diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 6 | ||||
-rwxr-xr-x | contrib/sort.py | 4 | ||||
-rw-r--r-- | etc/inc/disable-common.inc | 1 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/inc/whitelist-run-common.inc | 1 | ||||
-rw-r--r-- | etc/inc/whitelist-runuser-common.inc | 4 | ||||
-rw-r--r-- | etc/inc/whitelist-usr-share-common.inc | 1 | ||||
-rw-r--r-- | etc/profile-a-l/chromium-common.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/firefox-common-addons.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/firefox.profile | 6 | ||||
-rw-r--r-- | etc/profile-a-l/freetube.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/gimp.profile | 5 | ||||
-rw-r--r-- | etc/profile-a-l/gnote.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/keepassxc.profile | 6 | ||||
-rw-r--r-- | etc/profile-a-l/librewolf.profile | 6 | ||||
-rw-r--r-- | etc/profile-m-z/pngquant.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/xournalpp.profile | 1 | ||||
-rw-r--r-- | etc/templates/profile.template | 4 |
19 files changed, 36 insertions, 27 deletions
@@ -267,4 +267,4 @@ $ ./profstats *.profile | |||
267 | 267 | ||
268 | ### New profiles: | 268 | ### New profiles: |
269 | 269 | ||
270 | clion-eap, lifeograph, io.github.lainsce.Notejot, rednotebook, zim, microsoft-edge-beta, ncdu2 | 270 | clion-eap, lifeograph, io.github.lainsce.Notejot, rednotebook, zim, microsoft-edge-beta, ncdu2, gallery-dl, yt-dlp |
@@ -2,8 +2,12 @@ firejail (0.9.67) baseline; urgency=low | |||
2 | * work in progress | 2 | * work in progress |
3 | * deprecated --disable-whitelist at compile time | 3 | * deprecated --disable-whitelist at compile time |
4 | * deprecated whitelist=yes/no in /etc/firejail/firejail.config | 4 | * deprecated whitelist=yes/no in /etc/firejail/firejail.config |
5 | * remove (some) environment variables with auth-tokens | ||
6 | * new includes: whitelist-run-common.inc, disable-X11.inc | ||
7 | * removed includes: disable-passwordmgr.inc | ||
5 | * new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim | 8 | * new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim |
6 | * new profiles: io.github.lainsce.Notejot, rednotebook | 9 | * new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl |
10 | * new profiles: yt-dlp | ||
7 | -- netblue30 <netblue30@yahoo.com> Thu, 29 Jul 2021 09:00:00 -0500 | 11 | -- netblue30 <netblue30@yahoo.com> Thu, 29 Jul 2021 09:00:00 -0500 |
8 | 12 | ||
9 | firejail (0.9.66) baseline; urgency=low | 13 | firejail (0.9.66) baseline; urgency=low |
diff --git a/contrib/sort.py b/contrib/sort.py index c7325facb..d7a2cd05d 100755 --- a/contrib/sort.py +++ b/contrib/sort.py | |||
@@ -24,7 +24,7 @@ Exit-Codes: | |||
24 | 24 | ||
25 | # Requirements: | 25 | # Requirements: |
26 | # python >= 3.6 | 26 | # python >= 3.6 |
27 | from sys import argv | 27 | from sys import argv, exit as sys_exit |
28 | 28 | ||
29 | 29 | ||
30 | def sort_alphabetical(raw_items): | 30 | def sort_alphabetical(raw_items): |
@@ -105,4 +105,4 @@ def main(args): | |||
105 | 105 | ||
106 | 106 | ||
107 | if __name__ == "__main__": | 107 | if __name__ == "__main__": |
108 | exit(main(argv[1:])) | 108 | sys_exit(main(argv[1:])) |
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index a9dd4921f..ae84ee38a 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -420,6 +420,7 @@ blacklist ${HOME}/.local/share/keyrings | |||
420 | blacklist ${HOME}/.local/share/kwalletd | 420 | blacklist ${HOME}/.local/share/kwalletd |
421 | blacklist ${HOME}/.local/share/pki | 421 | blacklist ${HOME}/.local/share/pki |
422 | blacklist ${HOME}/.local/share/plasma-vault | 422 | blacklist ${HOME}/.local/share/plasma-vault |
423 | blacklist ${HOME}/.minisign | ||
