diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-10-25 10:45:25 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-10-25 10:45:25 -0400 |
| commit | 5a52191865c5f0cdbc610b0ad656b919f0dc1605 (patch) | |
| tree | 0f821744e282d9c4409242b43c9ea6db8857f4ed /README.md | |
| parent | fix struct stat64 problem for musl libc (diff) | |
| download | firejail-5a52191865c5f0cdbc610b0ad656b919f0dc1605.tar.gz firejail-5a52191865c5f0cdbc610b0ad656b919f0dc1605.tar.zst firejail-5a52191865c5f0cdbc610b0ad656b919f0dc1605.zip | |
default Firefox whitelisting
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 39 |
1 files changed, 16 insertions, 23 deletions
| @@ -34,34 +34,27 @@ FAQ: https://l3net.wordpress.com/projects/firejail/firejail-faq/ | |||
| 34 | 34 | ||
| 35 | 35 | ||
| 36 | 36 | ||
| 37 | ## Known Problems | 37 | ## New features in the development version |
| 38 | 38 | ||
| 39 | ### PulseAudio 7.0 | 39 | ### Enable whitelists in Firefox default profile |
| 40 | 40 | ||
| 41 | The srbchannel IPC mechanism, introduced in PulseAudio 6.0, was enabled by default in release 7.0. | 41 | The next release will bring in default whitelisting for Firefox files and folders under /home/user. |
| 42 | Arch Linux users are reporting sound problems when running applications in Firejail sandbox. | 42 | If you start the sandbox without any other options, this is what you'll get: |
| 43 | A preliminary fix was introduced on master branch. The fix is available in release 0.9.32, and disables PulseAudio shared memory functionality | ||
| 44 | inside the sandbox. If you are seeing any problems, | ||
| 45 | please let us know here: https://github.com/netblue30/firejail/issues/69 | ||
| 46 | 43 | ||
| 47 | If you are unable to update Firejail, or if you want to continue using the latest released version, these are some workarounds: | 44 |  |
| 48 | 45 | ||
| 49 | * Running ALSA | 46 | The code is located in etc/firefox.inc file: |
| 50 | 47 | ||
| 51 | By default, if Firefox fails to connect to PulseAudio, it will connect directly to ALSA. | ||
| 52 | Also by default, ALSA comes with the sound volume down. You would need to install *alsamixer* | ||
| 53 | (*alsa-utils* package) or *gnome-alsamixer*, run it, and crank up the volume (both Master and PCM). | ||
| 54 | |||
| 55 | * Disable shm functionality in PulseAudio | ||
| 56 | ````` | 48 | ````` |
| 57 | $ mkdir -p ~/.config/pulse | 49 | whitelist ~/.mozilla |
| 58 | $ cd ~/.config/pulse | 50 | whitelist ~/Downloads |
| 59 | $ cp /etc/pulse/client.conf . | 51 | whitelist ~/dwhelper |
| 60 | $ echo "enable-shm = no" >> client.conf | 52 | whitelist ~/.zotero |
| 53 | whitelist ~/.lastpass | ||
| 61 | ````` | 54 | ````` |
| 62 | * Disable srbchannel IPC mechanism in version 7.0 | ||
| 63 | |||
| 64 | Edit /etc/pulse/default.pa – change the line "load-module module-native-protocol-unix" | ||
| 65 | to "load-module module-native-protocol-unix srbchannel=no" and restart PulseAudio daemon. | ||
| 66 | |||
| 67 | 55 | ||
| 56 | I intend to bring in all files and directories used by Firefox addons and plugins. So far I have | ||
| 57 | [Video DownloadHelper](https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper/), | ||
| 58 | [Zotero](https://www.zotero.org/download/) and | ||
| 59 | [LastPass](https://addons.mozilla.org/en-US/firefox/addon/lastpass-password-manager/). | ||
| 60 | If you're using a anything else, please let me know. | ||