recalibrate dbus access, deploy nodbus option

see #1822 and #1825. also systematically replaces 'blacklist /run/user/*/bus' with 'nodbus'. with contributions from @Fred-Barclay
author: smitsohu <smitsohu@gmail.com> 2018-03-28 01:20:21 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-03-28 03:23:59 +0200
commit: 7a37dc31ab907d55eb88f2fa259f37046952a0c5 (patch)
tree: b6a3e76842eeb8c455e00585de0ab9fc38ef4fe0 /etc/chromium-common.profile
parent: Enable nodbus for keepassx and keepassxc profiles. (diff)
download: firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.gz
firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.zst
firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile
index a11947334..7f07c5b26 100644
--- a/etc/chromium-common.profile
+++ b/etc/chromium-common.profile
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc
 apparmor
 caps.keep sys_chroot,sys_admin
 netfilter
+nodbus
 nodvd
 nogroups
 notv
@@ -31,3 +32,6 @@ private-dev
 noexec ${HOME}
 noexec /tmp
+# the file dialog needs to work without d-bus
+env NO_CHROME_KDE_FILE_DIALOG=1
author	smitsohu <smitsohu@gmail.com>	2018-03-28 01:20:21 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-03-28 03:23:59 +0200
commit	7a37dc31ab907d55eb88f2fa259f37046952a0c5 (patch)
tree	b6a3e76842eeb8c455e00585de0ab9fc38ef4fe0 /etc/chromium-common.profile
parent	Enable nodbus for keepassx and keepassxc profiles. (diff)
download	firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.gz firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.zst firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.zip