From b268682dda94f3aa28e2310b16a0be98bd8ba9e3 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Tue, 27 Feb 2024 19:29:22 +0000 Subject: disable-programs.inc: add virt-manager support --- etc/inc/disable-programs.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index f3b44ac3e..aa83691eb 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -227,6 +227,7 @@ blacklist ${HOME}/.cache/torbrowser blacklist ${HOME}/.cache/transmission blacklist ${HOME}/.cache/ueberzugpp blacklist ${HOME}/.cache/ungoogled-chromium +blacklist ${HOME}/.cache/virt-manager blacklist ${HOME}/.cache/vivaldi blacklist ${HOME}/.cache/vivaldi-snapshot blacklist ${HOME}/.cache/vlc -- cgit v1.2.3-54-g00ecf From 82e30a82919cdc1556f660abc96c6e8426aa0482 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Tue, 27 Feb 2024 19:31:29 +0000 Subject: Create virt-manager.profile --- etc/profile-m-z/virt-manager.profile | 72 ++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 etc/profile-m-z/virt-manager.profile diff --git a/etc/profile-m-z/virt-manager.profile b/etc/profile-m-z/virt-manager.profile new file mode 100644 index 000000000..86fe63ef9 --- /dev/null +++ b/etc/profile-m-z/virt-manager.profile @@ -0,0 +1,72 @@ +# Firejail profile for virt-manager +# Description: Manage virtual machines +# This file is overwritten after every install/update +# Persistent local customizations +include virt-manager.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.cache/virt-manager +noblacklist ${RUNUSER}/libvirt + +noblacklist /sbin +noblacklist /usr/sbin + +# Allow python 3 (blacklisted by disable-interpreters.inc) +include allow-python3.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +# breaks app +#include disable-proc.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/virt-manager +whitelist ${DOWNLOADS} +whitelist ${HOME}/.cache/virt-manager +whitelist ${RUNUSER}/libvirt +whitelist /run/libvirt + +whitelist /usr/share/libvirt +whitelist /usr/share/osinfo +whitelist /usr/share/qemu +whitelist /usr/share/seabios +whitelist /usr/share/virt-manager +# /usr/share/misc/usb.ids is a symlink to /var/lib/usbutils/usb.ids on Ubuntu 22.04 +whitelist /var/lib/usbutils/usb.ids +include whitelist-common.inc +include whitelist-run-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +# breaks app +#apparmor +# For host-only network sys_admin is needed. +# See https://github.com/netblue30/firejail/issues/2868#issuecomment-518647630 +caps.keep net_raw,sys_nice +#caps.keep net_raw,sys_admin +netfilter +nodvd +notv +tracelog + +private-cache +private-etc @network,@sound,@tls-ca,@x11 +private-tmp +writable-var + +dbus-user filter +dbus-user.own org.virt-manager.virt-manager +dbus-user.talk ca.desrt.dconf +dbus-user.talk org.freedesktop.Notifications +?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher +dbus-system none + +# breaks app +#deterministic-shutdown +# breaks app +#restrict-namespaces -- cgit v1.2.3-54-g00ecf