diff options
author | kortewegdevries <kortewegdevries@protonmail.ch> | 2020-09-02 10:47:54 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-02 10:47:54 +0000 |
commit | 3801eb32b4098c7d3d1789c01ca880cfeadd378f (patch) | |
tree | 4b61ec25e5a6c58b31175dc65579819a023b028d | |
parent | Fixes #3596 (#3619) (diff) | |
download | firejail-3801eb32b4098c7d3d1789c01ca880cfeadd378f.tar.gz firejail-3801eb32b4098c7d3d1789c01ca880cfeadd378f.tar.zst firejail-3801eb32b4098c7d3d1789c01ca880cfeadd378f.zip |
Fix private-etc of electron-mail, fix geary,minitube (#3588)
* Fix private-etc of electron-mail
* Fix dbus of geary
* Fix geary again, remove GPG
* Fix seccomp on Arch
-rw-r--r-- | etc/inc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/profile-a-l/electron-mail.profile | 10 | ||||
-rw-r--r-- | etc/profile-a-l/geary.profile | 12 | ||||
-rw-r--r-- | etc/profile-m-z/minitube.profile | 2 |
4 files changed, 14 insertions, 12 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index dba60fcba..6b0c16d5f 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -216,6 +216,7 @@ blacklist ${HOME}/.config/gajim | |||
216 | blacklist ${HOME}/.config/galculator | 216 | blacklist ${HOME}/.config/galculator |
217 | blacklist ${HOME}/.config/gconf | 217 | blacklist ${HOME}/.config/gconf |
218 | blacklist ${HOME}/.config/geany | 218 | blacklist ${HOME}/.config/geany |
219 | blacklist ${HOME}/.config/geary | ||
219 | blacklist ${HOME}/.config/gedit | 220 | blacklist ${HOME}/.config/gedit |
220 | blacklist ${HOME}/.config/geeqie | 221 | blacklist ${HOME}/.config/geeqie |
221 | blacklist ${HOME}/.config/ghb | 222 | blacklist ${HOME}/.config/ghb |
@@ -865,6 +866,7 @@ blacklist ${HOME}/.cache/fossamail | |||
865 | blacklist ${HOME}/.cache/fractal | 866 | blacklist ${HOME}/.cache/fractal |
866 | blacklist ${HOME}/.cache/freecol | 867 | blacklist ${HOME}/.cache/freecol |
867 | blacklist ${HOME}/.cache/gajim | 868 | blacklist ${HOME}/.cache/gajim |
869 | blacklist ${HOME}/.cache/geary | ||
868 | blacklist ${HOME}/.cache/gegl-0.4 | 870 | blacklist ${HOME}/.cache/gegl-0.4 |
869 | blacklist ${HOME}/.cache/geeqie | 871 | blacklist ${HOME}/.cache/geeqie |
870 | blacklist ${HOME}/.cache/gfeeds | 872 | blacklist ${HOME}/.cache/gfeeds |
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index 39366470f..a77bca0f8 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile | |||
@@ -8,8 +8,6 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.config/electron-mail | 9 | noblacklist ${HOME}/.config/electron-mail |
10 | 10 | ||
11 | whitelist ${DOWNLOADS} | ||
12 | |||
13 | include disable-common.inc | 11 | include disable-common.inc |
14 | include disable-devel.inc | 12 | include disable-devel.inc |
15 | include disable-exec.inc | 13 | include disable-exec.inc |
@@ -21,8 +19,10 @@ include disable-xdg.inc | |||
21 | 19 | ||
22 | mkdir ${HOME}/.config/electron-mail | 20 | mkdir ${HOME}/.config/electron-mail |
23 | whitelist ${HOME}/.config/electron-mail | 21 | whitelist ${HOME}/.config/electron-mail |
22 | whitelist ${DOWNLOADS} | ||
24 | 23 | ||
25 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | ||
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
@@ -45,12 +45,12 @@ shell none | |||
45 | private-bin electron-mail | 45 | private-bin electron-mail |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,fonts | 48 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,nsswitch.conf,pki,resolv.conf,ssl,selinux,xdg |
49 | private-opt ElectronMail | 49 | private-opt ElectronMail |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | # breaks tray functionality | 52 | # breaks tray functionality |
53 | # dbus-user none | 53 | # dbus-user none |
54 | # dbus-system none | 54 | dbus-system none |
55 | 55 | ||
56 | # memory-deny-write-execute - breaks on Arch | 56 | # memory-deny-write-execute - breaks on Arch \ No newline at end of file |
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index fa01d04b7..118ed62ca 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile | |||
@@ -10,24 +10,24 @@ include geary.local | |||
10 | # Users have Geary set to open a browser by clicking a link in an email | 10 | # Users have Geary set to open a browser by clicking a link in an email |
11 | # We are not allowed to blacklist browser-specific directories | 11 | # We are not allowed to blacklist browser-specific directories |
12 | 12 | ||
13 | ignore dbus-user none | 13 | ignore dbus-user filter |
14 | ignore dbus-system none | 14 | ignore dbus-system none |
15 | ignore private-tmp | 15 | ignore private-tmp |
16 | 16 | ||
17 | noblacklist ${HOME}/.gnupg | 17 | noblacklist ${HOME}/.cache/geary |
18 | noblacklist ${HOME}/.config/geary | ||
18 | noblacklist ${HOME}/.local/share/geary | 19 | noblacklist ${HOME}/.local/share/geary |
19 | 20 | ||
20 | mkdir ${HOME}/.gnupg | 21 | mkdir ${HOME}/.cache/geary |
21 | mkdir ${HOME}/.config/geary | 22 | mkdir ${HOME}/.config/geary |
22 | mkdir ${HOME}/.local/share/geary | 23 | mkdir ${HOME}/.local/share/geary |
23 | whitelist ${HOME}/.gnupg | 24 | whitelist ${HOME}/.cache/geary |
24 | whitelist ${HOME}/.config/geary | 25 | whitelist ${HOME}/.config/geary |
25 | whitelist ${HOME}/.local/share/geary | 26 | whitelist ${HOME}/.local/share/geary |
27 | whitelist /usr/share/geary | ||
26 | 28 | ||
27 | read-only ${HOME}/.config/mimeapps.list | 29 | read-only ${HOME}/.config/mimeapps.list |
28 | 30 | ||
29 | whitelist /usr/share/geary | ||
30 | |||
31 | # allow Mozilla browsers | 31 | # allow Mozilla browsers |
32 | # Redirect | 32 | # Redirect |
33 | include firefox.profile | 33 | include firefox.profile |
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile index 2c70978a9..39ecc7127 100644 --- a/etc/profile-m-z/minitube.profile +++ b/etc/profile-m-z/minitube.profile | |||
@@ -46,7 +46,7 @@ notv | |||
46 | nou2f | 46 | nou2f |
47 | novideo | 47 | novideo |
48 | protocol unix,inet,inet6,netlink | 48 | protocol unix,inet,inet6,netlink |
49 | seccomp | 49 | seccomp !kcmp |
50 | shell none | 50 | shell none |
51 | tracelog | 51 | tracelog |
52 | 52 | ||