diff options
-rw-r--r-- | .github/workflows/build-extra.yml | 1 | ||||
-rw-r--r-- | .github/workflows/build.yml | 1 | ||||
-rw-r--r-- | .github/workflows/check-c.yml | 5 | ||||
-rw-r--r-- | .github/workflows/check-profiles.yml | 1 | ||||
-rw-r--r-- | .github/workflows/check-python.yml | 5 | ||||
-rw-r--r-- | .github/workflows/codespell.yml | 1 | ||||
-rw-r--r-- | .github/workflows/test.yml | 1 | ||||
-rw-r--r-- | etc/inc/disable-common.inc | 2 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 7 | ||||
-rw-r--r-- | etc/profile-a-l/brz.profile | 14 | ||||
-rw-r--r-- | etc/profile-a-l/bzr.profile | 10 | ||||
-rw-r--r-- | etc/profile-a-l/file-roller.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/floorp.profile | 45 | ||||
-rw-r--r-- | etc/profile-a-l/freemind.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/lettura.profile | 76 | ||||
-rw-r--r-- | etc/profile-m-z/youtubemusic-nativefier.profile | 2 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
17 files changed, 173 insertions, 7 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index 29817211d..2d81f2e42 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -3,6 +3,7 @@ | |||
3 | name: Build-extra | 3 | name: Build-extra |
4 | 4 | ||
5 | on: | 5 | on: |
6 | workflow_dispatch: | ||
6 | push: | 7 | push: |
7 | branches-ignore: | 8 | branches-ignore: |
8 | - 'dependabot/**' | 9 | - 'dependabot/**' |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0577cb962..0a4da2cc3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -5,6 +5,7 @@ name: Build | |||
5 | 5 | ||
6 | # Note: Keep this list in sync with DISTFILES in ../../Makefile. | 6 | # Note: Keep this list in sync with DISTFILES in ../../Makefile. |
7 | on: | 7 | on: |
8 | workflow_dispatch: | ||
8 | push: | 9 | push: |
9 | branches-ignore: | 10 | branches-ignore: |
10 | - 'dependabot/**' | 11 | - 'dependabot/**' |
diff --git a/.github/workflows/check-c.yml b/.github/workflows/check-c.yml index 7340ce8ce..946fd24f8 100644 --- a/.github/workflows/check-c.yml +++ b/.github/workflows/check-c.yml | |||
@@ -3,6 +3,7 @@ | |||
3 | name: Check-C | 3 | name: Check-C |
4 | 4 | ||
5 | on: | 5 | on: |
6 | workflow_dispatch: | ||
6 | push: | 7 | push: |
7 | branches-ignore: | 8 | branches-ignore: |
8 | - 'dependabot/**' | 9 | - 'dependabot/**' |
@@ -149,7 +150,7 @@ jobs: | |||
149 | 150 | ||
150 | # Initializes the CodeQL tools for scanning. | 151 | # Initializes the CodeQL tools for scanning. |
151 | - name: Initialize CodeQL | 152 | - name: Initialize CodeQL |
152 | uses: github/codeql-action/init@6a28655e3dcb49cb0840ea372fd6d17733edd8a4 | 153 | uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 |
153 | with: | 154 | with: |
154 | languages: cpp | 155 | languages: cpp |
155 | 156 | ||
@@ -160,4 +161,4 @@ jobs: | |||
160 | run: make -j "$(nproc)" | 161 | run: make -j "$(nproc)" |
161 | 162 | ||
162 | - name: Perform CodeQL Analysis | 163 | - name: Perform CodeQL Analysis |
163 | uses: github/codeql-action/analyze@6a28655e3dcb49cb0840ea372fd6d17733edd8a4 | 164 | uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 |
diff --git a/.github/workflows/check-profiles.yml b/.github/workflows/check-profiles.yml index e05eed664..38a7bc487 100644 --- a/.github/workflows/check-profiles.yml +++ b/.github/workflows/check-profiles.yml | |||
@@ -3,6 +3,7 @@ | |||
3 | name: Check-Profiles | 3 | name: Check-Profiles |
4 | 4 | ||
5 | on: | 5 | on: |
6 | workflow_dispatch: | ||
6 | push: | 7 | push: |
7 | branches-ignore: | 8 | branches-ignore: |
8 | - 'dependabot/**' | 9 | - 'dependabot/**' |
diff --git a/.github/workflows/check-python.yml b/.github/workflows/check-python.yml index 5d4320809..62f5b1ce6 100644 --- a/.github/workflows/check-python.yml +++ b/.github/workflows/check-python.yml | |||
@@ -3,6 +3,7 @@ | |||
3 | name: Check-Python | 3 | name: Check-Python |
4 | 4 | ||
5 | on: | 5 | on: |
6 | workflow_dispatch: | ||
6 | push: | 7 | push: |
7 | branches-ignore: | 8 | branches-ignore: |
