fixes for 'blacklist ${RUNUSER}/wayland-*' (#3166)

* unbreak audio-recorder Support both X11 and Wayland by default. Users can add 'blacklist ${RUNUSER}/wayland-*' or 'x11 none' in their audio-recorder.local. * unbreak ddgtk Support both X11 and Wayland by default. Users can add 'blacklist ${RUNUSER}/wayland-*' or 'x11 none' in their ddgtk.local. * unbreak and harden gconf-editor Support both X11 and Wayland by default. Also whitelist /usr/share/gconf-editor for wusc. * unbreak seahorse Support both X11 and Wayland by default. * add blacklist ${RUNUSER}/wayland-* to dnscrypt-proxy
author: glitsj16 <glitsj16@users.noreply.github.com> 2020-01-18 23:29:09 +0000
committer: GitHub <noreply@github.com> 2020-01-18 23:29:09 +0000
commit: 789c30eb984ea638735726e39f2e65fbc25c989e (patch)
tree: 508e45f6a4328304a3ab19d82de1ecb4c155c667
parent: Update SECURITY.md (diff)
download: firejail-789c30eb984ea638735726e39f2e65fbc25c989e.tar.gz
firejail-789c30eb984ea638735726e39f2e65fbc25c989e.tar.zst
firejail-789c30eb984ea638735726e39f2e65fbc25c989e.zip
5 files changed, 3 insertions, 9 deletions
diff --git a/etc/audio-recorder.profile b/etc/audio-recorder.profile
index 799405f1d..b2ed3b030 100644
--- a/etc/audio-recorder.profile
+++ b/etc/audio-recorder.profile
@@ -7,8 +7,6 @@ include audio-recorder.local
 # Persistent global definitions
 include globals.local
-blacklist ${RUNUSER}/wayland-*
 noblacklist ${MUSIC}
 include disable-common.inc
@@ -42,7 +40,6 @@ protocol unix
 seccomp
 shell none
 tracelog
-x11 none
 disable-mnt
 # private-bin audio-recorder
diff --git a/etc/ddgtk.profile b/etc/ddgtk.profile
index 46386f09e..3dfc657bc 100644
--- a/etc/ddgtk.profile
+++ b/etc/ddgtk.profile
@@ -6,8 +6,6 @@ include ddgtk.local
 # Persistent global definitions
 include globals.local
-blacklist ${RUNUSER}/wayland-*
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
@@ -45,7 +43,6 @@ protocol unix
 seccomp
 shell none
 tracelog
-x11 none
 disable-mnt
 private-bin bash,dd,ddgtk,grep,lsblk,python*,sed,sh,tr
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index 65722b3ef..6637b8d02 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -8,6 +8,7 @@ include dnscrypt-proxy.local
 include globals.local
 blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 noblacklist /sbin
 noblacklist /usr/sbin
diff --git a/etc/gconf-editor.profile b/etc/gconf-editor.profile
index 7325bfb4c..cb39174e5 100644
--- a/etc/gconf-editor.profile
+++ b/etc/gconf-editor.profile
@@ -8,9 +8,9 @@ include gconf-editor.local
 #include globals.local
 blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
-ignore net none
+whitelist /usr/share/gconf-editor
 ignore x11 none
 # Redirect
diff --git a/etc/seahorse.profile b/etc/seahorse.profile
index 0470dc286..5a742d05f 100644
--- a/etc/seahorse.profile
+++ b/etc/seahorse.profile
@@ -7,7 +7,6 @@ include seahorse.local
 include globals.local
 blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
 noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.ssh
author	glitsj16 <glitsj16@users.noreply.github.com>	2020-01-18 23:29:09 +0000
committer	GitHub <noreply@github.com>	2020-01-18 23:29:09 +0000
commit	789c30eb984ea638735726e39f2e65fbc25c989e (patch)
tree	508e45f6a4328304a3ab19d82de1ecb4c155c667
parent	Update SECURITY.md (diff)
download	firejail-789c30eb984ea638735726e39f2e65fbc25c989e.tar.gz firejail-789c30eb984ea638735726e39f2e65fbc25c989e.tar.zst firejail-789c30eb984ea638735726e39f2e65fbc25c989e.zip