Add whitelists, remove wrong cache whitelist, add dbus rules, apparmor

author: bbhtt <62639087+bbhtt@users.noreply.github.com> 2020-12-28 14:04:25 +0000
committer: bbhtt <62639087+bbhtt@users.noreply.github.com> 2020-12-28 14:04:25 +0000
commit: 31b92b33cfc827a3215584b50f56418e7fd75be0 (patch)
tree: 135199b61a6273c6f1b80a63726af75d4a73ecc0
parent: Add quiet (diff)
download: firejail-31b92b33cfc827a3215584b50f56418e7fd75be0.tar.gz
firejail-31b92b33cfc827a3215584b50f56418e7fd75be0.tar.zst
firejail-31b92b33cfc827a3215584b50f56418e7fd75be0.zip
1 files changed, 13 insertions, 1 deletions
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile
index 701098f4b..7a3f59159 100644
--- a/etc/profile-m-z/nheko.profile
+++ b/etc/profile-m-z/nheko.profile
@@ -16,14 +16,19 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
+include disable-xdg.inc
 mkdir ${HOME}/.config/nheko
 mkdir ${HOME}/.cache/nheko/nheko
 whitelist ${HOME}/.config/nheko
-whitelist ${HOME}/.cache/nheko/nheko
+whitelist ${HOME}/.cache/nheko
 whitelist ${DOWNLOADS}
 include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
 netfilter
 nodvd
@@ -38,5 +43,12 @@ tracelog
 disable-mnt
 private-bin nheko
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
 private-tmp
+dbus-user filter
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.kde.StatusNotifierWatcher
+dbus-system none
author	bbhtt <62639087+bbhtt@users.noreply.github.com>	2020-12-28 14:04:25 +0000
committer	bbhtt <62639087+bbhtt@users.noreply.github.com>	2020-12-28 14:04:25 +0000
commit	31b92b33cfc827a3215584b50f56418e7fd75be0 (patch)
tree	135199b61a6273c6f1b80a63726af75d4a73ecc0
parent	Add quiet (diff)
download	firejail-31b92b33cfc827a3215584b50f56418e7fd75be0.tar.gz firejail-31b92b33cfc827a3215584b50f56418e7fd75be0.tar.zst firejail-31b92b33cfc827a3215584b50f56418e7fd75be0.zip

diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile index 701098f4b..7a3f59159 100644 --- a/etc/profile-m-z/nheko.profile +++ b/etc/profile-m-z/nheko.profile
@@ -16,14 +16,19 @@ include disable-interpreters.inc
16	include disable-passwdmgr.inc	16	include disable-passwdmgr.inc
17	include disable-programs.inc	17	include disable-programs.inc
18	include disable-shell.inc	18	include disable-shell.inc
		19	include disable-xdg.inc
19		20
20	mkdir ${HOME}/.config/nheko	21	mkdir ${HOME}/.config/nheko
21	mkdir ${HOME}/.cache/nheko/nheko	22	mkdir ${HOME}/.cache/nheko/nheko
22	whitelist ${HOME}/.config/nheko	23	whitelist ${HOME}/.config/nheko
23	whitelist ${HOME}/.cache/nheko/nheko	24	whitelist ${HOME}/.cache/nheko
24	whitelist ${DOWNLOADS}	25	whitelist ${DOWNLOADS}
25	include whitelist-common.inc	26	include whitelist-common.inc
		27	include whitelist-runuser-common.inc
		28	include whitelist-usr-share-common.inc
		29	include whitelist-var-common.inc
26		30
		31	apparmor
27	caps.drop all	32	caps.drop all
28	netfilter	33	netfilter
29	nodvd	34	nodvd
@@ -38,5 +43,12 @@ tracelog
38		43
39	disable-mnt	44	disable-mnt
40	private-bin nheko	45	private-bin nheko
		46	private-cache
		47	private-dev
		48	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
41	private-tmp	49	private-tmp
42		50
		51	dbus-user filter
		52	dbus-user.talk org.freedesktop.Notifications
		53	dbus-user.talk org.kde.StatusNotifierWatcher
		54	dbus-system none