8 | - 'dependabot/**' | 9 | - 'dependabot/**' |
@@ -49,9 +50,9 @@ jobs: | |||
49 | 50 | ||
50 | # Initializes the CodeQL tools for scanning. | 51 | # Initializes the CodeQL tools for scanning. |
51 | - name: Initialize CodeQL | 52 | - name: Initialize CodeQL |
52 | uses: github/codeql-action/init@6a28655e3dcb49cb0840ea372fd6d17733edd8a4 | 53 | uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 |
53 | with: | 54 | with: |
54 | languages: python | 55 | languages: python |
55 | 56 | ||
56 | - name: Perform CodeQL Analysis | 57 | - name: Perform CodeQL Analysis |
57 | uses: github/codeql-action/analyze@6a28655e3dcb49cb0840ea372fd6d17733edd8a4 | 58 | uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 |
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 380abe248..9e4ed3e9e 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml | |||
@@ -3,6 +3,7 @@ | |||
3 | name: Codespell | 3 | name: Codespell |
4 | 4 | ||
5 | on: | 5 | on: |
6 | workflow_dispatch: | ||
6 | push: | 7 | push: |
7 | branches-ignore: | 8 | branches-ignore: |
8 | - 'dependabot/**' | 9 | - 'dependabot/**' |
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 921245801..842b8bcb5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml | |||
@@ -3,6 +3,7 @@ | |||
3 | name: Test | 3 | name: Test |
4 | 4 | ||
5 | on: | 5 | on: |
6 | workflow_dispatch: | ||
6 | push: | 7 | push: |
7 | branches-ignore: | 8 | branches-ignore: |
8 | - 'dependabot/**' | 9 | - 'dependabot/**' |
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index b688647b5..8dae97fe9 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -610,6 +610,8 @@ blacklist /tmp/.lxterminal-socket* | |||
610 | blacklist /tmp/tmux-* | 610 | blacklist /tmp/tmux-* |
611 | 611 | ||
612 | # disable terminals running as server resulting in sandbox escape | 612 | # disable terminals running as server resulting in sandbox escape |
613 | blacklist ${PATH}/foot | ||
614 | blacklist ${PATH}/footserver | ||
613 | blacklist ${PATH}/gnome-terminal | 615 | blacklist ${PATH}/gnome-terminal |
614 | blacklist ${PATH}/gnome-terminal.wrapper | 616 | blacklist ${PATH}/gnome-terminal.wrapper |
615 | blacklist ${PATH}/kgx | 617 | blacklist ${PATH}/kgx |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 36033224a..f2a03764d 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -112,6 +112,7 @@ blacklist ${HOME}/.cache/falkon | |||
112 | blacklist ${HOME}/.cache/feedreader | 112 | blacklist ${HOME}/.cache/feedreader |
113 | blacklist ${HOME}/.cache/firedragon | 113 | blacklist ${HOME}/.cache/firedragon |
114 | blacklist ${HOME}/.cache/flaska.net/trojita | 114 | blacklist ${HOME}/.cache/flaska.net/trojita |
115 | blacklist ${HOME}/.cache/floorp | ||
115 | blacklist ${HOME}/.cache/folks | 116 | blacklist ${HOME}/.cache/folks |
116 | blacklist ${HOME}/.cache/font-manager | 117 | blacklist ${HOME}/.cache/font-manager |
117 | blacklist ${HOME}/.cache/fossamail | 118 | blacklist ${HOME}/.cache/fossamail |
@@ -157,6 +158,7 @@ blacklist ${HOME}/.cache/ksplashqml | |||
157 | blacklist ${HOME}/.cache/kube | 158 | blacklist ${HOME}/.cache/kube |
158 | blacklist ${HOME}/.cache/kwin | 159 | blacklist ${HOME}/.cache/kwin |
159 | blacklist ${HOME}/.cache/lbry-viewer | 160 | blacklist ${HOME}/.cache/lbry-viewer |
161 | blacklist ${HOME}/.cache/lettura | ||
160 | blacklist ${HOME}/.cache/libgweather | 162 | blacklist ${HOME}/.cache/libgweather |
161 | blacklist ${HOME}/.cache/librewolf | 163 | blacklist ${HOME}/.cache/librewolf |
162 | blacklist ${HOME}/.cache/liferea | 164 | blacklist ${HOME}/.cache/liferea |
@@ -385,6 +387,7 @@ blacklist ${HOME}/.config/borg | |||
385 | blacklist ${HOME}/.config/brasero | 387 | blacklist ${HOME}/.config/brasero |
386 | blacklist ${HOME}/.config/brave | 388 | blacklist ${HOME}/.config/brave |
387 | blacklist ${HOME}/.config/brave-flags.conf | 389 | blacklist ${HOME}/.config/brave-flags.conf |
390 | blacklist ${HOME}/.config/breezy | ||
