diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2023-03-14 23:29:53 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-14 23:29:53 +0000 |
commit | 2cb40fbecd313eeefc9894a0cac11652b1cafb73 (patch) | |
tree | 7b2999e21a18409f52757908732cf61468285bff | |
parent | profiles: drop hostname option (#5702) (diff) | |
download | firejail-2cb40fbecd313eeefc9894a0cac11652b1cafb73.tar.gz firejail-2cb40fbecd313eeefc9894a0cac11652b1cafb73.tar.zst firejail-2cb40fbecd313eeefc9894a0cac11652b1cafb73.zip |
microsoft-edge fixes (#5697)
* microsoft-edge*: fix spacing
* Create microsoft-edge-stable.profile
Relates to #5696.
* firecfg.config: add support for microsoft-edge-stable redirect
* disable-common.inc: blacklist msedge SUID executables
* microsoft-edge: add private-opt and allow internal sandbox access
-rw-r--r-- | etc/inc/disable-common.inc | 1 | ||||
-rw-r--r-- | etc/profile-m-z/microsoft-edge-beta.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/microsoft-edge-dev.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/microsoft-edge-stable.profile | 11 | ||||
-rw-r--r-- | etc/profile-m-z/microsoft-edge.profile | 5 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
6 files changed, 25 insertions, 3 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 65159b951..5f4233363 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -556,6 +556,7 @@ blacklist ${PATH}/ss | |||
556 | blacklist ${PATH}/traceroute | 556 | blacklist ${PATH}/traceroute |
557 | 557 | ||
558 | # other SUID binaries | 558 | # other SUID binaries |
559 | blacklist /opt/microsoft/msedge*/msedge-sandbox | ||
559 | blacklist /usr/lib/virtualbox | 560 | blacklist /usr/lib/virtualbox |
560 | blacklist /usr/lib64/virtualbox | 561 | blacklist /usr/lib64/virtualbox |
561 | 562 | ||
diff --git a/etc/profile-m-z/microsoft-edge-beta.profile b/etc/profile-m-z/microsoft-edge-beta.profile index 63844ad70..6843c11c7 100644 --- a/etc/profile-m-z/microsoft-edge-beta.profile +++ b/etc/profile-m-z/microsoft-edge-beta.profile | |||
@@ -1,5 +1,5 @@ | |||
1 | # Firejail profile for Microsoft Edge Beta | 1 | # Firejail profile for Microsoft Edge Beta |
2 | # Description: Web browser from Microsoft,beta channel | 2 | # Description: Web browser from Microsoft, beta channel |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include microsoft-edge-beta.local | 5 | include microsoft-edge-beta.local |
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/microsoft-edge-beta | 9 | noblacklist ${HOME}/.cache/microsoft-edge-beta |
10 | noblacklist ${HOME}/.config/microsoft-edge-beta | 10 | noblacklist ${HOME}/.config/microsoft-edge-beta |
11 | noblacklist /opt/microsoft/msedge-beta/msedge-sandbox | ||
11 | 12 | ||
12 | mkdir ${HOME}/.cache/microsoft-edge-beta | 13 | mkdir ${HOME}/.cache/microsoft-edge-beta |
13 | mkdir ${HOME}/.config/microsoft-edge-beta | 14 | mkdir ${HOME}/.config/microsoft-edge-beta |
@@ -15,6 +16,8 @@ whitelist ${HOME}/.cache/microsoft-edge-beta | |||
15 | whitelist ${HOME}/.config/microsoft-edge-beta | 16 | whitelist ${HOME}/.config/microsoft-edge-beta |
16 | 17 | ||
17 | whitelist /opt/microsoft/msedge-beta | 18 | whitelist /opt/microsoft/msedge-beta |
19 | # private-opt might break the file-copy-limit, see #5307 | ||
20 | #private-opt microsoft | ||
18 | 21 | ||
19 | # Redirect | 22 | # Redirect |
20 | include chromium-common.profile | 23 | include chromium-common.profile |
diff --git a/etc/profile-m-z/microsoft-edge-dev.profile b/etc/profile-m-z/microsoft-edge-dev.profile index b01fd7c25..b9cdaf98b 100644 --- a/etc/profile-m-z/microsoft-edge-dev.profile +++ b/etc/profile-m-z/microsoft-edge-dev.profile | |||
@@ -1,5 +1,5 @@ | |||
1 | # Firejail profile for Microsoft Edge Dev | 1 | # Firejail profile for Microsoft Edge Dev |
2 | # Description: Web browser from Microsoft,dev channel | 2 | # Description: Web browser from Microsoft, dev channel |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include microsoft-edge-dev.local | 5 | include microsoft-edge-dev.local |
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/microsoft-edge-dev | 9 | noblacklist ${HOME}/.cache/microsoft-edge-dev |
10 | noblacklist ${HOME}/.config/microsoft-edge-dev | 10 | noblacklist ${HOME}/.config/microsoft-edge-dev |
11 | noblacklist /opt/microsoft/msedge-dev/msedge-sandbox | ||
11 | 12 | ||
12 | mkdir ${HOME}/.cache/microsoft-edge-dev | 13 | mkdir ${HOME}/.cache/microsoft-edge-dev |
13 | mkdir ${HOME}/.config/microsoft-edge-dev | 14 | mkdir ${HOME}/.config/microsoft-edge-dev |
@@ -15,6 +16,8 @@ whitelist ${HOME}/.cache/microsoft-edge-dev | |||
15 | whitelist ${HOME}/.config/microsoft-edge-dev | 16 | whitelist ${HOME}/.config/microsoft-edge-dev |
16 | 17 | ||
17 | whitelist /opt/microsoft/msedge-dev | 18 | whitelist /opt/microsoft/msedge-dev |
19 | # private-opt might break file-copy-limit, see #5307 | ||
20 | #private-opt microsoft | ||
18 | 21 | ||
19 | # Redirect | 22 | # Redirect |
20 | include chromium-common.profile | 23 | include chromium-common.profile |
diff --git a/etc/profile-m-z/microsoft-edge-stable.profile b/etc/profile-m-z/microsoft-edge-stable.profile new file mode 100644 index 000000000..c5b2b4301 --- /dev/null +++ b/etc/profile-m-z/microsoft-edge-stable.profile | |||
@@ -0,0 +1,11 @@ | |||
1 | # Firejail profile for Microsoft Edge Stable | ||
2 | # Description: Web browser from Microsoft, stable channel | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include microsoft-edge-stable.local | ||
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include globals.local | ||
9 | |||
10 | # Redirect | ||
11 | include microsoft-edge.profile | ||
diff --git a/etc/profile-m-z/microsoft-edge.profile b/etc/profile-m-z/microsoft-edge.profile index 4cd8c85a5..ededb9cbd 100644 --- a/etc/profile-m-z/microsoft-edge.profile +++ b/etc/profile-m-z/microsoft-edge.profile | |||
@@ -1,5 +1,5 @@ | |||
1 | # Firejail profile for Microsoft Edge | 1 | # Firejail profile for Microsoft Edge |
2 | # Description: Web browser from Microsoft,stable channel | 2 | # Description: Web browser from Microsoft, stable channel |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include microsoft-edge.local | 5 | include microsoft-edge.local |
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/microsoft-edge | 9 | noblacklist ${HOME}/.cache/microsoft-edge |
10 | noblacklist ${HOME}/.config/microsoft-edge | 10 | noblacklist ${HOME}/.config/microsoft-edge |
11 | noblacklist /opt/microsoft/msedge/msedge-sandbox | ||
11 | 12 | ||
12 | mkdir ${HOME}/.cache/microsoft-edge | 13 | mkdir ${HOME}/.cache/microsoft-edge |
13 | mkdir ${HOME}/.config/microsoft-edge | 14 | mkdir ${HOME}/.config/microsoft-edge |
@@ -15,6 +16,8 @@ whitelist ${HOME}/.cache/microsoft-edge | |||
15 | whitelist ${HOME}/.config/microsoft-edge | 16 | whitelist ${HOME}/.config/microsoft-edge |
16 | 17 | ||
17 | whitelist /opt/microsoft/msedge | 18 | whitelist /opt/microsoft/msedge |
19 | # private-opt might break default file-copy-limit, see #5307 | ||
20 | #private-opt microsoft | ||
18 | 21 | ||
19 | # Redirect | 22 | # Redirect |
20 | include chromium-common.profile | 23 | include chromium-common.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index dfd822411..2e176d2cd 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -537,6 +537,7 @@ meteo-qt | |||
537 | microsoft-edge | 537 | microsoft-edge |
538 | microsoft-edge-beta | 538 | microsoft-edge-beta |
539 | microsoft-edge-dev | 539 | microsoft-edge-dev |
540 | microsoft-edge-stable | ||
540 | midori | 541 | midori |
541 | min | 542 | min |
542 | mindless | 543 | mindless |