diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2021-05-13 13:48:23 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-13 13:48:23 +0000 |
commit | 9fca4500c4d527afce3bd2228388c4a1990772a9 (patch) | |
tree | df014efe5652cb3f8d5a215caa1006e3fb770cae /etc/profile-m-z | |
parent | Manpage fixes (diff) | |
download | firejail-9fca4500c4d527afce3bd2228388c4a1990772a9.tar.gz firejail-9fca4500c4d527afce3bd2228388c4a1990772a9.tar.zst firejail-9fca4500c4d527afce3bd2228388c4a1990772a9.zip |
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* Follow-up for #4165
* fix noroot comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630981737).
* fix dbus-user comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630982527).
* fix private-dev comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630980029).
* fix private-etc comment
As suggested [here](https://github.com/netblue30/firejail/pull/4271#discussion_r630979698).
* move writable-var comment cfr. profile.template
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r-- | etc/profile-m-z/minecraft-launcher.profile | 6 | ||||
-rw-r--r-- | etc/profile-m-z/nano.profile | 6 | ||||
-rw-r--r-- | etc/profile-m-z/ostrichriders.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/spotify.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/steam.profile | 22 | ||||
-rw-r--r-- | etc/profile-m-z/sysprof.profile | 16 |
6 files changed, 35 insertions, 19 deletions
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile index cdea91b8f..2536d0b38 100644 --- a/etc/profile-m-z/minecraft-launcher.profile +++ b/etc/profile-m-z/minecraft-launcher.profile | |||
@@ -6,7 +6,8 @@ include minecraft-launcher.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # On some distros executable may be in '/opt/minecraft-launcher/', if so, run 'firejail /opt/minecraft-launcher/minecraft-launcher' to start it. | 9 | # Some distros put the executable in /opt/minecraft-launcher. |
10 | # Run 'firejail /opt/minecraft-launcher/minecraft-launcher' to start it. | ||
10 | 11 | ||
11 | ignore noexec ${HOME} | 12 | ignore noexec ${HOME} |
12 | 13 | ||
@@ -50,7 +51,8 @@ disable-mnt | |||
50 | private-bin java,java-config,minecraft-launcher | 51 | private-bin java,java-config,minecraft-launcher |
51 | private-cache | 52 | private-cache |
52 | private-dev | 53 | private-dev |
53 | # If multiplayer or realms break add your own java folder from /etc or comment the line below. | 54 | # If multiplayer or realms break, add 'private-etc <your-own-java-folder-from-/etc>' |
55 | # or 'ignore private-etc' to your minecraft-launcher.local. | ||
54 | private-etc alternatives,asound.conf,ati,ca-certificates,crypto-policies,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-14-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,login.defs,machine-id,mime.types,nvidia,passwd,pki,pulse,resolv.conf,selinux,services,ssl,timezone,X11,xdg | 56 | private-etc alternatives,asound.conf,ati,ca-certificates,crypto-policies,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-14-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,login.defs,machine-id,mime.types,nvidia,passwd,pki,pulse,resolv.conf,selinux,services,ssl,timezone,X11,xdg |
55 | private-opt minecraft-launcher | 57 | private-opt minecraft-launcher |
56 | private-tmp | 58 | private-tmp |
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile index 45d5f59dd..4698c2287 100644 --- a/etc/profile-m-z/nano.profile +++ b/etc/profile-m-z/nano.profile | |||
@@ -47,8 +47,12 @@ x11 none | |||
47 | private-bin nano,rnano | 47 | private-bin nano,rnano |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | # Comment the next line if you want to edit files in /etc directly | 50 | # Add the next lines to your nano.local if you want to edit files in /etc directly. |
51 | #ignore private-etc | ||
52 | #writable-etc | ||
51 | private-etc alternatives,nanorc | 53 | private-etc alternatives,nanorc |
54 | # Add the next line to your nano.local if you want to edit files in /var directly. | ||
55 | #writable-var | ||
52 | 56 | ||
53 | dbus-user none | 57 | dbus-user none |
54 | dbus-system none | 58 | dbus-system none |
diff --git a/etc/profile-m-z/ostrichriders.profile b/etc/profile-m-z/ostrichriders.profile index e0be078a7..310b90919 100644 --- a/etc/profile-m-z/ostrichriders.profile +++ b/etc/profile-m-z/ostrichriders.profile | |||
