diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/apparmor/firejail-local | 6 | ||||
| -rw-r--r-- | etc/profile-a-l/firefox-common-addons.profile | 5 | ||||
| -rw-r--r-- | etc/profile-a-l/firefox-common.profile | 2 |
3 files changed, 13 insertions, 0 deletions
diff --git a/etc/apparmor/firejail-local b/etc/apparmor/firejail-local index 59c8f7f8a..e7236b0bc 100644 --- a/etc/apparmor/firejail-local +++ b/etc/apparmor/firejail-local | |||
| @@ -14,5 +14,11 @@ | |||
| 14 | # Uncomment to opt-in to apparmor for brave + tor | 14 | # Uncomment to opt-in to apparmor for brave + tor |
| 15 | #owner @{HOME}/.config/BraveSoftware/Brave-Browser/biahpgbdmdkfgndcmfiipgcebobojjkp/*/** ix, | 15 | #owner @{HOME}/.config/BraveSoftware/Brave-Browser/biahpgbdmdkfgndcmfiipgcebobojjkp/*/** ix, |
| 16 | 16 | ||
| 17 | # Uncomment to opt-in to apparmor for firefox DRM (gmp-widevinecdm) | ||
| 18 | #owner @{HOME}/.mozilla/firefox/*/gm*/** ix, | ||
| 19 | |||
| 20 | # Uncomment to opt-in to apparmor for firefox native-messaging-hosts under ${HOME} | ||
| 21 | #owner @{HOME}/.mozilla/native-messaging-hosts/** ix, | ||
| 22 | |||
| 17 | # Uncomment to opt-in to apparmor for torbrowser-launcher | 23 | # Uncomment to opt-in to apparmor for torbrowser-launcher |
| 18 | #owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix, | 24 | #owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix, |
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile index b2b7c362a..6dc1fca8a 100644 --- a/etc/profile-a-l/firefox-common-addons.profile +++ b/etc/profile-a-l/firefox-common-addons.profile | |||
| @@ -2,8 +2,13 @@ | |||
| 2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
| 3 | include firefox-common-addons.local | 3 | include firefox-common-addons.local |
| 4 | 4 | ||
| 5 | # Prevent whitelisting in ${RUNUSER} | ||
| 5 | ignore whitelist ${RUNUSER}/*firefox* | 6 | ignore whitelist ${RUNUSER}/*firefox* |
| 7 | ignore whitelist ${RUNUSER}/psd/*firefox* | ||
| 8 | ignore whitelist ${RUNUSER}/kpxc_server | ||
| 9 | ignore whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | ||
| 6 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
| 11 | |||
| 7 | ignore private-cache | 12 | ignore private-cache |
| 8 | 13 | ||
| 9 | noblacklist ${HOME}/.cache/youtube-dl | 14 | noblacklist ${HOME}/.cache/youtube-dl |
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 36e3405b0..491ce2eeb 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
| @@ -8,6 +8,8 @@ include firefox-common.local | |||
| 8 | 8 | ||
| 9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
| 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
| 11 | # noexec ${RUNUSER} breaks DRM binaries when using profile-sync-daemon. | ||
| 12 | ?BROWSER_ALLOW_DRM: ignore noexec ${RUNUSER} | ||
| 11 | 13 | ||
| 12 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. | 14 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. |
| 13 | #include firefox-common-addons.profile | 15 | #include firefox-common-addons.profile |