diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/apparmor/firejail-local | 6 | ||||
-rw-r--r-- | etc/profile-a-l/firefox-common-addons.profile | 5 | ||||
-rw-r--r-- | etc/profile-a-l/firefox-common.profile | 2 |
3 files changed, 13 insertions, 0 deletions
diff --git a/etc/apparmor/firejail-local b/etc/apparmor/firejail-local index 59c8f7f8a..e7236b0bc 100644 --- a/etc/apparmor/firejail-local +++ b/etc/apparmor/firejail-local | |||
@@ -14,5 +14,11 @@ | |||
14 | # Uncomment to opt-in to apparmor for brave + tor | 14 | # Uncomment to opt-in to apparmor for brave + tor |
15 | #owner @{HOME}/.config/BraveSoftware/Brave-Browser/biahpgbdmdkfgndcmfiipgcebobojjkp/*/** ix, | 15 | #owner @{HOME}/.config/BraveSoftware/Brave-Browser/biahpgbdmdkfgndcmfiipgcebobojjkp/*/** ix, |
16 | 16 | ||
17 | # Uncomment to opt-in to apparmor for firefox DRM (gmp-widevinecdm) | ||
18 | #owner @{HOME}/.mozilla/firefox/*/gm*/** ix, | ||
19 | |||
20 | # Uncomment to opt-in to apparmor for firefox native-messaging-hosts under ${HOME} | ||
21 | #owner @{HOME}/.mozilla/native-messaging-hosts/** ix, | ||
22 | |||
17 | # Uncomment to opt-in to apparmor for torbrowser-launcher | 23 | # Uncomment to opt-in to apparmor for torbrowser-launcher |
18 | #owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix, | 24 | #owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix, |
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile index b2b7c362a..6dc1fca8a 100644 --- a/etc/profile-a-l/firefox-common-addons.profile +++ b/etc/profile-a-l/firefox-common-addons.profile | |||
@@ -2,8 +2,13 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include firefox-common-addons.local | 3 | include firefox-common-addons.local |
4 | 4 | ||
5 | # Prevent whitelisting in ${RUNUSER} | ||
5 | ignore whitelist ${RUNUSER}/*firefox* | 6 | ignore whitelist ${RUNUSER}/*firefox* |
7 | ignore whitelist ${RUNUSER}/psd/*firefox* | ||
8 | ignore whitelist ${RUNUSER}/kpxc_server | ||
9 | ignore whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | ||
6 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | |||
7 | ignore private-cache | 12 | ignore private-cache |
8 | 13 | ||
9 | noblacklist ${HOME}/.cache/youtube-dl | 14 | noblacklist ${HOME}/.cache/youtube-dl |
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 36e3405b0..491ce2eeb 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -8,6 +8,8 @@ include firefox-common.local | |||
8 | 8 | ||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
11 | # noexec ${RUNUSER} breaks DRM binaries when using profile-sync-daemon. | ||
12 | ?BROWSER_ALLOW_DRM: ignore noexec ${RUNUSER} | ||
11 | 13 | ||
12 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. | 14 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. |
13 | #include firefox-common-addons.profile | 15 | #include firefox-common-addons.profile |