388 | blacklist ${HOME}/.config/caja | 391 | blacklist ${HOME}/.config/caja |
389 | blacklist ${HOME}/.config/calibre | 392 | blacklist ${HOME}/.config/calibre |
390 | blacklist ${HOME}/.config/cantata | 393 | blacklist ${HOME}/.config/cantata |
@@ -406,6 +409,7 @@ blacklist ${HOME}/.config/cliqz | |||
406 | blacklist ${HOME}/.config/cmus | 409 | blacklist ${HOME}/.config/cmus |
407 | blacklist ${HOME}/.config/cointop | 410 | blacklist ${HOME}/.config/cointop |
408 | blacklist ${HOME}/.config/com.github.bleakgrey.tootle | 411 | blacklist ${HOME}/.config/com.github.bleakgrey.tootle |
412 | blacklist ${HOME}/.config/com.lettura.dev | ||
409 | blacklist ${HOME}/.config/corebird | 413 | blacklist ${HOME}/.config/corebird |
410 | blacklist ${HOME}/.config/coyim | 414 | blacklist ${HOME}/.config/coyim |
411 | blacklist ${HOME}/.config/d-feet | 415 | blacklist ${HOME}/.config/d-feet |
@@ -718,6 +722,7 @@ blacklist ${HOME}/.etr | |||
718 | blacklist ${HOME}/.factorio | 722 | blacklist ${HOME}/.factorio |
719 | blacklist ${HOME}/.filezilla | 723 | blacklist ${HOME}/.filezilla |
720 | blacklist ${HOME}/.firedragon | 724 | blacklist ${HOME}/.firedragon |
725 | blacklist ${HOME}/.floorp | ||
721 | blacklist ${HOME}/.flowblade | 726 | blacklist ${HOME}/.flowblade |
722 | blacklist ${HOME}/.fltk | 727 | blacklist ${HOME}/.fltk |
723 | blacklist ${HOME}/.fossamail | 728 | blacklist ${HOME}/.fossamail |
@@ -833,6 +838,7 @@ blacklist ${HOME}/.klatexformula | |||
833 | blacklist ${HOME}/.klei | 838 | blacklist ${HOME}/.klei |
834 | blacklist ${HOME}/.kodi | 839 | blacklist ${HOME}/.kodi |
835 | blacklist ${HOME}/.lastpass | 840 | blacklist ${HOME}/.lastpass |
841 | blacklist ${HOME}/.lettura | ||
836 | blacklist ${HOME}/.librewolf | 842 | blacklist ${HOME}/.librewolf |
837 | blacklist ${HOME}/.lincity-ng | 843 | blacklist ${HOME}/.lincity-ng |
838 | blacklist ${HOME}/.links | 844 | blacklist ${HOME}/.links |
@@ -903,6 +909,7 @@ blacklist ${HOME}/.local/share/cdprojektred | |||
903 | blacklist ${HOME}/.local/share/chatterino | 909 | blacklist ${HOME}/.local/share/chatterino |
904 | blacklist ${HOME}/.local/share/clipit | 910 | blacklist ${HOME}/.local/share/clipit |
905 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 911 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate |
912 | blacklist ${HOME}/.local/share/com.lettura.dev | ||
906 | blacklist ${HOME}/.local/share/com.vmingueza.journal-viewer | 913 | blacklist ${HOME}/.local/share/com.vmingueza.journal-viewer |
907 | blacklist ${HOME}/.local/share/contacts | 914 | blacklist ${HOME}/.local/share/contacts |
908 | blacklist ${HOME}/.local/share/cor-games | 915 | blacklist ${HOME}/.local/share/cor-games |
diff --git a/etc/profile-a-l/brz.profile b/etc/profile-a-l/brz.profile new file mode 100644 index 000000000..dcc7af54b --- /dev/null +++ b/etc/profile-a-l/brz.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for brz | ||
2 | # Description: Distributed VCS with support for Bazaar and Git file formats | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include brz.local | ||
7 | # Persistent global definitions | ||
8 | # added by included profile | ||
9 | #include globals.local | ||
10 | |||
11 | noblacklist ${HOME}/.config/breezy | ||
12 | |||
13 | # Redirect | ||
14 | include git.profile | ||
diff --git a/etc/profile-a-l/bzr.profile b/etc/profile-a-l/bzr.profile new file mode 100644 index 000000000..61c1aae38 --- /dev/null +++ b/etc/profile-a-l/bzr.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | # Firejail profile alias for bzr | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include bzr.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | # Redirect | ||
10 | include brz.profile | ||
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index b32f7595c..cc1a290ef 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile | |||
@@ -6,6 +6,8 @@ include file-roller.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PATH}/dpkg* | ||
