Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It includes sandbox profiles for many programs, including Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission, VLC, Audacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent, DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove, Pidgin, Quassel, and XChat. Firejail also expands the restricted shell facility found in bash by adding Linux namespace support. It supports sandboxing specific users upon login. Download: https://sourceforge.net/projects/firejail/files/ Build and install: ./configure && make && sudo make install Documentation and support: https://firejail.wordpress.com/ Video Channel: https://www.brighteon.com/channels/netblue30 Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/ Development: https://github.com/netblue30/firejail License: GPL v2 Please report all security vulnerabilities to: * Compile and install the mainline version from GitHub: git clone https://github.com/netblue30/firejail.git cd firejail ./configure && make && sudo make install-strip On Debian/Ubuntu you will need to install git and gcc. To build with AppArmor support (which is usually used on Debian, Ubuntu, openSUSE and derivatives), install the AppArmor development libraries and pkg-config and use the `--enable-apparmor` ./configure option: sudo apt-get install git build-essential libapparmor-dev pkg-config gawk To build with SELinux support (which is usually used on Fedora, RHEL and derivatives), install libselinux1-dev (libselinux-devel on Fedora) and use the `--enable-selinux` ./configure option. We build our release firejail.tar.xz and firejail.deb packages using the following commands: make distclean && ./configure && make deb Maintainer: - netblue30 (netblue30@protonmail.com) Committers: - chiraag-nataraj (https://github.com/chiraag-nataraj) - crass (https://github.com/crass) - ChrysoliteAzalea (https://github.com/ChrysoliteAzalea) - curiosityseeker (https://github.com/curiosityseeker) - glitsj16 (https://github.com/glitsj16) - Fred-Barclay (https://github.com/Fred-Barclay) - Kelvin M. Klann (https://github.com/kmk3) - Kristóf Marussy (https://github.com/kris7t) - Neo00001 (https://github.com/Neo00001) - pirate486743186 (https://github.com/pirate486743186) - Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer) - rusty-snake (https://github.com/rusty-snake) - smitsohu (https://github.com/smitsohu) - SkewedZeppelin (https://github.com/SkewedZeppelin) - startx2017 (https://github.com/startx2017) - Topi Miettinen (https://github.com/topimiettinen) - veloute (https://github.com/veloute) - Vincent43 (https://github.com/Vincent43) - netblue30 (netblue30@protonmail.com) --- Firejail Authors (alphabetical order): 0x7969 (https://github.com/0x7969) - fix wire-desktop.profile - add ferdi.profile 0x9fff00 (https://github.com/0x9fff00) - add Colossal Order to steam.profile 7twin (https://github.com/7twin_) - fix typos - fix flameshot raw screenshots 1dnrr (https://github.com/1dnrr) - add pybitmessage profile a1346054 (https://github.com/a1346054) - add missing final newlines in various files - Remove deprecated syntax and modernize shell test scripts Ádler Jonas Gross (https://github.com/adgross) - AppArmor fix Adrian L. Shaw (https://github.com/adrianlshaw) - add profanity profile - add barrirer profile - add profile for Beyond All Reason - RPCS3 profile Aidan Gauland (https://github.com/aidalgol) - added electron, riot-web and npm profiles - whitelist Bohemia Interactive config dir for Steam Akhil Hans Maulloo (https://github.com/kouul) - xz profile Albin Kauffmann (https://github.com/albinou) - Firefox and Chromium profile fixes - info to allow screen sharing in profiles Alexandre Provencio (https://github.com/aleprovencio) - fix qutebrowser not opening tabs Alex Leahu (https://github.com/alxjsn) - fix screen sharing configuration on Wayland Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) - src/lib/libnetlink.c extracted from iproute2 software package Aleksey Manevich (https://github.com/manevich) - several profile fixes - fix problem with relative path in storage_find function - fix build for systems without bash - fix double quotes/single quotes problem - big rework of argument processing subsystem - --join fixes - splitting up cmdline.c - Busybox support - X11 support rewrite - gether shell selection code in one place - fixed several TOCTOU security problems - added --fix option to firecfg utility - read_pid fix - added --x11=block options - x11 xpra, xphyr, none profile commands - added --join-or-start command - CVE-2016-7545 Alexander Gerasiov (https://github.com/gerasiov) - read-only ~/.ssh/authorized_keys - profile updates - fcopy: Use lstat when copy directory Alexander Stein (https://github.com/ajstein) - added profile for qutebrowser alkim0 (https://github.com/alkim0) - warn when encountering EIO during remount - Add profile for chafa amano-kenji (https://github.com/amano-kenji) - fix private-etc in qutebrowser profile - refactor com.github.johnfactotum.Foliate profile - added foliate profile - added area2p profile - added buku profile - added monero-wallet-cli profile - added tremc profile - added nsxiv profile - added pyradio profile - added ncmpcpp profile - added hledger, hledger-ui profiles - anki profile fixes - profiles: qutebrowser: whitelist /usr/share/pdf.js (#6875) - profiles: firefox-common: add a comment about mpris (#6876) Amin Vakil (https://github.com/aminvakil) - whois profile fix - added profile for strawberry - w3m profile fix - disable seccomp in wireshark profile Ammon Smith (https://github.com/ammongit) - Add DBus filter rules specific to firefox-developer-edition Andreas Hunkeler (https://github.com/Karneades) - Add profile for official Linux Teams application Andrey Alekseenko (https://github.com/al42and) - fixing lintian warnings - fixed Skype profile Andrey Skvortsov (https://github.com/AndreySV) - added aarch64 syscalls andrew160 (https://github.com/andrew160) - profile and man pages fixes Andrew Branson (https://github.com/abranson) - 32bit ARM syscall table announ (https://github.com/announ) - mpv and youtube-dl profile fixes - git profile fix - evince profile fix Antoine Catton (https://github.com/acatton) - add keep-shell-rc command and option Anton Shestakov (https://github.com/antonv6) - add whitelist items for uim - allow /etc/vulkan in steam profile - allow ~/.cache/wine in lutris and wine profile - support MangoHud in steam profile Antonio Russo (https://github.com/aerusso) - enumerate root directories in apparmor profile - fix join-or-start - wusc fixes - okular profile fixes - manpage fixes - bugfix: add missing selinux relabeling for /dev paths (#6734) aoand (https://github.com/aoand) - seccomp fix: allow numeric