423 | blacklist ${HOME}/.msmtprc | 424 | blacklist ${HOME}/.msmtprc |
424 | blacklist ${HOME}/.mutt | 425 | blacklist ${HOME}/.mutt |
425 | blacklist ${HOME}/.muttrc | 426 | blacklist ${HOME}/.muttrc |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 9de781fb5..444446156 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -794,6 +794,7 @@ blacklist ${HOME}/.local/share/wormux | |||
794 | blacklist ${HOME}/.local/share/xplayer | 794 | blacklist ${HOME}/.local/share/xplayer |
795 | blacklist ${HOME}/.local/share/xreader | 795 | blacklist ${HOME}/.local/share/xreader |
796 | blacklist ${HOME}/.local/share/zathura | 796 | blacklist ${HOME}/.local/share/zathura |
797 | blacklist ${HOME}/.local/state/pipewire | ||
797 | blacklist ${HOME}/.lv2 | 798 | blacklist ${HOME}/.lv2 |
798 | blacklist ${HOME}/.lyx | 799 | blacklist ${HOME}/.lyx |
799 | blacklist ${HOME}/.magicor | 800 | blacklist ${HOME}/.magicor |
diff --git a/etc/inc/whitelist-run-common.inc b/etc/inc/whitelist-run-common.inc index f47d8a7be..224d21064 100644 --- a/etc/inc/whitelist-run-common.inc +++ b/etc/inc/whitelist-run-common.inc | |||
@@ -6,5 +6,6 @@ whitelist /run/NetworkManager/resolv.conf | |||
6 | whitelist /run/cups/cups.sock | 6 | whitelist /run/cups/cups.sock |
7 | whitelist /run/dbus/system_bus_socket | 7 | whitelist /run/dbus/system_bus_socket |
8 | whitelist /run/media | 8 | whitelist /run/media |
9 | whitelist /run/resolvconf/resolv.conf | ||
9 | whitelist /run/systemd/resolve/resolv.conf | 10 | whitelist /run/systemd/resolve/resolv.conf |
10 | whitelist /run/systemd/resolve/stub-resolv.conf | 11 | whitelist /run/systemd/resolve/stub-resolv.conf |
diff --git a/etc/inc/whitelist-runuser-common.inc b/etc/inc/whitelist-runuser-common.inc index 48309ffe3..a8cab8d07 100644 --- a/etc/inc/whitelist-runuser-common.inc +++ b/etc/inc/whitelist-runuser-common.inc | |||
@@ -10,7 +10,7 @@ whitelist ${RUNUSER}/gdm/Xauthority | |||
10 | whitelist ${RUNUSER}/ICEauthority | 10 | whitelist ${RUNUSER}/ICEauthority |
11 | whitelist ${RUNUSER}/.mutter-Xwaylandauth.* | 11 | whitelist ${RUNUSER}/.mutter-Xwaylandauth.* |
12 | whitelist ${RUNUSER}/pulse/native | 12 | whitelist ${RUNUSER}/pulse/native |
13 | whitelist ${RUNUSER}/wayland-0 | 13 | whitelist ${RUNUSER}/pipewire-? |
14 | whitelist ${RUNUSER}/wayland-1 | 14 | whitelist ${RUNUSER}/wayland-? |
15 | whitelist ${RUNUSER}/xauth_* | 15 | whitelist ${RUNUSER}/xauth_* |
16 | whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] | 16 | whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] |
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc index fe0097934..0049ce804 100644 --- a/etc/inc/whitelist-usr-share-common.inc +++ b/etc/inc/whitelist-usr-share-common.inc | |||
@@ -45,6 +45,7 @@ whitelist /usr/share/myspell | |||
45 | whitelist /usr/share/p11-kit | 45 | whitelist /usr/share/p11-kit |
46 | whitelist /usr/share/perl | 46 | whitelist /usr/share/perl |
47 | whitelist /usr/share/perl5 | 47 | whitelist /usr/share/perl5 |
48 | whitelist /usr/share/pipewire | ||
48 | whitelist /usr/share/pixmaps | 49 | whitelist /usr/share/pixmaps |
49 | whitelist /usr/share/pki | 50 | whitelist /usr/share/pki |
50 | whitelist /usr/share/plasma | 51 | whitelist /usr/share/plasma |
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index b35b6ae80..c42243e02 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -37,10 +37,6 @@ include whitelist-var-common.inc | |||
37 | # Add the next line to your chromium-common.local if your kernel allows unprivileged userns clone. | 37 | # Add the next line to your chromium-common.local if your kernel allows unprivileged userns clone. |
38 | #include chromium-common-hardened.inc.profile | 38 | #include chromium-common-hardened.inc.profile |