10 | |||
9 | include disable-common.inc | 11 | include disable-common.inc |
10 | include disable-devel.inc | 12 | include disable-devel.inc |
11 | include disable-exec.inc | 13 | include disable-exec.inc |
@@ -40,7 +42,7 @@ seccomp | |||
40 | seccomp.block-secondary | 42 | seccomp.block-secondary |
41 | tracelog | 43 | tracelog |
42 | 44 | ||
43 | private-bin 7z,7za,7zr,ar,arj,atool,bash,brotli,bsdtar,bzip2,compress,cp,cpio,dpkg-deb,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,mv,p7zip,rar,rm,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,unzstd,xz,xzdec,zip,zoo,zstd | 45 | private-bin 7z,7za,7zr,ar,arj,atool,bash,brotli,bsdtar,bzip2,compress,cp,cpio,dpkg*,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,mv,p7zip,rar,rm,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,unzstd,xz,xzdec,zip,zoo,zstd |
44 | private-cache | 46 | private-cache |
45 | private-dev | 47 | private-dev |
46 | private-etc @x11 | 48 | private-etc @x11 |
diff --git a/etc/profile-a-l/floorp.profile b/etc/profile-a-l/floorp.profile new file mode 100644 index 000000000..49caed107 --- /dev/null +++ b/etc/profile-a-l/floorp.profile | |||
@@ -0,0 +1,45 @@ | |||
1 | # Firejail profile for floorp | ||
2 | # Description: A customisable Firefox fork with excellent privacy protection | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include floorp.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.cache/floorp | ||
10 | noblacklist ${HOME}/.floorp | ||
11 | |||
12 | mkdir ${HOME}/.cache/floorp | ||
13 | mkdir ${HOME}/.floorp | ||
14 | whitelist ${HOME}/.cache/floorp | ||
15 | whitelist ${HOME}/.floorp | ||
16 | |||
17 | # Add the next lines to your floorp.local if you want to use the migration wizard. | ||
18 | #noblacklist ${HOME}/.mozilla | ||
19 | #whitelist ${HOME}/.mozilla | ||
20 | |||
21 | # To enable KeePassXC Plugin add one of the following lines to your floorp.local. | ||
22 | # Note: Start KeePassXC before floorp and keep it open to allow communication between them. | ||
23 | #whitelist ${RUNUSER}/kpxc_server | ||
24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | ||
25 | |||
26 | dbus-user filter | ||
27 | dbus-user.own org.mozilla.floorp.* | ||
28 | # Add the next line to your floorp.local to enable native notifications. | ||
29 | #dbus-user.talk org.freedesktop.Notifications | ||
30 | # Add the next line to your floorp.local to allow inhibiting screensavers. | ||
31 | #dbus-user.talk org.freedesktop.ScreenSaver | ||
32 | # Add the next lines to your floorp.local for plasma browser integration. | ||
33 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration | ||
34 | #dbus-user.talk org.kde.JobViewServer | ||
35 | #dbus-user.talk org.kde.kuiserver | ||
36 | # Add the next line to your floorp.local to allow screensharing under Wayland. | ||
37 | #dbus-user.talk org.freedesktop.portal.Desktop | ||
38 | # Also add the next line to your floorp.local if screensharing does not work with | ||
39 | # the above lines (depends on the portal implementation). | ||
40 | #ignore noroot | ||
41 | ignore apparmor | ||
42 | ignore dbus-user none | ||
43 | |||
44 | # Redirect | ||
45 | include firefox-common.profile | ||
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile index 9bf5a14be..80958d305 100644 --- a/etc/profile-a-l/freemind.profile +++ b/etc/profile-a-l/freemind.profile | |||
@@ -9,6 +9,8 @@ include globals.local | |||
9 | noblacklist ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | noblacklist ${HOME}/.freemind | 10 | noblacklist ${HOME}/.freemind |
11 | 11 | ||
12 | noblacklist ${PATH}/dpkg* | ||
13 | |||
12 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 15 | include allow-java.inc |
14 | 16 | ||
@@ -40,7 +42,7 @@ seccomp | |||
40 | tracelog | 42 | tracelog |
41 | 43 | ||
42 | disable-mnt | 44 | disable-mnt |
43 | private-bin bash,cp,dirname,dpkg,echo,freemind,grep,java,lsb_release,mkdir,readlink,rpm,sed,sh,uname,which | 45 | private-bin bash,cp,dirname,dpkg*,echo,freemind,grep,java,lsb_release,mkdir,readlink,rpm,sed,sh,uname,which |
