From 0c251af630d4c60a82617ac7eb3d9b105b32d347 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Fri, 30 Mar 2018 18:01:11 +0200 Subject: redirect knotes to kmail, some tweaks --- etc/akonadi_control.profile | 4 ++-- etc/disable-programs.inc | 1 + etc/kmail.profile | 2 ++ etc/knotes.profile | 34 ++++++---------------------------- etc/krunner.profile | 1 + etc/smplayer.profile | 2 +- etc/vlc.profile | 2 +- 7 files changed, 14 insertions(+), 32 deletions(-) diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile index 296b25b83..3a4404b28 100644 --- a/etc/akonadi_control.profile +++ b/etc/akonadi_control.profile @@ -23,8 +23,8 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/whitelist-var-common.inc -# the default mysqld-akonadi apparmor profile in debian and ubuntu -# is not compatible with the commented options below +# disabled options below are not compatible with the apparmor profile for mysqld-akonadi. +# this affects ubuntu and debian currently # apparmor caps.drop all diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 3842a46f1..a6f12f3db 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -385,6 +385,7 @@ blacklist ${HOME}/.local/share/kate blacklist ${HOME}/.local/share/kdenlive blacklist ${HOME}/.local/share/kget blacklist ${HOME}/.local/share/kmail2 +blacklist ${HOME}/.local/share/knotes blacklist ${HOME}/.local/share/krita blacklist ${HOME}/.local/share/ktorrentrc blacklist ${HOME}/.local/share/ktorrent diff --git a/etc/kmail.profile b/etc/kmail.profile index f095b5853..3e425b62e 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -28,6 +28,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + # apparmor caps.drop all netfilter diff --git a/etc/knotes.profile b/etc/knotes.profile index 85b267f8b..4bbbd332d 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile @@ -5,34 +5,12 @@ include /etc/firejail/knotes.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ${HOME}/.config/akonadi* -noblacklist ${HOME}/.config/knotesrc -noblacklist ${HOME}/.local/share/akonadi* -noblacklist /tmp/akonadi-* - -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +# knotes has problems launching akonadi in debian and ubuntu. +# one solution is to have akonadi already running when knotes is started -include /etc/firejail/whitelist-var-common.inc - -caps.drop all -netfilter -nodvd -nogroups -nonewprivs -noroot -nosound -notv -novideo -protocol unix -seccomp -shell none -tracelog +noblacklist ${HOME}/.config/knotesrc +noblacklist ${HOME}/.local/share/knotes -private-dev -# private-tmp - interrupts connection to akonadi -noexec ${HOME} -noexec /tmp +# Redirect +include /etc/firejail/kmail.profile diff --git a/etc/krunner.profile b/etc/krunner.profile index 8382a5c66..17526c4ea 100644 --- a/etc/krunner.profile +++ b/etc/krunner.profile @@ -11,6 +11,7 @@ include /etc/firejail/globals.local # noblacklist ${HOME}/.cache/krunner # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite +# noblacklist ${HOME}/.config/chromium noblacklist ${HOME}/.config/krunnerrc noblacklist ${HOME}/.kde/share/config/krunnerrc noblacklist ${HOME}/.kde4/share/config/krunnerrc diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 60af4cf17..187b0674a 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile @@ -18,7 +18,7 @@ include /etc/firejail/whitelist-var-common.inc apparmor caps.drop all netfilter -# nodbus +# nodbus - problems with KDE # nogroups nonewprivs noroot diff --git a/etc/vlc.profile b/etc/vlc.profile index 0b362eb32..c8c84b992 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile @@ -19,7 +19,7 @@ include /etc/firejail/whitelist-var-common.inc apparmor caps.drop all netfilter -# nodbus +# nodbus - problems with KDE # nogroups nonewprivs noroot -- cgit v1.2.3-54-g00ecf