diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2021-05-13 13:48:23 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-13 13:48:23 +0000 |
commit | 9fca4500c4d527afce3bd2228388c4a1990772a9 (patch) | |
tree | df014efe5652cb3f8d5a215caa1006e3fb770cae | |
parent | Manpage fixes (diff) | |
download | firejail-9fca4500c4d527afce3bd2228388c4a1990772a9.tar.gz firejail-9fca4500c4d527afce3bd2228388c4a1990772a9.tar.zst firejail-9fca4500c4d527afce3bd2228388c4a1990772a9.zip |
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* fix noroot comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630981737).
* fix dbus-user comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630982527).
* fix private-dev comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630980029).
* fix private-etc comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630979698).
* move writable-var comment cfr. profile.template
-rw-r--r-- | etc/profile-a-l/amarok.profile | 8 | ||||
-rw-r--r-- | etc/profile-a-l/cin.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/enpass.profile | 8 | ||||
-rw-r--r-- | etc/profile-a-l/eog.profile | 10 | ||||
-rw-r--r-- | etc/profile-a-l/eom.profile | 9 | ||||
-rw-r--r-- | etc/profile-a-l/libreoffice.profile | 18 | ||||
-rw-r--r-- | etc/profile-a-l/librewolf.profile | 21 | ||||
-rw-r--r-- | etc/profile-m-z/minecraft-launcher.profile | 6 | ||||
-rw-r--r-- | etc/profile-m-z/nano.profile | 6 | ||||
-rw-r--r-- | etc/profile-m-z/ostrichriders.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/spotify.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/steam.profile | 22 | ||||
-rw-r--r-- | etc/profile-m-z/sysprof.profile | 16 |
13 files changed, 76 insertions, 54 deletions
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile index a15d3628d..a7caddc4c 100644 --- a/etc/profile-a-l/amarok.profile +++ b/etc/profile-a-l/amarok.profile | |||
@@ -35,14 +35,14 @@ private-dev | |||
35 | # private-etc alternatives,asound.conf,ca-certificates,crypto-policies,machine-id,pki,pulse,ssl | 35 | # private-etc alternatives,asound.conf,ca-certificates,crypto-policies,machine-id,pki,pulse,ssl |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | # If you ain't on kde-plasma you need to uncomment the following | ||
39 | dbus-user filter | 38 | dbus-user filter |
40 | dbus-user.own org.kde.amarok | 39 | dbus-user.own org.kde.amarok |
41 | #dbus-user.own org.kde.kded | ||
42 | #dbus-user.own org.kde.klauncher | ||
43 | dbus-user.own org.mpris.amarok | 40 | dbus-user.own org.mpris.amarok |
44 | dbus-user.own org.mpris.MediaPlayer2.amarok | 41 | dbus-user.own org.mpris.MediaPlayer2.amarok |
45 | dbus-user.talk org.freedesktop.Notifications | 42 | dbus-user.talk org.freedesktop.Notifications |
46 | #dbus-user.talk org.kde.knotify | ||
47 | dbus-user.talk org.kde.StatusNotifierWatcher | 43 | dbus-user.talk org.kde.StatusNotifierWatcher |
44 | # If you're not on kde-plasma add the next lines to your amarok.local. | ||
45 | #dbus-user.own org.kde.kded | ||
46 | #dbus-user.own org.kde.klauncher | ||
47 | #dbus-user.talk org.kde.knotify | ||
48 | dbus-system none | 48 | dbus-system none |
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile index 542d6600d..e1f9523c4 100644 --- a/etc/profile-a-l/cin.profile +++ b/etc/profile-a-l/cin.profile | |||
@@ -26,7 +26,7 @@ nou2f | |||
26 | noroot | 26 | noroot |
27 | protocol unix | 27 | protocol unix |
28 | 28 | ||
29 | # if an 1-1.2% gap per thread hurts you, comment seccomp | 29 | # If a 1-1.2% gap per thread hurts you, add 'ignore seccomp' to your cin.local. |
30 | seccomp | 30 | seccomp |
31 | shell none | 31 | shell none |
32 | 32 | ||
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile index feae5abb3..c4123b4c2 100644 --- a/etc/profile-a-l/enpass.profile +++ b/etc/profile-a-l/enpass.profile | |||
@@ -32,10 +32,10 @@ whitelist ${DOCUMENTS} | |||
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
