Awesome Privacy

Recent Commits

• Kelvin M. Klann (28 Mar 24)

  RELNOTES: add bugfix and profile items Relates to #5717 #6049 #6051 #6052.

• Kelvin M. Klann (27 Mar 24)

  RELNOTES: add modif and ci items Relates to #5953 #5957.

• Kelvin M. Klann (27 Mar 24)

  RELNOTES: add profile items Relates to #6289 #6294.

• glitsj16 (27 Mar 24)

  pkglog: hardening (x11) (#6292)

• glitsj16 (27 Mar 24)

  New profile: gh (GitHub CLI) (#6293) Description: GitHub's official command-line tool. https://github.com/cli/cli

• Kelvin M. Klann (27 Mar 24)

  profiles: rename disable-X11.inc to disable-x11.inc (#6294) That is, make "X11" lowercase so that the order of the includes in the disable- section remain the same when sorted with `LC_ALL=C`, as is the case for most of the other sections. That is also likely to be the default in text editors (such as in vim on Arch), so this should make the disable- section more consistent and easier to sort when editing the profile. Also, keep the old include as a redirect to the new one for now to avoid breakage. Commands used to search and replace: git mv etc/inc/disable-X11.inc etc/inc/disable-x11.inc git grep -Ilz 'disable-X11' -- etc | xargs -0 \ perl -pi -e 's/disable-X11/disable-x11/' Relates to #4462 #4854 #6070 #6289. This is a follow-up to #6286.

• Kelvin M. Klann (27 Mar 24)

  profiles: sort blacklist sections (#6289) See etc/templates/profile.template. This is a follow-up to #6286.

• Kelvin M. Klann (25 Mar 24)

  RELNOTES: add many profile items Relates to #5686 #5700 #5702 #5735 #5763 #5794 #5946 #6218.

• Kelvin M. Klann (25 Mar 24)

  RELNOTES: add build and profile items Relates to #6257 #6282 #6283 #6286 #6290.

• Kelvin M. Klann (25 Mar 24)

  build: sort.py: add and require -i to edit in-place (#6290) Similarly to `sed -i` and `perl -i`. This allows checking if sort.py correctly sorts the relevant lines in a profile without having to overwrite it, which makes debugging and testing easier (for example, in #6261). Note: If it finds items that are not sorted, it still sorts them, prints the diff and returns an error.

• Kelvin M. Klann (25 Mar 24)

  New profile: qemu-common.profile (#6287) Add a common profile to deduplicate entries and make qemu-related profiles redirect to it. Relates to #6255.

• dependabot[bot] (25 Mar 24)

  build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.7 to 3.24.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/3ab4101902695724f9365a384f86c1074d94e18c...1b1aada464948af03b950897e5eb522f92603cc2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

• RundownRhino (24 Mar 24)

  firefox: Add org.kde.kdeconnect to plasma integration comment (#6285) I recently set up KDE connect and plasma-browser-integration for firefox (Linux Mint 21.2) and needed this line in addition to the ones mentioned in the profile. Found it via running `firejail --profile=/etc/firejail/firefox.profile --dbus-user.log firefox`, trying to send links to device, and seeing what events get logged.

• Kelvin M. Klann (24 Mar 24)

  Merge pull request #6286 from kmk3/x11-none-improvements profiles: replace x11 socket blacklist with disable-X11.inc

• Kelvin M. Klann (24 Mar 24)

  profiles: deny access to ~/.config/autostart (#6257) The files in this directory are intended to be automatically executed when the user logs in. In which case, granting write access to this directory allows the program to easily escape the sandbox (by autostarting itself outside of firejail, for example). Misc: This was noticed on #6244.

• Kelvin M. Klann (22 Mar 24)

  profiles: replace x11 socket blacklist with disable-X11.inc Replace all occurrences of `blacklist /tmp/.X11-unix` with `include disable-X11.inc`, which blacklists more X11-related files. Commands used to search and replace: $ git grep -Ilz '^blacklist /tmp/.X11-unix' -- \ etc/profile*/*.profile | xargs -0 perl -0 -pi -e '\ s/\nblacklist \/tmp\/.X11-unix\n/\n/; \ s/(\ninclude disable-xdg.inc\n)/\ninclude disable-X11.inc$1/; \ s/(\ninclude disable-[^Xx\n]+\n)(\n|# )/$1include disable-X11.inc\n$2/' Note: The following files were also edited manually: * etc/profile-a-l/erd.profile * etc/profile-a-l/links-common.profile * etc/profile-m-z/termshark.profile * etc/profile-m-z/tmux.profile * etc/profile-m-z/tshark.profile Relates to #4462 #4854.