@@ -29,6 +29,7 @@ ipc-namespace | |||
29 | net none | 29 | net none |
30 | nodvd | 30 | nodvd |
31 | nogroups | 31 | nogroups |
32 | # Add 'ignore noinput' to your ostrichriders.local if you need controller support. | ||
32 | noinput | 33 | noinput |
33 | nonewprivs | 34 | nonewprivs |
34 | noroot | 35 | noroot |
@@ -43,7 +44,6 @@ tracelog | |||
43 | disable-mnt | 44 | disable-mnt |
44 | private-bin ostrichriders | 45 | private-bin ostrichriders |
45 | private-cache | 46 | private-cache |
46 | # comment the following line if you need controller support | ||
47 | private-dev | 47 | private-dev |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index f679be9e7..01bc2bc05 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile | |||
@@ -44,7 +44,7 @@ tracelog | |||
44 | disable-mnt | 44 | disable-mnt |
45 | private-bin bash,cat,dirname,find,grep,head,rm,sh,spotify,tclsh,touch,zenity | 45 | private-bin bash,cat,dirname,find,grep,head,rm,sh,spotify,tclsh,touch,zenity |
46 | private-dev | 46 | private-dev |
47 | # Comment the next line or put 'ignore private-etc' in your spotify.local if want to see the albums covers or if you want to use the radio | 47 | # If you want to see album covers or want to use the radio, add 'ignore private-etc' to your spotify.local. |
48 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hosts,ld.so.cache,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl | 48 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hosts,ld.so.cache,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl |
49 | private-opt spotify | 49 | private-opt spotify |
50 | private-srv none | 50 | private-srv none |
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index 369255324..06d08f3a2 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile | |||
@@ -119,7 +119,7 @@ whitelist ${HOME}/.steampid | |||
119 | include whitelist-common.inc | 119 | include whitelist-common.inc |
120 | include whitelist-var-common.inc | 120 | include whitelist-var-common.inc |
121 | 121 | ||
122 | # Note: The following were intentionally left out as they are alternative | 122 | # NOTE: The following were intentionally left out as they are alternative |
123 | # (i.e.: unnecessary and/or legacy) paths whose existence may potentially | 123 | # (i.e.: unnecessary and/or legacy) paths whose existence may potentially |
124 | # clobber other paths (see #4225). If you use any, either add the entry to | 124 | # clobber other paths (see #4225). If you use any, either add the entry to |
125 | # steam.local or move the contents to a path listed above (or open an issue if | 125 | # steam.local or move the contents to a path listed above (or open an issue if |
@@ -131,34 +131,36 @@ caps.drop all | |||
131 | #ipc-namespace | 131 | #ipc-namespace |
132 | netfilter | 132 | netfilter |
133 | nodvd | 133 | nodvd |
134 | # nVidia users may need to comment / ignore nogroups and noroot | ||
135 | nogroups | 134 | nogroups |
136 | nonewprivs | 135 | nonewprivs |
136 | # If you use nVidia you might need to add 'ignore noroot' to your steam.local. | ||
137 | noroot | 137 | noroot |
138 | notv | 138 | notv |
139 | nou2f | 139 | nou2f |
140 | # novideo should be commented for VR | 140 | # For VR support add 'ignore novideo' to your steam.local. |
141 | novideo | 141 | novideo |
142 | protocol unix,inet,inet6,netlink | 142 | protocol unix,inet,inet6,netlink |
143 | # seccomp sometimes causes issues (see #2951, #3267), | 143 | # seccomp sometimes causes issues (see #2951, #3267). |
144 | # comment it or add 'ignore seccomp' to steam.local if so. | 144 | # Add 'ignore seccomp' to your steam.local if you experience this. |
145 | seccomp !ptrace | 145 | seccomp !ptrace |
146 | shell none | 146 | shell none |
147 | # tracelog breaks integrated browser | 147 | # tracelog breaks integrated browser |
148 | #tracelog | 148 | #tracelog |
149 | 149 | ||
150 | # private-bin is disabled while in testing, but has been tested working with multiple games | 150 | # private-bin is disabled while in testing, but is known to work with multiple games. |
151 | # Add the next line to your steam.local to enable private-bin. | ||
