diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-04-12 08:52:06 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-04-12 08:52:06 +0200 |
commit | 2ae7295f1a8d24217ccbf0fef149df0042969b56 (patch) | |
tree | 7befb3efffa6e3d2b91e2d6640cff781d90c905d | |
parent | Merge pull request #4180 from jose1711/readme_typo (diff) | |
download | firejail-2ae7295f1a8d24217ccbf0fef149df0042969b56.tar.gz firejail-2ae7295f1a8d24217ccbf0fef149df0042969b56.tar.zst firejail-2ae7295f1a8d24217ccbf0fef149df0042969b56.zip |
profile fixes
discord-canary.profile:
fix #4175
flameshot.profile:
- private-tmp break flameshot (wayland only?)
- Screengrabbing (under wayland) is done via dbus, the following names
must be allowed:
- GNOME: org.gnome.Shell
- KDE: org.kde.KWin
- Sway: org.freedesktop.portal.Desktop
- Allow notifications and tray too, because org.gnome.Shell (for
example) is already totaly unsafe.
mumble.profile:
fix #4181
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/profile-a-l/discord-canary.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/flameshot.profile | 8 | ||||
-rw-r--r-- | etc/profile-m-z/mumble.profile | 1 |
5 files changed, 10 insertions, 5 deletions
@@ -333,4 +333,4 @@ Stats: | |||
333 | vmware-view, display-im6.q16, ipcalc, ipcalc-ng, ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop, | 333 | vmware-view, display-im6.q16, ipcalc, ipcalc-ng, ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop, |
334 | avidemux, calligragemini, vmware-player, vmware-workstation, gget, com.github.phase1geo.minder, nextcloud-desktop, | 334 | avidemux, calligragemini, vmware-player, vmware-workstation, gget, com.github.phase1geo.minder, nextcloud-desktop, |
335 | pcsxr, PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2, bcompare, b2sum, cksum, md5sum, sha1sum, sha224sum, | 335 | pcsxr, PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2, bcompare, b2sum, cksum, md5sum, sha1sum, sha224sum, |
336 | sha256sum, sha384sum, sha512sum, sum | 336 | sha256sum, sha384sum, sha512sum, sum, librewold-nightly |
@@ -18,7 +18,7 @@ firejail (0.9.65) baseline; urgency=low | |||
18 | * gget, com.github.phase1geo.minder, nextcloud-desktop, pcsxr | 18 | * gget, com.github.phase1geo.minder, nextcloud-desktop, pcsxr |
19 | * PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2, sum | 19 | * PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2, sum |
20 | * bcompare, b2sum, cksum, md5sum, sha1sum, sha224sum, sha256sum | 20 | * bcompare, b2sum, cksum, md5sum, sha1sum, sha224sum, sha256sum |
21 | * sha384sum, sha512sum | 21 | * sha384sum, sha512sum, librewold-nightly |
22 | -- netblue30 <netblue30@yahoo.com> Tue, 9 Feb 2021 09:00:00 -0500 | 22 | -- netblue30 <netblue30@yahoo.com> Tue, 9 Feb 2021 09:00:00 -0500 |
23 | 23 | ||
24 | firejail (0.9.64.4) baseline; urgency=low | 24 | firejail (0.9.64.4) baseline; urgency=low |
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile index 3e9dacd1e..43db95b8a 100644 --- a/etc/profile-a-l/discord-canary.profile +++ b/etc/profile-a-l/discord-canary.profile | |||
@@ -10,7 +10,7 @@ noblacklist ${HOME}/.config/discordcanary | |||
10 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
11 | whitelist ${HOME}/.config/discordcanary | 11 | whitelist ${HOME}/.config/discordcanary |
12 | 12 | ||
13 | private-bin discord-canary | 13 | private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9] |
14 | private-opt discord-canary | 14 | private-opt discord-canary |
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index 851a7c747..d1c18e690 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile | |||
@@ -54,9 +54,15 @@ private-bin flameshot | |||
54 | private-cache | 54 | private-cache |
55 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,machine-id,pki,resolv.conf,ssl | 55 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,machine-id,pki,resolv.conf,ssl |
56 | private-dev | 56 | private-dev |
57 | private-tmp | 57 | #private-tmp |
58 | 58 | ||
59 | dbus-user filter | 59 | dbus-user filter |
60 | dbus-user.own org.dharkael.Flameshot | 60 | dbus-user.own org.dharkael.Flameshot |
61 | dbus-user.own org.flameshot.Flameshot | 61 | dbus-user.own org.flameshot.Flameshot |
62 | dbus-user.talk org.freedesktop.Notifications | ||
63 | dbus-user.talk org.freedesktop.portal.Desktop | ||
64 | dbus-user.talk org.gnome.Shell | ||
65 | dbus-user.talk org.kde.KWin | ||
66 | dbus-user.talk org.kde.StatusNotifierWatcher | ||
67 | dbus-user.own org.kde.* | ||
62 | dbus-system none | 68 | dbus-system none |
diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile index 0c4efc3d3..c7f59c5ee 100644 --- a/etc/profile-m-z/mumble.profile +++ b/etc/profile-m-z/mumble.profile | |||
@@ -29,7 +29,6 @@ include whitelist-var-common.inc | |||
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
31 | netfilter | 31 | netfilter |
32 | no3d | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |