diff options
| author |  Kelvin M. Klann <kmk3.code@protonmail.com> | 2022-11-23 16:39:07 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-11-23 16:39:07 +0000 |
| commit | 1a6993272070f9c10e5aead787f593037526c325 (patch) | |
| tree | 3bfb6e5891b430f12b10893a49288dc3bd63ca4d /etc | |
| parent | Merge pull request #5429 from kmk3/sort-py-improvements (diff) | |
| parent | Update etc/profile-a-l/evince.profile (diff) | |
| download | firejail-1a6993272070f9c10e5aead787f593037526c325.tar.gz firejail-1a6993272070f9c10e5aead787f593037526c325.tar.zst firejail-1a6993272070f9c10e5aead787f593037526c325.zip | |
Merge pull request #5442 from rusty-snake/fixes
Profile fixes
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/profile-a-l/brave.profile | 2 | ||||
| -rw-r--r-- | etc/profile-a-l/evince.profile | 13 | ||||
| -rw-r--r-- | etc/profile-m-z/whalebird.profile | 3 |
3 files changed, 10 insertions, 8 deletions
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile index 09548c761..071a279b0 100644 --- a/etc/profile-a-l/brave.profile +++ b/etc/profile-a-l/brave.profile | |||
| @@ -13,6 +13,8 @@ ignore noexec /tmp | |||
| 13 | # you will need to uncomment the 'brave + tor' rule in /etc/apparmor.d/local/firejail-default. | 13 | # you will need to uncomment the 'brave + tor' rule in /etc/apparmor.d/local/firejail-default. |
| 14 | # Alternatively you can add 'ignore apparmor' to your brave.local. | 14 | # Alternatively you can add 'ignore apparmor' to your brave.local. |
| 15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
| 16 | # Causes slow starts (#4604) | ||
| 17 | ignore private-cache | ||
| 16 | 18 | ||
| 17 | noblacklist ${HOME}/.cache/BraveSoftware | 19 | noblacklist ${HOME}/.cache/BraveSoftware |
| 18 | noblacklist ${HOME}/.config/BraveSoftware | 20 | noblacklist ${HOME}/.config/BraveSoftware |
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index 21bf7eabf..eec9f86db 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile | |||
| @@ -6,9 +6,9 @@ include evince.local | |||
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | # WARNING: using bookmarks possibly exposes information, including file history from other programs. | 9 | # WARNING: This exposes information like file history from other programs. |
| 10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). | 10 | # You can add a blacklist for it in your evince.local for additional hardening if you can live with some restrictions. |
| 11 | #noblacklist ${HOME}/.local/share/gvfs-metadata | 11 | noblacklist ${HOME}/.local/share/gvfs-metadata |
| 12 | 12 | ||
| 13 | noblacklist ${HOME}/.config/evince | 13 | noblacklist ${HOME}/.config/evince |
| 14 | noblacklist ${DOCUMENTS} | 14 | noblacklist ${DOCUMENTS} |
| @@ -59,9 +59,8 @@ private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd | |||
| 59 | private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libarchive.so.*,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* | 59 | private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libarchive.so.*,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* |
| 60 | private-tmp | 60 | private-tmp |
| 61 | 61 | ||
| 62 | # dbus-user filtering might break two-page-view on some systems | ||
| 63 | dbus-user filter | 62 | dbus-user filter |
| 64 | # Add the next two lines to your evince.local if you need bookmarks support. | 63 | dbus-user.talk ca.desrt.dconf |
| 65 | #dbus-user.talk org.gtk.vfs.Daemon | 64 | dbus-user.talk org.gtk.vfs.Daemon |
| 66 | #dbus-user.talk org.gtk.vfs.Metadata | 65 | dbus-user.talk org.gtk.vfs.Metadata |
| 67 | dbus-system none | 66 | dbus-system none |
diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile index 92ebebdae..8a9614fb0 100644 --- a/etc/profile-m-z/whalebird.profile +++ b/etc/profile-m-z/whalebird.profile | |||
| @@ -10,6 +10,7 @@ include globals.local | |||
| 10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
| 11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
| 12 | 12 | ||
| 13 | ignore apparmor | ||
| 13 | ignore dbus-user none | 14 | ignore dbus-user none |
| 14 | ignore dbus-system none | 15 | ignore dbus-system none |
| 15 | 16 | ||
| @@ -21,7 +22,7 @@ whitelist ${HOME}/.config/Whalebird | |||
| 21 | no3d | 22 | no3d |
| 22 | 23 | ||
| 23 | private-bin electron,electron[0-9],electron[0-9][0-9],whalebird | 24 | private-bin electron,electron[0-9],electron[0-9][0-9],whalebird |
| 24 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id | 25 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl |
| 25 | 26 | ||
| 26 | # Redirect | 27 | # Redirect |
| 27 | include electron.profile | 28 | include electron.profile |