fixes

- RELNOTS: protocol now accumulates - fix #3978 -- Android Studio: cannot create the directory Unresolved: > google-earth.profile has a 'noblacklist ${HOME}/.config/Google' too, > so we should consider to add additional blacklists for ~/.config/Google/*. - marker.profile: allow ${DOCUMENTS} - profile.template: add bluetooth protocol - profile.template: add DBus portal note - firejail-profile.txt: revert 17fe4b9e -- fix private=directory in man firejail-profile see https://github.com/netblue30/firejail/pull/3970#discussion_r574411745
author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2021-02-27 09:06:02 +0100
committer: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2021-03-01 12:10:49 +0100
commit: f09bb2af9af7f3fec9346bd138c79f1cdd12eab5 (patch)
tree: e915a47ce9bc6e049cb1139ed83446ef0515f7d1 /etc
parent: compile time: enable LTS (diff)
download: firejail-f09bb2af9af7f3fec9346bd138c79f1cdd12eab5.tar.gz
firejail-f09bb2af9af7f3fec9346bd138c79f1cdd12eab5.tar.zst
firejail-f09bb2af9af7f3fec9346bd138c79f1cdd12eab5.zip
3 files changed, 5 insertions, 2 deletions
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile
index 2cdd3a90c..5a21744cf 100644
--- a/etc/profile-a-l/android-studio.profile
+++ b/etc/profile-a-l/android-studio.profile
@@ -5,6 +5,7 @@ include android-studio.local
 # Persistent global definitions
 include globals.local
+noblacklist ${HOME}/.config/Google
 noblacklist ${HOME}/.AndroidStudio*
 noblacklist ${HOME}/.android
 noblacklist ${HOME}/.jack-server
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile
index 55865fe72..029d0183d 100644
--- a/etc/profile-m-z/marker.profile
+++ b/etc/profile-m-z/marker.profile
@@ -12,6 +12,7 @@ include globals.local
 #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf
 noblacklist ${HOME}/.cache/marker
+noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index 72b7d3025..17d7f55b2 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -155,8 +155,8 @@ include globals.local
 #  - unix is usually needed
 #  - inet,inet6 only if internet access is required (see 'net none'/'netfilter' above)
 #  - netlink is rarely needed
-#  - packet almost never
+#  - packet and bluetooth almost never
-#protocol unix,inet,inet6,netlink,packet
+#protocol unix,inet,inet6,netlink,packet,bluetooth
 #seccomp
 ##seccomp !chroot
 ##seccomp.drop SYSCALLS (see syscalls.txt)
@@ -200,6 +200,7 @@ include globals.local
 #    flatpak remote-info --show-metadata flathub <APP-ID>
 # Notes:
 #  - flatpak implicitly allows an app to own <APP-ID> on the session bus
+#  - Some features like native notifications are implemented as portal too.
 #  - In order to make dconf work (when used by the app) you need to allow
 #    'ca.desrt.dconf' even when not allowed by flatpak.
 # Notes and Policiy about addresses can be found at
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2021-02-27 09:06:02 +0100
committer	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2021-03-01 12:10:49 +0100
commit	f09bb2af9af7f3fec9346bd138c79f1cdd12eab5 (patch)
tree	e915a47ce9bc6e049cb1139ed83446ef0515f7d1 /etc
parent	compile time: enable LTS (diff)
download	firejail-f09bb2af9af7f3fec9346bd138c79f1cdd12eab5.tar.gz firejail-f09bb2af9af7f3fec9346bd138c79f1cdd12eab5.tar.zst firejail-f09bb2af9af7f3fec9346bd138c79f1cdd12eab5.zip