diff options
author | Tad <tad@spotco.us> | 2018-07-31 00:48:37 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-07-31 00:54:55 -0400 |
commit | 3c2a7e4c91aa030218b5ad7fa6291d16f1d51b53 (patch) | |
tree | cdc43b9a5e257b19ff0839a83df84db90fa5d9fd /etc | |
parent | Add XDG variable support to blacklist and read-only. (diff) | |
download | firejail-3c2a7e4c91aa030218b5ad7fa6291d16f1d51b53.tar.gz firejail-3c2a7e4c91aa030218b5ad7fa6291d16f1d51b53.tar.zst firejail-3c2a7e4c91aa030218b5ad7fa6291d16f1d51b53.zip |
Sound fixes
- Adds machine-id to all profiles with 'private-etc *pulse*'
- This fixes sound under many profiles
- This is related to #2037, except this adds etc machine-id not spoofed machine-id
- Spoofed machine-id seems to break pulseaudio on some systems
- We already do this in profiles like firefox-common (see the note in it)
- pulseaudio's enable-shm set to yes or no doesn't fix this issue on systems where it occurs
- We can revert this in the future if we find a fix
- Command used:
grep -e music -e videos -e audio -e pulse -e asound -il $(grep "machine-id" -iL $(grep "private-etc" . -Rl))
Diffstat (limited to 'etc')
-rw-r--r-- | etc/Viber.profile | 2 | ||||
-rw-r--r-- | etc/amarok.profile | 2 | ||||
-rw-r--r-- | etc/ardour5.profile | 2 | ||||
-rw-r--r-- | etc/cmus.profile | 2 | ||||
-rw-r--r-- | etc/gnome-music.profile | 2 | ||||
-rw-r--r-- | etc/goobox.profile | 2 | ||||
-rw-r--r-- | etc/minetest.profile | 2 | ||||
-rw-r--r-- | etc/musixmatch.profile | 2 | ||||
-rw-r--r-- | etc/parole.profile | 2 | ||||
-rw-r--r-- | etc/ppsspp.profile | 2 | ||||
-rw-r--r-- | etc/qupzilla.profile | 2 | ||||
-rw-r--r-- | etc/seamonkey.profile | 2 | ||||
-rw-r--r-- | etc/slack.profile | 2 | ||||
-rw-r--r-- | etc/totem.profile | 2 | ||||
-rw-r--r-- | etc/xonotic.profile | 2 | ||||
-rw-r--r-- | etc/xplayer.profile | 2 |
16 files changed, 16 insertions, 16 deletions
diff --git a/etc/Viber.profile b/etc/Viber.profile index 6a58da8c9..cb9d01e03 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile | |||
@@ -32,7 +32,7 @@ shell none | |||
32 | 32 | ||
33 | disable-mnt | 33 | disable-mnt |
34 | private-bin sh,bash,dig,awk,Viber | 34 | private-bin sh,bash,dig,awk,Viber |
35 | private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies | 35 | private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies,machine-id,asound.conf |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | noexec ${HOME} | 38 | noexec ${HOME} |
diff --git a/etc/amarok.profile b/etc/amarok.profile index aff78e210..dab23c218 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile | |||
@@ -29,5 +29,5 @@ shell none | |||
29 | 29 | ||
30 | # private-bin amarok | 30 | # private-bin amarok |
31 | private-dev | 31 | private-dev |
32 | # private-etc none | 32 | # private-etc none,machine-id,pulse,asound.conf |
33 | private-tmp | 33 | private-tmp |
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index aaac62bc8..99649cc3f 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm | 35 | #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm |
36 | private-cache | 36 | private-cache |
37 | private-dev | 37 | private-dev |
38 | #private-etc pulse,X11,alternatives,ardour4,ardour5,fonts | 38 | #private-etc pulse,X11,alternatives,ardour4,ardour5,fonts,machine-id,asound.conf |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | noexec ${HOME} | 41 | noexec ${HOME} |
diff --git a/etc/cmus.profile b/etc/cmus.profile index 3331bde22..36478ef85 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
@@ -26,4 +26,4 @@ seccomp | |||
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-bin cmus | 28 | private-bin cmus |
29 | private-etc group | 29 | private-etc group,machine-id,pulse,asound.conf |
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index 90fb9814f..15710b363 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | 38 | ||
39 | private-bin gnome-music,python* | 39 | private-bin gnome-music,python* |
40 | private-dev | 40 | private-dev |
41 | # private-etc fonts | 41 | # private-etc fonts,machine-id,pulse,asound.conf |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | noexec ${HOME} | 44 | noexec ${HOME} |
diff --git a/etc/goobox.profile b/etc/goobox.profile index 5e5aad95b..680e14a49 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
@@ -29,5 +29,5 @@ tracelog | |||
29 | 29 | ||
30 | # private-bin goobox | 30 | # private-bin goobox |
31 | private-dev | 31 | private-dev |
32 | # private-etc fonts | 32 | # private-etc fonts,machine-id,pulse,asound.conf |
33 | # private-tmp | 33 | # private-tmp |
diff --git a/etc/minetest.profile b/etc/minetest.profile index cdbf21935..6497fa9ba 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile | |||