syscalls Arne Welzel (https://github.com/awelzel) - ignore SIGTTOU during flush_stdin() archaon616 (https://github.com/archaon616) - steam.profile: allow Factorio, Zomboid Atrate (https://github.com/Atrate) - BetterDiscord support Austin Morton (https://github.com/apmorton) - deterministic-exit-code option - private-cwd options Austin S. Hemmelgarn (https://github.com/Ferroin) - unbound profile update Avi Lumelsky (https://github.com/avilum) - syscall.sh improvements avallach2000 (https://github.com/avallach2000( - fix qbittorrent profile - support for changing appearance of the Qt6 apps with qt6ct avoidr (https://github.com/avoidr) - whitelist fix - recently-used.xbel fix - added parole profile - blacklist ncat - hostname support in profile file - Google Chrome profile rework - added cmus profile - man page fixes - add net iface support in profile files - paths fix - lots of profile fixes - added mcabber profile - fixed mpv profile - various other fixes ayham (https://github.com/ayham-1) - allow custom homedir support for gpgagent Азалия Смарагдова/ChrysoliteAzalea (https://github.com/ChrysoliteAzalea) - add support for custom AppArmor profiles (--apparmor=) - add Landlock support backspac (https://github.com/backspac) - firecfg fixes - add steam-runtime alias Bader Zaidan (https://github.com/BaderSZ) - Telegram profile Bandie (https://github.com/Bandie) - fixed riot-desktop Barış Ekin Yıldırım (https://github.com/circuitshaker) - removing net none from code.profile Bart Bakker (https://github.com/bjpbakker) - multimc5: fix exec of LWJGL libraries bbhtt (https://github.com/bbhtt) - improvements to balsa,fractal,gajim,trojita profiles - improvements to nheko, spectral, feh, links, lynx, smplayer profiles - added alacarte, com.github.bleakgrey.tootle, photoflare profiles - add profiles for MS Edge dev build for Linux and Librewolf - fixes to cheese, authenticator, liferea - add profile for straw-viewer - email clients whitelisting and fixes Benjamin Kampmann (https://github.com/ligthyear) - Forward exit code from child process BeautyYuYanli (https://github.com/BeautyYuYanli) - add linuxqq and qq profiles bitfreak25 (https://github.com/bitfreak25) - added PlayOnLinux profile - minetest profile fix - added sylpheed profile bn0785ac (https://github.com/bn0785ac) - fixed bnox, dnox profiles - support all tor-browser langpacks - chromium canary (inox-family) fixes - allow multithreading for cin and natron - fix dbus access for libreoffice on KDE - fix inox, add snox profile BogDan Vatra (https://github.com/bog-dan-ro) - zoom profile Brad Ackerman - blacklist Bitwarden config in disable-passwdmgr.inc briaeros (https://github.com/briaeros) - fix command test in jail_prober.py botherer (https://github.com/botherder) - add CoyIM profile Bruno Nova (https://github.com/brunonova) - whitelist fix - bash arguments fix Bundy01 (https://github.com/Bundy01) - fixup geary - add gradio profile - update virtualbox.profile - Quodlibet profile - update apparmor firejail-local for Brave + ipfs bymoz089 (https://github.com/bymoz089) - add timezone access to make libical functional BytesTuner (https://github.com/BytesTuner) - provided keepassxc profile Caleb McCombs (https://github.com/squatched) - Zoom profile fixes caoliver (https://github.com/caoliver) - network system fixes Carlo Abelli (https://github.com/carloabelli) - fixed udiskie profile - Allow mbind syscall for GIMP - fixed simple-scan Case_Of (https://github.com/CaseOf) - added Seafile profile Cat (https://github.com/ecat3) - prevent tmux connecting to an existing session cayday (https://github.com/caydey) - added ~/Private blacklist in disable-common.inc - added quiet to some CLI profiles celenityy (https://github.com/celenityy) - Thunderbird profile fix - wget profile fix Christian Pinedo (https://github.com/chrpinedo) - added nicotine profile - allow python3 in totem profile creideiki (https://github.com/creideiki) - make the sandbox process reap all children - tor browser profile fix chiraag-nataraj (https://github.com/chiraag-nataraj) - support for newer Xpra versions (2.1+) - added Viber, amule, ardour5, brackets, calligra, cin, fetchmail profiles - added freecad, google-earth, imagej, kdenlive, linphone, lmms profiles - added macrofusion, mpd, natron, ricochet, shotcut, tor-browser-en profiles - added tor, x-terminal-emulator, zart profiles Christian Stadelmann (https://github.com/genodeftest) - profile fixes - evolution profile fix Clayton Williams (https://github.com/gosre) - addition of RLIMIT_AS cobratbq (https://github.com/cobratbq) - tor profile: add memory-deny-write-execute - torbrowser-launcher fixes CodeWithMa (https://github.com/CodeWithMa) - mpv.profile: add new XDG_STATE_HOME path corecontingency (https://https://github.com/corecontingency) - tighten private-bin and etc for torbrowser-launcher.profile - added i2prouter profile - add several games to steam and disable-programs crass (https://github.com/crass) - extract_command_name fixes - update appimage size calculation to newest code from libappimage - firejail should look for processes with names exactly named croket (https://github.com/crocket) - fix librewolf profile - added profiles for imv, retroarch, and torbrowser - fix dino profile - fix wireshark profile - prevent emptty /usr/share in google-chrome profiles cubercsl (https://github.com/cubercsl) - add linuxqq and qq profiles curiosity-seeker (https://github.com/curiosity-seeker - old) curiosityseeker (https://github.com/curiosityseeker - new) - tightening unbound and dnscrypt-proxy profiles - correct and tighten QuiteRss profile - dnsmasq profile - okular and gwenview profiles - cherrytree profile fixes - added quiterss profile - added guayadeque profile - added VirtualBox.profile - various other profile fixes - added digiKam profile - write-protection for thumbnailer dir - added gramps, newsboat, freeoffice-planmaker profiles - added freeoffice-textmaker, freeoffice-presentations profiles - added cantata profile - updated keypassxc profile - added syscalls.sh, which determine the necessary syscalls for a program - fixed conky profile - thunderbird.profile: harden and enable the rules necessary to make Firefox open links D357R0Y3R (https://github.com/D357R0Y3R) - added floorp to firejail.config da2x (https://github.com/da2x) - matched RPM license tag Dan Hipschman (https://github.com/dan-hipschman) - profiles: xreader: disable no3d to fix startup (#6829) Daan Bakker (https://github.com/dbakker) - protect shell startup files Danil Semelenov (https://github.com/sgtpep) - blacklist the Electron Cash Wallet - blacklist s3cmd and s3fs configs - blacklist Ethereum, Monero wallets - blacklist Dash Core wallet Dara Adib (https://github.com/daradib) - ssh