diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2021-05-13 13:48:23 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-13 13:48:23 +0000 |
commit | 9fca4500c4d527afce3bd2228388c4a1990772a9 (patch) | |
tree | df014efe5652cb3f8d5a215caa1006e3fb770cae /etc/profile-a-l | |
parent | Manpage fixes (diff) | |
download | firejail-9fca4500c4d527afce3bd2228388c4a1990772a9.tar.gz firejail-9fca4500c4d527afce3bd2228388c4a1990772a9.tar.zst firejail-9fca4500c4d527afce3bd2228388c4a1990772a9.zip |
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* fix noroot comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630981737).
* fix dbus-user comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630982527).
* fix private-dev comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630980029).
* fix private-etc comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630979698).
* move writable-var comment cfr. profile.template
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/amarok.profile | 8 | ||||
-rw-r--r-- | etc/profile-a-l/cin.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/enpass.profile | 8 | ||||
-rw-r--r-- | etc/profile-a-l/eog.profile | 10 | ||||
-rw-r--r-- | etc/profile-a-l/eom.profile | 9 | ||||
-rw-r--r-- | etc/profile-a-l/libreoffice.profile | 18 | ||||
-rw-r--r-- | etc/profile-a-l/librewolf.profile | 21 |
7 files changed, 41 insertions, 35 deletions
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile index a15d3628d..a7caddc4c 100644 --- a/etc/profile-a-l/amarok.profile +++ b/etc/profile-a-l/amarok.profile | |||
@@ -35,14 +35,14 @@ private-dev | |||
35 | # private-etc alternatives,asound.conf,ca-certificates,crypto-policies,machine-id,pki,pulse,ssl | 35 | # private-etc alternatives,asound.conf,ca-certificates,crypto-policies,machine-id,pki,pulse,ssl |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | # If you ain't on kde-plasma you need to uncomment the following | ||
39 | dbus-user filter | 38 | dbus-user filter |
40 | dbus-user.own org.kde.amarok | 39 | dbus-user.own org.kde.amarok |
41 | #dbus-user.own org.kde.kded | ||
42 | #dbus-user.own org.kde.klauncher | ||
43 | dbus-user.own org.mpris.amarok | 40 | dbus-user.own org.mpris.amarok |
44 | dbus-user.own org.mpris.MediaPlayer2.amarok | 41 | dbus-user.own org.mpris.MediaPlayer2.amarok |
45 | dbus-user.talk org.freedesktop.Notifications | 42 | dbus-user.talk org.freedesktop.Notifications |
46 | #dbus-user.talk org.kde.knotify | ||
47 | dbus-user.talk org.kde.StatusNotifierWatcher | 43 | dbus-user.talk org.kde.StatusNotifierWatcher |
44 | # If you're not on kde-plasma add the next lines to your amarok.local. | ||
45 | #dbus-user.own org.kde.kded | ||
46 | #dbus-user.own org.kde.klauncher | ||
47 | #dbus-user.talk org.kde.knotify | ||
48 | dbus-system none | 48 | dbus-system none |
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile index 542d6600d..e1f9523c4 100644 --- a/etc/profile-a-l/cin.profile +++ b/etc/profile-a-l/cin.profile | |||
@@ -26,7 +26,7 @@ nou2f | |||
26 | noroot | 26 | noroot |
27 | protocol unix | 27 | protocol unix |
28 | 28 | ||
29 | # if an 1-1.2% gap per thread hurts you, comment seccomp | 29 | # If a 1-1.2% gap per thread hurts you, add 'ignore seccomp' to your cin.local. |
30 | seccomp | 30 | seccomp |
31 | shell none | 31 | shell none |
32 | 32 | ||
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile index feae5abb3..c4123b4c2 100644 --- a/etc/profile-a-l/enpass.profile +++ b/etc/profile-a-l/enpass.profile | |||
@@ -32,10 +32,10 @@ whitelist ${DOCUMENTS} | |||
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
35 | # machine-id and nosound break audio notification functionality | 35 | # machine-id and nosound break audio notification functionality. |
36 | # comment both if you need that functionality or put 'ignore machine-id' | 36 | # Add the next lines to your enpass.local if you need that functionality. |
