|
|
c4874c85b1
|
bubblewrap: debugging
|
2024-01-26 09:13:00 +00:00 |
|
|
|
7f002b8718
|
programs: sane-sandboxed: implement --sane-sandbox-cap for capabilities setting
|
2024-01-24 06:34:11 +00:00 |
|
|
|
824630f7d1
|
programs: sandboxing: document /dev/dri a bit more
|
2024-01-24 05:28:27 +00:00 |
|
|
|
57105c6861
|
sane-sandboxed: autodetect: handle file:/// URIs
|
2024-01-24 05:00:08 +00:00 |
|
|
|
3758044e7b
|
sane-sandboxed: better handle "--"
|
2024-01-24 04:59:24 +00:00 |
|
|
|
bfaf098c31
|
sane-sandboxed: fix handling of -- (which previously smushed arguments)
|
2024-01-24 02:52:01 +00:00 |
|
|
|
089f86d5e4
|
programs: make /usr/bin/env available in the sandbox
enables KOReader to run
|
2024-01-24 01:48:02 +00:00 |
|
|
|
bdd70f8fa2
|
sane-sandboxed: ignore the executable path when autodetecting media
|
2024-01-23 16:32:06 +00:00 |
|
|
|
bfd5630e21
|
programs: sandbox: omit media dirs by default, and implement --sane-sandbox-autodetect for programs which are liable to load data from paths
|
2024-01-23 15:48:12 +00:00 |
|
|
|
576d2c32f0
|
programs: support secrets even when sandboxed
|
2024-01-23 14:57:33 +00:00 |
|
|
|
25739ec2ba
|
programs: sane-sandboxed: avoid reading firejail profiles when the backend isnt firejail
this should provide a marginal perf gain
|
2024-01-23 14:57:33 +00:00 |
|
|
|
f148334b58
|
programs: port extraFirejailConfig to extraConfig
|
2024-01-23 14:57:33 +00:00 |
|
|
|
3a6ee8708e
|
programs: sane-sandboxed: dont error if network mountpoints are offline
|
2024-01-23 13:13:31 +00:00 |
|
|
|
983bf93d8f
|
programs: sane-sandboxed: make the profile handle arguments with spaces
|
2024-01-23 12:47:25 +00:00 |
|
|
|
40cc8f5d1c
|
programs: sane-sandboxed: make more debuggable
|
2024-01-23 12:27:23 +00:00 |
|
|
|
cce03a5dc8
|
programs: sandbox: use --dev-bind-try for root paths; fixes mpv on moby
|
2024-01-23 12:18:32 +00:00 |
|
|
|
98dfc3aa5a
|
programs: sandbox: allow all programs to access media
hopefully this is just a stopgap
|
2024-01-23 11:36:58 +00:00 |
|
|
|
27b56b1a12
|
programs: sane-sandbox: implement a cleaner debugshell and test API
|
2024-01-23 11:19:52 +00:00 |
|
|
|
6e9220d2bb
|
programs: allow programs to specify "sandbox.method = "bwrap"" for bubblewrap sandboxing
|
2024-01-23 10:44:13 +00:00 |
|
|
|
0ddcfcaa23
|
sane-sandboxed: retrieve profiles from /share/sane-sandboxed/profiles so they can be customized without mass rebuilds
|
2024-01-23 08:01:23 +00:00 |
|
|
|
a4cb6645b4
|
programs: indirect firejail access through sane-sandboxed
|
2024-01-23 04:02:31 +00:00 |
|
|
|
2492ed2ca7
|
programs: introduce a sane-sandboxed helper
not yet used, but will be soon
|
2024-01-23 02:29:33 +00:00 |
|
|
|
f49d2a1e0e
|
programs: split "makeSandboxed" into its own file
|
2024-01-23 01:23:14 +00:00 |
|
|
|
0dc3f4f7f2
|
modules/programs: move to subdir
this will help me factor out helpers
|
2024-01-23 01:02:04 +00:00 |
|