39 | 39 | ||
40 | # Add the next two lines to your chromium-common.local to allow screen sharing under wayland. | ||
41 | #whitelist ${RUNUSER}/pipewire-0 | ||
42 | #whitelist /usr/share/pipewire/client.conf | ||
43 | |||
44 | apparmor | 40 | apparmor |
45 | caps.keep sys_admin,sys_chroot | 41 | caps.keep sys_admin,sys_chroot |
46 | netfilter | 42 | netfilter |
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile index d282f9a60..b2b7c362a 100644 --- a/etc/profile-a-l/firefox-common-addons.profile +++ b/etc/profile-a-l/firefox-common-addons.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include firefox-common-addons.local | 3 | include firefox-common-addons.local |
4 | 4 | ||
5 | ignore whitelist ${RUNUSER}/*firefox* | ||
5 | ignore include whitelist-runuser-common.inc | 6 | ignore include whitelist-runuser-common.inc |
6 | ignore private-cache | 7 | ignore private-cache |
7 | 8 | ||
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile index 5a123d081..9138fed90 100644 --- a/etc/profile-a-l/firefox.profile +++ b/etc/profile-a-l/firefox.profile | |||
@@ -58,10 +58,8 @@ dbus-user.own org.mpris.MediaPlayer2.firefox.* | |||
58 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration | 58 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration |
59 | #dbus-user.talk org.kde.JobViewServer | 59 | #dbus-user.talk org.kde.JobViewServer |
60 | #dbus-user.talk org.kde.kuiserver | 60 | #dbus-user.talk org.kde.kuiserver |
61 | # Add the next three lines to your firefox.local to allow screen sharing under wayland. | 61 | # Add the next line to your firefox.local to allow screen sharing under wayland. |
62 | #whitelist ${RUNUSER}/pipewire-0 | 62 | #dbus-user.talk org.freedesktop.portal.Desktop |
63 | #whitelist /usr/share/pipewire/client.conf | ||
64 | #dbus-user.talk org.freedesktop.portal.* | ||
65 | # Add the next line to your firefox.local if screen sharing sharing still does not work | 63 | # Add the next line to your firefox.local if screen sharing sharing still does not work |
66 | # with the above lines (might depend on the portal implementation). | 64 | # with the above lines (might depend on the portal implementation). |
67 | #ignore noroot | 65 | #ignore noroot |
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile index 4c28e2aff..7beb2bcba 100644 --- a/etc/profile-a-l/freetube.profile +++ b/etc/profile-a-l/freetube.profile | |||
@@ -8,12 +8,14 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.config/FreeTube | 9 | noblacklist ${HOME}/.config/FreeTube |
10 | 10 | ||
11 | include allow-bin-sh.inc | ||
12 | |||
11 | include disable-shell.inc | 13 | include disable-shell.inc |
12 | 14 | ||
13 | mkdir ${HOME}/.config/FreeTube | 15 | mkdir ${HOME}/.config/FreeTube |
14 | whitelist ${HOME}/.config/FreeTube | 16 | whitelist ${HOME}/.config/FreeTube |
15 | 17 | ||
16 | private-bin electron,electron[0-9],electron[0-9][0-9],freetube | 18 | private-bin electron,electron[0-9],electron[0-9][0-9],freetube,sh |
17 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 19 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg |
18 | 20 | ||
19 | # Redirect | 21 | # Redirect |
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index 0786da6df..df9c2ac7a 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile | |||
@@ -13,7 +13,6 @@ include globals.local | |||
13 | #ignore net | 13 | #ignore net |
14 | #protocol unix,inet,inet6 | 14 | #protocol unix,inet,inet6 |
15 | 15 | ||
16 | |||
17 | # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory | 16 | # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory |
18 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. | 17 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. |
