diff options
author | netblue30 <netblue30@protonmail.com> | 2023-07-26 08:59:33 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-07-26 08:59:33 -0400 |
commit | 6d4bb95948363263e220dc475db71a9341f1294e (patch) | |
tree | 5c66a28720ee7fd78683a219717d3d7e40eed265 /etc/profile-m-z/trojita.profile | |
parent | netlock/nettrace cleanup (diff) | |
parent | spotify: D-Bus hardening (#5923) (diff) | |
download | firejail-6d4bb95948363263e220dc475db71a9341f1294e.tar.gz firejail-6d4bb95948363263e220dc475db71a9341f1294e.tar.zst firejail-6d4bb95948363263e220dc475db71a9341f1294e.zip |
Merge branch 'master' of ssh://github.com/netblue30/firejail
Diffstat (limited to 'etc/profile-m-z/trojita.profile')
-rw-r--r-- | etc/profile-m-z/trojita.profile | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile index ba68ccb53..2578eb0be 100644 --- a/etc/profile-m-z/trojita.profile +++ b/etc/profile-m-z/trojita.profile | |||
@@ -7,7 +7,6 @@ include trojita.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.abook | 9 | noblacklist ${HOME}/.abook |
10 | noblacklist ${HOME}/.mozilla | ||
11 | noblacklist ${HOME}/.cache/flaska.net/trojita | 10 | noblacklist ${HOME}/.cache/flaska.net/trojita |
12 | noblacklist ${HOME}/.config/flaska.net | 11 | noblacklist ${HOME}/.config/flaska.net |
13 | 12 | ||
@@ -19,11 +18,16 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
21 | 20 | ||
21 | # The lines below are needed to find the default Firefox profile name, to allow | ||
22 | # opening links in an existing instance of Firefox (note that it still fails if | ||
23 | # there isn't a Firefox instance running with the default profile; see #5352) | ||
24 | noblacklist ${HOME}/.mozilla | ||
25 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
26 | |||
22 | mkdir ${HOME}/.abook | 27 | mkdir ${HOME}/.abook |
23 | mkdir ${HOME}/.cache/flaska.net/trojita | 28 | mkdir ${HOME}/.cache/flaska.net/trojita |
24 | mkdir ${HOME}/.config/flaska.net | 29 | mkdir ${HOME}/.config/flaska.net |
25 | whitelist ${HOME}/.abook | 30 | whitelist ${HOME}/.abook |
26 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
27 | whitelist ${HOME}/.cache/flaska.net/trojita | 31 | whitelist ${HOME}/.cache/flaska.net/trojita |
28 | whitelist ${HOME}/.config/flaska.net | 32 | whitelist ${HOME}/.config/flaska.net |
29 | include whitelist-common.inc | 33 | include whitelist-common.inc |
@@ -49,7 +53,6 @@ seccomp | |||
49 | tracelog | 53 | tracelog |
50 | 54 | ||
51 | # disable-mnt | 55 | # disable-mnt |
52 | # Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile. | ||
53 | private-bin trojita | 56 | private-bin trojita |
54 | private-cache | 57 | private-cache |
55 | private-dev | 58 | private-dev |
@@ -58,6 +61,8 @@ private-tmp | |||
58 | 61 | ||
59 | dbus-user filter | 62 | dbus-user filter |
60 | dbus-user.talk org.freedesktop.secrets | 63 | dbus-user.talk org.freedesktop.secrets |
64 | # allow D-Bus communication with firefox for opening links | ||
65 | dbus-user.talk org.mozilla.* | ||
61 | dbus-system none | 66 | dbus-system none |
62 | 67 | ||
63 | restrict-namespaces | 68 | restrict-namespaces |