5 files changed, 194 insertions, 175 deletions
diff --git a/.gitignore b/.gitignore
index 16169ab94..76ce6c7ec 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,6 +9,7 @@
 *.DS_Store
 .directory
 *.man
+.vscode
 Makefile
 autom4te.cache/
 config.log
diff --git a/contrib/jail_prober.py b/contrib/jail_prober.py
index dad790b57..67e851282 100755
--- a/contrib/jail_prober.py
+++ b/contrib/jail_prober.py
@@ -1,174 +1,186 @@
-#!/usr/bin/env python3
+#!/usr/bin/env python3
-# This file is part of Firejail project
+# This file is part of Firejail project
-# Copyright (C) 2014-2020 Firejail Authors
+# Copyright (C) 2014-2020 Firejail Authors
-# License GPL v2
+# License GPL v2
-"""
+"""
-Figure out which profile options may be causing a particular program to break
+Figure out which profile options may be causing a particular program to break
-when run in firejail.
+when run in firejail.
-Instead of having to comment out each line in a profile by hand, and then
+Instead of having to comment out each line in a profile by hand, and then
-enable each line individually until the bad line or lines are found, this
+enable each line individually until the bad line or lines are found, this
-largely automates the process. Users only have to provide the path to the
+largely automates the process. Users only have to provide the path to the
-profile, program name, and answer 'y' for yes or 'n' for no when prompted.
+profile, program name, and answer 'y' for yes or 'n' for no when prompted.
-After completion, you'll be provided with some information to copy and then
+After completion, you'll be provided with some information to copy and then
-paste into a GitHub issue in the Firejail project repository:
+paste into a GitHub issue in the Firejail project repository:
-https://github.com/netblue30/firejail/issues
+https://github.com/netblue30/firejail/issues
-Paths to the profile should be absolute. If the program is in your path, then
+Paths to the profile should be absolute. If the program is in your path, then
-you only have to type the profile name. Else, you'll need to provide the
+you only have to type the profile name. Else, you'll need to provide the
-absolute path to the profile.
+absolute path to the profile.
-Examples:
+Examples:
-python jail_prober.py /etc/firejail/spotify.profile spotify
+python jail_prober.py /etc/firejail/spotify.profile spotify
-python jail_prober.py /usr/local/etc/firejail/firefox.profile /usr/bin/firefox
+python jail_prober.py /usr/local/etc/firejail/firefox.profile /usr/bin/firefox
-"""
+"""
-import sys
+import sys
-import os
+import os
-import subprocess
+import subprocess
-def check_params(profilePath):
+def check_params(profile_path):
-    """
+    """
-    Ensure the path to the profile is valid and that an actual profile has been
+    Ensure the path to the profile is valid and that an actual profile has been
-    passed (as opposed to a config or .local file).
+    passed (as opposed to a config or .local file).
-    :params profilePath: The absolute path to the problematic profile.
+    Args:
-    """
+        profile_path:       The absolute path to the problematic profile
-    if not os.path.isfile(profilePath):
-        raise FileNotFoundError(
+    Raises:
-            'The path %s is not a valid system path.' % profilePath)
+        FileNotFoundError:  If the provided path isn't real
-    if not profilePath.endswith('.profile'):
-        raise ValueError('%s is not a valid Firejail profile.' % profilePath)
+        ValueError:         If the provided path is real but doesn't point to
+                            a Firejail profile
+    """
-def get_args(profilePath):
+    if not os.path.isfile(profile_path):
-    """
+        raise FileNotFoundError('The path %s is not a valid system path.' %
-    Read the profile, stripping out comments and newlines
+                                profile_path)
+    if not profile_path.endswith('.profile'):
-    :params profilePath: The absolute path to the problematic profile.
+        raise ValueError('%s is not a valid Firejail profile.' % profile_path)
-    :returns profile: A list containing all active profile arguments
-    """
+def get_args(profile_path):
-    with open(profilePath, 'r') as f:
+    """
-        profile = f.readlines()
+    Read the profile, stripping out comments and newlines
-        profile = [
-            arg.strip() for arg in profile
+    Args:
-            if not arg.startswith('#') and arg.strip() != ''
+        profile_path:   The absolute path to the problematic profile.
-        ]
+    Returns:
-    return profile
+        A list containing all active profile arguments
+    """
+    with open(profile_path, 'r') as f:
-def arg_converter(argList, style):
+        profile = f.readlines()
-    """
+        profile = [
-    Convert between firejail command-line arguments (--example=something) and
+            arg.strip() for arg in profile
-    profile arguments (example something)
+            if not arg.startswith('#') and arg.strip() != ''
+        ]
-    :params argList: A list of firejail arguments
+    return profile
-    :params style: Whether to convert arguments to command-line form or profile
-    form
-    """
+def arg_converter(arg_list, style):
-    if style == 'to_profile':
+    """
-        oldSep = '='
+    Convert between firejail command-line arguments (--example=something) and
-        newSep = ' '
+    profile arguments (example something)
-        prefix = ''
-    elif style == 'to_commandline':
+    Args:
-        oldSep = ' '
+        arg_list:   A list of firejail arguments
-        newSep = '='
-        prefix = '--'
+        style:      String, one of {'to_profile', 'to_commandline'}. Whether to
-    newArgs = [prefix + word.replace(oldSep, newSep) for word in argList]
+                    convert arguments to command-line form or profile form
-    # Additional strip of '--' if converting to profile form
+    """
-    if style == 'to_profile':
+    if style == 'to_profile':
-        newArgs = [word[2:] for word in newArgs]
+        old_sep = '='
+        new_sep = ' '
-    # Remove invalid '--include' args if converting to command-line form
+        prefix = ''
-    elif style == 'to_commandline':
+    elif style == 'to_commandline':
-        newArgs = [word for word in newArgs if 'include' not in word]
+        old_sep = ' '
+        new_sep = '='
-    return newArgs
+        prefix = '--'
+    new_args = [prefix + word.replace(old_sep, new_sep) for word in arg_list]
+    # Additional strip of '--' if converting to profile form
-def run_firejail(program, allArgs):
+    if style == 'to_profile':
-    """
+        new_args = [word[2:] for word in new_args]
-    Attempt to run the program in firejail, incrementally adding to the number
-    of firejail arguments. Initial run has no additional params besides
+    # Remove invalid '--include' args if converting to command-line form
-    noprofile.
+    elif style == 'to_commandline':
+        new_args = [word for word in new_args if 'include' not in word]
-    :params program: The program name. If it doesn't exist in the user's path
-    then the full path should be provided.
+    return new_args
-    :params allArgs: A list of all Firejail arguments to try, in command-line
-    format.
+def run_firejail(program, all_args):
+    """
-    :returns goodArgs: A list of arguments that the user has reported to not
+    Attempt to run the program in firejail, incrementally adding to the number
-    affect the program
+    of firejail arguments. Initial run has no additional params besides
+    noprofile.
-    :returns badArgs: A list of arguments that the user has reported to break
-    the program when sandboxing with Firejail
+    Args:
-    """
+        program:    String, the program name. If it doesn't exist in $PATH then
-    goodArgs = ['firejail', '--noprofile', program]
+                    the full path to the program should be provided
-    badArgs = []
-    allArgs.insert(0,"")
+        all_args:   List, all Firejail arguments to try, in command-line format
-    print('Attempting to run %s in Firejail' % program)
+                    (i.e. prefixed by '--')
-    for arg in allArgs:
-        if arg:
+    Returns:
-            print('Running with', arg)
+        good_args:  List, all Firejail arguments that the user has reported to
-        else:
+                    not adversely affect the program
-            print('Running without profile')
-        #We are adding the argument in a copy of the actual list to avoid modify it now.
+        bad_args:   List, all Firejail arguments that the user has reported to
-        myargs=goodArgs.copy()
+                    break the program
-        if arg:
+    """
-            myargs.insert(-1,arg)
+    good_args = ['firejail', '--noprofile', program]
-        subprocess.call(myargs)
+    bad_args = []
-        ans = input('Did %s run correctly? [y]/n ' % program)
+    all_args.insert(0, "")
-        if ans in ['n', 'N']:
+    print('Attempting to run %s in Firejail' % program)
-            badArgs.append(arg)
+    for arg in all_args:
-        elif arg:
+        if arg:
-            goodArgs.insert(-1, arg)
+            print('Running with', arg)
-        print('\n')
+        else:
-    # Don't include 'firejail', '--noprofile', or program name in arguments
+            print('Running without profile')
-    goodArgs = goodArgs[2:-1]
+        #We are adding the argument in a copy of the actual list to avoid modify it now.
+        myargs = good_args.copy()
-    return goodArgs, badArgs
+        if arg:
+            myargs.insert(-1, arg)
+        subprocess.call(myargs)
-def main():
+        ans = input('Did %s run correctly? [y]/n ' % program)
-    profilePath = sys.argv[1]
+        if ans in ['n', 'N']:
-    program = sys.argv[2]
+            bad_args.append(arg)
-    # Quick error check and extract arguments
+        elif arg:
-    check_params(profilePath)
+            good_args.insert(-1, arg)
-    profile = get_args(profilePath)
+        print('\n')
-    allArgs = arg_converter(profile, 'to_commandline')
+    # Don't include 'firejail', '--noprofile', or program name in arguments
-    # Find out which profile options break the program when running in firejail
+    good_args = good_args[2:-1]
-    goodArgs, badArgs = run_firejail(program, allArgs)
+    return good_args, bad_args
-    goodArgs = arg_converter(goodArgs, 'to_profile')
-    badArgs = arg_converter(badArgs, 'to_profile')
+def main():
-    print('\n###########################')
+    profile_path = sys.argv[1]
-    print('Debugging completed.')
+    program = sys.argv[2]
-    print(
+    # Quick error check and extract arguments
-        'Please copy the following and report it to the Firejail development',
+    check_params(profile_path)
-        'team on GitHub at %s \n\n' %
+    profile = get_args(profile_path)
-        'https://github.com/netblue30/firejail/issues')
+    all_args = arg_converter(profile, 'to_commandline')
+    # Find out which profile options break the program when running in firejail
-    subprocess.call(['firejail', '--version'])
+    good_args, bad_args = run_firejail(program, all_args)
-    print('These profile options break the program.')
+    good_args = arg_converter(good_args, 'to_profile')
-    print('```')
+    bad_args = arg_converter(bad_args, 'to_profile')
-    for item in badArgs:
-        print(item)
+    print('\n###########################')
-    print('```\n\n\n')
+    print('Debugging completed.')
+    print(
-    print('This is a minimal working profile:')
+        'Please copy the following and report it to the Firejail development',
-    print('```')
+        'team on GitHub at %s \n\n' %
-    for item in goodArgs:
+        'https://github.com/netblue30/firejail/issues')
-        print(item)
-    print('```')
+    subprocess.call(['firejail', '--version'])
+    print('These profile options break the program.')
-if __name__ == '__main__':
+    print('```')
-    main()
+    for item in bad_args:
+        print(item)
+    print('```\n\n\n')
+    print('This is a minimal working profile:')
+    print('```')
+    for item in good_args:
+        print(item)
+    print('```')
+if __name__ == '__main__':
+    main()
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 4f90e6413..cc4f81fa6 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -214,6 +214,7 @@ blacklist ${HOME}/.config/evince
 blacklist ${HOME}/.config/evolution
 blacklist ${HOME}/.config/falkon
 blacklist ${HOME}/.config/filezilla
+blacklist ${HOME}/.config/flameshot
 blacklist ${HOME}/.config/flaska.net
 blacklist ${HOME}/.config/flowblade
 blacklist ${HOME}/.config/font-manager
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile
index 337311ed8..ce2013c57 100644
--- a/etc/profile-a-l/firefox.profile
+++ b/etc/profile-a-l/firefox.profile
@@ -24,7 +24,7 @@ include whitelist-usr-share-common.inc
 # firefox requires a shell to launch on Arch.
 #private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which
 # Fedora use shell scripts to launch firefox, at least this is required
-#private-bin basename,bash,cat,dirname,expr,false,firefox,firefox-wayland,ln,mkdir,pidof,rm,rmdir,sed,sh,tclsh,true,uname
+#private-bin basename,bash,cat,dirname,expr,false,firefox,firefox-wayland,getenforce,ln,mkdir,pidof,restorecon,rm,rmdir,sed,sh,tclsh,true,uname
 # private-etc must first be enabled in firefox-common.profile
 #private-etc firefox
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
index 7c41417ec..357354e70 100644
--- a/etc/profile-a-l/flameshot.profile
+++ b/etc/profile-a-l/flameshot.profile
@@ -9,6 +9,7 @@ include globals.local
 noblacklist ${PICTURES}
 noblacklist ${HOME}/.config/Dharkael
+noblacklist ${HOME}/.config/flameshot
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +20,11 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
+#mkdir ${HOME}/.config/Dharkael
+#mkdir ${HOME}/.config/flameshot
 #whitelist ${PICTURES}
 #whitelist ${HOME}/.config/Dharkael
+#whitelist ${HOME}/.config/flameshot
 whitelist /usr/share/flameshot
 #include whitelist-common.inc
 include whitelist-runuser-common.inc
@@ -53,4 +57,5 @@ private-tmp
 dbus-user filter
 dbus-user.own org.dharkael.Flameshot
+dbus-user.own org.flameshot.Flameshot
 dbus-system none

diff --git a/.gitignore b/.gitignore index 16169ab94..76ce6c7ec 100644 --- a/.gitignore +++ b/.gitignore
@@ -9,6 +9,7 @@
9	*.DS_Store	9	*.DS_Store
10	.directory	10	.directory
11	*.man	11	*.man
		12	.vscode
12	Makefile	13	Makefile
13	autom4te.cache/	14	autom4te.cache/
14	config.log	15	config.log


diff --git a/contrib/jail_prober.py b/contrib/jail_prober.py index dad790b57..67e851282 100755 --- a/contrib/jail_prober.py +++ b/contrib/jail_prober.py
@@ -1,174 +1,186 @@
1	#!/usr/bin/env python3	1	#!/usr/bin/env python3
2	# This file is part of Firejail project	2	# This file is part of Firejail project
3	# Copyright (C) 2014-2020 Firejail Authors	3	# Copyright (C) 2014-2020 Firejail Authors
4	# License GPL v2	4	# License GPL v2
5	"""	5	"""
6	Figure out which profile options may be causing a particular program to break	6	Figure out which profile options may be causing a particular program to break
7	when run in firejail.	7	when run in firejail.
8		8
9	Instead of having to comment out each line in a profile by hand, and then	9	Instead of having to comment out each line in a profile by hand, and then
10	enable each line individually until the bad line or lines are found, this	10	enable each line individually until the bad line or lines are found, this
11	largely automates the process. Users only have to provide the path to the	11	largely automates the process. Users only have to provide the path to the
12	profile, program name, and answer 'y' for yes or 'n' for no when prompted.	12	profile, program name, and answer 'y' for yes or 'n' for no when prompted.
13		13
14	After completion, you'll be provided with some information to copy and then	14	After completion, you'll be provided with some information to copy and then
15	paste into a GitHub issue in the Firejail project repository:	15	paste into a GitHub issue in the Firejail project repository:
16	https://github.com/netblue30/firejail/issues	16	https://github.com/netblue30/firejail/issues
17		17
18	Paths to the profile should be absolute. If the program is in your path, then	18	Paths to the profile should be absolute. If the program is in your path, then
19	you only have to type the profile name. Else, you'll need to provide the	19	you only have to type the profile name. Else, you'll need to provide the
20	absolute path to the profile.	20	absolute path to the profile.
21		21
22	Examples:	22	Examples:
23	python jail_prober.py /etc/firejail/spotify.profile spotify	23	python jail_prober.py /etc/firejail/spotify.profile spotify
24	python jail_prober.py /usr/local/etc/firejail/firefox.profile /usr/bin/firefox	24	python jail_prober.py /usr/local/etc/firejail/firefox.profile /usr/bin/firefox
25	"""	25	"""
26		26
27	import sys	27	import sys
28	import os	28	import os
29	import subprocess	29	import subprocess
30		30
31		31
32	def check_params(profilePath):	32	def check_params(profile_path):
33	"""	33	"""
34	Ensure the path to the profile is valid and that an actual profile has been	34	Ensure the path to the profile is valid and that an actual profile has been
35	passed (as opposed to a config or .local file).	35	passed (as opposed to a config or .local file).