19 | ignore noexec ${HOME} | 18 | ignore noexec ${HOME} |
@@ -26,6 +25,10 @@ noblacklist ${HOME}/.gimp* | |||
26 | noblacklist ${DOCUMENTS} | 25 | noblacklist ${DOCUMENTS} |
27 | noblacklist ${PICTURES} | 26 | noblacklist ${PICTURES} |
28 | 27 | ||
28 | # See issue #4367, gimp 2.10.22-3: gegl:introspect broken | ||
29 | noblacklist /sbin | ||
30 | noblacklist /usr/sbin | ||
31 | |||
29 | include disable-common.inc | 32 | include disable-common.inc |
30 | include disable-exec.inc | 33 | include disable-exec.inc |
31 | include disable-devel.inc | 34 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index b419a6231..2d4ce2437 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile | |||
@@ -21,6 +21,7 @@ mkdir ${HOME}/.config/gnote | |||
21 | mkdir ${HOME}/.local/share/gnote | 21 | mkdir ${HOME}/.local/share/gnote |
22 | whitelist ${HOME}/.config/gnote | 22 | whitelist ${HOME}/.config/gnote |
23 | whitelist ${HOME}/.local/share/gnote | 23 | whitelist ${HOME}/.local/share/gnote |
24 | whitelist /usr/libexec/webkit2gtk-4.0 | ||
24 | whitelist /usr/share/gnote | 25 | whitelist /usr/share/gnote |
25 | include whitelist-common.inc | 26 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index a67ea8d67..b915f6202 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile | |||
@@ -37,16 +37,22 @@ include disable-xdg.inc | |||
37 | #mkdir ${HOME}/Documents/KeePassXC | 37 | #mkdir ${HOME}/Documents/KeePassXC |
38 | #whitelist ${HOME}/Documents/KeePassXC | 38 | #whitelist ${HOME}/Documents/KeePassXC |
39 | # Needed for KeePassXC-Browser. | 39 | # Needed for KeePassXC-Browser. |
40 | #mkdir ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts | ||
40 | #mkfile ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 41 | #mkfile ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
41 | #whitelist ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 42 | #whitelist ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
43 | #mkdir ${HOME}/.config/chromium/NativeMessagingHosts | ||
42 | #mkfile ${HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 44 | #mkfile ${HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
43 | #whitelist ${HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 45 | #whitelist ${HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
46 | #mkdir ${HOME}/.config/google-chrome/NativeMessagingHosts | ||
44 | #mkfile ${HOME}/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 47 | #mkfile ${HOME}/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
45 | #whitelist ${HOME}/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 48 | #whitelist ${HOME}/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
49 | #mkdir ${HOME}/.config/vivaldi/NativeMessagingHosts | ||
46 | #mkfile ${HOME}/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 50 | #mkfile ${HOME}/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
47 | #whitelist ${HOME}/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 51 | #whitelist ${HOME}/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
52 | #mkdir ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts | ||
48 | #mkfile ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json | 53 | #mkfile ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json |
49 | #whitelist ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json | 54 | #whitelist ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json |
55 | #mkdir ${HOME}/.mozilla/native-messaging-hosts | ||
50 | #mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json | 56 | #mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json |
51 | #whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json | 57 | #whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json |