35 | # machine-id and nosound break audio notification functionality | 35 | # machine-id and nosound break audio notification functionality. |
36 | # comment both if you need that functionality or put 'ignore machine-id' | 36 | # Add the next lines to your enpass.local if you need that functionality. |
37 | # and 'ignore nosound' in your enpass.local | 37 | #ignore machine-id |
38 | 38 | #ignore nosound | |
39 | caps.drop all | 39 | caps.drop all |
40 | machine-id | 40 | machine-id |
41 | netfilter | 41 | netfilter |
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile index aabef65fc..5892374bd 100644 --- a/etc/profile-a-l/eog.profile +++ b/etc/profile-a-l/eog.profile | |||
@@ -10,11 +10,13 @@ noblacklist ${HOME}/.config/eog | |||
10 | 10 | ||
11 | whitelist /usr/share/eog | 11 | whitelist /usr/share/eog |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager' | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # comment those if you need that functionality | 14 | # Add the next lines to your eog.local if you need that functionality. |
15 | # or put 'ignore private-bin', 'ignore private-etc' and 'ignore private-lib' in your eog.local | 15 | #ignore private-bin |
16 | private-bin eog | 16 | #ignore private-etc |
17 | #ignore private-lib | ||
17 | 18 | ||
19 | private-bin eog | ||
18 | 20 | ||
19 | # broken on Debian 10 (buster) running LXDE got the folowing error: | 21 | # broken on Debian 10 (buster) running LXDE got the folowing error: |
20 | # Failed to register: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown | 22 | # Failed to register: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown |
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile index 5bfeb8c8f..7143a8e03 100644 --- a/etc/profile-a-l/eom.profile +++ b/etc/profile-a-l/eom.profile | |||
@@ -10,9 +10,12 @@ noblacklist ${HOME}/.config/mate/eom | |||
10 | 10 | ||
11 | whitelist /usr/share/eom | 11 | whitelist /usr/share/eom |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager' | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # comment those if you need that functionality | 14 | # Add the next lines to your eom.local if you need that functionality. |
15 | # or put 'ignore private-bin', 'ignore private-etc' and 'ignore private-lib' in your eom.local | 15 | #ignore private-bin |
16 | #ignore private-etc | ||
17 | #ignore private-lib | ||
18 | |||
16 | private-bin eom | 19 | private-bin eom |
17 | 20 | ||
18 | # Redirect | 21 | # Redirect |
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index 0041f2540..e4440eac0 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | noblacklist /usr/local/sbin | 9 | noblacklist /usr/local/sbin |
10 | noblacklist ${HOME}/.config/libreoffice | 10 | noblacklist ${HOME}/.config/libreoffice |
11 | 11 | ||
12 | # libreoffice uses java for some certain operations | 12 | # libreoffice uses java for some functionality. |
13 | # comment if you don't care about java functionality | 13 | # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. |
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
16 | 16 | ||
@@ -22,26 +22,28 @@ include disable-programs.inc | |||
22 | 22 | ||
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | # ubuntu 18.04 comes with its own apparmor profile, but it is not in enforce mode. | 25 | # Debian 10/Ubuntu 18.04 come with their own apparmor profile, but it is not in enforce mode. |
26 | # comment the next line to use the ubuntu profile instead of firejail's apparmor profile | 26 | # Add the next lines to your libreoffice.local to use the Ubuntu profile instead of firejail's apparmor profile. |
27 | #ignore apparmor | ||
28 | #ignore nonewprivs | ||
29 | #ignore protocol | ||
30 | #ignore seccomp | ||
31 | #ignore tracelog | ||
32 | |||
27 | apparmor | 33 | apparmor |
28 | caps.drop all | 34 | caps.drop all |
29 | netfilter | 35 | netfilter |
30 | nodvd | 36 | nodvd |
31 | nogroups | 37 | nogroups |
32 | noinput | 38 | noinput |