36		36
37	:params profilePath: The absolute path to the problematic profile.	37	Args:
38	"""	38	profile_path: The absolute path to the problematic profile
39	if not os.path.isfile(profilePath):	39
40	raise FileNotFoundError(	40	Raises:
41	'The path %s is not a valid system path.' % profilePath)	41	FileNotFoundError: If the provided path isn't real
42	if not profilePath.endswith('.profile'):	42
43	raise ValueError('%s is not a valid Firejail profile.' % profilePath)	43	ValueError: If the provided path is real but doesn't point to
44		44	a Firejail profile
45		45	"""
46	def get_args(profilePath):	46	if not os.path.isfile(profile_path):
47	"""	47	raise FileNotFoundError('The path %s is not a valid system path.' %
48	Read the profile, stripping out comments and newlines	48	profile_path)
49		49	if not profile_path.endswith('.profile'):
50	:params profilePath: The absolute path to the problematic profile.	50	raise ValueError('%s is not a valid Firejail profile.' % profile_path)
51		51
52	:returns profile: A list containing all active profile arguments	52
53	"""	53	def get_args(profile_path):
54	with open(profilePath, 'r') as f:	54	"""
55	profile = f.readlines()	55	Read the profile, stripping out comments and newlines
56	profile = [	56
57	arg.strip() for arg in profile	57	Args:
58	if not arg.startswith('#') and arg.strip() != ''	58	profile_path: The absolute path to the problematic profile.
59	]	59
60		60	Returns:
61	return profile	61	A list containing all active profile arguments
62		62	"""
63		63	with open(profile_path, 'r') as f:
64	def arg_converter(argList, style):	64	profile = f.readlines()
65	"""	65	profile = [
66	Convert between firejail command-line arguments (--example=something) and	66	arg.strip() for arg in profile
67	profile arguments (example something)	67	if not arg.startswith('#') and arg.strip() != ''
68		68	]
69	:params argList: A list of firejail arguments	69
70		70	return profile
71	:params style: Whether to convert arguments to command-line form or profile	71
72	form	72
73	"""	73	def arg_converter(arg_list, style):
74	if style == 'to_profile':	74	"""
75	oldSep = '='	75	Convert between firejail command-line arguments (--example=something) and
76	newSep = ' '	76	profile arguments (example something)
77	prefix = ''	77
78	elif style == 'to_commandline':	78	Args:
79	oldSep = ' '	79	arg_list: A list of firejail arguments
80	newSep = '='	80
81	prefix = '--'	81	style: String, one of {'to_profile', 'to_commandline'}. Whether to
82	newArgs = [prefix + word.replace(oldSep, newSep) for word in argList]	82	convert arguments to command-line form or profile form
83	# Additional strip of '--' if converting to profile form	83	"""
84	if style == 'to_profile':	84	if style == 'to_profile':
85	newArgs = [word[2:] for word in newArgs]	85	old_sep = '='
86		86	new_sep = ' '
87	# Remove invalid '--include' args if converting to command-line form	87	prefix = ''
88	elif style == 'to_commandline':	88	elif style == 'to_commandline':
89	newArgs = [word for word in newArgs if 'include' not in word]	89	old_sep = ' '
90		90	new_sep = '='
91	return newArgs	91	prefix = '--'
92		92	new_args = [prefix + word.replace(old_sep, new_sep) for word in arg_list]
93		93	# Additional strip of '--' if converting to profile form
94	def run_firejail(program, allArgs):	94	if style == 'to_profile':
95	"""	95	new_args = [word[2:] for word in new_args]
96	Attempt to run the program in firejail, incrementally adding to the number	96
97	of firejail arguments. Initial run has no additional params besides	97	# Remove invalid '--include' args if converting to command-line form
98	noprofile.	98	elif style == 'to_commandline':
99		99	new_args = [word for word in new_args if 'include' not in word]
100	:params program: The program name. If it doesn't exist in the user's path	100
101	then the full path should be provided.	101	return new_args
102		102
103	:params allArgs: A list of all Firejail arguments to try, in command-line	103
104	format.	104	def run_firejail(program, all_args):
105		105	"""
106	:returns goodArgs: A list of arguments that the user has reported to not	106	Attempt to run the program in firejail, incrementally adding to the number
107	affect the program	107	of firejail arguments. Initial run has no additional params besides
108		108	noprofile.
