* Strip whitespace at the beginning
* Strip whitespace at the end
* Ensure exactly one newline at the end
* Strip extraneous newlines

Also, for clarity print the git diff in the sort.py ci job, since the
specific lines changed are not printed by the sort.py script in this
case (as whitespace is fixed in the entire profile at once).

Command used to search and replace:

    ./contrib/sort.py etc/inc/*.inc etc/profile*/*.profile

This is a follow-up to #6556.

Update contrib/sort.py
 2024-12-28 16:00:14 +00:00
amano.kenji
a7bf93426f
New profile: monero-wallet-cli 2024-12-27 14:18:59 +00:00
amano.kenji
3b2706b9c3
New profile: tremc 
https://github.com/tremc/tremc
 2024-12-27 14:09:21 +00:00
amano.kenji
c869f11d55
New profile: aria2p/aria2rpc 
https://github.com/pawamoy/aria2p is Command-line tool and library to interact with an aria2c daemon process with
JSON-RPC.

aria2rpc from https://github.com/aria2/aria2 is command line tool for connecting to a remote instance of aria2c
 2024-12-27 13:32:12 +00:00
Lucas
afce4679bf
New profile: b3sum (blake3) (#6577) 
https://github.com/BLAKE3-team/BLAKE3
 2024-12-27 02:04:15 +00:00
Kelvin M. Klann
f27775c5a8 profiles: obsidian: whitelist allowed paths 
electron-common.profile and blink-common.profile already apply
whitelisting in the user home, so ensure that the allowed paths are
available as well.

Relates to #6314.
 2024-12-23 05:03:18 -03:00
Kelvin M. Klann
79c227f9e7 profiles: obsidian: remove gnutls from private-etc 
It's included in the `@network` group since commit c8614b329
("private-etc: add gnutls dir to @network group", 2024-11-29).

Relates to #6314.
 2024-12-23 04:53:51 -03:00
Kelvin M. Klann
d8f44326ad profiles: syncthing: remove noise and improve comments 
Relates to #6536.
 2024-12-23 04:53:51 -03:00
Kelvin M. Klann
5799059e5b profiles: syncthing: sort entries 
Relates to #6536.
 2024-12-23 04:53:51 -03:00
Kelvin M. Klann
52a8d5cab1 profiles: prismlauncher: add dbus-user none 
Relates to #6558.

Suggested-by: @rusty-snake
 2024-12-23 04:53:51 -03:00
Kelvin M. Klann
a1d4f514a0 profiles: prismlauncher: add missing comment and include 
Relates to #6558.

Suggested-by: @rusty-snake
 2024-12-23 04:53:51 -03:00
Kelvin M. Klann
f98ee1ac6f profiles: transmission-qt: clarify system tray support comment 
This amends commit 4d00897f6 ("Enable systray support with condition
?ALLOW_TRAY", 2023-07-18) / PR #5905.

Suggested-by: @rusty-snake
 2024-12-22 06:02:27 -03:00
Kelvin M. Klann
5599719839 profiles: kmail/kontact: fix comments and commented code 
Relates to #5905.

Suggested-by: @rusty-snake
 2024-12-22 05:54:00 -03:00
Kelvin M. Klann
6ff4e090db profiles: kontact: blacklist paths 
Added on commit 1e9232662 ("Create kontact.profile", 2023-07-17) /
PR #5905.

Suggested-by: @rusty-snake
 2024-12-22 05:54:00 -03:00
Kelvin M. Klann
0f2a93a3f7 profiles: kontact: sort noblacklist entries 
Added on commit 1e9232662 ("Create kontact.profile", 2023-07-17) /
PR #5905.
 2024-12-22 05:54:00 -03:00
Kelvin M. Klann
967534675f profiles: kontact: fix double include of globals.profile 
See etc/templates/redirect_alias-profile.template.

This amends commit 1e9232662 ("Create kontact.profile", 2023-07-17) /
PR #5905.

Suggested-by: @rusty-snake
 2024-12-22 05:53:47 -03:00
Kelvin M. Klann
89cec6a9a2 profiles: ghostwriter: fix sorting in private-bin 
Commands used to search and replace:

    ./contrib/sort.py etc/inc/*.inc etc/profile*/*.profile

This amends commit 358fce3ed ("ghostwriter: hardening and private-bin
improvements", 2023-02-08) / PR #5648.
 2024-12-21 06:13:29 -03:00
Kelvin M. Klann
00ae2ea8ab profiles: irssi: add irssi.conf to private-etc 
Added on commit bed96d1ca ("merges", 2024-12-17).

Relates to #6549.
 2024-12-19 17:50:21 -03:00