Encourage making overrides in *.local files (#4165)

* refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments * refactor local override comments
author: glitsj16 <glitsj16@users.noreply.github.com> 2021-04-06 09:26:30 +0000
committer: GitHub <noreply@github.com> 2021-04-06 09:26:30 +0000
commit: 91185bbc4a8e9e8791f297bb731b23a8e80aaf9b (patch)
tree: 4875fd73f59fcabcb145bef7f4d55273f4fc0d46 /etc/profile-a-l/hasher-common.profile
parent: Merge pull request #4161 from glitsj16/signal-desktop (diff)
download: firejail-91185bbc4a8e9e8791f297bb731b23a8e80aaf9b.tar.gz
firejail-91185bbc4a8e9e8791f297bb731b23a8e80aaf9b.tar.zst
firejail-91185bbc4a8e9e8791f297bb731b23a8e80aaf9b.zip
1 files changed, 11 insertions, 12 deletions
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile
index 2f684349d..1633cc3ee 100644
--- a/etc/profile-a-l/hasher-common.profile
+++ b/etc/profile-a-l/hasher-common.profile
@@ -6,24 +6,23 @@ include hasher-common.local
 blacklist ${RUNUSER}
-# WARNING:
+# Comment/uncomment the relevant include file(s) in your hasher-common.local
-# Users can (un)restrict file access for **all** hashers by commenting/uncommenting the needed
+# to (un)restrict file access for **all** hashers. Another option is to do this **per hasher**
-# include file(s) here or by putting those into hasher-common.local.
+# in the relevant <hasher>.local. Beware that things tend to break when overtightening
-# Another option is to do this **per hasher** in the relevant <hasher>.local.
+# profiles. For example, because you only need to hash/check files in ${DOWNLOADS},
-# Just beware that things tend to break when overtightening profiles. For example, because you only
+# other applications may need access to ${HOME}/.local/share.
-# need to hash/check files in ${DOWNLOADS}, other applications may need access to ${HOME}/.local/share.
+# Add the next line to your hasher-common.local if you don't need to hash files in disable-common.inc.
-# Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in disable-common.inc.
 #include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
-# Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in disable-programs.inc.
+# Add the next line to your hasher-common.local if you don't need to hash files in disable-programs.inc.
 #include disable-programs.inc
 include disable-shell.inc
 include disable-write-mnt.inc
-# Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in disable-xdg.inc.
+# Add the next line to your hasher-common.local if you don't need to hash files in disable-xdg.inc.
 #include disable-xdg.inc
 apparmor
@@ -47,10 +46,10 @@ shell none
 tracelog
 x11 none
-# Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in /tmp.
+# Add the next line to your hasher-common.local if you don't need to hash files in ~/.cache.
 #private-cache
 private-dev
-# Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in /tmp.
+# Add the next line to your hasher-common.local if you don't need to hash files in /tmp.
 #private-tmp
 dbus-user none
author	glitsj16 <glitsj16@users.noreply.github.com>	2021-04-06 09:26:30 +0000
committer	GitHub <noreply@github.com>	2021-04-06 09:26:30 +0000
commit	91185bbc4a8e9e8791f297bb731b23a8e80aaf9b (patch)
tree	4875fd73f59fcabcb145bef7f4d55273f4fc0d46 /etc/profile-a-l/hasher-common.profile
parent	Merge pull request #4161 from glitsj16/signal-desktop (diff)
download	firejail-91185bbc4a8e9e8791f297bb731b23a8e80aaf9b.tar.gz firejail-91185bbc4a8e9e8791f297bb731b23a8e80aaf9b.tar.zst firejail-91185bbc4a8e9e8791f297bb731b23a8e80aaf9b.zip

diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile index 2f684349d..1633cc3ee 100644 --- a/etc/profile-a-l/hasher-common.profile +++ b/etc/profile-a-l/hasher-common.profile
@@ -6,24 +6,23 @@ include hasher-common.local
6		6
7	blacklist ${RUNUSER}	7	blacklist ${RUNUSER}
8		8
9	# WARNING:	9	# Comment/uncomment the relevant include file(s) in your hasher-common.local
10	# Users can (un)restrict file access for all hashers by commenting/uncommenting the needed	10	# to (un)restrict file access for all hashers. Another option is to do this per hasher
11	# include file(s) here or by putting those into hasher-common.local.	11	# in the relevant <hasher>.local. Beware that things tend to break when overtightening
12	# Another option is to do this per hasher in the relevant <hasher>.local.	12	# profiles. For example, because you only need to hash/check files in ${DOWNLOADS},
13	# Just beware that things tend to break when overtightening profiles. For example, because you only	13	# other applications may need access to ${HOME}/.local/share.
14	# need to hash/check files in ${DOWNLOADS}, other applications may need access to ${HOME}/.local/share.	14
15		15	# Add the next line to your hasher-common.local if you don't need to hash files in disable-common.inc.
16	# Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in disable-common.inc.
17	#include disable-common.inc	16	#include disable-common.inc
18	include disable-devel.inc	17	include disable-devel.inc
19	include disable-exec.inc	18	include disable-exec.inc
20	include disable-interpreters.inc	19	include disable-interpreters.inc
21	include disable-passwdmgr.inc	20	include disable-passwdmgr.inc
22	# Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in disable-programs.inc.	21	# Add the next line to your hasher-common.local if you don't need to hash files in disable-programs.inc.
23	#include disable-programs.inc	22	#include disable-programs.inc
24	include disable-shell.inc	23	include disable-shell.inc
25	include disable-write-mnt.inc	24	include disable-write-mnt.inc
26	# Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in disable-xdg.inc.	25	# Add the next line to your hasher-common.local if you don't need to hash files in disable-xdg.inc.
27	#include disable-xdg.inc	26	#include disable-xdg.inc
28		27
29	apparmor	28	apparmor
@@ -47,10 +46,10 @@ shell none
47	tracelog	46	tracelog
48	x11 none	47	x11 none
49		48
50	# Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in /tmp.	49	# Add the next line to your hasher-common.local if you don't need to hash files in ~/.cache.
51	#private-cache	50	#private-cache
52	private-dev	51	private-dev
53	# Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in /tmp.	52	# Add the next line to your hasher-common.local if you don't need to hash files in /tmp.
54	#private-tmp	53	#private-tmp
55		54
56	dbus-user none	55	dbus-user none