diff options
| author |  Tad <tad@spotco.us> | 2018-07-31 00:48:37 -0400 |
|---|---|---|
| committer | Tad <tad@spotco.us> | 2018-07-31 00:54:55 -0400 |
| commit | 3c2a7e4c91aa030218b5ad7fa6291d16f1d51b53 (patch) | |
| tree | cdc43b9a5e257b19ff0839a83df84db90fa5d9fd | |
| parent | Add XDG variable support to blacklist and read-only. (diff) | |
| download | firejail-3c2a7e4c91aa030218b5ad7fa6291d16f1d51b53.tar.gz firejail-3c2a7e4c91aa030218b5ad7fa6291d16f1d51b53.tar.zst firejail-3c2a7e4c91aa030218b5ad7fa6291d16f1d51b53.zip | |
Sound fixes
- Adds machine-id to all profiles with 'private-etc *pulse*'
- This fixes sound under many profiles
- This is related to #2037, except this adds etc machine-id not spoofed machine-id
- Spoofed machine-id seems to break pulseaudio on some systems
- We already do this in profiles like firefox-common (see the note in it)
- pulseaudio's enable-shm set to yes or no doesn't fix this issue on systems where it occurs
- We can revert this in the future if we find a fix
- Command used:
grep -e music -e videos -e audio -e pulse -e asound -il $(grep "machine-id" -iL $(grep "private-etc" . -Rl))
| -rw-r--r-- | etc/Viber.profile | 2 | ||||
| -rw-r--r-- | etc/amarok.profile | 2 | ||||
| -rw-r--r-- | etc/ardour5.profile | 2 | ||||
| -rw-r--r-- | etc/cmus.profile | 2 | ||||
| -rw-r--r-- | etc/gnome-music.profile | 2 | ||||
| -rw-r--r-- | etc/goobox.profile | 2 | ||||
| -rw-r--r-- | etc/minetest.profile | 2 | ||||
| -rw-r--r-- | etc/musixmatch.profile | 2 | ||||
| -rw-r--r-- | etc/parole.profile | 2 | ||||
| -rw-r--r-- | etc/ppsspp.profile | 2 | ||||
| -rw-r--r-- | etc/qupzilla.profile | 2 | ||||
| -rw-r--r-- | etc/seamonkey.profile | 2 | ||||
| -rw-r--r-- | etc/slack.profile | 2 | ||||
| -rw-r--r-- | etc/totem.profile | 2 | ||||
| -rw-r--r-- | etc/xonotic.profile | 2 | ||||
| -rw-r--r-- | etc/xplayer.profile | 2 |
16 files changed, 16 insertions, 16 deletions
diff --git a/etc/Viber.profile b/etc/Viber.profile index 6a58da8c9..cb9d01e03 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile | |||
| @@ -32,7 +32,7 @@ shell none | |||
| 32 | 32 | ||
| 33 | disable-mnt | 33 | disable-mnt |
| 34 | private-bin sh,bash,dig,awk,Viber | 34 | private-bin sh,bash,dig,awk,Viber |
| 35 | private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies | 35 | private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies,machine-id,asound.conf |
| 36 | private-tmp | 36 | private-tmp |
| 37 | 37 | ||
| 38 | noexec ${HOME} | 38 | noexec ${HOME} |
diff --git a/etc/amarok.profile b/etc/amarok.profile index aff78e210..dab23c218 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile | |||
| @@ -29,5 +29,5 @@ shell none | |||
| 29 | 29 | ||
| 30 | # private-bin amarok | 30 | # private-bin amarok |
| 31 | private-dev | 31 | private-dev |
| 32 | # private-etc none | 32 | # private-etc none,machine-id,pulse,asound.conf |
| 33 | private-tmp | 33 | private-tmp |
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index aaac62bc8..99649cc3f 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
| @@ -35,7 +35,7 @@ shell none | |||
| 35 | #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm | 35 | #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm |
| 36 | private-cache | 36 | private-cache |
| 37 | private-dev | 37 | private-dev |
| 38 | #private-etc pulse,X11,alternatives,ardour4,ardour5,fonts | 38 | #private-etc pulse,X11,alternatives,ardour4,ardour5,fonts,machine-id,asound.conf |
| 39 | private-tmp | 39 | private-tmp |
| 40 | 40 | ||
| 41 | noexec ${HOME} | 41 | noexec ${HOME} |
diff --git a/etc/cmus.profile b/etc/cmus.profile index 3331bde22..36478ef85 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
| @@ -26,4 +26,4 @@ seccomp | |||
| 26 | shell none | 26 | shell none |
| 27 | 27 | ||
| 28 | private-bin cmus | 28 | private-bin cmus |
| 29 | private-etc group | 29 | private-etc group,machine-id,pulse,asound.conf |
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index 90fb9814f..15710b363 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile | |||
| @@ -38,7 +38,7 @@ tracelog | |||
| 38 | 38 | ||
| 39 | private-bin gnome-music,python* | 39 | private-bin gnome-music,python* |
| 40 | private-dev | 40 | private-dev |
| 41 | # private-etc fonts | 41 | # private-etc fonts,machine-id,pulse,asound.conf |
| 42 | private-tmp | 42 | private-tmp |
| 43 | 43 | ||
| 44 | noexec ${HOME} | 44 | noexec ${HOME} |
diff --git a/etc/goobox.profile b/etc/goobox.profile index 5e5aad95b..680e14a49 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
| @@ -29,5 +29,5 @@ tracelog | |||
| 29 | 29 | ||
| 30 | # private-bin goobox | 30 | # private-bin goobox |
| 31 | private-dev | 31 | private-dev |
| 32 | # private-etc fonts | 32 | # private-etc fonts,machine-id,pulse,asound.conf |
| 33 | # private-tmp | 33 | # private-tmp |
diff --git a/etc/minetest.profile b/etc/minetest.profile index cdbf21935..6497fa9ba 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile | |||
| @@ -34,7 +34,7 @@ disable-mnt | |||
| 34 | private-bin minetest | 34 | private-bin minetest |