• Kelvin M. Klann (22 Mar 24)

  sstmp.profile: sort disable includes Move disable-X11.inc before disable-xdg.inc for consistency with other profiles. Added on commit 73a6fced2 ("New profile: ssmtp (#5544)", 2022-12-21).

• Kelvin M. Klann (23 Mar 24)

  gconf-editor: remove X11 socket blacklist It is a GUI program. It was apparently added by accident on commit 73321c597 ("Fixes (#2816)", 2019-07-01). Reported by @glitsj16 at https://github.com/netblue30/firejail/pull/6286#discussion_r1536618241

• glitsj16 (23 Mar 24)

  New profile: tqemu.profile (#6255) Description: QEMU frontend without libvirt. https://github.com/thanoulis/tqemu

• Kelvin M. Klann (23 Mar 24)

  k3b.profile: fix dvd drive detection (private-dev) (#6280) @hedgehog29 commented[1]: > It prevents k3b from detecting all dvd drives, incudling USB ones, and > it seems that also SATA. Fixes #6279. [1] https://github.com/netblue30/firejail/issues/6279#issue-2191392448

• glitsj16 (20 Mar 24)

  New profile: metadata-cleaner.profile (#6246) Description: Python GTK3 application to view and clean metadata in files, using mat2. https://gitlab.com/rmnvgr/metadata-cleaner

• pirate486743186 (20 Mar 24)

  remove porn-cli.profile (#6284) Co-authored-by: exponential <echo ZXhwb25lbnRpYWxtYXRyaXhAcHJvdG9ubWFpbC5jb20K | base64 -d>

• Kelvin M. Klann (20 Mar 24)

  build: fix "warning: "_FORTIFY_SOURCE" redefined" (#6283) The warning is being produced on Arch since pacman 6.1, which changed `-D_FORTIFY_SOURCE=2` to `-D_FORTIFY_SOURCE=3` in CFLAGS in makepkg.conf: $ pacman -Q gcc pacman gcc 13.2.1-5 pacman 6.1.0-3 $ makepkg [...] make -C src/lib gcc [...] -D_FORTIFY_SOURCE=2 [...] -Wp,-D_FORTIFY_SOURCE=3 [...] -c ../../src/lib/common.c -o ../../src/lib/common.o <command-line>: warning: "_FORTIFY_SOURCE" redefined <command-line>: note: this is the location of the previous definition To fix this, only add `-D_FORTIFY_SOURCE` to EXTRA_CFLAGS if it does not cause any warnings with CFLAGS and CPPFLAGS during compilation. The effect remains the same: The build system still defines the macro by default (if there are no warnings) and the user/distribution can still override it through CFLAGS/CPPFLAGS. Fixes #6282. Reported-by: @glitsj16

• glitsj16 (19 Mar 24)

  Rename etc/session-desktop.profile to etc/profile-m-z/session-desktop.profile

• glitsj16 (19 Mar 24)

  New profile: session-desktop.profile (#6259) Description: Encrypted messenger. https://github.com/oxen-io/session-desktop/ https://aur.archlinux.org/packages/session-desktop https://aur.archlinux.org/packages/session-desktop-bin https://aur.archlinux.org/packages/session-desktop-appimage Note: The AUR packages all work with the profiles.

• glitsj16 (19 Mar 24)

  New profile: mimetype.profile (#6247) Description: Determines the file type. https://metacpan.org/release/File-MimeInfo https://archlinux.org/packages/extra/any/perl-file-mimeinfo/

• glitsj16 (18 Mar 24)

  New profile: tvnamer.profile (#6256) Description: Automatic TV episode file renamer. https://github.com/dbr/tvnamer

• glitsj16 (18 Mar 24)

  New profile: textroom.profile (#6254) Description: Full Screen text editor heavily inspired by Q10 and JDarkRoom. https://code.google.com/p/textroom/ https://aur.archlinux.org/packages/textroom

• glitsj16 (18 Mar 24)

  New profile: rymdport.profile (#6251) Description: Encrypted sharing of files, folders, and text between devices. https://github.com/Jacalz/rymdport

• glitsj16 (18 Mar 24)

  New profile: localsend_app.profile (#6244) Description: An open source cross-platform alternative to AirDrop. https://github.com/localsend/localsend