Improvements to balsa,fractal,gajim,trojita (#3791)

* Improvements to balsa,fractal,gajim,trojita * sort * Add gpg plugin support to gajim,remove notifications dbus from trojita * Add dbus policy from flatpak per @rusty-snake * Add python* to private-bin; remove some dbus Co-authored-by: kortewegdevries <kortewegdevries@protonmail.ch>
author: bbhtt <62639087+bbhtt@users.noreply.github.com> 2021-01-11 16:23:35 +0000
committer: GitHub <noreply@github.com> 2021-01-11 16:23:35 +0000
commit: 337d7aeecf427ca88bb0aff2fb4557165a0fcab4 (patch)
tree: 029ba665c6d76476eebf7b6faec622c804b3f167 /etc/profile-a-l/gajim.profile
parent: Merge pull request #3879 from aidalgol/steam-arma3-fix (diff)
download: firejail-337d7aeecf427ca88bb0aff2fb4557165a0fcab4.tar.gz
firejail-337d7aeecf427ca88bb0aff2fb4557165a0fcab4.tar.zst
firejail-337d7aeecf427ca88bb0aff2fb4557165a0fcab4.zip
1 files changed, 27 insertions, 3 deletions
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile
index 85d9b9bd9..125ddf79c 100644
--- a/etc/profile-a-l/gajim.profile
+++ b/etc/profile-a-l/gajim.profile
@@ -6,6 +6,7 @@ include gajim.local
 # Persistent global definitions
 include globals.local
+noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.cache/gajim
 noblacklist ${HOME}/.config/gajim
 noblacklist ${HOME}/.local/share/gajim
@@ -20,19 +21,27 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-# Comment the following line if you need to whitelist other folders than ~/Downloads
+# Comment the following line if you need to whitelist folders other than ~/Downloads
 include disable-xdg.inc
+mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.cache/gajim
 mkdir ${HOME}/.config/gajim
 mkdir ${HOME}/.local/share/gajim
+whitelist ${HOME}/.gnupg
 whitelist ${HOME}/.cache/gajim
 whitelist ${HOME}/.config/gajim
 whitelist ${HOME}/.local/share/gajim
 whitelist ${DOWNLOADS}
+whitelist ${RUNUSER}/gnupg
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 netfilter
 nodvd
@@ -47,9 +56,24 @@ shell none
 tracelog
 disable-mnt
-private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python,python3,sh,zsh
+private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python*,sh,zsh
+private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,xdg
 private-tmp
+writable-run-user
+dbus-user filter
+dbus-user.own org.gajim.Gajim
+dbus-user.talk org.gnome.Mutter.IdleMonitor
+dbus-user.talk ca.desrt.dconf
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.freedesktop.secrets
+dbus-user.talk org.kde.kwalletd5
+dbus-user.talk org.mpris.MediaPlayer2.*
+dbus-system filter
+dbus-system.talk org.freedesktop.login1
+# Uncomment for location plugin support
+#dbus-system.talk org.freedesktop.GeoClue2
 join-or-start gajim
author	bbhtt <62639087+bbhtt@users.noreply.github.com>	2021-01-11 16:23:35 +0000
committer	GitHub <noreply@github.com>	2021-01-11 16:23:35 +0000
commit	337d7aeecf427ca88bb0aff2fb4557165a0fcab4 (patch)
tree	029ba665c6d76476eebf7b6faec622c804b3f167 /etc/profile-a-l/gajim.profile
parent	Merge pull request #3879 from aidalgol/steam-arma3-fix (diff)
download	firejail-337d7aeecf427ca88bb0aff2fb4557165a0fcab4.tar.gz firejail-337d7aeecf427ca88bb0aff2fb4557165a0fcab4.tar.zst firejail-337d7aeecf427ca88bb0aff2fb4557165a0fcab4.zip