diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/profile-a-l/celluloid.profile | 7 | ||||
-rw-r--r-- | etc/profile-a-l/com.github.dahenson.agenda.profile | 5 | ||||
-rw-r--r-- | etc/profile-a-l/dconf-editor.profile | 5 | ||||
-rw-r--r-- | etc/profile-a-l/eog.profile | 5 | ||||
-rw-r--r-- | etc/profile-a-l/feedreader.profile | 8 | ||||
-rw-r--r-- | etc/profile-a-l/firefox.profile | 7 | ||||
-rw-r--r-- | etc/profile-a-l/gfeeds.profile | 6 | ||||
-rw-r--r-- | etc/profile-a-l/ghostwriter.profile | 3 | ||||
-rw-r--r-- | etc/profile-a-l/gitg.profile | 7 | ||||
-rw-r--r-- | etc/profile-a-l/gnome-maps.profile | 8 | ||||
-rw-r--r-- | etc/profile-a-l/gnome-pomodoro.profile | 6 | ||||
-rw-r--r-- | etc/profile-a-l/gnome-screenshot.profile | 5 | ||||
-rw-r--r-- | etc/profile-a-l/gnome-todo.profile | 12 | ||||
-rw-r--r-- | etc/profile-a-l/keepassxc.profile | 22 | ||||
-rw-r--r-- | etc/profile-a-l/libreoffice.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/rhythmbox.profile | 12 | ||||
-rw-r--r-- | etc/profile-m-z/seahorse.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/wireshark.profile | 1 | ||||
-rw-r--r-- | etc/templates/profile.template | 17 |
19 files changed, 125 insertions, 19 deletions
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index 9be6b1631..567bd912a 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile | |||
@@ -46,9 +46,10 @@ private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3 | |||
46 | private-dev | 46 | private-dev |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | # uses dconf, MPRIS | 49 | dbus-user filter |
50 | # dbus-user none | 50 | dbus-user.own io.github.celluloid_player.Celluloid |
51 | # dbus-system none | 51 | dbus-user.talk org.gnome.SettingsDaemon.MediaKeys |
52 | dbus-system none | ||
52 | 53 | ||
53 | read-only ${HOME} | 54 | read-only ${HOME} |
54 | read-write ${HOME}/.config/celluloid | 55 | read-write ${HOME}/.config/celluloid |
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index ea5370649..6df9627b3 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile | |||
@@ -54,6 +54,11 @@ private-dev | |||
54 | private-etc dconf,fonts,gtk-3.0 | 54 | private-etc dconf,fonts,gtk-3.0 |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user filter | ||
58 | dbus.own com.github.dahenson.agenda | ||
59 | dbus.talk ca.desrt.dconf | ||
60 | dbus-system none | ||
61 | |||
57 | read-only ${HOME} | 62 | read-only ${HOME} |
58 | read-write ${HOME}/.cache/agenda | 63 | read-write ${HOME}/.cache/agenda |
59 | read-write ${HOME}/.config/agenda | 64 | read-write ${HOME}/.config/agenda |
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index e7cc66e32..62379d3ef 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile | |||
@@ -44,3 +44,8 @@ private-dev | |||
44 | private-etc alternatives,dconf,fonts,gtk-3.0,machine-id | 44 | private-etc alternatives,dconf,fonts,gtk-3.0,machine-id |
45 | private-lib | 45 | private-lib |
46 | private-tmp | 46 | private-tmp |
47 | |||
48 | dbus-user filter | ||
49 | dbus-user.own ca.desrt.dconf-editor | ||
50 | dbus-user.talk ca.desrt.dconf | ||
51 | dbus-system none | ||
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile index 6690b33ca..3266f7d28 100644 --- a/etc/profile-a-l/eog.profile +++ b/etc/profile-a-l/eog.profile | |||
@@ -15,5 +15,10 @@ whitelist /usr/share/eog | |||
15 | # or put 'ignore private-bin', 'ignore private-etc' and 'ignore private-lib' in your eog.local | 15 | # or put 'ignore private-bin', 'ignore private-etc' and 'ignore private-lib' in your eog.local |
16 | private-bin eog | 16 | private-bin eog |
17 | 17 | ||
18 | dbus-user filter | ||
19 | dbus-user.own org.gnome.Eog | ||
20 | dbus-user.talk ca.desrt.dconf | ||
21 | dbus-system none | ||
22 | |||
18 | # Redirect | 23 | # Redirect |
19 | include eo-common.profile | 24 | include eo-common.profile |
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile index 7d3c7a8f4..60c6c8548 100644 --- a/etc/profile-a-l/feedreader.profile +++ b/etc/profile-a-l/feedreader.profile | |||
@@ -48,3 +48,11 @@ private-cache | |||
48 | private-dev | 48 | private-dev |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user filter | ||
