diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2023-07-25 19:36:31 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-25 19:36:31 +0000 |
commit | a95a742727b09dd773fff08e1bdc9b9415dc0c27 (patch) | |
tree | 7772342cfab5ca067f84a634fed4a1e8ffc22a7c /etc/profile-a-l/kube.profile | |
parent | profiles: Miscellaneous cleanups (#5918) (diff) | |
download | firejail-a95a742727b09dd773fff08e1bdc9b9415dc0c27.tar.gz firejail-a95a742727b09dd773fff08e1bdc9b9415dc0c27.tar.zst firejail-a95a742727b09dd773fff08e1bdc9b9415dc0c27.zip |
profiles: fixes and cleanups for opening links with firefox (#5919)
Diffstat (limited to 'etc/profile-a-l/kube.profile')
-rw-r--r-- | etc/profile-a-l/kube.profile | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 5cf30ed40..82336969d 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile | |||
@@ -6,11 +6,10 @@ include kube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnupg | ||
10 | noblacklist ${HOME}/.mozilla | ||
11 | noblacklist ${HOME}/.cache/kube | 9 | noblacklist ${HOME}/.cache/kube |
12 | noblacklist ${HOME}/.config/kube | 10 | noblacklist ${HOME}/.config/kube |
13 | noblacklist ${HOME}/.config/sink | 11 | noblacklist ${HOME}/.config/sink |
12 | noblacklist ${HOME}/.gnupg | ||
14 | noblacklist ${HOME}/.local/share/kube | 13 | noblacklist ${HOME}/.local/share/kube |
15 | noblacklist ${HOME}/.local/share/sink | 14 | noblacklist ${HOME}/.local/share/sink |
16 | 15 | ||
@@ -22,23 +21,28 @@ include disable-programs.inc | |||
22 | include disable-shell.inc | 21 | include disable-shell.inc |
23 | include disable-xdg.inc | 22 | include disable-xdg.inc |
24 | 23 | ||
25 | mkdir ${HOME}/.gnupg | 24 | # The lines below are needed to find the default Firefox profile name, to allow |
25 | # opening links in an existing instance of Firefox (note that it still fails if | ||
26 | # there isn't a Firefox instance running with the default profile; see #5352) | ||
27 | noblacklist ${HOME}/.mozilla | ||
28 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
29 | |||
26 | mkdir ${HOME}/.cache/kube | 30 | mkdir ${HOME}/.cache/kube |
27 | mkdir ${HOME}/.config/kube | 31 | mkdir ${HOME}/.config/kube |
28 | mkdir ${HOME}/.config/sink | 32 | mkdir ${HOME}/.config/sink |
33 | mkdir ${HOME}/.gnupg | ||
29 | mkdir ${HOME}/.local/share/kube | 34 | mkdir ${HOME}/.local/share/kube |
30 | mkdir ${HOME}/.local/share/sink | 35 | mkdir ${HOME}/.local/share/sink |
31 | whitelist ${HOME}/.gnupg | ||
32 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
33 | whitelist ${HOME}/.cache/kube | 36 | whitelist ${HOME}/.cache/kube |
34 | whitelist ${HOME}/.config/kube | 37 | whitelist ${HOME}/.config/kube |
35 | whitelist ${HOME}/.config/sink | 38 | whitelist ${HOME}/.config/sink |
39 | whitelist ${HOME}/.gnupg | ||
36 | whitelist ${HOME}/.local/share/kube | 40 | whitelist ${HOME}/.local/share/kube |
37 | whitelist ${HOME}/.local/share/sink | 41 | whitelist ${HOME}/.local/share/sink |
38 | whitelist ${RUNUSER}/gnupg | 42 | whitelist ${RUNUSER}/gnupg |
39 | whitelist /usr/share/kube | ||
40 | whitelist /usr/share/gnupg | 43 | whitelist /usr/share/gnupg |
41 | whitelist /usr/share/gnupg2 | 44 | whitelist /usr/share/gnupg2 |
45 | whitelist /usr/share/kube | ||
42 | include whitelist-common.inc | 46 | include whitelist-common.inc |
43 | include whitelist-runuser-common.inc | 47 | include whitelist-runuser-common.inc |
44 | include whitelist-usr-share-common.inc | 48 | include whitelist-usr-share-common.inc |
@@ -63,7 +67,6 @@ tracelog | |||
63 | 67 | ||
64 | # disable-mnt | 68 | # disable-mnt |
65 | # Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg | 69 | # Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg |
66 | # Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile. | ||
67 | private-bin kube,sink_synchronizer | 70 | private-bin kube,sink_synchronizer |
68 | private-cache | 71 | private-cache |
69 | private-dev | 72 | private-dev |
@@ -75,6 +78,8 @@ dbus-user filter | |||
75 | dbus-user.talk ca.desrt.dconf | 78 | dbus-user.talk ca.desrt.dconf |
76 | dbus-user.talk org.freedesktop.secrets | 79 | dbus-user.talk org.freedesktop.secrets |
77 | dbus-user.talk org.freedesktop.Notifications | 80 | dbus-user.talk org.freedesktop.Notifications |
81 | # allow D-Bus communication with firefox for opening links | ||
82 | dbus-user.talk org.mozilla.* | ||
78 | dbus-system none | 83 | dbus-system none |
79 | 84 | ||
80 | restrict-namespaces | 85 | restrict-namespaces |