diff options
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r-- | etc/profile-m-z/okular.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/palemoon.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/ssh.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/sway.profile | 4 | ||||
-rw-r--r-- | etc/profile-m-z/waterfox.profile | 4 | ||||
-rw-r--r-- | etc/profile-m-z/zoom.profile | 3 |
6 files changed, 12 insertions, 7 deletions
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile index 9f4990246..645510124 100644 --- a/etc/profile-m-z/okular.profile +++ b/etc/profile-m-z/okular.profile | |||
@@ -58,7 +58,7 @@ protocol unix | |||
58 | seccomp | 58 | seccomp |
59 | tracelog | 59 | tracelog |
60 | 60 | ||
61 | private-bin kbuildsycoca4,kdeinit4,lpr,okular,unar,unrar | 61 | private-bin kbuildsycoca4,kdeinit4,lpr,okular,ps2pdf,unar,unrar |
62 | private-dev | 62 | private-dev |
63 | private-etc @x11,cups | 63 | private-etc @x11,cups |
64 | # on KDE we need access to the real /tmp for data exchange with email clients | 64 | # on KDE we need access to the real /tmp for data exchange with email clients |
diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile index 8917a9bc5..8e1a5daf5 100644 --- a/etc/profile-m-z/palemoon.profile +++ b/etc/profile-m-z/palemoon.profile | |||
@@ -21,8 +21,7 @@ seccomp | |||
21 | ignore seccomp | 21 | ignore seccomp |
22 | 22 | ||
23 | #private-bin palemoon | 23 | #private-bin palemoon |
24 | # private-etc must first be enabled in firefox-common.profile | 24 | private-etc palemoon |
25 | #private-etc palemoon | ||
26 | 25 | ||
27 | restrict-namespaces | 26 | restrict-namespaces |
28 | ignore restrict-namespaces | 27 | ignore restrict-namespaces |
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index 62efa28db..1c4d85ea0 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
@@ -19,7 +19,8 @@ include disable-exec.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | whitelist ${RUNUSER}/gcr/ssh | 21 | whitelist ${RUNUSER}/gcr/ssh |
22 | whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh | 22 | whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh # default gpg homedir setup |
23 | whitelist ${RUNUSER}/gnupg/*/S.gpg-agent.ssh # custom gpg homedir setup | ||
23 | whitelist ${RUNUSER}/keyring/ssh | 24 | whitelist ${RUNUSER}/keyring/ssh |
24 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
25 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/sway.profile b/etc/profile-m-z/sway.profile index f71905150..b7f90f6ad 100644 --- a/etc/profile-m-z/sway.profile +++ b/etc/profile-m-z/sway.profile | |||
@@ -10,6 +10,10 @@ include globals.local | |||
10 | noblacklist ${HOME}/.config/sway | 10 | noblacklist ${HOME}/.config/sway |
11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway | 11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway |
12 | noblacklist ${HOME}/.config/i3 | 12 | noblacklist ${HOME}/.config/i3 |
13 | # allow creation of IPC socket | ||
14 | noblacklist ${RUNUSER}/sway-ipc.* | ||
15 | noblacklist /tmp/sway-ipc.* | ||
16 | |||
13 | include disable-common.inc | 17 | include disable-common.inc |
14 | 18 | ||
15 | caps.drop all | 19 | caps.drop all |
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile index bf6f45e41..cf2fced64 100644 --- a/etc/profile-m-z/waterfox.profile +++ b/etc/profile-m-z/waterfox.profile | |||
@@ -21,9 +21,7 @@ whitelist /usr/share/waterfox | |||
21 | # waterfox requires a shell to launch on Arch. We can possibly remove sh though. | 21 | # waterfox requires a shell to launch on Arch. We can possibly remove sh though. |
22 | # Add the next line to your waterfox.local to enable private-bin. | 22 | # Add the next line to your waterfox.local to enable private-bin. |
23 | #private-bin bash,dbus-launch,dbus-send,env,sh,waterfox,waterfox-classic,waterfox-current,which | 23 | #private-bin bash,dbus-launch,dbus-send,env,sh,waterfox,waterfox-classic,waterfox-current,which |
24 | # Add the next line to your waterfox.local to enable private-etc. Note that private-etc must first be | 24 | private-etc waterfox |
25 | # enabled in your firefox-common.local. | ||
26 | #private-etc waterfox | ||
27 | 25 | ||
28 | # Redirect | 26 | # Redirect |
29 | include firefox-common.profile | 27 | include firefox-common.profile |
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile index 306212f85..430934df2 100644 --- a/etc/profile-m-z/zoom.profile +++ b/etc/profile-m-z/zoom.profile | |||
@@ -19,6 +19,7 @@ ignore dbus-system none | |||
19 | noblacklist ${HOME}/.config/zoom.conf | 19 | noblacklist ${HOME}/.config/zoom.conf |
20 | noblacklist ${HOME}/.config/zoomus.conf | 20 | noblacklist ${HOME}/.config/zoomus.conf |
21 | noblacklist ${HOME}/.zoom | 21 | noblacklist ${HOME}/.zoom |
22 | noblacklist ${DOCUMENTS} | ||
22 | 23 | ||
23 | nowhitelist ${DOWNLOADS} | 24 | nowhitelist ${DOWNLOADS} |
24 | 25 | ||
@@ -26,10 +27,12 @@ mkdir ${HOME}/.cache/zoom | |||
26 | mkfile ${HOME}/.config/zoom.conf | 27 | mkfile ${HOME}/.config/zoom.conf |
27 | mkfile ${HOME}/.config/zoomus.conf | 28 | mkfile ${HOME}/.config/zoomus.conf |
28 | mkdir ${HOME}/.zoom | 29 | mkdir ${HOME}/.zoom |
30 | mkdir ${HOME}/Documents/Zoom | ||
29 | whitelist ${HOME}/.cache/zoom | 31 | whitelist ${HOME}/.cache/zoom |
30 | whitelist ${HOME}/.config/zoom.conf | 32 | whitelist ${HOME}/.config/zoom.conf |
31 | whitelist ${HOME}/.config/zoomus.conf | 33 | whitelist ${HOME}/.config/zoomus.conf |
32 | whitelist ${HOME}/.zoom | 34 | whitelist ${HOME}/.zoom |
35 | whitelist ${HOME}/Documents/Zoom | ||
33 | 36 | ||
34 | # Disable for now, see https://github.com/netblue30/firejail/issues/3726 | 37 | # Disable for now, see https://github.com/netblue30/firejail/issues/3726 |
35 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 38 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl |