diff options
| author |  rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-02-27 09:06:02 +0100 |
|---|---|---|
| committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-03-01 12:10:49 +0100 |
| commit | f09bb2af9af7f3fec9346bd138c79f1cdd12eab5 (patch) | |
| tree | e915a47ce9bc6e049cb1139ed83446ef0515f7d1 /etc/templates | |
| parent | compile time: enable LTS (diff) | |
| download | firejail-f09bb2af9af7f3fec9346bd138c79f1cdd12eab5.tar.gz firejail-f09bb2af9af7f3fec9346bd138c79f1cdd12eab5.tar.zst firejail-f09bb2af9af7f3fec9346bd138c79f1cdd12eab5.zip | |
fixes
- RELNOTS: protocol now accumulates
- fix #3978 -- Android Studio: cannot create the directory
Unresolved:
> google-earth.profile has a 'noblacklist ${HOME}/.config/Google' too,
> so we should consider to add additional blacklists for ~/.config/Google/*.
- marker.profile: allow ${DOCUMENTS}
- profile.template: add bluetooth protocol
- profile.template: add DBus portal note
- firejail-profile.txt: revert 17fe4b9e -- fix private=directory in man firejail-profile
see https://github.com/netblue30/firejail/pull/3970#discussion_r574411745
Diffstat (limited to 'etc/templates')
| -rw-r--r-- | etc/templates/profile.template | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 72b7d3025..17d7f55b2 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
| @@ -155,8 +155,8 @@ include globals.local | |||
| 155 | # - unix is usually needed | 155 | # - unix is usually needed |
| 156 | # - inet,inet6 only if internet access is required (see 'net none'/'netfilter' above) | 156 | # - inet,inet6 only if internet access is required (see 'net none'/'netfilter' above) |
| 157 | # - netlink is rarely needed | 157 | # - netlink is rarely needed |
| 158 | # - packet almost never | 158 | # - packet and bluetooth almost never |
| 159 | #protocol unix,inet,inet6,netlink,packet | 159 | #protocol unix,inet,inet6,netlink,packet,bluetooth |
| 160 | #seccomp | 160 | #seccomp |
| 161 | ##seccomp !chroot | 161 | ##seccomp !chroot |
| 162 | ##seccomp.drop SYSCALLS (see syscalls.txt) | 162 | ##seccomp.drop SYSCALLS (see syscalls.txt) |
| @@ -200,6 +200,7 @@ include globals.local | |||
| 200 | # flatpak remote-info --show-metadata flathub <APP-ID> | 200 | # flatpak remote-info --show-metadata flathub <APP-ID> |
| 201 | # Notes: | 201 | # Notes: |
| 202 | # - flatpak implicitly allows an app to own <APP-ID> on the session bus | 202 | # - flatpak implicitly allows an app to own <APP-ID> on the session bus |
| 203 | # - Some features like native notifications are implemented as portal too. | ||
| 203 | # - In order to make dconf work (when used by the app) you need to allow | 204 | # - In order to make dconf work (when used by the app) you need to allow |
| 204 | # 'ca.desrt.dconf' even when not allowed by flatpak. | 205 | # 'ca.desrt.dconf' even when not allowed by flatpak. |
| 205 | # Notes and Policiy about addresses can be found at | 206 | # Notes and Policiy about addresses can be found at |