37 | # and 'ignore nosound' in your enpass.local | 37 | #ignore machine-id |
38 | 38 | #ignore nosound | |
39 | caps.drop all | 39 | caps.drop all |
40 | machine-id | 40 | machine-id |
41 | netfilter | 41 | netfilter |
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile index aabef65fc..5892374bd 100644 --- a/etc/profile-a-l/eog.profile +++ b/etc/profile-a-l/eog.profile | |||
@@ -10,11 +10,13 @@ noblacklist ${HOME}/.config/eog | |||
10 | 10 | ||
11 | whitelist /usr/share/eog | 11 | whitelist /usr/share/eog |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager' | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # comment those if you need that functionality | 14 | # Add the next lines to your eog.local if you need that functionality. |
15 | # or put 'ignore private-bin', 'ignore private-etc' and 'ignore private-lib' in your eog.local | 15 | #ignore private-bin |
16 | private-bin eog | 16 | #ignore private-etc |
17 | #ignore private-lib | ||
17 | 18 | ||
19 | private-bin eog | ||
18 | 20 | ||
19 | # broken on Debian 10 (buster) running LXDE got the folowing error: | 21 | # broken on Debian 10 (buster) running LXDE got the folowing error: |
20 | # Failed to register: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown | 22 | # Failed to register: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown |
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile index 5bfeb8c8f..7143a8e03 100644 --- a/etc/profile-a-l/eom.profile +++ b/etc/profile-a-l/eom.profile | |||
@@ -10,9 +10,12 @@ noblacklist ${HOME}/.config/mate/eom | |||
10 | 10 | ||
11 | whitelist /usr/share/eom | 11 | whitelist /usr/share/eom |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager' | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # comment those if you need that functionality | 14 | # Add the next lines to your eom.local if you need that functionality. |
15 | # or put 'ignore private-bin', 'ignore private-etc' and 'ignore private-lib' in your eom.local | 15 | #ignore private-bin |
16 | #ignore private-etc | ||
17 | #ignore private-lib | ||
18 | |||
16 | private-bin eom | 19 | private-bin eom |
17 | 20 | ||
18 | # Redirect | 21 | # Redirect |
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index 0041f2540..e4440eac0 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | noblacklist /usr/local/sbin | 9 | noblacklist /usr/local/sbin |
10 | noblacklist ${HOME}/.config/libreoffice | 10 | noblacklist ${HOME}/.config/libreoffice |
11 | 11 | ||
12 | # libreoffice uses java for some certain operations | 12 | # libreoffice uses java for some functionality. |
13 | # comment if you don't care about java functionality | 13 | # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. |
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
16 | 16 | ||
@@ -22,26 +22,28 @@ include disable-programs.inc | |||
22 | 22 | ||
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | # ubuntu 18.04 comes with its own apparmor profile, but it is not in enforce mode. | 25 | # Debian 10/Ubuntu 18.04 come with their own apparmor profile, but it is not in enforce mode. |
26 | # comment the next line to use the ubuntu profile instead of firejail's apparmor profile | 26 | # Add the next lines to your libreoffice.local to use the Ubuntu profile instead of firejail's apparmor profile. |
27 | #ignore apparmor | ||
28 | #ignore nonewprivs | ||
29 | #ignore protocol | ||
30 | #ignore seccomp | ||
31 | #ignore tracelog | ||
32 | |||
27 | apparmor | 33 | apparmor |
28 | caps.drop all | 34 | caps.drop all |
29 | netfilter | 35 | netfilter |
30 | nodvd | 36 | nodvd |
31 | nogroups | 37 | nogroups |
32 | noinput | 38 | noinput |
33 | # comment nonewprivs when using the ubuntu 18.04/debian 10 apparmor profile | ||
34 | nonewprivs | 39 | nonewprivs |
35 | noroot | 40 | noroot |
36 | notv | 41 | notv |
37 | nou2f | 42 | nou2f |
38 | novideo | 43 | novideo |
39 | # comment the protocol line when using the ubuntu 18.04/debian 10 apparmor profile | ||