52 | dbus-user.own org.gnome.FeedReader | ||
53 | dbus-user.own org.gnome.FeedReader.ArticleView | ||
54 | # Enable as you need. | ||
55 | #dbus-user.talk org.freedesktop.Notifications | ||
56 | #dbus-user.talk org.freedesktop.secrets | ||
57 | #dbus-user.talk org.gnome.OnlineAccounts | ||
58 | dbus-system none | ||
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile index 4a2cb260f..337311ed8 100644 --- a/etc/profile-a-l/firefox.profile +++ b/etc/profile-a-l/firefox.profile | |||
@@ -28,5 +28,12 @@ include whitelist-usr-share-common.inc | |||
28 | # private-etc must first be enabled in firefox-common.profile | 28 | # private-etc must first be enabled in firefox-common.profile |
29 | #private-etc firefox | 29 | #private-etc firefox |
30 | 30 | ||
31 | dbus-user filter | ||
32 | dbus-user.own org.mozilla.firefox.* | ||
33 | dbus-user.own org.mpris.MediaPlayer2.firefox.* | ||
34 | # Uncomment or put in your firefox.local to enable native notifications. | ||
35 | #dbus-user.talk org.freedesktop.Notifications | ||
36 | ignore dbus-user none | ||
37 | |||
31 | # Redirect | 38 | # Redirect |
32 | include firefox-common.profile | 39 | include firefox-common.profile |
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index e7913f5e4..587a12a93 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile | |||
@@ -58,5 +58,7 @@ private-dev | |||
58 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg | 58 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg |
59 | private-tmp | 59 | private-tmp |
60 | 60 | ||
61 | # dbus-user none | 61 | dbus-user filter |
62 | # dbus-system none | 62 | dbus-user.own org.gabmus.gfeeds |
63 | dbus-user.talk ca.desrt.dconf | ||
64 | dbus-system none | ||
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile index c18a6b72e..1d5398403 100644 --- a/etc/profile-a-l/ghostwriter.profile +++ b/etc/profile-a-l/ghostwriter.profile | |||
@@ -48,3 +48,6 @@ private-dev | |||
48 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed | 48 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed |
49 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,texlive,Trolltech.conf,X11,xdg | 49 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,texlive,Trolltech.conf,X11,xdg |
50 | private-tmp | 50 | private-tmp |
51 | |||
52 | dbus-user none | ||
53 | dbus-system none | ||
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile index 68f38c3ce..71b8e9b11 100644 --- a/etc/profile-a-l/gitg.profile +++ b/etc/profile-a-l/gitg.profile | |||
@@ -52,3 +52,10 @@ private-bin git,gitg,ssh | |||
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-tmp | 54 | private-tmp |
55 | |||
56 | dbus-user filter | ||
57 | dbus-user.own org.gnome.gitg | ||
58 | dbus-user.talk ca.desrt.dconf | ||
59 | # Uncomment (or put in your gitg.local) if you need keyring access. | ||
60 | #dbus-user.talk org.freedesktop.secrets | ||
61 | dbus-system none | ||
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index bf263efa9..1366d1e1e 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile | |||
@@ -62,3 +62,11 @@ private-bin gjs,gnome-maps | |||
62 | private-dev | 62 | private-dev |
63 | private-etc alternatives,ca-certificates,clutter-1.0,crypto-policies,dconf,drirc,fonts,gconf,gcrypt,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pkcs11,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg | 63 | private-etc alternatives,ca-certificates,clutter-1.0,crypto-policies,dconf,drirc,fonts,gconf,gcrypt,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pkcs11,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg |
64 | private-tmp | 64 | private-tmp |
65 | |||
66 | dbus-user filter | ||
67 | dbus-user.own org.gnome.Maps | ||
68 | #dbus-user.talk org.freedesktop.secrets | ||
69 | #dbus-user.talk org.gnome.OnlineAccounts | ||
70 | dbus-system filter | ||
71 | #dbus-system.talk org.freedesktop.NetworkManager | ||
72 | dbus-system.talk org.freedesktop.GeoClue2 | ||
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index f8be23f07..2a5d2a231 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile | |||
@@ -47,5 +47,11 @@ private-dev | |||
47 | private-etc dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id | 47 | private-etc dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user filter | ||
