diff options
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r-- | etc/profile-m-z/minetest.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/mpv.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/nodejs-common.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/noprofile.profile | 15 | ||||
-rw-r--r-- | etc/profile-m-z/pingus.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/rtin.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/steam.profile | 4 | ||||
-rw-r--r-- | etc/profile-m-z/tin.profile | 4 |
8 files changed, 19 insertions, 18 deletions
diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile index 15474c96e..7b0135695 100644 --- a/etc/profile-m-z/minetest.profile +++ b/etc/profile-m-z/minetest.profile | |||
@@ -6,8 +6,9 @@ include minetest.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf: | 9 | # In order to save in-game screenshots to a persistent location, |
10 | # screenshot_path = /home/<USER>/.minetest/screenshots | 10 | # edit ~/.minetest/minetest.conf: |
11 | # screenshot_path = /home/<USER>/.minetest/screenshots | ||
11 | 12 | ||
12 | noblacklist ${HOME}/.cache/minetest | 13 | noblacklist ${HOME}/.cache/minetest |
13 | noblacklist ${HOME}/.minetest | 14 | noblacklist ${HOME}/.minetest |
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile index bd01d4082..fd35483be 100644 --- a/etc/profile-m-z/mpv.profile +++ b/etc/profile-m-z/mpv.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | 9 | ||
10 | # In order to save screenshots to a persistent location, | 10 | # In order to save screenshots to a persistent location, |
11 | # edit ~/.config/mpv/foobar.conf: | 11 | # edit ~/.config/mpv/foobar.conf: |
12 | # screenshot-directory=~/Pictures | 12 | # screenshot-directory=~/Pictures |
13 | 13 | ||
14 | # mpv has a powerful Lua API and some of the Lua scripts interact with | 14 | # mpv has a powerful Lua API and some of the Lua scripts interact with |
15 | # external resources which are blocked by firejail. In such cases you need to | 15 | # external resources which are blocked by firejail. In such cases you need to |
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index f3b0c8a49..4c463521c 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile | |||
@@ -7,7 +7,7 @@ include nodejs-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | # NOTE: gulp, node-gyp, npm, npx, semver and yarn are all node scripts | 10 | # Note: gulp, node-gyp, npm, npx, semver and yarn are all node scripts |
11 | # using the `#!/usr/bin/env node` shebang. By sandboxing node the full | 11 | # using the `#!/usr/bin/env node` shebang. By sandboxing node the full |
12 | # node.js stack will be firejailed. The only exception is nvm, which is implemented | 12 | # node.js stack will be firejailed. The only exception is nvm, which is implemented |
13 | # as a sourced shell function, not an executable binary. Hence it is not | 13 | # as a sourced shell function, not an executable binary. Hence it is not |
diff --git a/etc/profile-m-z/noprofile.profile b/etc/profile-m-z/noprofile.profile index db4113f94..7d0e01d98 100644 --- a/etc/profile-m-z/noprofile.profile +++ b/etc/profile-m-z/noprofile.profile | |||
@@ -1,17 +1,16 @@ | |||
1 | # This is the weakest possible firejail profile. | 1 | # This is the weakest possible firejail profile. |
2 | # If a program still fail with this profile, it is incompatible with firejail. | 2 | # If a program still fails with this profile, it is incompatible with firejail. |
3 | # (from https://gist.github.com/rusty-snake/bb234cb3e50e1e4e7429f29a7931cc72) | 3 | # (from https://gist.github.com/rusty-snake/bb234cb3e50e1e4e7429f29a7931cc72) |
4 | # | 4 | # |
5 | # Usage: | 5 | # Usage: |
6 | # 1. download | 6 | # $ firejail --profile=noprofile.profile /path/to/program |
7 | # 2. firejail --profile=noprofile.profile /path/to/program | ||
8 | 7 | ||
9 | # Keep in mind that even with this profile some things are done | 8 | # Keep in mind that even with this profile some things are done |
10 | # which can break the program. | 9 | # which can break the program: |