52 | #mkdir ${HOME}/.cache/keepassxc | 58 | #mkdir ${HOME}/.cache/keepassxc |
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index da047357a..c9f5221f7 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile | |||
@@ -44,10 +44,8 @@ dbus-user filter | |||
44 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration | 44 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration |
45 | #dbus-user.talk org.kde.JobViewServer | 45 | #dbus-user.talk org.kde.JobViewServer |
46 | #dbus-user.talk org.kde.kuiserver | 46 | #dbus-user.talk org.kde.kuiserver |
47 | # Add the next three lines to your librewolf.local to allow screensharing under Wayland. | 47 | # Add the next line to your librewolf.local to allow screensharing under Wayland. |
48 | #whitelist ${RUNUSER}/pipewire-0 | 48 | #dbus-user.talk org.freedesktop.portal.Desktop |
49 | #whitelist /usr/share/pipewire/client.conf | ||
50 | #dbus-user.talk org.freedesktop.portal.* | ||
51 | # Also add the next line to your librewolf.local if screensharing does not work with | 49 | # Also add the next line to your librewolf.local if screensharing does not work with |
52 | # the above lines (depends on the portal implementation). | 50 | # the above lines (depends on the portal implementation). |
53 | #ignore noroot | 51 | #ignore noroot |
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile index 275496496..0b3d2b44c 100644 --- a/etc/profile-m-z/pngquant.profile +++ b/etc/profile-m-z/pngquant.profile | |||
@@ -38,9 +38,8 @@ nosound | |||
38 | notv | 38 | notv |
39 | nou2f | 39 | nou2f |
40 | novideo | 40 | novideo |
41 | # protocol can be empty, but this is not yet supported see #639 | 41 | # block the socket syscall to simulate an be empty protocol line, see #639 |
42 | protocol inet | 42 | seccomp socket |
43 | seccomp | ||
44 | shell none | 43 | shell none |
45 | tracelog | 44 | tracelog |
46 | x11 none | 45 | x11 none |
diff --git a/etc/profile-m-z/xournalpp.profile b/etc/profile-m-z/xournalpp.profile index 1ef789689..a23ad68df 100644 --- a/etc/profile-m-z/xournalpp.profile +++ b/etc/profile-m-z/xournalpp.profile | |||
@@ -13,7 +13,6 @@ noblacklist ${HOME}/.xournalpp | |||
13 | 13 | ||
14 | include allow-lua.inc | 14 | include allow-lua.inc |
15 | 15 | ||
16 | whitelist /usr/share/pipewire | ||
17 | whitelist /usr/share/texlive | 16 | whitelist /usr/share/texlive |
18 | whitelist /usr/share/xournalpp | 17 | whitelist /usr/share/xournalpp |
19 | whitelist /var/lib/texmf | 18 | whitelist /var/lib/texmf |
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 02dcefd35..e580a0c0c 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
@@ -102,8 +102,6 @@ include globals.local | |||
102 | #include allow-ssh.inc | 102 | #include allow-ssh.inc |
103 | 103 | ||
104 | ##blacklist PATH | 104 | ##blacklist PATH |
105 | # Disable X11 (CLI only), see also 'x11 none' below | ||
106 | #blacklist /tmp/.X11-unix | ||
107 | # Disable Wayland | 105 | # Disable Wayland |
108 | #blacklist ${RUNUSER}/wayland-* | 106 | #blacklist ${RUNUSER}/wayland-* |
109 | # Disable RUNUSER (cli only; supersedes Disable Wayland) | 107 | # Disable RUNUSER (cli only; supersedes Disable Wayland) |
@@ -174,7 +172,7 @@ include globals.local | |||
174 | ##seccomp-error-action log (only for debugging seccomp issues) | 172 | ##seccomp-error-action log (only for debugging seccomp issues) |
175 | #shell none | 173 | #shell none |
176 | #tracelog | 174 | #tracelog |
177 | # Prefer 'x11 none' instead of 'blacklist /tmp/.X11-unix' if 'net none' is set | 175 | # Prefer 'x11 none' instead of 'disable-X11.inc' if 'net none' is set |
178 | ##x11 none | 176 | ##x11 none |
179 | 177 | ||
180 | #disable-mnt | 178 | #disable-mnt |