51 | dbus-user.own org.gnome.Pomodoro | ||
52 | dbus-user.talk ca.desrt.dconf | ||
53 | dbus-user.talk org.gnome.Shell | ||
54 | dbus-system none | ||
55 | |||
50 | read-only ${HOME} | 56 | read-only ${HOME} |
51 | read-write ${HOME}/.local/share/gnome-pomodoro | 57 | read-write ${HOME}/.local/share/gnome-pomodoro |
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index cc5efb161..fe6bc025d 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile | |||
@@ -42,3 +42,8 @@ private-bin gnome-screenshot | |||
42 | private-dev | 42 | private-dev |
43 | private-etc dconf,fonts,gtk-3.0,localtime,machine-id | 43 | private-etc dconf,fonts,gtk-3.0,localtime,machine-id |
44 | private-tmp | 44 | private-tmp |
45 | |||
46 | dbus-user filter | ||
47 | dbus-user.own org.gnome.Screenshot | ||
48 | dbus-user.talk org.gnome.Shell.Screenshot | ||
49 | dbus-system none | ||
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index 6240cce65..453925022 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile | |||
@@ -48,4 +48,16 @@ private-dev | |||
48 | private-etc dconf,fonts,gtk-3.0,localtime,passwd,xdg | 48 | private-etc dconf,fonts,gtk-3.0,localtime,passwd,xdg |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user filter | ||
52 | dbus-user.own org.gnome.Todo | ||
53 | dbus-user.talk ca.desrt.dconf | ||
54 | #dbus-user.talk org.gnome.evolution.dataserver.AddressBook9 | ||
55 | #dbus-user.talk org.gnome.evolution.dataserver.Calendar8 | ||
56 | #dbus-user.talk org.gnome.evolution.dataserver.Sources5 | ||
57 | #dbus-user.talk org.gnome.evolution.dataserver.Subprocess.Backend.* | ||
58 | #dbus-user.talk org.gnome.OnlineAccounts | ||
59 | dbus-system none | ||
60 | #dbus-system filter | ||
61 | #dbus-system.talk org.freedesktop.login1 | ||
62 | |||
51 | read-only ${HOME} | 63 | read-only ${HOME} |
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index 43dbad5f9..9458edf33 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile | |||
@@ -31,10 +31,6 @@ machine-id | |||
31 | net none | 31 | net none |
32 | no3d | 32 | no3d |
33 | nodvd | 33 | nodvd |
34 | # Breaks 'Lock database when session is locked or lid is closed' (#2899). | ||
35 | # Also breaks (Plasma) tray icon, | ||
36 | # you can safely uncomment it or add to keepassxc.local if you don't need these features. | ||
37 | # | ||
38 | nogroups | 34 | nogroups |
39 | nonewprivs | 35 | nonewprivs |
40 | noroot | 36 | noroot |
@@ -52,11 +48,19 @@ private-dev | |||
52 | private-etc alternatives,fonts,ld.so.cache,machine-id | 48 | private-etc alternatives,fonts,ld.so.cache,machine-id |
53 | private-tmp | 49 | private-tmp |
54 | 50 | ||
55 | # Breaks 'Lock database when session is locked or lid is closed' (#2899). | 51 | dbus-user filter |
56 | # Also breaks (Plasma) tray icon, | 52 | #dbus-user.own org.keepassxc.KeePassXC |
57 | # you can safely uncomment it or add to keepassxc.local if you don't need these features. | 53 | dbus-user.talk com.canonical.Unity.Session |
58 | # dbus-user none | 54 | dbus-user.talk org.freedesktop.ScreenSaver |
59 | # dbus-system none | 55 | dbus-user.talk org.freedesktop.login1.Manager |
56 | dbus-user.talk org.freedesktop.login1.Session | ||
57 | dbus-user.talk org.gnome.ScreenSaver | ||
58 | dbus-user.talk org.gnome.SessionManager | ||
59 | dbus-user.talk org.gnome.SessionManager.Presence | ||
60 | # Uncomment or add to your keepassxc.local to allow Notifications. | ||
61 | #dbus-user.talk org.freedesktop.Notifications | ||
62 | #dbus-user.talk org.kde.StatusNotifierWatcher | ||
63 | dbus-system none | ||
60 | 64 | ||
61 | # Mutex is stored in /tmp by default, which is broken by private-tmp | 65 | # Mutex is stored in /tmp by default, which is broken by private-tmp |
62 | join-or-start keepassxc | 66 | join-or-start keepassxc |
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index aa113883e..948e2927c 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile | |||
@@ -46,4 +46,7 @@ tracelog | |||
46 | private-dev | 46 | private-dev |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | ||
50 | dbus-system none | ||
51 | |||
49 | join-or-start libreoffice | 52 | join-or-start libreoffice |
diff --git a/etc/profile-m-z/rhythmbox.profile b/etc/profile-m-z/rhythmbox.profile index e8f964383..f3939685a 100644 --- a/etc/profile-m-z/rhythmbox.profile +++ b/etc/profile-m-z/rhythmbox.profile | |||
@@ -47,6 +47,12 @@ private-bin rhythmbox,rhythmbox-client | |||
47 | private-dev | 47 | private-dev |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | # makes settings immutable | 50 | dbus-user filter |
51 | # dbus-user none | 51 | dbus-user.own org.gnome.Rhythmbox3 |
52 | # dbus-system none | 52 | dbus-user.own org.mpris.MediaPlayer2.rhythmbox |
53 | dbus-user.own org.gnome.UPnP.MediaServer2.Rhythmbox | ||
54 | dbus-user.talk ca.desrt.dconf | ||
55 | dbus-user.talk org.freedesktop.Notifications | ||
56 | dbus-system none | ||
57 | dbus-system filter | ||
58 | dbus-system.talk org.freedesktop.Avahi | ||
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index 3a69086b5..85d86d646 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile | |||
@@ -61,3 +61,8 @@ private-cache | |||
61 | private-dev | 61 | private-dev |
62 | private-etc ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssh,ssl,X11 | 62 | private-etc ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssh,ssl,X11 |
63 | writable-run-user | 63 | writable-run-user |
64 | |||
65 | dbus-user filter | ||
66 | dbus-user.own org.gnome.seahorse.Application | ||
67 | dbus-user.talk org.freedesktop.secrets | ||
68 | dbus-system none | ||
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile index d73e2e279..a30cb43d5 100644 --- a/etc/profile-m-z/wireshark.profile +++ b/etc/profile-m-z/wireshark.profile | |||
@@ -47,4 +47,3 @@ tracelog | |||
47 | private-dev | 47 | private-dev |
48 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,machine-id,passwd,pki,ssl | 48 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,machine-id,passwd,pki,ssl |
49 | private-tmp | 49 | private-tmp |
50 | |||
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index d339ce476..be1175ce3 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
@@ -33,6 +33,7 @@ | |||
33 | # WHITELIST INCLUDES | 33 | # WHITELIST INCLUDES |
34 | # OPTIONS (caps*, net*, no*, protocol, seccomp*, shell none, tracelog) | 34 | # OPTIONS (caps*, net*, no*, protocol, seccomp*, shell none, tracelog) |
35 | # PRIVATE OPTIONS (disable-mnt, private-*, writable-*) | 35 | # PRIVATE OPTIONS (disable-mnt, private-*, writable-*) |
36 | # DBUS FILTER | ||
36 | # SPECIAL OPTIONS (mdwx, noexec, read-only, join-or-start) | 37 | # SPECIAL OPTIONS (mdwx, noexec, read-only, join-or-start) |
37 | # REDIRECT INCLUDES | 38 | # REDIRECT INCLUDES |
38 | # | 39 | # |
@@ -136,6 +137,7 @@ include globals.local | |||
136 | #net none | 137 | #net none |
137 | #netfilter | 138 | #netfilter |
138 | #no3d | 139 | #no3d |
140 | ##nodbus (deprecated, use 'dbus-user none' and 'dbus-system none', see below) | ||
139 | #nodvd | 141 | #nodvd |
140 | #nogroups | 142 | #nogroups |
141 | #nonewprivs | 143 | #nonewprivs |
@@ -185,7 +187,20 @@ include globals.local | |||
185 | ##writable-var | 187 | ##writable-var |
186 | ##writable-var-log | 188 | ##writable-var-log |
187 | 189 | ||
188 | #dbus-user none | 190 | # Since 0.9.63 also a more granular regulation of dbus is supported. |
191 | # To get the dbus-addresses to which an application needs access to. | ||
192 | # You can look at flatpak if the application is also distriputed via flatpak: | ||
193 | # flatpak remote-info --show-metadata flathub <APP-ID> | ||
194 | # Notes: | ||
195 | # - flatpak implicitly allows an app to own <APP-ID> on the session bus | ||
196 | # - In order to make dconf work (if it is used by the app) you need to allow | ||
197 | # 'ca.desrt.dconf' even if it is not allowed by flatpak. | ||
198 | # Notes and Policiy about addresses can be found at | ||
199 | # <https://github.com/netblue30/firejail/wiki/Restrict-D-Bus> | ||
200 | #dbus-user filter | ||
201 | #dbus-user.own com.github.netblue30.firejail | ||
202 | #dbus-user.talk ca.desrt.dconf | ||
203 | #dbus-user.talk org.freedesktop.Notifications | ||
189 | #dbus-system none | 204 | #dbus-system none |
190 | 205 | ||
191 | ##env VAR=VALUE | 206 | ##env VAR=VALUE |