Merge pull request #4903 from kmk3/keepass-rm-nou2f

keepass*: remove nou2f & add note about private-dev
author: netblue30 <netblue30@protonmail.com> 2022-02-06 07:25:12 -0500
committer: GitHub <noreply@github.com> 2022-02-06 07:25:12 -0500
commit: b4730248f6761f13044f309ad66267a540c9e555 (patch)
tree: 14a872b51d7294eefd89f6909185e3182e1e5f93
parent: RELNOTES: add new command checklist and issue template rework (diff)
parent: keepass*: note that private-dev blocks access to new hardware keys (diff)
download: firejail-b4730248f6761f13044f309ad66267a540c9e555.tar.gz
firejail-b4730248f6761f13044f309ad66267a540c9e555.tar.zst
firejail-b4730248f6761f13044f309ad66267a540c9e555.zip
3 files changed, 9 insertions, 3 deletions
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile
index f26c10be3..bc7878ac9 100644
--- a/etc/profile-a-l/keepass.profile
+++ b/etc/profile-a-l/keepass.profile
@@ -32,13 +32,15 @@ nonewprivs
 noroot
 nosound
 notv
-nou2f
 novideo
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
 private-cache
+# Note: private-dev prevents the program from seeing new devices (such as
+# hardware keys) on /dev after it has already started; add "ignore nou2f" to
+# keepassxc.local if this is an issue (see #4883).
 private-dev
 private-tmp
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile
index 5e2d6d8df..8c5e6168e 100644
--- a/etc/profile-a-l/keepassx.profile
+++ b/etc/profile-a-l/keepassx.profile
@@ -32,7 +32,6 @@ nonewprivs
 noroot
 nosound
 notv
-nou2f
 novideo
 protocol unix
 seccomp
@@ -40,6 +39,9 @@ shell none
 tracelog
 private-bin keepassx,keepassx2
+# Note: private-dev prevents the program from seeing new devices (such as
+# hardware keys) on /dev after it has already started; add "ignore nou2f" to
+# keepassxc.local if this is an issue (see #4883).
 private-dev
 private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
 private-tmp
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
index 45a707071..8f57cb706 100644
--- a/etc/profile-a-l/keepassxc.profile
+++ b/etc/profile-a-l/keepassxc.profile
@@ -78,7 +78,6 @@ nonewprivs
 noroot
 nosound
 notv
-nou2f
 novideo
 protocol unix
 seccomp !name_to_handle_at
@@ -87,6 +86,9 @@ shell none
 tracelog
 private-bin keepassxc,keepassxc-cli,keepassxc-proxy
+# Note: private-dev prevents the program from seeing new devices (such as
+# hardware keys) on /dev after it has already started; add "ignore nou2f" to
+# keepassxc.local if this is an issue (see #4883).
 private-dev
 private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
 private-tmp
author	netblue30 <netblue30@protonmail.com>	2022-02-06 07:25:12 -0500
committer	GitHub <noreply@github.com>	2022-02-06 07:25:12 -0500
commit	b4730248f6761f13044f309ad66267a540c9e555 (patch)
tree	14a872b51d7294eefd89f6909185e3182e1e5f93
parent	RELNOTES: add new command checklist and issue template rework (diff)
parent	keepass*: note that private-dev blocks access to new hardware keys (diff)
download	firejail-b4730248f6761f13044f309ad66267a540c9e555.tar.gz firejail-b4730248f6761f13044f309ad66267a540c9e555.tar.zst firejail-b4730248f6761f13044f309ad66267a540c9e555.zip

diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile index f26c10be3..bc7878ac9 100644 --- a/etc/profile-a-l/keepass.profile +++ b/etc/profile-a-l/keepass.profile
@@ -32,13 +32,15 @@ nonewprivs
32	noroot	32	noroot
33	nosound	33	nosound
34	notv	34	notv
35	nou2f
36	novideo	35	novideo
37	protocol unix,inet,inet6,netlink	36	protocol unix,inet,inet6,netlink
38	seccomp	37	seccomp
39	shell none	38	shell none
40		39
41	private-cache	40	private-cache
		41	# Note: private-dev prevents the program from seeing new devices (such as
		42	# hardware keys) on /dev after it has already started; add "ignore nou2f" to
		43	# keepassxc.local if this is an issue (see #4883).
42	private-dev	44	private-dev
43	private-tmp	45	private-tmp
44		46


diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index 5e2d6d8df..8c5e6168e 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile
@@ -32,7 +32,6 @@ nonewprivs
32	noroot	32	noroot
33	nosound	33	nosound
34	notv	34	notv
35	nou2f
36	novideo	35	novideo
37	protocol unix	36	protocol unix
38	seccomp	37	seccomp
@@ -40,6 +39,9 @@ shell none
40	tracelog	39	tracelog
41		40
42	private-bin keepassx,keepassx2	41	private-bin keepassx,keepassx2
		42	# Note: private-dev prevents the program from seeing new devices (such as
		43	# hardware keys) on /dev after it has already started; add "ignore nou2f" to
		44	# keepassxc.local if this is an issue (see #4883).
43	private-dev	45	private-dev
44	private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id	46	private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
45	private-tmp	47	private-tmp


diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index 45a707071..8f57cb706 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile
@@ -78,7 +78,6 @@ nonewprivs
78	noroot	78	noroot
79	nosound	79	nosound
80	notv	80	notv
81	nou2f
82	novideo	81	novideo
83	protocol unix	82	protocol unix
84	seccomp !name_to_handle_at	83	seccomp !name_to_handle_at
@@ -87,6 +86,9 @@ shell none
87	tracelog	86	tracelog
88		87
89	private-bin keepassxc,keepassxc-cli,keepassxc-proxy	88	private-bin keepassxc,keepassxc-cli,keepassxc-proxy
		89	# Note: private-dev prevents the program from seeing new devices (such as
		90	# hardware keys) on /dev after it has already started; add "ignore nou2f" to
		91	# keepassxc.local if this is an issue (see #4883).
90	private-dev	92	private-dev
91	private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id	93	private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id
92	private-tmp	94	private-tmp