diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2022-11-23 16:39:07 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-23 16:39:07 +0000 |
commit | 1a6993272070f9c10e5aead787f593037526c325 (patch) | |
tree | 3bfb6e5891b430f12b10893a49288dc3bd63ca4d /etc/profile-a-l | |
parent | Merge pull request #5429 from kmk3/sort-py-improvements (diff) | |
parent | Update etc/profile-a-l/evince.profile (diff) | |
download | firejail-1a6993272070f9c10e5aead787f593037526c325.tar.gz firejail-1a6993272070f9c10e5aead787f593037526c325.tar.zst firejail-1a6993272070f9c10e5aead787f593037526c325.zip |
Merge pull request #5442 from rusty-snake/fixes
Profile fixes
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/brave.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/evince.profile | 13 |
2 files changed, 8 insertions, 7 deletions
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile index 09548c761..071a279b0 100644 --- a/etc/profile-a-l/brave.profile +++ b/etc/profile-a-l/brave.profile | |||
@@ -13,6 +13,8 @@ ignore noexec /tmp | |||
13 | # you will need to uncomment the 'brave + tor' rule in /etc/apparmor.d/local/firejail-default. | 13 | # you will need to uncomment the 'brave + tor' rule in /etc/apparmor.d/local/firejail-default. |
14 | # Alternatively you can add 'ignore apparmor' to your brave.local. | 14 | # Alternatively you can add 'ignore apparmor' to your brave.local. |
15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
16 | # Causes slow starts (#4604) | ||
17 | ignore private-cache | ||
16 | 18 | ||
17 | noblacklist ${HOME}/.cache/BraveSoftware | 19 | noblacklist ${HOME}/.cache/BraveSoftware |
18 | noblacklist ${HOME}/.config/BraveSoftware | 20 | noblacklist ${HOME}/.config/BraveSoftware |
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index 21bf7eabf..eec9f86db 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile | |||
@@ -6,9 +6,9 @@ include evince.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # WARNING: using bookmarks possibly exposes information, including file history from other programs. | 9 | # WARNING: This exposes information like file history from other programs. |
10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). | 10 | # You can add a blacklist for it in your evince.local for additional hardening if you can live with some restrictions. |
11 | #noblacklist ${HOME}/.local/share/gvfs-metadata | 11 | noblacklist ${HOME}/.local/share/gvfs-metadata |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/evince | 13 | noblacklist ${HOME}/.config/evince |
14 | noblacklist ${DOCUMENTS} | 14 | noblacklist ${DOCUMENTS} |
@@ -59,9 +59,8 @@ private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd | |||
59 | private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libarchive.so.*,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* | 59 | private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libarchive.so.*,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* |
60 | private-tmp | 60 | private-tmp |
61 | 61 | ||
62 | # dbus-user filtering might break two-page-view on some systems | ||
63 | dbus-user filter | 62 | dbus-user filter |
64 | # Add the next two lines to your evince.local if you need bookmarks support. | 63 | dbus-user.talk ca.desrt.dconf |
65 | #dbus-user.talk org.gtk.vfs.Daemon | 64 | dbus-user.talk org.gtk.vfs.Daemon |
66 | #dbus-user.talk org.gtk.vfs.Metadata | 65 | dbus-user.talk org.gtk.vfs.Metadata |
67 | dbus-system none | 66 | dbus-system none |