profile fix - evince profile fix - linphone profile fix Dario Pellegrini (https://github.com/dpellegr) - allowing links in netns David Fetter (https://github.com/davidfetter) - bump up copyright years David Thole (https://github.com/TheDarkTrumpet) - added profile for teams-for-linux Davide Beatrici (https://github.com/davidebeatrici) - steam.profile: correctly blacklist unneeded directories in user's home - minetest fixes - map /dev/input with "--private-dev", add "--no-input" option to disable it - whitelist /usr/share/TelegramDesktop in telegram.profile - allow access to ~/.cache/winetricks David Hyrule (https://github.com/Svaag) - remove nou2f in ssh profile Deelvesh Bunjun (https://github.com/DeelveshBunjun) - added xpdf profile DefaultUser (https://github.com/DefaultUser) - neochat: Allow netlink Denis Subbotin (https://github.com/mr-tron) - telegram.profile: allow ~/.local/share/telegram-desktop Denys Havrysh (https://github.com/vutny) - update SkypeForLinux profile for latest version - removed outdated Skype profile dewbasaur (https://github.com/dewbasaur) - block access to history files - Firefox PDF.js exploit (CVE-2015-4495) fixes - Steam profile DiGitHubCap (https://github.com/DiGitHubCap) - deluge profile fix - fix qt5ct colour schemes and QSS Dieter Plaetinck (https://github.com/Dieterbe) - qutebrowser: update MPRIS name for qutebrowser-qt6 - fix email-common.profile - fix claws-mail profile Disconnect3d (https://github.com/disconnect3d) - code cleanup dm9pZCAq (https://github.com/dm9pZCAq) - fix for compilation under musl dmfreemon (https://github.com/dmfreemon) - add sandbox name or name of private directory to the window title when xpra is used - handle malloc() failures; use gnu_basename() instead of basenaem() Dmitriy Chestnykh (https://github.com/chestnykh) - add ability to disable user profiles at compile time - lookup xauth in PATH Dpeta (https://github.com/Dpeta) - add Chatterino profile dringsim (https://github.com/dringsim) - add ftplugin file (vim) dshmgh (https://github.com/dshmgh) - overlayfs fix for systems with /home mounted on a separate partition Duncan Overbruck (https://github.com/Duncaen) - musl libc fix - utmp fix - fix install for --disable-seccomp software configurations Eduard Tolosa (https://github.com/Edu4rdSHL) - fixed and hardened qpdfview.profile - fixed gajim.profile Eklektisk (https://github.com/Eklektisk) - update librewolf.profile: use new d-bus message bus emacsomancer (https://github.com/emacsomancer) - added profile for Conkeror browser Emil Gedda (https://github.com/EmilGedda) - fix multicast CIDR address in nolocal.net eventyrer (https://github.com/eventyrer) - update gnome-mplayer.profile Ethan R (https://github.com/AN3223) - add allow-perl.inc to w3m.profile exponentialmatrix (https://github.com/exponentialmatrix) - profiles: makedeb: allow dpkg (#6816) Fabian Würfl (https://github.com/BafDyce) - fixed race condition when creating a new directory - Liferea profile Felipe Barriga Richards (https://github.com/fbarriga) - --private-etc fix Felix Pehla (https://github.com/FelixPehla) - fix fractal profile - blacklist sway IPC socket globally fenuks (https://github.com/fenuks) - fix sound in games using FMOD - allow /opt/tor-browser for Tor Browser profile fkrone (https://github.com/fkrone) - fix Zoom profile Fidel Ramos (https://github.com/haplo) - added Ledger Live profile - fixed geeqie profile - added rawtherapee profile - added electron-cache profile - new profile: ansel (#6751) Florian Begusch (https://github.com/florianbegusch) - (la)tex profiles - fixed transmission-common.profile - fixed standardnotes-desktop.profile - fix jailprober.py floxo (https://github.com/floxo) - fixed qml disk cache issue Foemass (https://github.com/Foemass) - documentation Foxreef (https://github.com/Foxreef) - steam profile fixes Franco (nextime) Lanza (https://github.com/nextime) - added --private-template/--private-home František Polášek (https://github.com/fandaa) - fix QOwnNotes profile fuelflo (https://github.com/fuelflo) - added rambox profile Fred-Barclay (https://github.com/Fred-Barclay) - lots of profile fixes - added Vivaldi, Atril profiles - added PaleMoon profile - split Icedove and Thunderbird profiles - added 0ad profile - fixed version for .deb packages - added Warzone2100 profile - blacklisted VeraCrypt - added Gpredict profile - added Aweather, Stellarium profiles - fixed HexChat and Atril profiles - fixed disable-common.inc for mate-terminal - blacklisted escape-happy terminals in disable-common.inc - blacklisted g++ - added xplayer, xreader, and xviewer profiles - added Brave profile - added Gitter profile - various organising - added LibreOffice profile - added pix profile - added audacity profile - fixed Telegram and qtox profiles - added Atom Beta and Atom profiles - tightened 0ad, atril, evince, gthumb, pix, qtox, and xreader profiles - several private-bin conversions - added jitsi profile - pidgin private-bin conversion - added eom profile - added gnome-chess profile - added DOSBox profile - evince profile enhancement - tightened Spotify profile - added xiphos and Tor Browser Bundle profiles - added xed and pluma profiles - added Cryptocat profile - added wireshark profile - uudeview profile fix - fixed palemoon and qbittorrent profiles - compile/install scripts for --git-install/--git-uninstall commands - tighten keepassx - added Thunar profile - added mousepad, qpicview, and cvlc profiles - added BibleTime profile - added caja and galculator profiles - added Catfish profile Frederik Olesen (https://github.com/Freso) - added many vim profiles Frostbyte4664 (https://github.com/Frostbyte4664) - steam.profile: Allow Baba Is You - blender-3.6 redirect g3ngr33n (https://github.com/g3ngr33n) - fix musl compilation G4JC (https://sourceforge.net/u/gaming4jc/profile/) - ARM support - profile fixes Gaman Gabriel (https://github.com/stelariusinfinitek) - inox profile Gabriel (https://github.com/gcb) - okular profile fix - irssi profile - syncthing profile geg2048 (https://github.com/geg2048) - kwallet profile fixes glitsj16 (https://github.com/glitsj16) - evince-previewer, evince-thumbnailer profiles - gnome-recipes, gnome-logs profiles - fixed private-lib for gnome-calculator - gunzip, bunzip2 profiles - enchant, enchat-2, enchant-lsmod, enchant-lsmod-2 profiles - atool, soundconvertor, mpd, gnome-calculator, makepkg profile fixes - acat, adiff, als, apack, arepack, aunpack profiles, - fix sqlitebrowser blacklist - spelling fixes - bitblbee profile fixes - fix firefox common addons - many profile fixes - profile fixes: file, strings, claws-mail, - new profiles: QMediathekView, aria2c, Authenticator, checkbashisms - new profiles: devilspie, devilspie2, easystroke, github-desktop, min - new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat - new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep - new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat - new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore - new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh - new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie - new profiles: masterpdfeditor glu8716 (https://github.com/glu8716) - nicotine: support Fcitx and dconf via dbus-user filter gm10 (https://github.com/gm10) - get_user() do not use the unreliable getlogin() GovanifY (https://github.com/GovanifY) - Blacklisting openrc paths by defaults graywolf (https://github.com/graywolf) - spelling fix greigdp (https://github.com/greigdp) - Gajim IM client profile - fixed spotify profile - added Slack profile - add Spotify profile grizzlyuser (https://github.com/grizzlyuser) - added support for youtube-dl in smplayer profile GSI (https://github.com/GSI) - added Uzbl browser profile haarp (https://github.com/haarp) - Allow sound for hexchat - discord-common.profile: harden & allow notifications hamzadis (https://github.com/hamzadis) - added --overlay-named=name and --overlay-path=path Hans-Christoph Steiner (https://github.com/eighthave) - added xournal profile Harald Kubota (https://github.com/haraldkubota) - zsh completion Harry Seiler (https://github.com/Xunil73) - allow netlink in pigdin hawkey116477 (https://github.com/hawkeye116477) - added Waterfox profile - updated Cyberfox profile - updated Waterfox profile Helmut Grohne (https://github.com/helmutg) - compiler support in the build system - Debian bug #869707 hhzek0014 (https://github.com/hhzek0014) - updated bibletime.profile hknaack (https://github.com/hknaack) - Kate profile fixes - seamonkey.profile: support enigmail/gpg - Avidemux tools support hlein (https://github.com/hlein) - strip out \r's from jail prober - make env/arg sanity check failure messages more useful - relocate firecfg.config to /etc/firejail/ - fix display profile for Gentoo distribution Holger Heinz (https://github.com/hheinz) - manpage work Hotty Capy (https://github.com/hotcapy) - softmaker-common.profile: add fstab to private-etc Haowei Yu (https://github.com/sfc-gh-hyu) - add configure options when building rpm Icaro Perseo (https://github.com/icaroperseo) - Icecat profile - several profile fixes Ilya Pankratov (https://github.com/i-pankrat) - profstats fix - fix various memory resource leaks Igor Bukanov (https://github.com/ibukanov) - found/fiixed privilege escalation in --hosts-file option iiotx (https://github.com/iiotx) - use generic.profile by default Impyy (https://github.com/Impyy) - added mumble profile intika (https://github.com/intika) - added musixmatch profile irandms (https://github.com/irandms) - man firecfg fixes irregulator (https://github.com/irregulator) - thunderbird profile fixes for debian stretch Irvine (https://github.com/Irvinehimself) - added conky profile - added ping, bsdtar, makepkg (Arch), archaudit-report, cower (Arch) profiles Ivan (https://github.com/ordinary-dev) - fix telegram profile Ivan Kozik (https://github.com/ivan) - speed up sandbox exit Jaykishan Mutkawoa (https://github.com/jmutkawoa) - cpio profile James Elford (https://github.com/jelford) - pass password manager support - removed shell none from ssh-agent configuration, fixing the infinite loop - added gcloud profile - blacklist sensitive cloud provider files in disable-common Jan-Niclas (https://github.com/0x6a61) - moved rules from firefox-common.profile to firefox.profile - blacklist /*firefox* except for firefox itself - fix Firefox 'Profile not found' - whitelist /run/user/xxx/firefox Jan Sonntag (https://github.com/jmetrius) - added OpenStego profile - allow common access to EGL External platform configuration directory Jean Lucas (https://github.com/flacks) - fix Discord profile - add AnyDesk profile - add WebStorm profile - add XMind profile - add Whalebird profile - add zulip profile - add nvm to list of disabled interpreters - fixes for tor-browser-* profiles - alias for riot-desktop - add gnome-mpv profile - fix wire profile - fix itch profile - add Beaker profile - fixes for gnome-music - allow reading of system-wide Flatpak locale in gajim profile Jean-Philippe Eisenbarth (https://github.com/jpeisenbarth) - fixed spotify.profile Jeff Squyres (https://github.com/jsquyres) - various manpage fixes - cmdline.c: optionally quote the resulting command line Jericho (https://github.com/attritionorg) - spelling Jesse Smith (https://github.com/slicer69) - added QupZilla profile jgriffiths (https://github.com/jgriffiths) - make rpm packages support jlimor-kl (https://github.com/jlimor-kl) - bugfix: fix potential deadlock with flock + SIGTSTP (#6750) - feature: use non-blocking flock calls (#6761) Joan Figueras (https://github.com/figue) - added abrowser profile - added Google-Play-Music-Desktop-Player - added cyberfox profile John Mullee (https://github.com/jmullee) - fix empty-string assignment in whitelisting code Jonas Heinrich (https://github.com/onny) - added signal-desktop profile - fixed franz profile - remove /etc/hosts is_link check for NixOS - whitelist for NixOS to resolve binary paths in user environment - NixOS fix OpenGL app support Jose Riha (https://github.com/jose1711) - added meteo-qt profile - created qgis, links, xlinks profiles - extended profile.template with comments - some typo and comment fixes in profile.template - Make it possible for cheese app to save pictures too - Add davfs2 secrets file to blacklist - Add profile for udiskie - fix udiskie.profile - improve hints for allowing browser access to Gnome extensions connector - fix warshow, jumpnbump, tremulous, blobwars profile fixes - drop noinput for games with gampad/joystick support - goldendict profile fix - whitelist /usr/share/nextcloud to allow access to translation files - fix clipgrab profile - fix Hugin profile jrabe (https://github.com/jrabe) - disallow access to kdbx files - Epiphany profile - Polari profile - qTox profile - X11 fixes jtrv (https://github.com/jtrv) - tidal-hifi profile juan (https://github.com/nyancat18) - fixed Kdenlive, Shotcut profiles - new profiles for Cinelerra, Cliqz, Bluefish - profile hardening k4leg (https://github.com/k4leg) - fix PyCharm profiles Kaan Genç (https://github.com/SeriousBug) - dynamic allocation of noblacklist buffer Karoshi42 (https://github.com/karoshi42) - update dino-im.profile KellerFuchs (https://github.com/KellerFuchs) - nonewpriv support, extended profiles for this feature - make `restricted-network` prevent use of netfilter - disable-common.inc additions - make mutt and msmtp's rc files read-only - added support for .local profile files