@@ -34,7 +34,7 @@ disable-mnt | |||
34 | private-bin minetest | 34 | private-bin minetest |
35 | private-dev | 35 | private-dev |
36 | # private-etc needs to be updated, see #1702 | 36 | # private-etc needs to be updated, see #1702 |
37 | #private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies | 37 | #private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index bc8965431..b572f13d2 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile | |||
@@ -30,7 +30,7 @@ seccomp | |||
30 | 30 | ||
31 | disable-mnt | 31 | disable-mnt |
32 | private-dev | 32 | private-dev |
33 | private-etc none | 33 | private-etc none,machine-id,pulse,asound.conf |
34 | 34 | ||
35 | noexec ${HOME} | 35 | noexec ${HOME} |
36 | noexec /tmp | 36 | noexec /tmp |
diff --git a/etc/parole.profile b/etc/parole.profile index f98703bd6..17d31af15 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -26,4 +26,4 @@ shell none | |||
26 | 26 | ||
27 | private-bin parole,dbus-launch | 27 | private-bin parole,dbus-launch |
28 | private-cache | 28 | private-cache |
29 | private-etc passwd,group,fonts | 29 | private-etc passwd,group,fonts,machine-id,pulse,asound.conf |
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index 073108464..3a40b6260 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | 36 | ||
37 | # private-dev is disabled to allow controller support | 37 | # private-dev is disabled to allow controller support |
38 | #private-dev | 38 | #private-dev |
39 | private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies | 39 | private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id |
40 | private-opt ppsspp | 40 | private-opt ppsspp |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index 947689d96..da1ca2281 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
@@ -33,7 +33,7 @@ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@res | |||
33 | # tracelog | 33 | # tracelog |
34 | 34 | ||
35 | private-dev | 35 | private-dev |
36 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse | 36 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id |
37 | # private-tmp - interferes with the opening of downloaded files | 37 | # private-tmp - interferes with the opening of downloaded files |
38 | 38 | ||
39 | noexec ${HOME} | 39 | noexec ${HOME} |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 423863cc2..dc2fd8e30 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -47,4 +47,4 @@ seccomp | |||
47 | tracelog | 47 | tracelog |
48 | 48 | ||
49 | disable-mnt | 49 | disable-mnt |
50 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 50 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse,machine-id |
diff --git a/etc/slack.profile b/etc/slack.profile index 13106255b..91bf0a722 100644 --- a/etc/slack.profile +++ b/etc/slack.profile | |||
@@ -37,5 +37,5 @@ shell none | |||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin slack,locale | 38 | private-bin slack,locale |
39 | private-dev | 39 | private-dev |
40 | private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies | 40 | private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies,machine-id |
41 | private-tmp | 41 | private-tmp |
diff --git a/etc/totem.profile b/etc/totem.profile index 3ac25440b..911999665 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -33,7 +33,7 @@ shell none | |||
33 | private-bin totem | 33 | private-bin totem |
34 | private-cache | 34 | private-cache |
35 | private-dev | 35 | private-dev |
36 | # private-etc fonts | 36 | # private-etc fonts,machine-id,pulse,asound.conf |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | noexec ${HOME} | 39 | noexec ${HOME} |
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 1d2493f36..30f5c735d 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -34,7 +34,7 @@ disable-mnt | |||
34 | private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl | 34 | private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl |
35 | private-dev | 35 | private-dev |
36 | # private-etc breaks audio on some distros | 36 | # private-etc breaks audio on some distros |
37 | #private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies | 37 | #private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 46579ead8..5873e2436 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -39,7 +39,7 @@ tracelog | |||
39 | 39 | ||
40 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer | 40 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer |
41 | private-dev | 41 | private-dev |
42 | # private-etc fonts | 42 | # private-etc fonts,machine-id,pulse,asound.conf |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
45 | noexec ${HOME} | 45 | noexec ${HOME} |