40 | protocol unix,inet,inet6 | 44 | protocol unix,inet,inet6 |
41 | # comment seccomp when using the ubuntu 18.04/debian 10 apparmor profile | ||
42 | seccomp | 45 | seccomp |
43 | shell none | 46 | shell none |
44 | # comment tracelog when using the ubuntu 18.04/debian 10 apparmor profile | ||
45 | tracelog | 47 | tracelog |
46 | 48 | ||
47 | #private-bin libreoffice,sh,uname,dirname,grep,sed,basename,ls | 49 | #private-bin libreoffice,sh,uname,dirname,grep,sed,basename,ls |
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 0934e1271..8e3e58f19 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile | |||
@@ -18,8 +18,8 @@ whitelist ${HOME}/.librewolf | |||
18 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |
19 | #whitelist ${HOME}/.mozilla | 19 | #whitelist ${HOME}/.mozilla |
20 | 20 | ||
21 | # Uncomment or put in your librewolf.local one of the following whitelist to enable KeePassXC Plugin | 21 | # To enable KeePassXC Plugin add one of the following lines to your librewolf.local. |
22 | # NOTE: start KeePassXC before Librewolf and keep it open to allow communication between them | 22 | # NOTE: start KeePassXC before Librewolf and keep it open to allow communication between them. |
23 | #whitelist ${RUNUSER}/kpxc_server | 23 | #whitelist ${RUNUSER}/kpxc_server |
24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
25 | 25 | ||
@@ -31,25 +31,24 @@ include whitelist-usr-share-common.inc | |||
31 | 31 | ||
32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). | 32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). |
33 | #private-bin dbus-launch,dbus-send,librewolf,sh | 33 | #private-bin dbus-launch,dbus-send,librewolf,sh |
34 | # Add the next line to your librewolf.local to enable private-etc. Note | 34 | # Add the next line to your librewolf.local to enable private-etc. |
35 | # that private-etc must first be enabled in firefox-common.local. | 35 | # NOTE: private-etc must first be enabled in firefox-common.local. |
36 | #private-etc librewolf | 36 | #private-etc librewolf |
37 | 37 | ||
38 | dbus-user filter | 38 | dbus-user filter |
39 | # Uncomment or put in your librewolf.local to enable native notifications. | 39 | # Add the next line to your librewolf.local to enable native notifications. |
40 | #dbus-user.talk org.freedesktop.Notifications | 40 | #dbus-user.talk org.freedesktop.Notifications |
41 | # Uncomment or put in your librewolf.local to allow to inhibit screensavers | 41 | # Add the next line to your librewolf.local to allow inhibiting screensavers. |
42 | #dbus-user.talk org.freedesktop.ScreenSaver | 42 | #dbus-user.talk org.freedesktop.ScreenSaver |
43 | # Uncomment or put in your librewolf.local for plasma browser integration | 43 | # Add the next lines to your librewolf.local for plasma browser integration. |
44 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration | 44 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration |
45 | #dbus-user.talk org.kde.JobViewServer | 45 | #dbus-user.talk org.kde.JobViewServer |
46 | #dbus-user.talk org.kde.kuiserver | 46 | #dbus-user.talk org.kde.kuiserver |
47 | # Uncomment or put in your librewolf.local to allow screen sharing under wayland. | 47 | # Add the next lines to your librewolf.local to allow screensharing under Wayland. |
48 | #whitelist ${RUNUSER}/pipewire-0 | 48 | #whitelist ${RUNUSER}/pipewire-0 |
49 | #dbus-user.talk org.freedesktop.portal.* | 49 | #dbus-user.talk org.freedesktop.portal.* |
50 | # Also uncomment or put in your librewolf.local if screen sharing sharing still | 50 | # Also add the next line to your librewolf.local if screensharing does not work with |
51 | # does not work with the above lines (might depend on the portal | 51 | # the above lines (depends on the portal implementation). |
52 | # implementation) | ||
53 | #ignore noroot | 52 | #ignore noroot |
54 | ignore dbus-user none | 53 | ignore dbus-user none |
55 | 54 | ||