44 | private-cache | 46 | private-cache |
45 | private-dev | 47 | private-dev |
46 | #private-etc alternatives,fonts,java* | 48 | #private-etc alternatives,fonts,java* |
diff --git a/etc/profile-a-l/lettura.profile b/etc/profile-a-l/lettura.profile new file mode 100644 index 000000000..94a455355 --- /dev/null +++ b/etc/profile-a-l/lettura.profile | |||
@@ -0,0 +1,76 @@ | |||
1 | # Firejail profile for lettura | ||
2 | # Description: Another free and open-source feed reader | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include lettura.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.cache/lettura | ||
10 | noblacklist ${HOME}/.config/com.lettura.dev | ||
11 | noblacklist ${HOME}/.lettura | ||
12 | noblacklist ${HOME}/.local/share/com.lettura.dev | ||
13 | |||
14 | include disable-common.inc | ||
15 | include disable-devel.inc | ||
16 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | ||
18 | include disable-proc.inc | ||
19 | include disable-programs.inc | ||
20 | include disable-shell.inc | ||
21 | include disable-xdg.inc | ||
22 | |||
23 | mkdir ${HOME}/.cache/lettura | ||
24 | mkdir ${HOME}/.config/com.lettura.dev | ||
25 | mkdir ${HOME}/.lettura | ||
26 | mkdir ${HOME}/.local/share/com.lettura.dev | ||
27 | whitelist ${HOME}/.cache/lettura | ||
28 | whitelist ${HOME}/.config/com.lettura.dev | ||
29 | whitelist ${HOME}/.lettura | ||
30 | whitelist ${HOME}/.local/share/com.lettura.dev | ||
31 | whitelist ${DOWNLOADS} | ||
32 | include whitelist-common.inc | ||
33 | include whitelist-run-common.inc | ||
34 | include whitelist-runuser-common.inc | ||
35 | include whitelist-usr-share-common.inc | ||
36 | include whitelist-var-common.inc | ||
37 | |||
38 | # The lines below are needed to find the default Firefox profile name, to allow | ||
39 | # opening links in an existing instance of Firefox (note that it still fails if | ||
40 | # there isn't a Firefox instance running with the default profile; see #5352) | ||
41 | noblacklist ${HOME}/.mozilla | ||
42 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
43 | |||
44 | apparmor | ||
45 | caps.drop all | ||
46 | netfilter | ||
47 | nodvd | ||
48 | nogroups | ||
49 | noinput | ||
50 | nonewprivs | ||
51 | noprinters | ||
52 | noroot | ||
53 | #nosound | ||
54 | notv | ||
55 | nou2f | ||
56 | novideo | ||
57 | protocol unix,inet,inet6 | ||
58 | seccomp | ||
59 | seccomp.block-secondary | ||
60 | tracelog | ||
61 | |||
62 | disable-mnt | ||
63 | private-bin lettura | ||
64 | private-cache | ||
65 | private-dev | ||
66 | private-etc @network,@sound,@tls-ca,@x11,mime.types | ||
67 | private-tmp | ||
68 | |||
69 | dbus-user filter | ||
70 | dbus-user.talk org.freedesktop.Notifications | ||
71 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher | ||
72 | # allow D-Bus communication with firefox for opening links | ||
73 | dbus-user.talk org.mozilla.* | ||
74 | dbus-system none | ||
75 | |||
76 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile index d1bc4d5a2..e98d84329 100644 --- a/etc/profile-m-z/youtubemusic-nativefier.profile +++ b/etc/profile-m-z/youtubemusic-nativefier.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | # Description: Unofficial electron based desktop wrapper for YouTube Music | 2 | # Description: Unofficial electron based desktop wrapper for YouTube Music |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include youtube.local | 5 | include youtubemusic-nativefier.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 63db4bba5..e9b97ad11 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -482,6 +482,7 @@ kwrite | |||
482 | lbry-viewer | 482 | lbry-viewer |
483 | leafpad | 483 | leafpad |
484 | #less # breaks man | 484 | #less # breaks man |
485 | lettura | ||
485 | librecad | 486 | librecad |
486 | libreoffice | 487 | libreoffice |
487 | librewolf | 488 | librewolf |