109	:returns badArgs: A list of arguments that the user has reported to break	109
110	the program when sandboxing with Firejail	110	Args:
111	"""	111	program: String, the program name. If it doesn't exist in $PATH then
112	goodArgs = ['firejail', '--noprofile', program]	112	the full path to the program should be provided
113	badArgs = []	113
114	allArgs.insert(0,"")	114	all_args: List, all Firejail arguments to try, in command-line format
115	print('Attempting to run %s in Firejail' % program)	115	(i.e. prefixed by '--')
116	for arg in allArgs:	116
117	if arg:	117	Returns:
118	print('Running with', arg)	118	good_args: List, all Firejail arguments that the user has reported to
119	else:	119	not adversely affect the program
120	print('Running without profile')	120
121	#We are adding the argument in a copy of the actual list to avoid modify it now.	121	bad_args: List, all Firejail arguments that the user has reported to
122	myargs=goodArgs.copy()	122	break the program
123	if arg:	123	"""
124	myargs.insert(-1,arg)	124	good_args = ['firejail', '--noprofile', program]
125	subprocess.call(myargs)	125	bad_args = []
126	ans = input('Did %s run correctly? [y]/n ' % program)	126	all_args.insert(0, "")
127	if ans in ['n', 'N']:	127	print('Attempting to run %s in Firejail' % program)
128	badArgs.append(arg)	128	for arg in all_args:
129	elif arg:	129	if arg:
130	goodArgs.insert(-1, arg)	130	print('Running with', arg)
131	print('\n')	131	else:
132	# Don't include 'firejail', '--noprofile', or program name in arguments	132	print('Running without profile')
133	goodArgs = goodArgs[2:-1]	133	#We are adding the argument in a copy of the actual list to avoid modify it now.
134		134	myargs = good_args.copy()
135	return goodArgs, badArgs	135	if arg:
136		136	myargs.insert(-1, arg)
137		137	subprocess.call(myargs)
138	def main():	138	ans = input('Did %s run correctly? [y]/n ' % program)
139	profilePath = sys.argv[1]	139	if ans in ['n', 'N']:
140	program = sys.argv[2]	140	bad_args.append(arg)
141	# Quick error check and extract arguments	141	elif arg:
142	check_params(profilePath)	142	good_args.insert(-1, arg)
143	profile = get_args(profilePath)	143	print('\n')
144	allArgs = arg_converter(profile, 'to_commandline')	144	# Don't include 'firejail', '--noprofile', or program name in arguments
145	# Find out which profile options break the program when running in firejail	145	good_args = good_args[2:-1]
146	goodArgs, badArgs = run_firejail(program, allArgs)	146
147		147	return good_args, bad_args
148	goodArgs = arg_converter(goodArgs, 'to_profile')	148
149	badArgs = arg_converter(badArgs, 'to_profile')	149
150		150	def main():
151	print('\n###########################')	151	profile_path = sys.argv[1]
152	print('Debugging completed.')	152	program = sys.argv[2]
153	print(	153	# Quick error check and extract arguments
154	'Please copy the following and report it to the Firejail development',	154	check_params(profile_path)
155	'team on GitHub at %s \n\n' %	155	profile = get_args(profile_path)
156	'https://github.com/netblue30/firejail/issues')	156	all_args = arg_converter(profile, 'to_commandline')
157		157	# Find out which profile options break the program when running in firejail
158	subprocess.call(['firejail', '--version'])	158	good_args, bad_args = run_firejail(program, all_args)
159		159
160	print('These profile options break the program.')	160	good_args = arg_converter(good_args, 'to_profile')
161	print('```')	161	bad_args = arg_converter(bad_args, 'to_profile')
162	for item in badArgs:	162
163	print(item)	163	print('\n###########################')
164	print('```\n\n\n')	164	print('Debugging completed.')
