profiles: exchange private-opt with a whitelist (#6021)

* profiles: drop private-opt (existing whitelist) * profiles: replace private-opt with whitelist In most profiles. Kept private-opt for enpass (~85MB), mate-dictionary (<20MB), minecraft-launcher (~1.6MB) and ppsspp (~44MB). The only app I couldn't check: xmr-stak. * docs: note potential issues with private-opt
author: glitsj16 <glitsj16@users.noreply.github.com> 2023-10-18 22:47:07 +0000
committer: GitHub <noreply@github.com> 2023-10-18 22:47:07 +0000
commit: 17590553045f40e8c7628608c8330b72412fd7f4 (patch)
tree: a1c5d0888101865866492269f5f194ce0ecffc3c /etc/templates
parent: steam.profile: Allow Baba Is You (#6054) (diff)
download: firejail-17590553045f40e8c7628608c8330b72412fd7f4.tar.gz
firejail-17590553045f40e8c7628608c8330b72412fd7f4.tar.zst
firejail-17590553045f40e8c7628608c8330b72412fd7f4.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index 9329fe297..6299d42cd 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -196,6 +196,13 @@ include globals.local
 #    Extra: gai.conf,proxychains.conf
 #  Qt: Trolltech.conf
 ##private-lib LIBS
+## Note: private-opt copies the entire path(s) to RAM, which may break
+## file-copy-limit in firejail.config (see firejail(1)).
+## For sizeable apps (if in doubt, do this):
+##  - never use 'private-opt NAME'
+##  - place 'whitelist /opt/NAME' in the whitelist section above
+## For acceptable apps:
+##  - use 'private-opt NAME'
 ##private-opt NAME
 #private-tmp
 ##writable-etc
author	glitsj16 <glitsj16@users.noreply.github.com>	2023-10-18 22:47:07 +0000
committer	GitHub <noreply@github.com>	2023-10-18 22:47:07 +0000
commit	17590553045f40e8c7628608c8330b72412fd7f4 (patch)
tree	a1c5d0888101865866492269f5f194ce0ecffc3c /etc/templates
parent	steam.profile: Allow Baba Is You (#6054) (diff)
download	firejail-17590553045f40e8c7628608c8330b72412fd7f4.tar.gz firejail-17590553045f40e8c7628608c8330b72412fd7f4.tar.zst firejail-17590553045f40e8c7628608c8330b72412fd7f4.zip

diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 9329fe297..6299d42cd 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template
@@ -196,6 +196,13 @@ include globals.local
196	# Extra: gai.conf,proxychains.conf	196	# Extra: gai.conf,proxychains.conf
197	# Qt: Trolltech.conf	197	# Qt: Trolltech.conf
198	##private-lib LIBS	198	##private-lib LIBS
		199	## Note: private-opt copies the entire path(s) to RAM, which may break
		200	## file-copy-limit in firejail.config (see firejail(1)).
		201	## For sizeable apps (if in doubt, do this):
		202	## - never use 'private-opt NAME'
		203	## - place 'whitelist /opt/NAME' in the whitelist section above
		204	## For acceptable apps:
		205	## - use 'private-opt NAME'
199	##private-opt NAME	206	##private-opt NAME
200	#private-tmp	207	#private-tmp
201	##writable-etc	208	##writable-etc