33 | # comment nonewprivs when using the ubuntu 18.04/debian 10 apparmor profile | ||
34 | nonewprivs | 39 | nonewprivs |
35 | noroot | 40 | noroot |
36 | notv | 41 | notv |
37 | nou2f | 42 | nou2f |
38 | novideo | 43 | novideo |
39 | # comment the protocol line when using the ubuntu 18.04/debian 10 apparmor profile | ||
40 | protocol unix,inet,inet6 | 44 | protocol unix,inet,inet6 |
41 | # comment seccomp when using the ubuntu 18.04/debian 10 apparmor profile | ||
42 | seccomp | 45 | seccomp |
43 | shell none | 46 | shell none |
44 | # comment tracelog when using the ubuntu 18.04/debian 10 apparmor profile | ||
45 | tracelog | 47 | tracelog |
46 | 48 | ||
47 | #private-bin libreoffice,sh,uname,dirname,grep,sed,basename,ls | 49 | #private-bin libreoffice,sh,uname,dirname,grep,sed,basename,ls |
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 0934e1271..8e3e58f19 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile | |||
@@ -18,8 +18,8 @@ whitelist ${HOME}/.librewolf | |||
18 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |
19 | #whitelist ${HOME}/.mozilla | 19 | #whitelist ${HOME}/.mozilla |
20 | 20 | ||
21 | # Uncomment or put in your librewolf.local one of the following whitelist to enable KeePassXC Plugin | 21 | # To enable KeePassXC Plugin add one of the following lines to your librewolf.local. |
22 | # NOTE: start KeePassXC before Librewolf and keep it open to allow communication between them | 22 | # NOTE: start KeePassXC before Librewolf and keep it open to allow communication between them. |
23 | #whitelist ${RUNUSER}/kpxc_server | 23 | #whitelist ${RUNUSER}/kpxc_server |
24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
25 | 25 | ||
@@ -31,25 +31,24 @@ include whitelist-usr-share-common.inc | |||
31 | 31 | ||
32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). | 32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). |
33 | #private-bin dbus-launch,dbus-send,librewolf,sh | 33 | #private-bin dbus-launch,dbus-send,librewolf,sh |
34 | # Add the next line to your librewolf.local to enable private-etc. Note | 34 | # Add the next line to your librewolf.local to enable private-etc. |
35 | # that private-etc must first be enabled in firefox-common.local. | 35 | # NOTE: private-etc must first be enabled in firefox-common.local. |
36 | #private-etc librewolf | 36 | #private-etc librewolf |
37 | 37 | ||
38 | dbus-user filter | 38 | dbus-user filter |
39 | # Uncomment or put in your librewolf.local to enable native notifications. | 39 | # Add the next line to your librewolf.local to enable native notifications. |
40 | #dbus-user.talk org.freedesktop.Notifications | 40 | #dbus-user.talk org.freedesktop.Notifications |
41 | # Uncomment or put in your librewolf.local to allow to inhibit screensavers | 41 | # Add the next line to your librewolf.local to allow inhibiting screensavers. |
42 | #dbus-user.talk org.freedesktop.ScreenSaver | 42 | #dbus-user.talk org.freedesktop.ScreenSaver |
43 | # Uncomment or put in your librewolf.local for plasma browser integration | 43 | # Add the next lines to your librewolf.local for plasma browser integration. |
44 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration | 44 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration |
45 | #dbus-user.talk org.kde.JobViewServer | 45 | #dbus-user.talk org.kde.JobViewServer |
46 | #dbus-user.talk org.kde.kuiserver | 46 | #dbus-user.talk org.kde.kuiserver |
47 | # Uncomment or put in your librewolf.local to allow screen sharing under wayland. | 47 | # Add the next lines to your librewolf.local to allow screensharing under Wayland. |
48 | #whitelist ${RUNUSER}/pipewire-0 | 48 | #whitelist ${RUNUSER}/pipewire-0 |
49 | #dbus-user.talk org.freedesktop.portal.* | 49 | #dbus-user.talk org.freedesktop.portal.* |
50 | # Also uncomment or put in your librewolf.local if screen sharing sharing still | 50 | # Also add the next line to your librewolf.local if screensharing does not work with |