151 | #private-bin awk,basename,bash,bsdtar,bzip2,cat,chmod,cksum,cmp,comm,compress,cp,curl,cut,date,dbus-launch,dbus-send,desktop-file-edit,desktop-file-install,desktop-file-validate,dirname,echo,env,expr,file,find,getopt,grep,gtar,gzip,head,hostname,id,lbzip2,ldconfig,ldd,ln,ls,lsb_release,lsof,lspci,lz4,lzip,lzma,lzop,md5sum,mkdir,mktemp,mv,netstat,ps,pulseaudio,python*,readlink,realpath,rm,sed,sh,sha1sum,sha256sum,sha512sum,sleep,sort,steam,steamdeps,steam-native,steam-runtime,sum,tail,tar,tclsh,test,touch,tr,umask,uname,update-desktop-database,wc,wget,which,whoami,xterm,xz,zenity | 152 | #private-bin awk,basename,bash,bsdtar,bzip2,cat,chmod,cksum,cmp,comm,compress,cp,curl,cut,date,dbus-launch,dbus-send,desktop-file-edit,desktop-file-install,desktop-file-validate,dirname,echo,env,expr,file,find,getopt,grep,gtar,gzip,head,hostname,id,lbzip2,ldconfig,ldd,ln,ls,lsb_release,lsof,lspci,lz4,lzip,lzma,lzop,md5sum,mkdir,mktemp,mv,netstat,ps,pulseaudio,python*,readlink,realpath,rm,sed,sh,sha1sum,sha256sum,sha512sum,sleep,sort,steam,steamdeps,steam-native,steam-runtime,sum,tail,tar,tclsh,test,touch,tr,umask,uname,update-desktop-database,wc,wget,which,whoami,xterm,xz,zenity |
152 | # extra programs are available which might be needed for select games | 153 | # Extra programs are available which might be needed for select games. |
154 | # Add the next line to your steam.local to enable support for these programs. | ||
153 | #private-bin java,java-config,mono | 155 | #private-bin java,java-config,mono |
154 | # picture viewers are needed for viewing screenshots | 156 | # To view screenshots add the next line to your steam.local. |
155 | #private-bin eog,eom,gthumb,pix,viewnior,xviewer | 157 | #private-bin eog,eom,gthumb,pix,viewnior,xviewer |
156 | 158 | ||
157 | private-dev | 159 | private-dev |
158 | # private-etc breaks a small selection of games on some systems, comment to support those | 160 | # private-etc breaks a small selection of games on some systems. Add 'ignore private-etc' |
161 | # to your steam.local to support those. | ||
159 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl | 162 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl |
160 | private-tmp | 163 | private-tmp |
161 | 164 | ||
162 | # breaks appindicator support | ||
163 | # dbus-user none | 165 | # dbus-user none |
164 | # dbus-system none | 166 | # dbus-system none |
diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile index 2473988e4..b52b25b96 100644 --- a/etc/profile-m-z/sysprof.profile +++ b/etc/profile-m-z/sysprof.profile | |||
@@ -15,8 +15,15 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | # help menu functionality (yelp) - comment or add this block prepended with 'ignore' | 18 | # Add the next lines to your sysprof.local if you don't need (yelp) help menu functionality. |
19 | # to your sysprof.local if you don't need the help functionality | 19 | #ignore noblacklist ${HOME}/.config/yelp |
20 | #ignore mkdir ${HOME}/.config/yelp | ||
21 | #nowhitelist ${HOME}/.config/yelp | ||
22 | #nowhitelist /usr/share/help/C/sysprof | ||
23 | #nowhitelist /usr/share/yelp | ||
24 | #nowhitelist /usr/share/yelp-tools | ||
25 | #nowhitelist /usr/share/yelp-xsl | ||
26 | |||
20 | noblacklist ${HOME}/.config/yelp | 27 | noblacklist ${HOME}/.config/yelp |
21 | mkdir ${HOME}/.config/yelp | 28 | mkdir ${HOME}/.config/yelp |
22 | whitelist ${HOME}/.config/yelp | 29 | whitelist ${HOME}/.config/yelp |
@@ -41,7 +48,8 @@ nodvd | |||
41 | nogroups | 48 | nogroups |
42 | noinput | 49 | noinput |
43 | nonewprivs | 50 | nonewprivs |
44 | # Ubuntu 16.04 version needs root privileges - comment or put 'ignore noroot' in sysprof.local if you run Xenial | 51 | # Some older Debian/Ubuntu sysprof versions need root privileges. |
52 | # Add 'ignore noroot' to your sysprof.local if you run one of these. | ||
45 | noroot | 53 | noroot |
46 | nosound | 54 | nosound |
47 | notv | 55 | notv |
@@ -57,7 +65,7 @@ disable-mnt | |||
57 | private-cache | 65 | private-cache |
58 | private-dev | 66 | private-dev |
59 | private-etc alternatives,fonts,ld.so.cache,machine-id,ssl | 67 | private-etc alternatives,fonts,ld.so.cache,machine-id,ssl |
60 | # private-lib breaks help menu | 68 | # private-lib - breaks help menu |
61 | #private-lib gdk-pixbuf-2.*,gio,gtk3,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*,libsysprof-2.so,libsysprof-ui-2.so | 69 | #private-lib gdk-pixbuf-2.*,gio,gtk3,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*,libsysprof-2.so,libsysprof-ui-2.so |
62 | private-tmp | 70 | private-tmp |
63 | 71 | ||