diff options
author | bbhtt <62639087+bbhtt@users.noreply.github.com> | 2021-01-11 16:23:35 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-11 16:23:35 +0000 |
commit | 337d7aeecf427ca88bb0aff2fb4557165a0fcab4 (patch) | |
tree | 029ba665c6d76476eebf7b6faec622c804b3f167 /etc/profile-a-l/gajim.profile | |
parent | Merge pull request #3879 from aidalgol/steam-arma3-fix (diff) | |
download | firejail-337d7aeecf427ca88bb0aff2fb4557165a0fcab4.tar.gz firejail-337d7aeecf427ca88bb0aff2fb4557165a0fcab4.tar.zst firejail-337d7aeecf427ca88bb0aff2fb4557165a0fcab4.zip |
Improvements to balsa,fractal,gajim,trojita (#3791)
* Improvements to balsa,fractal,gajim,trojita
* sort
* Add gpg plugin support to gajim,remove notifications dbus from trojita
* Add dbus policy from flatpak per @rusty-snake
* Add python* to private-bin; remove some dbus
Co-authored-by: kortewegdevries <kortewegdevries@protonmail.ch>
Diffstat (limited to 'etc/profile-a-l/gajim.profile')
-rw-r--r-- | etc/profile-a-l/gajim.profile | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index 85d9b9bd9..125ddf79c 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile | |||
@@ -6,6 +6,7 @@ include gajim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnupg | ||
9 | noblacklist ${HOME}/.cache/gajim | 10 | noblacklist ${HOME}/.cache/gajim |
10 | noblacklist ${HOME}/.config/gajim | 11 | noblacklist ${HOME}/.config/gajim |
11 | noblacklist ${HOME}/.local/share/gajim | 12 | noblacklist ${HOME}/.local/share/gajim |
@@ -20,19 +21,27 @@ include disable-exec.inc | |||
20 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 23 | include disable-programs.inc |
23 | # Comment the following line if you need to whitelist other folders than ~/Downloads | 24 | # Comment the following line if you need to whitelist folders other than ~/Downloads |
24 | include disable-xdg.inc | 25 | include disable-xdg.inc |
25 | 26 | ||
27 | mkdir ${HOME}/.gnupg | ||
26 | mkdir ${HOME}/.cache/gajim | 28 | mkdir ${HOME}/.cache/gajim |
27 | mkdir ${HOME}/.config/gajim | 29 | mkdir ${HOME}/.config/gajim |
28 | mkdir ${HOME}/.local/share/gajim | 30 | mkdir ${HOME}/.local/share/gajim |
31 | whitelist ${HOME}/.gnupg | ||
29 | whitelist ${HOME}/.cache/gajim | 32 | whitelist ${HOME}/.cache/gajim |
30 | whitelist ${HOME}/.config/gajim | 33 | whitelist ${HOME}/.config/gajim |
31 | whitelist ${HOME}/.local/share/gajim | 34 | whitelist ${HOME}/.local/share/gajim |
32 | whitelist ${DOWNLOADS} | 35 | whitelist ${DOWNLOADS} |
36 | whitelist ${RUNUSER}/gnupg | ||
37 | whitelist /usr/share/gnupg | ||
38 | whitelist /usr/share/gnupg2 | ||
33 | include whitelist-common.inc | 39 | include whitelist-common.inc |
40 | include whitelist-runuser-common.inc | ||
41 | include whitelist-usr-share-common.inc | ||
34 | include whitelist-var-common.inc | 42 | include whitelist-var-common.inc |
35 | 43 | ||
44 | apparmor | ||
36 | caps.drop all | 45 | caps.drop all |
37 | netfilter | 46 | netfilter |
38 | nodvd | 47 | nodvd |
@@ -47,9 +56,24 @@ shell none | |||
47 | tracelog | 56 | tracelog |
48 | 57 | ||
49 | disable-mnt | 58 | disable-mnt |
50 | private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python,python3,sh,zsh | 59 | private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python*,sh,zsh |
60 | private-cache | ||
51 | private-dev | 61 | private-dev |
52 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl | 62 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,xdg |
53 | private-tmp | 63 | private-tmp |
64 | writable-run-user | ||
65 | |||
66 | dbus-user filter | ||
67 | dbus-user.own org.gajim.Gajim | ||
68 | dbus-user.talk org.gnome.Mutter.IdleMonitor | ||
69 | dbus-user.talk ca.desrt.dconf | ||
70 | dbus-user.talk org.freedesktop.Notifications | ||
71 | dbus-user.talk org.freedesktop.secrets | ||
72 | dbus-user.talk org.kde.kwalletd5 | ||
73 | dbus-user.talk org.mpris.MediaPlayer2.* | ||
74 | dbus-system filter | ||
75 | dbus-system.talk org.freedesktop.login1 | ||
76 | # Uncomment for location plugin support | ||
77 | #dbus-system.talk org.freedesktop.GeoClue2 | ||
54 | 78 | ||
55 | join-or-start gajim | 79 | join-or-start gajim |