diff options
author | Vladimir Schowalter <VladimirSchowalter20@users.noreply.github.com> | 2017-08-06 22:42:24 +0100 |
---|---|---|
committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-08-06 16:42:24 -0500 |
commit | 20fbc19e57da1c409b139ffb1b211ceb5f8c6050 (patch) | |
tree | ed575e03159767a085c55e42ff54fc46b05bc9fb /etc/eom.profile | |
parent | Seccomp: split @default into more meaningful smaller groups (diff) | |
download | firejail-20fbc19e57da1c409b139ffb1b211ceb5f8c6050.tar.gz firejail-20fbc19e57da1c409b139ffb1b211ceb5f8c6050.tar.zst firejail-20fbc19e57da1c409b139ffb1b211ceb5f8c6050.zip |
various profile fixes (#1433)
* calibre: add netlink protocol (FB note: removed before merge)
calibre started without netlink protocol throws following error in console:
Exception in thread Thread-8:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
self.run()
File "/usr/lib/calibre/calibre/utils/mdns.py", line 43, in run
_all_ip_addresses = self.get_all_ips()
File "/usr/lib/calibre/calibre/utils/mdns.py", line 27, in get_all_ips
for x in netifaces.interfaces():
OSError: [Errno 95] Operation not supported
* mpv: add nogroups, tracelog, ipc-namespace, private-dev
I used testes all above options and didn't noticed any breakage.
* qbittorrent: add netlink protocol, private-etc
Netlink protocol is needed if user select to bind specific network interface in config. Otherwise it throws an error in qbittorent log:
The network interface defined is invalid: tun0
Example private-etc is added but commented out by default. It's tested but as there are many different system configurations users should enable it manually.
* vlc: disable memory-deny-write-execute
With memory-deny-write-execute vlc freezes after loading video file. According to https://github.com/VladimirSchowalter20/firejail/commit/b18f42ab0236de7eed5888f43ba36cdaf990cbca memory-deny-write-execute is similar to PAX mprotect feature and linked github project explicitly disables that feature for vlc binary, see https://github.com/copperhead/paxd-archive/commit/deb39e0b91996e2e9c7917b3543030880cd476f4
* Update vlc.profile
* wine: add nogroups
Nogroups should be safe addition for wine
* wireshark: allow users to run wireshark as non-root
Wireshark can be run unprivileged when user is part of wireshark group. Unfortunately enabling nogroups,nonewprivs and seccomp will break it with permissions errors.
Also added example private-etc option which is commented out by default for now.
* cosmetic fix
* mpv: comment out ipc-namespace for now
As requested in review https://github.com/netblue30/firejail/pull/1433#discussion_r131550515
* calibre: disable netlink protocol
It throws an error but actual breakage isn't observed for now.
Diffstat (limited to 'etc/eom.profile')
0 files changed, 0 insertions, 0 deletions