profiles: improvements to profiles using private (#5946)

Changes: * comment `include whitelist-common.inc` when using `private` * drop `private` on profiles that access files in `${HOME}` * use `#` in comments Relates to #903.
author: glitsj16 <glitsj16@users.noreply.github.com> 2023-08-11 03:54:39 +0000
committer: GitHub <noreply@github.com> 2023-08-11 03:54:39 +0000
commit: a3a41b8fff7763862b07db00b0357f20774687f5 (patch)
tree: 9a6bebb77b42aeea30539077032f856a595681f2 /etc/profile-a-l/dbus-send.profile
parent: 0ad.profile: fix libmozjs error on OpenSUSE Tumbleweed (#5944) (diff)
download: firejail-a3a41b8fff7763862b07db00b0357f20774687f5.tar.gz
firejail-a3a41b8fff7763862b07db00b0357f20774687f5.tar.zst
firejail-a3a41b8fff7763862b07db00b0357f20774687f5.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile
index 80790bb0c..70bd7370d 100644
--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@@ -19,7 +19,7 @@ include disable-shell.inc
 include disable-write-mnt.inc
 include disable-xdg.inc
-include whitelist-common.inc
+#include whitelist-common.inc # see #903
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
@@ -28,8 +28,7 @@ apparmor
 caps.drop all
 ipc-namespace
 machine-id
-# Breaks abstract sockets
+#net none # breaks abstract sockets
-#net none
 netfilter
 no3d
 nodvd
author	glitsj16 <glitsj16@users.noreply.github.com>	2023-08-11 03:54:39 +0000
committer	GitHub <noreply@github.com>	2023-08-11 03:54:39 +0000
commit	a3a41b8fff7763862b07db00b0357f20774687f5 (patch)
tree	9a6bebb77b42aeea30539077032f856a595681f2 /etc/profile-a-l/dbus-send.profile
parent	0ad.profile: fix libmozjs error on OpenSUSE Tumbleweed (#5944) (diff)
download	firejail-a3a41b8fff7763862b07db00b0357f20774687f5.tar.gz firejail-a3a41b8fff7763862b07db00b0357f20774687f5.tar.zst firejail-a3a41b8fff7763862b07db00b0357f20774687f5.zip

diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 80790bb0c..70bd7370d 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile
@@ -19,7 +19,7 @@ include disable-shell.inc
19	include disable-write-mnt.inc	19	include disable-write-mnt.inc
20	include disable-xdg.inc	20	include disable-xdg.inc
21		21
22	include whitelist-common.inc	22	#include whitelist-common.inc # see #903
23	include whitelist-runuser-common.inc	23	include whitelist-runuser-common.inc
24	include whitelist-usr-share-common.inc	24	include whitelist-usr-share-common.inc
25	include whitelist-var-common.inc	25	include whitelist-var-common.inc
@@ -28,8 +28,7 @@ apparmor
28	caps.drop all	28	caps.drop all
29	ipc-namespace	29	ipc-namespace
30	machine-id	30	machine-id
31	# Breaks abstract sockets	31	#net none # breaks abstract sockets
32	#net none
33	netfilter	32	netfilter
34	no3d	33	no3d
35	nodvd	34	nodvd