diff options
| author |  netblue30 <netblue30@yahoo.com> | 2018-03-12 16:44:30 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2018-03-12 16:44:30 -0400 |
| commit | 970f739e2be202a39ab82f589d5773267b903de6 (patch) | |
| tree | bdecad49c56c7a5b6491ac7b66318ff26823c3a5 /etc | |
| parent | private-lib bug: 32 bit libraries being copied instead of 64 bit versions; sp... (diff) | |
| download | firejail-970f739e2be202a39ab82f589d5773267b903de6.tar.gz firejail-970f739e2be202a39ab82f589d5773267b903de6.tar.zst firejail-970f739e2be202a39ab82f589d5773267b903de6.zip | |
bringing back private-lib in evince, and some fixes for Arch Linux
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/atril.profile | 2 | ||||
| -rw-r--r-- | etc/default.profile | 3 | ||||
| -rw-r--r-- | etc/disable-common.inc | 3 | ||||
| -rw-r--r-- | etc/eog.profile | 2 | ||||
| -rw-r--r-- | etc/eom.profile | 2 | ||||
| -rw-r--r-- | etc/evince.profile | 4 |
6 files changed, 11 insertions, 5 deletions
diff --git a/etc/atril.profile b/etc/atril.profile index e13618c0b..215f0ab96 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
| @@ -37,7 +37,7 @@ private-dev | |||
| 37 | private-etc fonts,ld.so.cache | 37 | private-etc fonts,ld.so.cache |
| 38 | # atril uses webkit gtk to display epub files | 38 | # atril uses webkit gtk to display epub files |
| 39 | # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 | 39 | # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 |
| 40 | private-lib webkit2gtk-4.0 | 40 | #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit |
| 41 | private-tmp | 41 | private-tmp |
| 42 | 42 | ||
| 43 | # webkit gtk killed by memory-deny-write-execute | 43 | # webkit gtk killed by memory-deny-write-execute |
diff --git a/etc/default.profile b/etc/default.profile index 82eded802..226e808ed 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
| @@ -8,6 +8,9 @@ include /etc/firejail/globals.local | |||
| 8 | # generic gui profile | 8 | # generic gui profile |
| 9 | # depending on your usage, you can enable some of the commands below: | 9 | # depending on your usage, you can enable some of the commands below: |
| 10 | 10 | ||
| 11 | # required under CentOS 7 | ||
| 12 | noblacklist /etc/profile.d | ||
| 13 | |||
| 11 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 12 | # include /etc/firejail/disable-devel.inc | 15 | # include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index cd5ec5d25..19be56f86 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -171,8 +171,7 @@ blacklist /var/spool/mail | |||
| 171 | # etc | 171 | # etc |
| 172 | blacklist /etc/anacrontab | 172 | blacklist /etc/anacrontab |
| 173 | blacklist /etc/cron* | 173 | blacklist /etc/cron* |
| 174 | # on CentOS 7 /etc/profile.d/vte.sh is required by bash | 174 | blacklist /etc/profile.d |
| 175 | #blacklist /etc/profile.d | ||
| 176 | blacklist /etc/rc.local | 175 | blacklist /etc/rc.local |
| 177 | # rc1.d, rc2.d, ... | 176 | # rc1.d, rc2.d, ... |
| 178 | blacklist /etc/rc?.d | 177 | blacklist /etc/rc?.d |
diff --git a/etc/eog.profile b/etc/eog.profile index cf6b1c1c6..6d61dceac 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
| @@ -39,6 +39,6 @@ private-etc fonts | |||
| 39 | private-lib | 39 | private-lib |
| 40 | private-tmp | 40 | private-tmp |
| 41 | 41 | ||
| 42 | memory-deny-write-execute | 42 | #memory-deny-write-execute - breaks on Arch |
| 43 | noexec ${HOME} | 43 | noexec ${HOME} |
| 44 | noexec /tmp | 44 | noexec /tmp |
diff --git a/etc/eom.profile b/etc/eom.profile index 4edd8fafe..c7af470c6 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
| @@ -40,6 +40,6 @@ private-etc fonts | |||
| 40 | private-lib | 40 | private-lib |
| 41 | private-tmp | 41 | private-tmp |
| 42 | 42 | ||
| 43 | memory-deny-write-execute | 43 | #memory-deny-write-execute - breaks on Arch |
| 44 | noexec ${HOME} | 44 | noexec ${HOME} |
| 45 | noexec /tmp | 45 | noexec /tmp |
diff --git a/etc/evince.profile b/etc/evince.profile index 76aaab233..0a7a28580 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
| @@ -36,7 +36,11 @@ tracelog | |||
| 36 | private-bin evince,evince-previewer,evince-thumbnailer | 36 | private-bin evince,evince-previewer,evince-thumbnailer |
| 37 | private-dev | 37 | private-dev |
| 38 | private-etc fonts | 38 | private-etc fonts |
| 39 | |||
| 39 | #private-lib - seems to be breaking on Gnome Shell 3.26.2, Mutter WM, issue 1711 | 40 | #private-lib - seems to be breaking on Gnome Shell 3.26.2, Mutter WM, issue 1711 |
| 41 | # testing private-lib all over again - problem with 32bit libraries found and fixed for CentOS | ||
| 42 | private-lib | ||
| 43 | |||
| 40 | private-tmp | 44 | private-tmp |
| 41 | 45 | ||
| 42 | #memory-deny-write-execute - breaks application on Archlinux, issue 1803 | 46 | #memory-deny-write-execute - breaks application on Archlinux, issue 1803 |