165		165	print(
166	print('This is a minimal working profile:')	166	'Please copy the following and report it to the Firejail development',
167	print('```')	167	'team on GitHub at %s \n\n' %
168	for item in goodArgs:	168	'https://github.com/netblue30/firejail/issues')
169	print(item)	169
170	print('```')	170	subprocess.call(['firejail', '--version'])
171		171
172		172	print('These profile options break the program.')
173	if __name__ == '__main__':	173	print('```')
174	main()	174	for item in bad_args:
		175	print(item)
		176	print('```\n\n\n')
		177
		178	print('This is a minimal working profile:')
		179	print('```')
		180	for item in good_args:
		181	print(item)
		182	print('```')
		183
		184
		185	if __name__ == '__main__':
		186	main()


diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 4f90e6413..cc4f81fa6 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -214,6 +214,7 @@ blacklist ${HOME}/.config/evince
214	blacklist ${HOME}/.config/evolution	214	blacklist ${HOME}/.config/evolution
215	blacklist ${HOME}/.config/falkon	215	blacklist ${HOME}/.config/falkon
216	blacklist ${HOME}/.config/filezilla	216	blacklist ${HOME}/.config/filezilla
		217	blacklist ${HOME}/.config/flameshot
217	blacklist ${HOME}/.config/flaska.net	218	blacklist ${HOME}/.config/flaska.net
218	blacklist ${HOME}/.config/flowblade	219	blacklist ${HOME}/.config/flowblade
219	blacklist ${HOME}/.config/font-manager	220	blacklist ${HOME}/.config/font-manager


diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile index 337311ed8..ce2013c57 100644 --- a/etc/profile-a-l/firefox.profile +++ b/etc/profile-a-l/firefox.profile
@@ -24,7 +24,7 @@ include whitelist-usr-share-common.inc
24	# firefox requires a shell to launch on Arch.	24	# firefox requires a shell to launch on Arch.
25	#private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which	25	#private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which
26	# Fedora use shell scripts to launch firefox, at least this is required	26	# Fedora use shell scripts to launch firefox, at least this is required
27	#private-bin basename,bash,cat,dirname,expr,false,firefox,firefox-wayland,ln,mkdir,pidof,rm,rmdir,sed,sh,tclsh,true,uname	27	#private-bin basename,bash,cat,dirname,expr,false,firefox,firefox-wayland,getenforce,ln,mkdir,pidof,restorecon,rm,rmdir,sed,sh,tclsh,true,uname
28	# private-etc must first be enabled in firefox-common.profile	28	# private-etc must first be enabled in firefox-common.profile
29	#private-etc firefox	29	#private-etc firefox
30		30


diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index 7c41417ec..357354e70 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile
@@ -9,6 +9,7 @@ include globals.local
9		9
10	noblacklist ${PICTURES}	10	noblacklist ${PICTURES}
11	noblacklist ${HOME}/.config/Dharkael	11	noblacklist ${HOME}/.config/Dharkael
		12	noblacklist ${HOME}/.config/flameshot
12		13
13	include disable-common.inc	14	include disable-common.inc
14	include disable-devel.inc	15	include disable-devel.inc
@@ -19,8 +20,11 @@ include disable-programs.inc
19	include disable-shell.inc	20	include disable-shell.inc
20	include disable-xdg.inc	21	include disable-xdg.inc
21		22
		23	#mkdir ${HOME}/.config/Dharkael
		24	#mkdir ${HOME}/.config/flameshot
22	#whitelist ${PICTURES}	25	#whitelist ${PICTURES}
23	#whitelist ${HOME}/.config/Dharkael	26	#whitelist ${HOME}/.config/Dharkael
		27	#whitelist ${HOME}/.config/flameshot
24	whitelist /usr/share/flameshot	28	whitelist /usr/share/flameshot
25	#include whitelist-common.inc	29	#include whitelist-common.inc
26	include whitelist-runuser-common.inc	30	include whitelist-runuser-common.inc
@@ -53,4 +57,5 @@ private-tmp
53		57
54	dbus-user filter	58	dbus-user filter
55	dbus-user.own org.dharkael.Flameshot	59	dbus-user.own org.dharkael.Flameshot
		60	dbus-user.own org.flameshot.Flameshot
56	dbus-system none	61	dbus-system none