51 | # does not work with the above lines (might depend on the portal | 51 | # the above lines (depends on the portal implementation). |
52 | # implementation) | ||
53 | #ignore noroot | 52 | #ignore noroot |
54 | ignore dbus-user none | 53 | ignore dbus-user none |
55 | 54 | ||
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile index cdea91b8f..2536d0b38 100644 --- a/etc/profile-m-z/minecraft-launcher.profile +++ b/etc/profile-m-z/minecraft-launcher.profile | |||
@@ -6,7 +6,8 @@ include minecraft-launcher.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # On some distros executable may be in '/opt/minecraft-launcher/', if so, run 'firejail /opt/minecraft-launcher/minecraft-launcher' to start it. | 9 | # Some distros put the executable in /opt/minecraft-launcher. |
10 | # Run 'firejail /opt/minecraft-launcher/minecraft-launcher' to start it. | ||
10 | 11 | ||
11 | ignore noexec ${HOME} | 12 | ignore noexec ${HOME} |
12 | 13 | ||
@@ -50,7 +51,8 @@ disable-mnt | |||
50 | private-bin java,java-config,minecraft-launcher | 51 | private-bin java,java-config,minecraft-launcher |
51 | private-cache | 52 | private-cache |
52 | private-dev | 53 | private-dev |
53 | # If multiplayer or realms break add your own java folder from /etc or comment the line below. | 54 | # If multiplayer or realms break, add 'private-etc <your-own-java-folder-from-/etc>' |
55 | # or 'ignore private-etc' to your minecraft-launcher.local. | ||
54 | private-etc alternatives,asound.conf,ati,ca-certificates,crypto-policies,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-14-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,login.defs,machine-id,mime.types,nvidia,passwd,pki,pulse,resolv.conf,selinux,services,ssl,timezone,X11,xdg | 56 | private-etc alternatives,asound.conf,ati,ca-certificates,crypto-policies,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-14-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,login.defs,machine-id,mime.types,nvidia,passwd,pki,pulse,resolv.conf,selinux,services,ssl,timezone,X11,xdg |
55 | private-opt minecraft-launcher | 57 | private-opt minecraft-launcher |
56 | private-tmp | 58 | private-tmp |
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile index 45d5f59dd..4698c2287 100644 --- a/etc/profile-m-z/nano.profile +++ b/etc/profile-m-z/nano.profile | |||
@@ -47,8 +47,12 @@ x11 none | |||
47 | private-bin nano,rnano | 47 | private-bin nano,rnano |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | # Comment the next line if you want to edit files in /etc directly | 50 | # Add the next lines to your nano.local if you want to edit files in /etc directly. |
51 | #ignore private-etc | ||
52 | #writable-etc | ||
51 | private-etc alternatives,nanorc | 53 | private-etc alternatives,nanorc |
54 | # Add the next line to your nano.local if you want to edit files in /var directly. | ||
55 | #writable-var | ||
52 | 56 | ||
53 | dbus-user none | 57 | dbus-user none |
54 | dbus-system none | 58 | dbus-system none |
diff --git a/etc/profile-m-z/ostrichriders.profile b/etc/profile-m-z/ostrichriders.profile index e0be078a7..310b90919 100644 --- a/etc/profile-m-z/ostrichriders.profile +++ b/etc/profile-m-z/ostrichriders.profile | |||
@@ -29,6 +29,7 @@ ipc-namespace | |||
29 | net none | 29 | net none |
30 | nodvd | 30 | nodvd |
31 | nogroups | 31 | nogroups |
32 | # Add 'ignore noinput' to your ostrichriders.local if you need controller support. | ||
32 | noinput | 33 | noinput |
33 | nonewprivs | 34 | nonewprivs |
34 | noroot | 35 | noroot |
@@ -43,7 +44,6 @@ tracelog | |||
43 | disable-mnt | 44 | disable-mnt |
44 | private-bin ostrichriders | 45 | private-bin ostrichriders |
45 | private-cache | 46 | private-cache |
46 | # comment the following line if you need controller support | ||
47 | private-dev | 47 | private-dev |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index f679be9e7..01bc2bc05 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile | |||
@@ -44,7 +44,7 @@ tracelog | |||