in /etc/firejail - fixed Cryptocat profile - make ~/.local read-only Kelvin (https://github.com/kmk3) - disable ldns utilities, dnssec-*, khost, unbound-host - sort DNS / RUNUSER paths - improve bug_report.md - fix keypassxc - blacklist oksh shell in disable-shell.inc Kishore96in (https://github.com/Kishore96in) - added falkon profile - kxmlgui fixes - okular profile fixes - jitsi-meet-desktop profile - konversatin profile fix - added Neochat profile - added whitelist-1793-workaround.inc - profiles: allow org.kde.kwalletd6 for Plasma 6 systems (#6819) KOLANICH (https://github.com/KOLANICH) - added symlink fixer fix_private-bin.py in contrib section - update fix_private-bin.py - fix meld - temporary fix to the bug caused by apparmor profiles stacking Konstantin (https://github.com/konstantin1722) - obsidian profile kortewegdevries (https://github.com/kortewegdevries) - a whole bunch of new profiles and fixes - whitelisting evolution, kmail Kristóf Marussy (https://github.com/kris7t) - dns support kuesji koesnu (https://github.com/kuesji) - unit suffixes for rlimit-fsize and rlimit-as - util.c and firejail.h fixes - better parser for size strings Kunal Mehta (https://github.com/legoktm) - converted all links to https in manpages kzsa (https://github.com/kzsa) - wusc: add /usr/share/locale-langpack (LC_MESSAGES) laniakea64 (https://github.com/laniakea64) - added fj-mkdeb.py script to build deb packages Lari Rauno (https://github.com/tuutti) - qutebrowser profile fixes Laurent Declercq (https://github.com/nuxwin) - fixed test for shell interpreter in chroots LaurentGH (https://github.com/LaurentGH) - allow private-bin parameters to be absolute paths layderv (https://github.com/layderv) - prevent sandbox name from containing only digits - clean escape control characters from the command line - check hostname syntax lecso7 (https://github.com/lecso7) - added goldendict profile - allow evince to read .cbz file format leukimi (https://github.com/leukimi) - 0ad.profile: fix libmozjs error on OpenSUSE Tumbleweed lhywk (https://github.com/lhywk) - bugfix: add NULL check for cmdline in find_child() (#6840) Loïc Damien (https://github.com/dzamlo) - small fixes Liorst4 (https://github.com/Liorst4) - Preserve CFLAGS given to configure in common.mk.in - fix emacs config to load as read-write - disable browser drm by default - minetest fixes Lockdis (https://github.com/Lockdis) - Added crow, nyx, and google-earth-pro profiles luca0N (https://github.com/luca0N) - fixed crawl profile Lucas (https://github.com/lucasmz-dev) - disable-common: add bubblejail paths - added b3smum (blake3) profile - firecfg: fix sha384sum & add b2sum/cksum - device-flasher.linux profile Lukáš Krejčí (https://github.com/lskrejci) - fixed parsing of --keep-var-tmp luzpaz (https://github.com/luzpaz) - code spelling fixes lxeiqr (https://github.com/lxeiqr) - fix sndio support Mace Muilman (https://github.com/mace015) - google-chrome{,beta,unstable} flags maces (https://github.com/maces) - Franz messenger profile Madura A (https://github.com/manushanga) - floader mahdi1234 (https://github.com/mahdi1234) - cherrytree profile - Seamonkey profiles mammo0 (https://github.com/mammo0) - remove 'text/plain' from firejail-profile.lang.in Manuel Dipolt (https://github.com/xeniter) - stack alignment for the ARM Architecture Marek Küthe (https://github.com/marek22k) - allow loading plugins in gajim - allow bsfilter in email-common.profile - email-common.profile: allow clamav plugin for claws-mail - VSCodium: Fix developing Arduino Martin Carpenter (https://github.com/mcarpenter) - security audit and bug fixes - Centos 6.x support Martin Dosch (spam-debian@mdosch.de) - support for gnome-shell integration addon in Firefox (Bug-Debian: https://bugs.debian.org/872720) Martin Sandsmark (https://github.com/sandsmark) - songrec profile Martynas Janonis (https://github.com/mjanonis) - update wrc for Arch Linux Matt Parnell (https://github.com/ilikenwf) - whitelisting for core firefox related functionality Mattias Wadman (https://github.com/wader) - seccomp errno filter support Matthew Gyurgyik (https://github.com/pyther) - rpm spec and several fixes Matthew Cline (https://github.com/matthew-cline) - steam profile and dropbox profile fixes matthew-sharp (https://github.com/matthew-sharp) - profiles: discord-common: add env to private-bin (#6738) matu3ba (https://github.com/matu3ba) - evince hardening, dbus removed - fix dia profile - several template fixes maxice8 (https://github.com/maxice8) - fixed missing header Melvin Vermeeren (https://github.com/melvinvermeeren) - added teamspeak3 profile - added --noautopulse command line option Michael Haas (https://github.com/mhaas) - bugfixes Michael Hoffmann (https://github.com/brisad) - added support for subdirs in private-etc Michele Sorcinelli (https://github.com/michelesr) - fix ssh profile Mike Frysinger (vapier@gentoo.org) - Gentoo compile patch Mikhail (https://github.com/grey3228) - bugfix: firemon: avoid cmd double-free in procevent_monitor (#6846) minus7 (https://github.com/minus7) - fix hanging arp_check mirabellette (https://github.com/mirabellette) - add comment to thunderbird.profile to allow Firefox to load profiles mjudtmann (https://github.com/mjudtmann) - lock firejail configuration in disable-mgmt.inc Mohammed Anas (https://github.com/mhmdanas) - fix dbus notifications - fix libEGL warning for abiword m00nwtchr (https://github.com/m00nwtchr) - Whitelist electron-flags.conf for all versions of electron - electron profile updates - Fix glob pattern and update other profiles/includes (electron profile) mustaqimM (https://github.com/mustaqimM) - added profile for Nylas Mail n1trux (https://github.com/n1trux) - fix flashpeak-slimjet profile typos nblock (https://github.com/nblock) - cmus: allow access to resolv.conf neirenoir (https://github.com/neirenoir) and noir - fixed Blender profile being unable to import numpy Neo00001 (https://github.com/Neo00001) - add vmware profile - update virtualbox profile - update telegram profile - add spectacle profile - add kdiff3 profile Neotamandua (https://github.com/Neotamandua) - add Discord PTB profile netcarver (https://github.com/netcarver) - prevent access to LUKS keyfile NetSysFire (https://github.com/NetSysFire) - update weechat profile - update megaglest profile - added parsecd profile - fix minecraft-launcher.profile - singularity profile - godot profile fixes - profiles: godot: remove noinput so gamepads work (#6707) Nick Fox (https://github.com/njfox) - add a profile alias for code-oss - add code-oss config directory - fix wire-desktop.profile on arch NickMolloy (https://github.com/NickMolloy) - ARP address length fix Nico (https://github.com/dr460nf1r3) - added FireDragon profile Nicola Davide Mannarelli (https://github.com/nidamanx) - fix "Could not create AF_NETLINK socket" - added nextcloud profiles - Firefox, KeepassXC, Telegram fixes Niklas Haas (https://github.com/haasn) - blacklisting for keybase.io's client Niklas Goerke (https://github.com/Niklas974) - update QOwnNotes profile Nikos Chantziaras (https://github.com/realnc) - fix audio support for Discord nolanl (https://github.com/nolanl) - added localtime to signal-desktop's profile northboot (https://github.com/northboot) - remmina-file-wrapper profile - ouch profile - keep plugdev group unless nou2f is used - xarchiver profile nutta-git (https://github.com/nutta-git) - steam.profile: allow process_vm_readv syscall - lutris.profile: allow more syscalls - steam.profile: update novideo comment for webcam motion trackers - more lutris.profile problems nyancat18 (https://github.com/nyancat18) - added ardour4, dooble, karbon, krita profiles nya1 (https://github.com/nya1) - remove apparmor options in --help when building without apparmor support Ondra Nekola (https://github.com/satai) - allow firefox theming with non-global themes OndrejMalek (https://github.com/OndrejMalek) - various manpage fixes Ondřej Nový (https://github.com/onovy) - allow video for Signal profile - added Mattermost desktop profile - hardened Zoom profile - hardened Signal desktop profile Lorenzo "Palinuro" Faletra (https://github.com/PalinuroSec) - prevent thunderbird conflicts when firefox is running - add join-or-start to pluma to open multiple files in tabs - fixes to keepassxc, thunderbird and pluma Panzerfather (https://github.com/Panzerfather) - allow eog to access user's trash Patrick Schleizer (https://github.com/adrelanos) - fix tb-starter-wrapper profile Patrick Toomey (https://sourceforge.net/u/ptoomey/profile/) - user namespace implementation Paul Moore -src/fsec-print/print.c extracted from libseccomp software package Paupiah Yash (https://github.com/CaffeinatedStud) - gzip profile Pawel (https://github.com/grimskies) - make --join return exit code of the invoked program Pedro Riberio (https://github.com/pedrib) - fix typo in pycharm-professional include Peter Millerchip (https://github.com/pmillerchip) - memory allocation fix - --private.keep to --private-home transition - support for files and directories starting with ~ in blacklist option - support for files and directories with spaces in blacklist option - lots of other fixes - implement the --allow-private-blacklist option Peter Hogg (https://github.com/pigmonkey) - WeeChat profile - rtorrent profile - bitlbee profile fixes - mutt profile fixes - fixes for youtube-dl in mpv profile Peter Sanford (https://github.com/psanford) - fix QtWebEngine in zoom Petter Reinholdtsen (pere@hungry.com) - Opera profile patch Peter Zmanovsky (https://github.com/peter15914) - fix memory leak in fs_home.c petRUShka (https://github.com/petRUShka) - profiles: firefox: add alternative tridactylrc path (#6721) PharmaceuticalCobweb (https://github.com/PharmaceuticalCobweb) - fix quiterss profile - added profile for gnome-ring pholodniak (https://github.com/pholodniak) - profstats fixes pianoslum (https://github.com/pianoslum) - nodbus breaking evince two-page-view warning pirate486743186 (https://github.com/pirate486743186) - KMail profile - mpsyt profile - fix youtube-dl and mpv - fix gnome-mpv profile - fix gunzip profile - reorganizing youtube-viewers - fix pluma profile - whitelist /var/lib/aspell - mcomix fixes - fixing engrampa profile - adding qcomicbook and pipe-viewer in disable-programs - newsboat/newsbeuter profiles - fix atril profile - reorganizing links browsers - added rtv, alpine, mcomix, qcomicbook, googler, ddgr profiles - w3m, zahura, profile.template fixes Pixel Fairy (https://github.com/xahare) - added fjclip.py, fjdisplay.py and fjresize.py in contrib section PizzaDude (https://github.com/pizzadude) - add mpv support to smplayer - added profile for torbrowser-launcher - added profile for sayonara and qmmp - remove tracelog from Firefox profile - fix welcome.sh polyzen (https://github.com/polyzen) - fixed wusc issue with mpv/Vulkan powerjungle (https://github.com/powerjungle) - fixed multimc - build: add --disable-sandbox-check configure flag - build: call autoreconf to match new autoconf version - update distribution table & add note in SECURITY.md - (SECURITY.md): add message below table regarding distribution versions - (SECURITY.md): add two more distributions with LTS support for firejail - (SECURITY.md): update latest firejail version for still supported distros - (SECURITY.md): remove distributions which have reached end-of-life - docs: improve whitelist and blacklist descriptions in man pages - bugfix: do not interact with dbus directory if dbus proxy is disabled probonopd (https://github.com/probonopd) - automatic build on Travis CI pshpsh (https://github.com/pshpsh) - added FossaMail profile pstn (https://github.com/pstn) - added install-strip, make install without strip pszxzsd (https://github.com/pszxzsd) -uGet profile pwnage-pineapple (https://github.com/pwnage-pineapple) - update Okular profile qdii (https://github.com/qdii) - added notpm command & keep tpm devices in private-dev - keepassxc: add new socket location Quentin Retornaz (https://github.com/qretornaz-adapei42) - microsoft-edge profiles fixes Quentin Minster (https://github.com/laomaiweng) - propagate --quiet to children Firejail'ed processes - nodbus enhancements/bugfixes - added vim syntax and ftdetect files - Allow exec from /usr/libexec & co. with AppArmor ra1nb0w (https://github.com/ra1nb0w) - fix vmware profile Rafael Cavalcanti (https://github.com/rccavalcanti) - chromium profile fixes for Arch Linux Rahiel Kasim (https://github.com/rahiel) - Mathematica profile - whitelisted Dropbox profile - whitelisted keysnail config for firefox - added telegram-desktop profile Rahul Golam (https://github.com/technoLord) - strings profile RandomVoid (https://github.com/RandomVoid) - fix building C# projects in Godot - fix Lutris profile - fix running games with enabled Feral GameMode in Lutris Raphaël Droz (https://github.com/drzraf) - zoom profile fixes realaltffour (https://github.com/realaltffour) - add lynx support to newsboat profile Reed Riley (https://github.com/reedriley) - cointop profile - 1password profile - blacklist rclone, 1Password, Ledger Live and cointop - allow Signal to open links in Firefox Reiner Herrmann (https://github.com/reinerh) - a number of build patches - man page fixes - Debian and Ubuntu integration - clang-analyzer fixes - Debian reproducible build - unit testing framework - moved build to .xz - detached signatures for source archive - recursive mkdir Remco Verhoef (https://github.com/nl5887) - add