diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-11-09 20:57:33 +0100 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-11-09 20:57:33 +0100 |
commit | f3585e53933c95d3be31bb53214145d9219ff3ea (patch) | |
tree | 7d02eaa910cc0394d031cbd8d95f784d6c2e7b78 | |
parent | disable private-etc in zoom, close #3726 (diff) | |
download | firejail-f3585e53933c95d3be31bb53214145d9219ff3ea.tar.gz firejail-f3585e53933c95d3be31bb53214145d9219ff3ea.tar.zst firejail-f3585e53933c95d3be31bb53214145d9219ff3ea.zip |
fixes, closes, enhances, improvements, and so on
- .github/ISSUE_TEMPLATE/bug_report.md: get ride off spanish,
french, ... error messages
- etc/inc/firefox-common-addons.inc: support ff2mpv
- etc/profile-a-l/gimp.profile: note about xsane
- etc/profile-m-z/min.profile: prettify
- etc/profile-m-z/mpsyt.profile: fix, add lua
- etc/profile-m-z/qbittorrent.profile: add note for tray-icons; this
will get a better note once I investigated and audited all the D-Bus
tray stuff.
- etc/profile-m-z/transmission-daemon.profile: fix, add protocol packet
close #3686 - mps-youtube needs lua
close #3701 - Firefox native messaging regression in 0.9.62.4 -> 0.9.64rc1
close #3636 - transmission-daemon fills log with error
close #3640 - Gimp - add note how to enable scanning (xsane)
close #3707 - qBittorrent tray icon missing from notification panel when running it with firejail
-rw-r--r-- | .github/ISSUE_TEMPLATE/bug_report.md | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/inc/firefox-common-addons.inc | 17 | ||||
-rw-r--r-- | etc/profile-a-l/gimp.profile | 8 | ||||
-rw-r--r-- | etc/profile-m-z/min.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/mpsyt.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/qbittorrent.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/transmission-daemon.profile | 1 |
9 files changed, 34 insertions, 4 deletions
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index d36dd32e4..562d6b9e1 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md | |||
@@ -36,6 +36,7 @@ Other context about the problem like related errors to understand the problem. | |||
36 | - [ ] Programs needed for interaction are listed in the profile. | 36 | - [ ] Programs needed for interaction are listed in the profile. |
37 | - [ ] A short search for duplicates was performed. | 37 | - [ ] A short search for duplicates was performed. |
38 | - [ ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. | 38 | - [ ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. |
39 | - [ ] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. | ||
39 | 40 | ||
40 | 41 | ||
41 | <details><summary> debug output </summary> | 42 | <details><summary> debug output </summary> |
@@ -194,4 +194,4 @@ Stats: | |||
194 | 194 | ||
195 | ### New profiles: | 195 | ### New profiles: |
196 | 196 | ||
197 | spectacle | 197 | spectacle, chromium-browser-privacy |
@@ -1,7 +1,7 @@ | |||
1 | firejail (0.9.65) baseline; urgency=low | 1 | firejail (0.9.65) baseline; urgency=low |
2 | * allow --tmpfs inside $HOME for unprivileged users | 2 | * allow --tmpfs inside $HOME for unprivileged users |
3 | * --disable-usertmpfs compile time option | 3 | * --disable-usertmpfs compile time option |
4 | * new profiles: spectacle | 4 | * new profiles: spectacle, chromium-browser-privacy |
5 | -- netblue30 <netblue30@yahoo.com> Wed, 21 Oct 2020 09:00:00 -0500 | 5 | -- netblue30 <netblue30@yahoo.com> Wed, 21 Oct 2020 09:00:00 -0500 |
6 | 6 | ||
7 | firejail (0.9.64) baseline; urgency=low | 7 | firejail (0.9.64) baseline; urgency=low |
diff --git a/etc/inc/firefox-common-addons.inc b/etc/inc/firefox-common-addons.inc index 11acb7b42..198941ac9 100644 --- a/etc/inc/firefox-common-addons.inc +++ b/etc/inc/firefox-common-addons.inc | |||
@@ -69,3 +69,20 @@ include allow-python3.inc | |||
69 | # Flash plugin | 69 | # Flash plugin |
70 | # private-etc must first be enabled in firefox-common.profile and in profiles including it. | 70 | # private-etc must first be enabled in firefox-common.profile and in profiles including it. |
71 | #private-etc adobe | 71 | #private-etc adobe |
72 | |||
73 | # ff2mpv | ||