44 | disable-mnt | 44 | disable-mnt |
45 | private-bin bash,cat,dirname,find,grep,head,rm,sh,spotify,tclsh,touch,zenity | 45 | private-bin bash,cat,dirname,find,grep,head,rm,sh,spotify,tclsh,touch,zenity |
46 | private-dev | 46 | private-dev |
47 | # Comment the next line or put 'ignore private-etc' in your spotify.local if want to see the albums covers or if you want to use the radio | 47 | # If you want to see album covers or want to use the radio, add 'ignore private-etc' to your spotify.local. |
48 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hosts,ld.so.cache,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl | 48 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hosts,ld.so.cache,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl |
49 | private-opt spotify | 49 | private-opt spotify |
50 | private-srv none | 50 | private-srv none |
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index 369255324..06d08f3a2 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile | |||
@@ -119,7 +119,7 @@ whitelist ${HOME}/.steampid | |||
119 | include whitelist-common.inc | 119 | include whitelist-common.inc |
120 | include whitelist-var-common.inc | 120 | include whitelist-var-common.inc |
121 | 121 | ||
122 | # Note: The following were intentionally left out as they are alternative | 122 | # NOTE: The following were intentionally left out as they are alternative |
123 | # (i.e.: unnecessary and/or legacy) paths whose existence may potentially | 123 | # (i.e.: unnecessary and/or legacy) paths whose existence may potentially |
124 | # clobber other paths (see #4225). If you use any, either add the entry to | 124 | # clobber other paths (see #4225). If you use any, either add the entry to |
125 | # steam.local or move the contents to a path listed above (or open an issue if | 125 | # steam.local or move the contents to a path listed above (or open an issue if |
@@ -131,34 +131,36 @@ caps.drop all | |||
131 | #ipc-namespace | 131 | #ipc-namespace |
132 | netfilter | 132 | netfilter |
133 | nodvd | 133 | nodvd |
134 | # nVidia users may need to comment / ignore nogroups and noroot | ||
135 | nogroups | 134 | nogroups |
136 | nonewprivs | 135 | nonewprivs |
136 | # If you use nVidia you might need to add 'ignore noroot' to your steam.local. | ||
137 | noroot | 137 | noroot |
138 | notv | 138 | notv |
139 | nou2f | 139 | nou2f |
140 | # novideo should be commented for VR | 140 | # For VR support add 'ignore novideo' to your steam.local. |
141 | novideo | 141 | novideo |
142 | protocol unix,inet,inet6,netlink | 142 | protocol unix,inet,inet6,netlink |
143 | # seccomp sometimes causes issues (see #2951, #3267), | 143 | # seccomp sometimes causes issues (see #2951, #3267). |
144 | # comment it or add 'ignore seccomp' to steam.local if so. | 144 | # Add 'ignore seccomp' to your steam.local if you experience this. |
145 | seccomp !ptrace | 145 | seccomp !ptrace |
146 | shell none | 146 | shell none |
147 | # tracelog breaks integrated browser | 147 | # tracelog breaks integrated browser |
148 | #tracelog | 148 | #tracelog |
149 | 149 | ||
150 | # private-bin is disabled while in testing, but has been tested working with multiple games | 150 | # private-bin is disabled while in testing, but is known to work with multiple games. |
151 | # Add the next line to your steam.local to enable private-bin. | ||
151 | #private-bin awk,basename,bash,bsdtar,bzip2,cat,chmod,cksum,cmp,comm,compress,cp,curl,cut,date,dbus-launch,dbus-send,desktop-file-edit,desktop-file-install,desktop-file-validate,dirname,echo,env,expr,file,find,getopt,grep,gtar,gzip,head,hostname,id,lbzip2,ldconfig,ldd,ln,ls,lsb_release,lsof,lspci,lz4,lzip,lzma,lzop,md5sum,mkdir,mktemp,mv,netstat,ps,pulseaudio,python*,readlink,realpath,rm,sed,sh,sha1sum,sha256sum,sha512sum,sleep,sort,steam,steamdeps,steam-native,steam-runtime,sum,tail,tar,tclsh,test,touch,tr,umask,uname,update-desktop-database,wc,wget,which,whoami,xterm,xz,zenity | 152 | #private-bin awk,basename,bash,bsdtar,bzip2,cat,chmod,cksum,cmp,comm,compress,cp,curl,cut,date,dbus-launch,dbus-send,desktop-file-edit,desktop-file-install,desktop-file-validate,dirname,echo,env,expr,file,find,getopt,grep,gtar,gzip,head,hostname,id,lbzip2,ldconfig,ldd,ln,ls,lsb_release,lsof,lspci,lz4,lzip,lzma,lzop,md5sum,mkdir,mktemp,mv,netstat,ps,pulseaudio,python*,readlink,realpath,rm,sed,sh,sha1sum,sha256sum,sha512sum,sleep,sort,steam,steamdeps,steam-native,steam-runtime,sum,tail,tar,tclsh,test,touch,tr,umask,uname,update-desktop-database,wc,wget,which,whoami,xterm,xz,zenity |
152 | # extra programs are available which might be needed for select games | 153 | # Extra programs are available which might be needed for select games. |
154 | # Add the next line to your steam.local to enable support for these programs. | ||
153 | #private-bin java,java-config,mono | 155 | #private-bin java,java-config,mono |
154 | # picture viewers are needed for viewing screenshots | 156 | # To view screenshots add the next line to your steam.local. |
155 | #private-bin eog,eom,gthumb,pix,viewnior,xviewer | 157 | #private-bin eog,eom,gthumb,pix,viewnior,xviewer |
156 | 158 | ||
157 | private-dev | 159 | private-dev |
158 | # private-etc breaks a small selection of games on some systems, comment to support those | 160 | # private-etc breaks a small selection of games on some systems. Add 'ignore private-etc' |
161 | # to your steam.local to support those. | ||
159 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl | 162 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl |
160 | private-tmp | 163 | private-tmp |
161 | 164 | ||
162 | # breaks appindicator support | ||
163 | # dbus-user none | 165 | # dbus-user none |
164 | # dbus-system none | 166 | # dbus-system none |
diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile index 2473988e4..b52b25b96 100644 --- a/etc/profile-m-z/sysprof.profile +++ b/etc/profile-m-z/sysprof.profile | |||
@@ -15,8 +15,15 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | # help menu functionality (yelp) - comment or add this block prepended with 'ignore' | 18 | # Add the next lines to your sysprof.local if you don't need (yelp) help menu functionality. |
19 | # to your sysprof.local if you don't need the help functionality | 19 | #ignore noblacklist ${HOME}/.config/yelp |
20 | #ignore mkdir ${HOME}/.config/yelp | ||
21 | #nowhitelist ${HOME}/.config/yelp | ||
22 | #nowhitelist /usr/share/help/C/sysprof | ||
23 | #nowhitelist /usr/share/yelp | ||
24 | #nowhitelist /usr/share/yelp-tools | ||
25 | #nowhitelist /usr/share/yelp-xsl | ||
26 | |||
20 | noblacklist ${HOME}/.config/yelp | 27 | noblacklist ${HOME}/.config/yelp |
21 | mkdir ${HOME}/.config/yelp | 28 | mkdir ${HOME}/.config/yelp |
22 | whitelist ${HOME}/.config/yelp | 29 | whitelist ${HOME}/.config/yelp |
@@ -41,7 +48,8 @@ nodvd | |||
41 | nogroups | 48 | nogroups |
42 | noinput | 49 | noinput |
43 | nonewprivs | 50 | nonewprivs |
44 | # Ubuntu 16.04 version needs root privileges - comment or put 'ignore noroot' in sysprof.local if you run Xenial | 51 | # Some older Debian/Ubuntu sysprof versions need root privileges. |
52 | # Add 'ignore noroot' to your sysprof.local if you run one of these. | ||
45 | noroot | 53 | noroot |
46 | nosound | 54 | nosound |
47 | notv | 55 | notv |
@@ -57,7 +65,7 @@ disable-mnt | |||
57 | private-cache | 65 | private-cache |
58 | private-dev | 66 | private-dev |
59 | private-etc alternatives,fonts,ld.so.cache,machine-id,ssl | 67 | private-etc alternatives,fonts,ld.so.cache,machine-id,ssl |
60 | # private-lib breaks help menu | 68 | # private-lib - breaks help menu |
61 | #private-lib gdk-pixbuf-2.*,gio,gtk3,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*,libsysprof-2.so,libsysprof-ui-2.so | 69 | #private-lib gdk-pixbuf-2.*,gio,gtk3,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*,libsysprof-2.so,libsysprof-ui-2.so |
62 | private-tmp | 70 | private-tmp |
63 | 71 | ||