From 989f79331fbbe8e7ea051c35e30050cd497d3bf8 Mon Sep 17 00:00:00 2001
From: hawkeye116477 <hawkeye116477@gmail.com>
Date: Mon, 25 Sep 2017 23:05:05 +0200
Subject: Whitelist /var and fix private-bit filter for waterfox on Arch

---
 etc/waterfox.profile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/etc/waterfox.profile b/etc/waterfox.profile
index 2322c1fae..67995f345 100644
--- a/etc/waterfox.profile
+++ b/etc/waterfox.profile
@@ -65,6 +65,7 @@ whitelist ~/.wine-pipelight64
 whitelist ~/.zotero
 whitelist ~/dwhelper
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 
 caps.drop all
 netfilter
@@ -78,7 +79,8 @@ seccomp
 shell none
 tracelog
 
-# private-bin waterfox,which,sh,dbus-launch,dbus-send,env
+# waterfox requires a shell to launch on Arch. We can possibly remove sh though.
+# private-bin waterfox,which,sh,dbus-launch,dbus-send,env,dash,bash
 private-dev
 # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,waterfox,mime.types,mailcap,asound.conf,pulse
 private-tmp
-- 
cgit v1.2.3-54-g00ecf