diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2022-12-21 23:35:59 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-21 23:35:59 +0000 |
commit | 5bb73dbcddca0c73f1689a0a2f7a07dc1c2388ad (patch) | |
tree | feaa2da04dbff3c93135968f434858b6442147ac | |
parent | Fix mDNS name resolution with wrc (#5541) (diff) | |
download | firejail-5bb73dbcddca0c73f1689a0a2f7a07dc1c2388ad.tar.gz firejail-5bb73dbcddca0c73f1689a0a2f7a07dc1c2388ad.tar.zst firejail-5bb73dbcddca0c73f1689a0a2f7a07dc1c2388ad.zip |
seahorse refactoring (#5543)
* seahorse: fixes and hardening
* seahorse-daemon: hardening
* seahorse-tool: move private-etc items to seahorse
* seahorse: unbreak nautilus file encryption
As suggested [in review](https://github.com/netblue30/firejail/pull/5543#pullrequestreview-1225250520).
* seahorse-tool: move private-tmp to seahorse
* seahorse: add private-tmp
* seahorse: fix access to ssh-agent socket
-rw-r--r-- | etc/profile-m-z/seahorse-daemon.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/seahorse-tool.profile | 4 | ||||
-rw-r--r-- | etc/profile-m-z/seahorse.profile | 6 |
3 files changed, 6 insertions, 7 deletions
diff --git a/etc/profile-m-z/seahorse-daemon.profile b/etc/profile-m-z/seahorse-daemon.profile index 6410da4d8..b3ead7191 100644 --- a/etc/profile-m-z/seahorse-daemon.profile +++ b/etc/profile-m-z/seahorse-daemon.profile | |||
@@ -8,6 +8,9 @@ include seahorse-daemon.local | |||
8 | # added by included profile | 8 | # added by included profile |
9 | #include globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | blacklist ${RUNUSER}/wayland-* | ||
12 | include disable-X11.inc | ||
13 | |||
11 | memory-deny-write-execute | 14 | memory-deny-write-execute |
12 | 15 | ||
13 | # Redirect | 16 | # Redirect |
diff --git a/etc/profile-m-z/seahorse-tool.profile b/etc/profile-m-z/seahorse-tool.profile index 9ef174606..e5c9e6b10 100644 --- a/etc/profile-m-z/seahorse-tool.profile +++ b/etc/profile-m-z/seahorse-tool.profile | |||
@@ -7,9 +7,5 @@ include seahorse-tool.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | # private-etc workaround for: #2877 | ||
11 | private-etc alternatives,firejail,ld.so.cache,ld.so.preload,login.defs,passwd | ||
12 | private-tmp | ||
13 | |||
14 | # Redirect | 10 | # Redirect |
15 | include seahorse.profile | 11 | include seahorse.profile |
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index 0b7232cc4..e6f51bff9 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile | |||
@@ -6,8 +6,6 @@ include seahorse.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | ||
10 | |||
11 | noblacklist ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
12 | 10 | ||
13 | # Allow ssh (blacklisted by disable-common.inc) | 11 | # Allow ssh (blacklisted by disable-common.inc) |
@@ -59,12 +57,14 @@ tracelog | |||
59 | disable-mnt | 57 | disable-mnt |
60 | private-cache | 58 | private-cache |
61 | private-dev | 59 | private-dev |
62 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssh,ssl,X11 | 60 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,login.defs,nsswitch.conf,pango,passwd,pkcs11,pki,protocols,resolv.conf,rpc,services,ssh,ssl,xdg |
61 | private-tmp | ||
63 | writable-run-user | 62 | writable-run-user |
64 | 63 | ||
65 | dbus-user filter | 64 | dbus-user filter |
66 | dbus-user.own org.gnome.seahorse | 65 | dbus-user.own org.gnome.seahorse |
67 | dbus-user.own org.gnome.seahorse.Application | 66 | dbus-user.own org.gnome.seahorse.Application |
67 | dbus-user.talk ca.desrt.dconf | ||
68 | dbus-user.talk org.freedesktop.secrets | 68 | dbus-user.talk org.freedesktop.secrets |
69 | dbus-system none | 69 | dbus-system none |
70 | 70 | ||