overlay configuration to profiles - prevent running shells recursively Renkoto (https://github.com/Renkoto) - floorp profile fixes - profiles: firefox: add comment about creating PWA shortcuts (#6689) RD PROJEKT (https://github.com/RDProjekt) - noblacklist support for /sys/module directory - whitelist support for /sys/module directory - support AMD GPU by OpenCL in Blender rogshdo (https://github.com/rogshdo) - BitlBee profile rootalc (https://github.com/rootalc) - add nolocal6.net filter Ruan (https://github.com/ruany) - fixed hexchat profile RundownRhino (https://github.com/RundownRhino) - firefox profile fix rusty-snake (https://github.com/rusty-snake) - added profiles: thunderbird-wayland, supertuxkart, ghostwriter - added profiles: klavaro, mypaint, mypaint-ora-thumbnailer, nano - added profiles: gajim-history-manager, freemind, nomacs, kid3 - added profiles: kid3-qt, kid3-cli, anki, utox, mp3splt, mp3wrap - added profiles: oggsplt, flacsplt, cheese, inkview, mp3splt-gtk - added profiles: ktouch, yelp, klatexformula, klatexformula_cmdl - added profiles: pandoc, gnome-sound-recorder, godot, newsbeuter - added profiles: keepassxc-cli, keepassxc-proxy, rhythmbox-client - added profiles: zeal, gnome-characters, gnome-character-map - many profile fixing and hardening - some typo fixes - added profile templates - added sort.py to contrib Sadoon Al-Bader (https://github.com/Sadoon-AlBader) - fix misc in kmail and transmission-qt & add kontact.profile sak96 (https://github.com/sak96) - discord profile fixes - Fix Firefox 'Profile not found' for psd (v6.45) Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) - fixed ktorrent profile sarneaud (https://github.com/sarneaud) - rewrite globbing code to fix various minor issues - added noblacklist command for profile files - various enhancements and bug fixes Sebastian Hafner (https://github.com/DropNib) - profile support for allow-debuggers Senemu (https://github.com/Senemu) - protection for .pythonrc.py - fixed evince Seonwoo Lee (https://github.com/seonwoolee) - fix teams ignoring input sources e.g. microphones Sergey Alirzaev (https://github.com/l29ah) - firejail.h enum fix - firefox-common-addons.inc: + tridactyl Serphentas (https://github.com/Serphentas) - add Paradox Launcher to Steam profile Slava Monich (https://github.com/monich) - added configure option to disable man pages Simon Peter (https://github.com/probonopd) - set $APPIMAGE and $APPDIR environment variables - AppImage version detection - Leafppad type v1 and v2 appimage packages in test/appimage - GitHub/Travis CI integration Simo Piiroinen (https://github.com/spiiroin) - Jolla/SailfishOS patches - fix startup race condition for /run/firejail directory sinkuu (https://github.com/sinkuu) - blacklisting kwalletd - fix symlink invocation for programs placing symlinks in $PATH slowpeek (https://github.com/slowpeek) - refine appimage example in docs - allow resolution of .local names with avahi-daemon in the apparmor profile - allow access to avahi-daemon in apparmor/firejail-default - make appimage examples consistent with --appimage option short description - blacklist google-drive-ocamlfuse config - blacklist sendgmail config Shahriar Heidrich (https://github.com/smheidrich) - fix manpages - fix i3 profile and disable-programs.profile smitsohu (https://github.com/smitsohu) - read-only kde4 services directory - enhanced mediathekview profile - added tuxguitar profile - removed nodvd from k3b profile - lots of profile hardening and fixes - added MuseScore profile - fixed device discovery for simple-scan - add novideo support in many profiles - improve server profiles, harden musescore - snap profile cleanup - tighten some capability sets further - enhance mutt, goobox, baloo and clementine profiles soredake (https://github.com/soredake) - fix steam startup with >=llvm-4 - fix handling of STEAM_RUNTIME_PREFER_HOST_LIBRARIES in steam profile - fix keepassxc.profile - fix qtox.profile - add localtime to private-etc to make qtox show correct time - fixes for the keepassxc 2.2.5 version SkewedZeppelin (https://github.com/SkewedZeppelin) - added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5 profiles - added PDFSam, Pithos, and Xonotic profiles - disabled Go, Rust, and OpenSSL in disable-devel.conf - added dino profile - added Kodi profile - lots of profile tightening - added viking, youtube-dl, meld profiles - added Arduino profile - lots of profile hardening and fixing - firecfg enhancements - fixed vlc profile - fixed wget profile - fixed firecfg.config file - added novideo and disable-mnt support in all profile files - added Peek and silent profiles - added IntelliJ IDEA and Android Studio profiles - added arm profile - lots of profile improvements/tightening - added apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, sdat2img, soundconverter, sqlitebrowser, and truecraft profiles - added gnome-twitch profile - Unified all 341 profiles - profile tightening with private-bin - fix notv and nodvd placement - added novideo and noexec /tmp to Tor browser profile - fixed Gnome 2048 on wayland - added Neverball profile - hardern /var - profile standard layout - Spotify and itch.io profile fixes Spacewalker2 (https://github.com/Spacewalker2) - fix MediathekView profile sshirokov (https://sourceforge.net/u/yshirokov/profile/) - Patch to output "Reading profile" to stderr instead of stdout SYN-cook (https://github.com/SYN-cook) - keepass/keepassx browser fixes - disable-common.inc fixes - blacklist GNOME keyring and Konqueror - fixed Keepass(x) profiles - Engrampa profile - Scribus profile - autostart blacklist for KDE - blacklist startup scripts - various profile updates - blacklist lots of KDE files - blacklist nautilus and nemo in ~/.local/share/ - added mediathekview profile - blacklist attic and borg - cleaned up Okular and Gwenview profiles - added baloo_file profile - k3b profile update - noexec changes - gnome-calculator changes startx2017 (https://github.com/startx2017) - syscall list update - updated default seccomp filters - added bpf, clock_settime, personality, process_vm_writev, query_module, settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old - enable/disable join support in /etc/firejail/firejail.config - firecfg fix: create ~/.local/share/applications directory if it doesn't exist - firejail.config cleanup - --quiet fixes - bugfixes branches maintainer - firemon --top speed-up - Blender and 2048-qt profiles - handbrake profile - mplayer and smplayer profiles - kwrite and geary profiles StelFux (https://github.com/StelFux) - Fix youtube video in totem sudoAlphaX (https://github.com/sudoAlphaX) - vesktop profile - profiles: chafa: quiet output (#6777) - profiles: ani-cli: add mpv to