diff options
-rw-r--r-- | etc/firejail.config | 3 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/profile-m-z/qbittorrent.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/wireshark.profile | 2 |
4 files changed, 7 insertions, 2 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 7912b746c..856018101 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -2,7 +2,8 @@ | |||
2 | # keyword-argument pairs, one per line. Most features are enabled by default. | 2 | # keyword-argument pairs, one per line. Most features are enabled by default. |
3 | # Use 'yes' or 'no' as configuration values. | 3 | # Use 'yes' or 'no' as configuration values. |
4 | 4 | ||
5 | # Allow programs to display a tray icon | 5 | # Allow programs to display a tray icon (warning: allows escaping the sandbox; |
6 | # see https://github.com/netblue30/firejail/discussions/4053) | ||
6 | # allow-tray no | 7 | # allow-tray no |
7 | 8 | ||
8 | # Enable AppArmor functionality, default enabled. | 9 | # Enable AppArmor functionality, default enabled. |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 255da0fbd..6b9747fb4 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -962,6 +962,7 @@ blacklist ${HOME}/.local/share/plasma_notes | |||
962 | blacklist ${HOME}/.local/share/profanity | 962 | blacklist ${HOME}/.local/share/profanity |
963 | blacklist ${HOME}/.local/share/psi | 963 | blacklist ${HOME}/.local/share/psi |
964 | blacklist ${HOME}/.local/share/psi+ | 964 | blacklist ${HOME}/.local/share/psi+ |
965 | blacklist ${HOME}/.local/share/qBittorrent | ||
965 | blacklist ${HOME}/.local/share/qpdfview | 966 | blacklist ${HOME}/.local/share/qpdfview |
966 | blacklist ${HOME}/.local/share/quadrapassel | 967 | blacklist ${HOME}/.local/share/quadrapassel |
967 | blacklist ${HOME}/.local/share/qutebrowser | 968 | blacklist ${HOME}/.local/share/qutebrowser |
diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile index 8778ec5fb..ebe67c63b 100644 --- a/etc/profile-m-z/qbittorrent.profile +++ b/etc/profile-m-z/qbittorrent.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.cache/qBittorrent | |||
10 | noblacklist ${HOME}/.config/qBittorrent | 10 | noblacklist ${HOME}/.config/qBittorrent |
11 | noblacklist ${HOME}/.config/qBittorrentrc | 11 | noblacklist ${HOME}/.config/qBittorrentrc |
12 | noblacklist ${HOME}/.local/share/data/qBittorrent | 12 | noblacklist ${HOME}/.local/share/data/qBittorrent |
13 | noblacklist ${HOME}/.local/share/qBittorrent | ||
13 | 14 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 15 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 16 | include allow-python2.inc |
@@ -26,11 +27,13 @@ mkdir ${HOME}/.cache/qBittorrent | |||
26 | mkdir ${HOME}/.config/qBittorrent | 27 | mkdir ${HOME}/.config/qBittorrent |
27 | mkfile ${HOME}/.config/qBittorrentrc | 28 | mkfile ${HOME}/.config/qBittorrentrc |
28 | mkdir ${HOME}/.local/share/data/qBittorrent | 29 | mkdir ${HOME}/.local/share/data/qBittorrent |
30 | mkdir ${HOME}/.local/share/qBittorrent | ||
29 | whitelist ${DOWNLOADS} | 31 | whitelist ${DOWNLOADS} |
30 | whitelist ${HOME}/.cache/qBittorrent | 32 | whitelist ${HOME}/.cache/qBittorrent |
31 | whitelist ${HOME}/.config/qBittorrent | 33 | whitelist ${HOME}/.config/qBittorrent |
32 | whitelist ${HOME}/.config/qBittorrentrc | 34 | whitelist ${HOME}/.config/qBittorrentrc |
33 | whitelist ${HOME}/.local/share/data/qBittorrent | 35 | whitelist ${HOME}/.local/share/data/qBittorrent |
36 | whitelist ${HOME}/.local/share/qBittorrent | ||
34 | include whitelist-common.inc | 37 | include whitelist-common.inc |
35 | include whitelist-var-common.inc | 38 | include whitelist-var-common.inc |
36 | 39 | ||
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile index 8806695f6..c336efb86 100644 --- a/etc/profile-m-z/wireshark.profile +++ b/etc/profile-m-z/wireshark.profile | |||
@@ -26,7 +26,7 @@ include whitelist-var-common.inc | |||
26 | 26 | ||
27 | apparmor | 27 | apparmor |
28 | # caps.drop all | 28 | # caps.drop all |
29 | caps.keep dac_override,net_admin,net_raw | 29 | caps.keep dac_override,dac_read_search,net_admin,net_raw |
30 | netfilter | 30 | netfilter |
31 | no3d | 31 | no3d |
32 | # nogroups - breaks network traffic capture for unprivileged users | 32 | # nogroups - breaks network traffic capture for unprivileged users |