11 | # - some env-vars are cleared | 10 | # - some env-vars are cleared; |
12 | # - /etc/firejail/firejail.config can contain options such as 'force-nonewprivs yes' | 11 | # - /etc/firejail/firejail.config can contain options such as 'force-nonewprivs yes'; |
13 | # - a new private pid-namespace is created | 12 | # - a new private pid-namespace is created; |
14 | # - a minimal hardcoded blacklist is applied | 13 | # - a minimal hardcoded blacklist is applied; |
15 | # - ... | 14 | # - ... |
16 | 15 | ||
17 | noblacklist /sys/fs | 16 | noblacklist /sys/fs |
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile index 3ff033e0b..e274b6443 100644 --- a/etc/profile-m-z/pingus.profile +++ b/etc/profile-m-z/pingus.profile | |||
@@ -23,8 +23,9 @@ include disable-xdg.inc | |||
23 | 23 | ||
24 | mkdir ${HOME}/.pingus | 24 | mkdir ${HOME}/.pingus |
25 | whitelist ${HOME}/.pingus | 25 | whitelist ${HOME}/.pingus |
26 | # Debian keeps games data under /usr/share/games | ||
27 | whitelist /usr/share/games/pingus | ||
26 | whitelist /usr/share/pingus | 28 | whitelist /usr/share/pingus |
27 | whitelist /usr/share/games/pingus # Debian keeps games data under /usr/share/games | ||
28 | include whitelist-common.inc | 29 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/rtin.profile b/etc/profile-m-z/rtin.profile index 87aa69bcb..b1acf8b2e 100644 --- a/etc/profile-m-z/rtin.profile +++ b/etc/profile-m-z/rtin.profile | |||
@@ -1,6 +1,6 @@ | |||
1 | # Firejail profile for rtin | 1 | # Firejail profile for rtin |
2 | # Description: ncurses-based Usenet newsreader | 2 | # Description: ncurses-based Usenet newsreader |
3 | # symlink to tin, same as `tin -r` | 3 | # symlink to tin, same as `tin -r` |
4 | # This file is overwritten after every install/update | 4 | # This file is overwritten after every install/update |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include rtin.local | 6 | include rtin.local |
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index 63d629a32..99317c9dc 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile | |||
@@ -133,9 +133,9 @@ whitelist ${HOME}/.steampid | |||
133 | include whitelist-common.inc | 133 | include whitelist-common.inc |
134 | include whitelist-var-common.inc | 134 | include whitelist-var-common.inc |
135 | 135 | ||
136 | # NOTE: The following were intentionally left out as they are alternative | 136 | # Note: The following were intentionally left out as they are alternative |
137 | # (i.e.: unnecessary and/or legacy) paths whose existence may potentially | 137 | # (i.e.: unnecessary and/or legacy) paths whose existence may potentially |
138 | # clobber other paths (see #4225). If you use any, either add the entry to | 138 | # clobber other paths (see #4225). If you use any, either add the entry to |
139 | # steam.local or move the contents to a path listed above (or open an issue if | 139 | # steam.local or move the contents to a path listed above (or open an issue if |
140 | # it's missing above). | 140 | # it's missing above). |
141 | #mkdir ${HOME}/.config/RogueLegacyStorageContainer | 141 | #mkdir ${HOME}/.config/RogueLegacyStorageContainer |
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile index a03a6caa0..35ff14e88 100644 --- a/etc/profile-m-z/tin.profile +++ b/etc/profile-m-z/tin.profile | |||
@@ -24,8 +24,8 @@ include disable-xdg.inc | |||
24 | mkdir ${HOME}/.tin | 24 | mkdir ${HOME}/.tin |
25 | mkfile ${HOME}/.newsrc | 25 | mkfile ${HOME}/.newsrc |
26 | # Note: files/directories directly in ${HOME} can't be whitelisted, as | 26 | # Note: files/directories directly in ${HOME} can't be whitelisted, as |
27 | # tin saves .newsrc by renaming a temporary file, which is not possible for | 27 | # tin saves .newsrc by renaming a temporary file, which is not possible for |
28 | # bind-mounted files. | 28 | # bind-mounted files. |
29 | #whitelist ${HOME}/.newsrc | 29 | #whitelist ${HOME}/.newsrc |
30 | #whitelist ${HOME}/.tin | 30 | #whitelist ${HOME}/.tin |
31 | #include whitelist-common.inc | 31 | #include whitelist-common.inc |