| 35 | private-dev | 35 | private-dev |
| 36 | # private-etc needs to be updated, see #1702 | 36 | # private-etc needs to be updated, see #1702 |
| 37 | #private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies | 37 | #private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id |
| 38 | private-tmp | 38 | private-tmp |
| 39 | 39 | ||
| 40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index bc8965431..b572f13d2 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile | |||
| @@ -30,7 +30,7 @@ seccomp | |||
| 30 | 30 | ||
| 31 | disable-mnt | 31 | disable-mnt |
| 32 | private-dev | 32 | private-dev |
| 33 | private-etc none | 33 | private-etc none,machine-id,pulse,asound.conf |
| 34 | 34 | ||
| 35 | noexec ${HOME} | 35 | noexec ${HOME} |
| 36 | noexec /tmp | 36 | noexec /tmp |
diff --git a/etc/parole.profile b/etc/parole.profile index f98703bd6..17d31af15 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
| @@ -26,4 +26,4 @@ shell none | |||
| 26 | 26 | ||
| 27 | private-bin parole,dbus-launch | 27 | private-bin parole,dbus-launch |
| 28 | private-cache | 28 | private-cache |
| 29 | private-etc passwd,group,fonts | 29 | private-etc passwd,group,fonts,machine-id,pulse,asound.conf |
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index 073108464..3a40b6260 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile | |||
| @@ -36,7 +36,7 @@ shell none | |||
| 36 | 36 | ||
| 37 | # private-dev is disabled to allow controller support | 37 | # private-dev is disabled to allow controller support |
| 38 | #private-dev | 38 | #private-dev |
| 39 | private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies | 39 | private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id |
| 40 | private-opt ppsspp | 40 | private-opt ppsspp |
| 41 | private-tmp | 41 | private-tmp |
| 42 | 42 | ||
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index 947689d96..da1ca2281 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
| @@ -33,7 +33,7 @@ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@res | |||
| 33 | # tracelog | 33 | # tracelog |
| 34 | 34 | ||
| 35 | private-dev | 35 | private-dev |
| 36 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse | 36 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id |
| 37 | # private-tmp - interferes with the opening of downloaded files | 37 | # private-tmp - interferes with the opening of downloaded files |
| 38 | 38 | ||
| 39 | noexec ${HOME} | 39 | noexec ${HOME} |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 423863cc2..dc2fd8e30 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
| @@ -47,4 +47,4 @@ seccomp | |||
| 47 | tracelog | 47 | tracelog |
| 48 | 48 | ||
| 49 | disable-mnt | 49 | disable-mnt |
| 50 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 50 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse,machine-id |
diff --git a/etc/slack.profile b/etc/slack.profile index 13106255b..91bf0a722 100644 --- a/etc/slack.profile +++ b/etc/slack.profile | |||
| @@ -37,5 +37,5 @@ shell none | |||
| 37 | disable-mnt | 37 | disable-mnt |
| 38 | private-bin slack,locale | 38 | private-bin slack,locale |
| 39 | private-dev | 39 | private-dev |
| 40 | private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies | 40 | private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies,machine-id |
| 41 | private-tmp | 41 | private-tmp |
diff --git a/etc/totem.profile b/etc/totem.profile index 3ac25440b..911999665 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
| @@ -33,7 +33,7 @@ shell none | |||
| 33 | private-bin totem | 33 | private-bin totem |
| 34 | private-cache | 34 | private-cache |
| 35 | private-dev | 35 | private-dev |
| 36 | # private-etc fonts | 36 | # private-etc fonts,machine-id,pulse,asound.conf |
| 37 | private-tmp | 37 | private-tmp |
| 38 | 38 | ||
| 39 | noexec ${HOME} | 39 | noexec ${HOME} |
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 1d2493f36..30f5c735d 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
| @@ -34,7 +34,7 @@ disable-mnt | |||
| 34 | private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl | 34 | private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl |
| 35 | private-dev | 35 | private-dev |
| 36 | # private-etc breaks audio on some distros | 36 | # private-etc breaks audio on some distros |
| 37 | #private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies | 37 | #private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id |
| 38 | private-tmp | 38 | private-tmp |
| 39 | 39 | ||
| 40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 46579ead8..5873e2436 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
| @@ -39,7 +39,7 @@ tracelog | |||
| 39 | 39 | ||
| 40 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer | 40 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer |
| 41 | private-dev | 41 | private-dev |
| 42 | # private-etc fonts | 42 | # private-etc fonts,machine-id,pulse,asound.conf |
| 43 | private-tmp | 43 | private-tmp |
| 44 | 44 | ||
| 45 | noexec ${HOME} | 45 | noexec ${HOME} |