private-etc for plugins access (#6779) Syed Muhammad Shuja Haider (https://github.com/xplanthris) - prismlauncher profile the-antz (https://github.com/the-antz) - Fix libx265 encoding in ffmpeg profile - Fix Firefox profile - Profile tweaks TheOneric (https://github.com/TheOneric) - Fix newest Steam client and Proton ≥ 5.13 - Fix black window in Steam client thewisenerd (https://github.com/thewisenerd) - allow multiple private-home commands - use $SHELL variable if the shell is not specified - appimage: pass commandline arguments Thijs Raymakers (https://github.com/ThijsRay) - keepassxc: Allow offering the Secret Service Thomas Jarosch (https://github.com/thomasjfox) - disable keepassx in disable-passwdmgr.inc - added uudeview profile - added tar (gtar), unzip and unrar profile - added file profile - improved profile list - fixed small variable glitch in stat64() / lstat64() (libtracelog) - added lstat() / lstat64() support to libtrace - include mkuid.sh in make dist - cppcheck bugfixes Timo Hardebusch (https://github.com/tihadot) - add signal-cli profile - KeePassXC: added a warning regarding tray icon tinmanx (https://github.com/tinmanx) - remove network access from cherrytree.profile Tom Mellor (https://github.com/kalegrill) - mupen64plus profile Tomasz Jan Góralczyk (https://github.com/tjg) - fixed Steam profile Tomi Leppänen (https://github.com/Tomin1) - Jolla/SailfishOS patches Tobias Schmidl (https://github.com/schtobia) - added profile for webui-aria2 Topi Miettinen (https://github.com/topimiettinen) - improved seccomp printing - improve mount handling, fix /run/user handling - /proc/sys can be nosuid,noexec,nodev - seccomp default list update - improve loading of seccomp filter and memory-deny-write-execute feature - private-lib feature - make --nodbus block also system D-Bus socket Ted Robertson (https://github.com/tredondo) - webstorm profile fixes - added bcompare profile - various documentation fixes - blacklist Exodus wallet - blacklist monero-project directory - several README file fixes - use GitHub issues as the bug reporting address - fix documentation for selinux tools200ms (https://github.com/tools200ms) - fixed allow-ssh.inc Tus1688 (https://github.com/Tus1688) - added neovim profile user1024 (user1024@tut.by) - electron profile whitelisting - fixed Rocket.Chat profile - nheko profile valoq (https://github.com/valoq) - lots of profile fixes - added support for /srv in --whitelist feature - Eye of GNOME, Evolution, display (imagemagik) and Wire profiles - blacklist suid binaries in disable-common.inc - fix man pages - added keypass2, qemu profiles - added amarok, ark, atool, bleachbit, brasero, dolphin, dragon, elinks, enchant, exiftool profiles - added file-roller, gedit, gjs,gnome-books, gnome-documents, gnome-maps, gnome-music profiles - added gnome-photos, gnome-weather, goobox, gpa, gpg, gpg-agent, highlight profiles - added img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, simple-scan profiles - added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles - added wget profile - disable gnupg and systemd directories under /run/user - added iridium browser profile Vadim A. Misbakh-Soloviov (https://github.com/msva) - profile fixes ValdikSS (https://github.com/ValdikSS) - Psi+, Corebird, Konversation profiles - various profile fixes Varun Sharma (https://github.com/varunsh-coder) - update allowed endpoints - build(deps): bump step-security/harden-runner from 2.5.0 to 2.5.1 Vasya Novikov (https://github.com/vn971) - Wesnoth profile - Hedegewars profile - manpage fixes - fixed firecfg clean/clear issue - found the ugliest bug so far - seccomp debug description in man page - seccomp syscall list update for glibc 2.26-10 Veeti Paananen (https://github.com/veeti) - fixed Spotify profile veloute (https://github.com/veloute) - added standardnotes profile - added flameshot profile - added jdownloader profile - fixed discord profile - fixes for various profiles - removed vim and ranger from firecfg - fixing keepassxc auto-type, noexec /tmp - fix ipc-namespace prblem in file-roller - fix exiftool, viewnior, aria2c, ffmpegthumbnailer - fix pavucontrol (ipcnamespace) - fix gnuchess - add anki profile Vincent43 (https://github.com/Vincent43) - apparmor enhancements Vincent Blillault (https://github.com/Feandil) - fix mumble profile Vincent Lefèvre (https://github.com/vinc17fr) - blacklist rxvt after the blacklist of Perl - Noblacklist rxvt in allow-perl.inc vismir2 (https://github.com/vismir2) - feh, ranger, 7z, keepass, keepassx and zathura profiles - claws-mail, mutt, git, emacs, vim profiles - lots of profile fixes - support for truecrypt and zuluCrypt viq (https://github.com/viq) - discord-canary profile Vladimir Gorelov (https://github.com/larkvirtual) - added Yandex browser profile Vladimir Schowalter (https://github.com/VladimirSchowalter20) - apparmor profile enhancements - various KDE profile enhancements - read-only kde5 services directory Vladislav Nepogodin (https://github.com/vnepogodin) - added Librewolf profiles - added Sway profile - fix CLion profile - fixes for disable-programs.inc - CachyBrowser profile weebnix (https://github.com/weebnix) - block /dev/ntsync & add keep-dev-ntsync command Hugo Osvaldo Barrera (https://github.com/WhyNotHugo) - Skype profile tweaks - whitelist-ro command xee5ch (https://github.com/xee5ch) - skypeforlinux profile York Zhao (https://github.com/YorkZ) - tor browser profile fix - allow telegram to open hyperlinks Ypnose (https://github.com/Ypnose) - disable-shell.inc: add mksh shell ydididodat (https://github.com/ydididodat) - bleachbit.profile: allow erasing Trash contents yumkam (https://github.com/yumkam) - add compile-time option to restrict --net= to root only - man page fixes Yves-Alexis Perez (https://github.com/corsac-s) - signal-desktop profile fix - signal: add access to D-Bus freedesktop.org secret API Zack Weinberg (https://github.com/zackw) - added support for joining a persistent, named network namespace - removed libconnect - fixed memory corruption in noblacklist processing - rework DISPLAY environment parsing - rework masking X11 sockets in /tmp/.X11-unix directory - rework xpra and xephyr detection - rework abstract X11 socket detection - rework X11 display number assignment - rework X11 xorg processing - rework fcopy, --follow-link support in fcopy - follow link support in --private-bin - wait_for_other function rewrite - Xvfb X11 server support - Xvfb and Xephyr profiles, modified Xpra profile - support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes when started with firejail --x11 - support for xpra-extra-params in firejail.config zupatisc (https://github.com/zupatisc) - patch-util fix Copyright (C) 2014-2025 Firejail Authors