74 | #ignore noexec ${HOME} | ||
75 | #noblacklist ${HOME}/.config/mpv | ||
76 | #noblacklist ${HOME}/.config/youtube-dl | ||
77 | #noblacklist ${HOME}/.netrc | ||
78 | #include allow-lua.inc | ||
79 | #include allow-python3.inc | ||
80 | #mkdir ${HOME}/.config/mpv | ||
81 | #mkdir ${HOME}/.config/youtube-dl | ||
82 | #whitelist ${HOME}/.config/mpv | ||
83 | #whitelist ${HOME}/.config/youtube-dl | ||
84 | #whitelist ${HOME}/.netrc | ||
85 | #whitelist /usr/share/lua | ||
86 | #whitelist /usr/share/lua* | ||
87 | #whitelist /usr/share/vulkan | ||
88 | #private-bin env,mpv,python3*,waf,youtube-dl | ||
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index 8093c0c39..ed27de7f5 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile | |||
@@ -6,6 +6,14 @@ include gimp.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Uncomment or add to gimp.local in order to support scanning via xsane (see #3640). | ||
10 | # TODO: Replace 'ignore seccomp' with a less permissive option. | ||
11 | #ignore seccomp | ||
12 | #ignore dbus-system | ||
13 | #ignore net | ||
14 | #protocol unix,inet,inet6 | ||
15 | |||
16 | |||
9 | # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory | 17 | # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory |
10 | # if you are not using external plugins, you can comment 'ignore noexec' statement below | 18 | # if you are not using external plugins, you can comment 'ignore noexec' statement below |
11 | # or put 'noexec ${HOME}' in your gimp.local | 19 | # or put 'noexec ${HOME}' in your gimp.local |
diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile index d297b209b..be85fdbc4 100644 --- a/etc/profile-m-z/min.profile +++ b/etc/profile-m-z/min.profile | |||
@@ -6,8 +6,7 @@ include min.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Disable for now, see https://github.com/netblue30/firejail/pull/3688#issuecomment-718711565 | 9 | nowhitelist /usr/share/chromium |
10 | ignore whitelist /usr/share/chromium | ||
11 | 10 | ||
12 | noblacklist ${HOME}/.config/Min | 11 | noblacklist ${HOME}/.config/Min |
13 | 12 | ||
diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile index addeeac44..414eaf312 100644 --- a/etc/profile-m-z/mpsyt.profile +++ b/etc/profile-m-z/mpsyt.profile | |||
@@ -13,6 +13,9 @@ noblacklist ${HOME}/.mplayer | |||
13 | noblacklist ${HOME}/.netrc | 13 | noblacklist ${HOME}/.netrc |
14 | noblacklist ${HOME}/mps | 14 | noblacklist ${HOME}/mps |
15 | 15 | ||
16 | # Allow lua (blacklisted by disable-interpreters.inc) | ||
17 | include allow-lua.inc | ||
18 | |||
16 | # Allow python (blacklisted by disable-interpreters.inc) | 19 | # Allow python (blacklisted by disable-interpreters.inc) |
17 | include allow-python2.inc | 20 | include allow-python2.inc |
18 | include allow-python3.inc | 21 | include allow-python3.inc |
diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile index 81ec1bc6b..2fb02aefc 100644 --- a/etc/profile-m-z/qbittorrent.profile +++ b/etc/profile-m-z/qbittorrent.profile | |||
@@ -56,6 +56,7 @@ private-dev | |||
56 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl,X11,xdg | 56 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl,X11,xdg |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
59 | # See https://github.com/netblue30/firejail/issues/3707 for tray-icon | ||
59 | dbus-user none | 60 | dbus-user none |
60 | dbus-system none | 61 | dbus-system none |
61 | 62 | ||
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile index 363c685e0..8dbbfcc62 100644 --- a/etc/profile-m-z/transmission-daemon.profile +++ b/etc/profile-m-z/transmission-daemon.profile | |||
@@ -14,6 +14,7 @@ whitelist ${HOME}/.config/transmission-daemon | |||
14 | whitelist /var/lib/transmission | 14 | whitelist /var/lib/transmission |
15 | 15 | ||
16 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | 16 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot |
17 | protocol unix,inet,inet6,packet | ||
17 | 18 | ||
18 | private-bin transmission-daemon | 19 | private-bin transmission-daemon |
19 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl | 20 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl |