From ecbc26fc3b4737a368b701f32ca7c225f86b4e37 Mon Sep 17 00:00:00 2001 From: bn0785ac <33168871+bn0785ac@users.noreply.github.com> Date: Tue, 1 May 2018 11:02:01 -0400 Subject: Repairing programs (#1894) cin keeps seccomp (but i've recovered multithreading its mandatory for video editing) libreoffice its fixed (linux-kde) natron works (multithread ) --- etc/cin.profile | 8 +++++--- etc/libreoffice.profile | 2 +- etc/natron.profile | 8 +++++++- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/etc/cin.profile b/etc/cin.profile index 0a5b0c728..512fa2050 100644 --- a/etc/cin.profile +++ b/etc/cin.profile @@ -18,15 +18,17 @@ ipc-namespace net none nodbus nodvd -nogroups -nonewprivs +#nogroups +#nonewprivs notv noroot protocol unix + +#if an 1-1.2% gap per thread hurts you, feel free to comment seccomp seccomp shell none -private-bin cin,ffmpeg +#private-bin cin,ffmpeg private-dev noexec ${HOME} diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 18fcc59c6..4aafd7c7a 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile @@ -29,7 +29,7 @@ include /etc/firejail/whitelist-var-common.inc caps.drop all machine-id netfilter -nodbus +#nodbus nodvd nogroups #nonewprivs - fix for Ubuntu 18.04/Debian 10 diff --git a/etc/natron.profile b/etc/natron.profile index f6ebf2b65..b933604f8 100644 --- a/etc/natron.profile +++ b/etc/natron.profile @@ -5,6 +5,12 @@ include /etc/firejail/natron.local # Persistent global definitions include /etc/firejail/globals.local +#fixing it +noblacklist ${PATH}/python2* +noblacklist ${PATH}/python3* +noblacklist /usr/lib/python2* +noblacklist /usr/lib/python3* + noblacklist ${HOME}/.Natron noblacklist ${HOME}/.cache/INRIA/Natron noblacklist ${HOME}/.config/INRIA @@ -12,7 +18,7 @@ noblacklist /opt/natron include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc +#include /etc/firejail/disable-interpreters.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -- cgit v1.2.3-54-g00ecf From ec15ff7f71a667cbcdaa402ae25b60350fd0323d Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Tue, 1 May 2018 10:13:55 -0500 Subject: cleanup --- etc/cin.profile | 2 +- etc/natron.profile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/cin.profile b/etc/cin.profile index 512fa2050..356509da0 100644 --- a/etc/cin.profile +++ b/etc/cin.profile @@ -24,7 +24,7 @@ notv noroot protocol unix -#if an 1-1.2% gap per thread hurts you, feel free to comment seccomp +# if an 1-1.2% gap per thread hurts you, comment seccomp seccomp shell none diff --git a/etc/natron.profile b/etc/natron.profile index b933604f8..e7c597fe2 100644 --- a/etc/natron.profile +++ b/etc/natron.profile @@ -5,7 +5,7 @@ include /etc/firejail/natron.local # Persistent global definitions include /etc/firejail/globals.local -#fixing it +# Allow access to python noblacklist ${PATH}/python2* noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* -- cgit v1.2.3-54-g00ecf From 148b8449f22a58ba3eccdc61195a68150ddaac0b Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Tue, 1 May 2018 10:15:29 -0500 Subject: merges --- README | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README b/README index b9509f65a..fa15353c6 100644 --- a/README +++ b/README @@ -114,6 +114,8 @@ bn0785ac (https://github.com/bn0785ac) - fixed bnox, dnox profiles - support all tor-browser langpacks - chromium canary (inox-family) fixes + - allow multithreading for cin and natron + - fix dbus access for libreoffice on KDE BogDan Vatra (https://github.com/bog-dan-ro) - zoom profile Bruno Nova (https://github.com/brunonova) -- cgit v1.2.3-54-g00ecf