diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2020-03-15 09:21:12 +0100 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2020-03-15 09:26:54 +0100 |
commit | 41f71ebb5bf78abdfd56ffd57abc6cef952b69aa (patch) | |
tree | ef9e63abc33fdaef3f56fee505599263943d55db | |
parent | improve the previous fix: don't remount FUSE without permission (diff) | |
download | firejail-41f71ebb5bf78abdfd56ffd57abc6cef952b69aa.tar.gz firejail-41f71ebb5bf78abdfd56ffd57abc6cef952b69aa.tar.zst firejail-41f71ebb5bf78abdfd56ffd57abc6cef952b69aa.zip |
allow ro access to .local/share/flatpak/exports
$PATH and $XDG_DATA_DIRS can contain subdirs of flatpak/exports,
some applications crash if they cann't access these files.
Layout on my system:
~/.local/share/flatpak/exports
|-bin
|-share
|-applications
|-icons
-rw-r--r-- | etc/disable-common.inc | 9 | ||||
-rw-r--r-- | etc/gnome-maps.profile | 1 | ||||
-rw-r--r-- | etc/gnome-sound-recorder.profile | 1 |
3 files changed, 8 insertions, 3 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index bf29cd137..6f9149dee 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -444,7 +444,14 @@ blacklist /.snapshots | |||
444 | 444 | ||
445 | # flatpak | 445 | # flatpak |
446 | blacklist ${HOME}/.config/flatpak | 446 | blacklist ${HOME}/.config/flatpak |
447 | blacklist ${HOME}/.local/share/flatpak | 447 | blacklist ${HOME}/.local/share/flatpak/app |
448 | blacklist ${HOME}/.local/share/flatpak/appstream | ||
449 | blacklist ${HOME}/.local/share/flatpak/db | ||
450 | read-only ${HOME}/.local/share/flatpak/exports | ||
451 | blacklist ${HOME}/.local/share/flatpak/oci | ||
452 | blacklist ${HOME}/.local/share/flatpak/overrides | ||
453 | blacklist ${HOME}/.local/share/flatpak/repo | ||
454 | blacklist ${HOME}/.local/share/flatpak/runtime | ||
448 | blacklist ${HOME}/.var | 455 | blacklist ${HOME}/.var |
449 | blacklist /usr/share/flatpak | 456 | blacklist /usr/share/flatpak |
450 | blacklist /var/lib/flatpak | 457 | blacklist /var/lib/flatpak |
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index 62350b862..12415a937 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile | |||
@@ -13,7 +13,6 @@ include globals.local | |||
13 | 13 | ||
14 | noblacklist ${HOME}/.cache/champlain | 14 | noblacklist ${HOME}/.cache/champlain |
15 | noblacklist ${HOME}/.cache/org.gnome.Maps | 15 | noblacklist ${HOME}/.cache/org.gnome.Maps |
16 | noblacklist ${HOME}/.local/share/flatpak | ||
17 | noblacklist ${HOME}/.local/share/maps-places.json | 16 | noblacklist ${HOME}/.local/share/maps-places.json |
18 | 17 | ||
19 | # Allow gjs (blacklisted by disable-interpreters.inc) | 18 | # Allow gjs (blacklisted by disable-interpreters.inc) |
diff --git a/etc/gnome-sound-recorder.profile b/etc/gnome-sound-recorder.profile index 7f8fc8a0c..a64ec25a9 100644 --- a/etc/gnome-sound-recorder.profile +++ b/etc/gnome-sound-recorder.profile | |||
@@ -7,7 +7,6 @@ include gnome-sound-recorder.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | noblacklist ${HOME}/.local/share/flatpak | ||
11 | noblacklist ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
12 | 11 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 12 | # Allow gjs (blacklisted by disable-interpreters.inc) |