diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-05-02 00:15:12 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-05-02 00:15:12 +0000 |
commit | 7734a60d6fa12b22f179fe502d4bec70dba6d243 (patch) | |
tree | 57f8f69d6079ab42bf0f00c5341661d7d976e0d5 /etc/enpass.profile | |
parent | Comment fixes (#2674) (diff) | |
download | firejail-7734a60d6fa12b22f179fe502d4bec70dba6d243.tar.gz firejail-7734a60d6fa12b22f179fe502d4bec70dba6d243.tar.zst firejail-7734a60d6fa12b22f179fe502d4bec70dba6d243.zip |
Support Enpass v6 (#2672)
* Refactor enpass profile
Upstream enpass version 6 needs profile adjustments. These are integrated into the refactored profile without dropping support for older versions.
* Support newer Enpass in disable-programs.inc
* Re-add no3d and move whitelist lines in enpass.profile
Diffstat (limited to 'etc/enpass.profile')
-rw-r--r-- | etc/enpass.profile | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/etc/enpass.profile b/etc/enpass.profile index 284b9259d..b337c721d 100644 --- a/etc/enpass.profile +++ b/etc/enpass.profile | |||
@@ -6,7 +6,10 @@ include enpass.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Enpass | ||
10 | noblacklist ${HOME}/.config/sinew.in | ||
9 | noblacklist ${HOME}/.config/Sinew Software Systems | 11 | noblacklist ${HOME}/.config/Sinew Software Systems |
12 | noblacklist ${HOME}/.local/share/Enpass | ||
10 | noblacklist ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
11 | 14 | ||
12 | include disable-common.inc | 15 | include disable-common.inc |
@@ -17,11 +20,21 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 20 | include disable-programs.inc |
18 | include disable-xdg.inc | 21 | include disable-xdg.inc |
19 | 22 | ||
23 | whitelist ${HOME}/.cache/Enpass | ||
24 | whitelist ${HOME}/.config/sinew.in | ||
25 | whitelist ${HOME}/.config/Sinew Software Systems | ||
26 | whitelist ${HOME}/.local/share/Enpass | ||
27 | whitelist ${DOCUMENTS} | ||
28 | |||
20 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
21 | 30 | ||
31 | # machine-id and nosound break audio notification functionality | ||
32 | # comment both if you need that functionality or put 'ignore machine-id' | ||
33 | # and 'ignore nosound' in your enpass.local | ||
34 | |||
22 | caps.drop all | 35 | caps.drop all |
23 | machine-id | 36 | machine-id |
24 | net none | 37 | netfilter |
25 | no3d | 38 | no3d |
26 | nodvd | 39 | nodvd |
27 | nogroups | 40 | nogroups |
@@ -31,14 +44,15 @@ nosound | |||
31 | notv | 44 | notv |
32 | nou2f | 45 | nou2f |
33 | novideo | 46 | novideo |
34 | protocol unix | 47 | protocol unix,inet,inet6,netlink |
35 | seccomp | 48 | seccomp |
36 | shell none | 49 | shell none |
37 | tracelog | 50 | tracelog |
38 | 51 | ||
39 | private-bin sh,readlink,dirname | 52 | private-bin dirname,Enpass,importer_enpass,sh,readlink |
53 | ?HAS_APPIMAGE: ignore private-dev | ||
40 | private-dev | 54 | private-dev |
41 | private-opt Enpass | 55 | private-opt Enpass |
42 | private-tmp | 56 | private-tmp |
43 | 57 | ||
44 | memory-deny-write-execute | 58 | #memory-deny-write-execute - breaks on Arch |