Merge pull request #5763 from kmk3/profiles-mv-readonly

profiles: move read-only config entries to disable-common.inc
author: netblue30 <netblue30@protonmail.com> 2023-04-06 10:40:37 -0400
committer: GitHub <noreply@github.com> 2023-04-06 10:40:37 -0400
commit: 92a7ad7ee973c109e4d37f1b54fa2e3e07640e33 (patch)
tree: b6f8f7b8325aac36554a5bfc9cebb17b31c59781 /etc/profile-m-z
parent: standardnotes-desktop: custom (cursor) theme support (#5768) (diff)
parent: profile.template: note to put read-only entries in dc (diff)
download: firejail-92a7ad7ee973c109e4d37f1b54fa2e3e07640e33.tar.gz
firejail-92a7ad7ee973c109e4d37f1b54fa2e3e07640e33.tar.zst
firejail-92a7ad7ee973c109e4d37f1b54fa2e3e07640e33.zip
10 files changed, 0 insertions, 12 deletions
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile
index e9d245a6d..266d00395 100644
--- a/etc/profile-m-z/makepkg.profile
+++ b/etc/profile-m-z/makepkg.profile
@@ -19,7 +19,6 @@ blacklist ${RUNUSER}/wayland-*
 # Enable severely restricted access to ${HOME}/.gnupg
 noblacklist ${HOME}/.gnupg
-read-only ${HOME}/.gnupg/gpg.conf
 read-only ${HOME}/.gnupg/trustdb.gpg
 read-only ${HOME}/.gnupg/pubring.kbx
 blacklist ${HOME}/.gnupg/random_seed
diff --git a/etc/profile-m-z/mov-cli.profile b/etc/profile-m-z/mov-cli.profile
index 8ad94b949..74d630e24 100644
--- a/etc/profile-m-z/mov-cli.profile
+++ b/etc/profile-m-z/mov-cli.profile
@@ -25,7 +25,5 @@ private-bin ffmpeg,fzf,mov-cli
 private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
 private-tmp
-read-only ${HOME}/.config/mpv
 # Redirect
 include mpv.profile
diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile
index 2da867dec..9b566a42b 100644
--- a/etc/profile-m-z/openbox.profile
+++ b/etc/profile-m-z/openbox.profile
@@ -16,6 +16,4 @@ noroot
 protocol unix,inet,inet6
 seccomp !chroot
-read-only ${HOME}/.config/openbox/autostart
-read-only ${HOME}/.config/openbox/environment
 #restrict-namespaces
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile
index a26b41524..3e1899ef3 100644
--- a/etc/profile-m-z/signal-desktop.profile
+++ b/etc/profile-m-z/signal-desktop.profile
@@ -14,7 +14,6 @@ noblacklist ${HOME}/.config/Signal
 # These lines are needed to allow Firefox to open links
 noblacklist ${HOME}/.mozilla
 whitelist ${HOME}/.mozilla/firefox/profiles.ini
-read-only ${HOME}/.mozilla/firefox/profiles.ini
 mkdir ${HOME}/.config/Signal
 whitelist ${HOME}/.config/Signal
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile
index a5b4d5d87..63d629a32 100644
--- a/etc/profile-m-z/steam.profile
+++ b/etc/profile-m-z/steam.profile
@@ -181,5 +181,4 @@ private-tmp
 #dbus-user none
 #dbus-system none
-read-only ${HOME}/.config/MangoHud
 #restrict-namespaces
diff --git a/etc/profile-m-z/thunderbird.profile b/etc/profile-m-z/thunderbird.profile
index 1ac80bc9a..5df207e25 100644
--- a/etc/profile-m-z/thunderbird.profile
+++ b/etc/profile-m-z/thunderbird.profile
@@ -24,7 +24,6 @@ writable-run-user
 # These lines are needed to allow Firefox to load your profile when clicking a link in an email
 noblacklist ${HOME}/.mozilla
 whitelist ${HOME}/.mozilla/firefox/profiles.ini
-read-only ${HOME}/.mozilla/firefox/profiles.ini
 noblacklist ${HOME}/.cache/thunderbird
 noblacklist ${HOME}/.gnupg
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile
index 378c8a1b7..ba68ccb53 100644
--- a/etc/profile-m-z/trojita.profile
+++ b/etc/profile-m-z/trojita.profile
@@ -60,5 +60,4 @@ dbus-user filter
 dbus-user.talk org.freedesktop.secrets
 dbus-system none
-read-only ${HOME}/.mozilla/firefox/profiles.ini
 restrict-namespaces
diff --git a/etc/profile-m-z/tutanota-desktop.profile b/etc/profile-m-z/tutanota-desktop.profile
index 4793e9dbb..55e4a4392 100644
--- a/etc/profile-m-z/tutanota-desktop.profile
+++ b/etc/profile-m-z/tutanota-desktop.profile
@@ -28,7 +28,6 @@ whitelist ${HOME}/.config/tutanota-desktop
 # there isn't a Firefox instance running with the default profile; see #5352)
 noblacklist ${HOME}/.mozilla
 whitelist ${HOME}/.mozilla/firefox/profiles.ini
-read-only ${HOME}/.mozilla/firefox/profiles.ini
 machine-id
 nosound
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile
index 9ef90eb92..d2b73ec4c 100644
--- a/etc/profile-m-z/youtube-viewers-common.profile
+++ b/etc/profile-m-z/youtube-viewers-common.profile
@@ -24,7 +24,6 @@ include allow-python3.inc
 # there isn't a Firefox instance running with the default profile; see #5352)
 noblacklist ${HOME}/.mozilla
 whitelist ${HOME}/.mozilla/firefox/profiles.ini
-read-only ${HOME}/.mozilla/firefox/profiles.ini
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile
index caf9eab63..09a1d37a3 100644
--- a/etc/profile-m-z/zeal.profile
+++ b/etc/profile-m-z/zeal.profile
@@ -23,7 +23,6 @@ include disable-xdg.inc
 # This also requires dbus-user filtering (see below).
 noblacklist ${HOME}/.mozilla
 whitelist ${HOME}/.mozilla/firefox/profiles.ini
-read-only ${HOME}/.mozilla/firefox/profiles.ini
 mkdir ${HOME}/.cache/Zeal
 mkdir ${HOME}/.config/Zeal
author	netblue30 <netblue30@protonmail.com>	2023-04-06 10:40:37 -0400
committer	GitHub <noreply@github.com>	2023-04-06 10:40:37 -0400
commit	92a7ad7ee973c109e4d37f1b54fa2e3e07640e33 (patch)
tree	b6f8f7b8325aac36554a5bfc9cebb17b31c59781 /etc/profile-m-z
parent	standardnotes-desktop: custom (cursor) theme support (#5768) (diff)
parent	profile.template: note to put read-only entries in dc (diff)
download	firejail-92a7ad7ee973c109e4d37f1b54fa2e3e07640e33.tar.gz firejail-92a7ad7ee973c109e4d37f1b54fa2e3e07640e33.tar.zst firejail-92a7ad7ee973c109e4d37f1b54fa2e3e07640e33.zip