From 63b306179fb3f57c96d036de665deb5ce7db3ab7 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Tue, 25 Jul 2023 19:32:12 +0000 Subject: profiles: Miscellaneous cleanups (#5918) --- etc/profile-m-z/minetest.profile | 5 +++-- etc/profile-m-z/mpv.profile | 2 +- etc/profile-m-z/nodejs-common.profile | 2 +- etc/profile-m-z/noprofile.profile | 15 +++++++-------- etc/profile-m-z/pingus.profile | 3 ++- etc/profile-m-z/rtin.profile | 2 +- etc/profile-m-z/steam.profile | 4 ++-- etc/profile-m-z/tin.profile | 4 ++-- 8 files changed, 19 insertions(+), 18 deletions(-) (limited to 'etc/profile-m-z') diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile index 15474c96e..7b0135695 100644 --- a/etc/profile-m-z/minetest.profile +++ b/etc/profile-m-z/minetest.profile @@ -6,8 +6,9 @@ include minetest.local # Persistent global definitions include globals.local -# In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf: -# screenshot_path = /home//.minetest/screenshots +# In order to save in-game screenshots to a persistent location, +# edit ~/.minetest/minetest.conf: +# screenshot_path = /home//.minetest/screenshots noblacklist ${HOME}/.cache/minetest noblacklist ${HOME}/.minetest diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile index bd01d4082..fd35483be 100644 --- a/etc/profile-m-z/mpv.profile +++ b/etc/profile-m-z/mpv.profile @@ -9,7 +9,7 @@ include globals.local # In order to save screenshots to a persistent location, # edit ~/.config/mpv/foobar.conf: -# screenshot-directory=~/Pictures +# screenshot-directory=~/Pictures # mpv has a powerful Lua API and some of the Lua scripts interact with # external resources which are blocked by firejail. In such cases you need to diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index f3b0c8a49..4c463521c 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile @@ -7,7 +7,7 @@ include nodejs-common.local # added by caller profile #include globals.local -# NOTE: gulp, node-gyp, npm, npx, semver and yarn are all node scripts +# Note: gulp, node-gyp, npm, npx, semver and yarn are all node scripts # using the `#!/usr/bin/env node` shebang. By sandboxing node the full # node.js stack will be firejailed. The only exception is nvm, which is implemented # as a sourced shell function, not an executable binary. Hence it is not diff --git a/etc/profile-m-z/noprofile.profile b/etc/profile-m-z/noprofile.profile index db4113f94..7d0e01d98 100644 --- a/etc/profile-m-z/noprofile.profile +++ b/etc/profile-m-z/noprofile.profile @@ -1,17 +1,16 @@ # This is the weakest possible firejail profile. -# If a program still fail with this profile, it is incompatible with firejail. +# If a program still fails with this profile, it is incompatible with firejail. # (from https://gist.github.com/rusty-snake/bb234cb3e50e1e4e7429f29a7931cc72) # # Usage: -# 1. download -# 2. firejail --profile=noprofile.profile /path/to/program +# $ firejail --profile=noprofile.profile /path/to/program # Keep in mind that even with this profile some things are done -# which can break the program. -# - some env-vars are cleared -# - /etc/firejail/firejail.config can contain options such as 'force-nonewprivs yes' -# - a new private pid-namespace is created -# - a minimal hardcoded blacklist is applied +# which can break the program: +# - some env-vars are cleared; +# - /etc/firejail/firejail.config can contain options such as 'force-nonewprivs yes'; +# - a new private pid-namespace is created; +# - a minimal hardcoded blacklist is applied; # - ... noblacklist /sys/fs diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile index 3ff033e0b..e274b6443 100644 --- a/etc/profile-m-z/pingus.profile +++ b/etc/profile-m-z/pingus.profile @@ -23,8 +23,9 @@ include disable-xdg.inc mkdir ${HOME}/.pingus whitelist ${HOME}/.pingus +# Debian keeps games data under /usr/share/games +whitelist /usr/share/games/pingus whitelist /usr/share/pingus -whitelist /usr/share/games/pingus # Debian keeps games data under /usr/share/games include whitelist-common.inc include whitelist-runuser-common.inc include whitelist-usr-share-common.inc diff --git a/etc/profile-m-z/rtin.profile b/etc/profile-m-z/rtin.profile index 87aa69bcb..b1acf8b2e 100644 --- a/etc/profile-m-z/rtin.profile +++ b/etc/profile-m-z/rtin.profile @@ -1,6 +1,6 @@ # Firejail profile for rtin # Description: ncurses-based Usenet newsreader -# symlink to tin, same as `tin -r` +# symlink to tin, same as `tin -r` # This file is overwritten after every install/update # Persistent local customizations include rtin.local diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index 63d629a32..99317c9dc 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile @@ -133,9 +133,9 @@ whitelist ${HOME}/.steampid include whitelist-common.inc include whitelist-var-common.inc -# NOTE: The following were intentionally left out as they are alternative +# Note: The following were intentionally left out as they are alternative # (i.e.: unnecessary and/or legacy) paths whose existence may potentially -# clobber other paths (see #4225). If you use any, either add the entry to +# clobber other paths (see #4225). If you use any, either add the entry to # steam.local or move the contents to a path listed above (or open an issue if # it's missing above). #mkdir ${HOME}/.config/RogueLegacyStorageContainer diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile index a03a6caa0..35ff14e88 100644 --- a/etc/profile-m-z/tin.profile +++ b/etc/profile-m-z/tin.profile @@ -24,8 +24,8 @@ include disable-xdg.inc mkdir ${HOME}/.tin mkfile ${HOME}/.newsrc # Note: files/directories directly in ${HOME} can't be whitelisted, as -# tin saves .newsrc by renaming a temporary file, which is not possible for -# bind-mounted files. +# tin saves .newsrc by renaming a temporary file, which is not possible for +# bind-mounted files. #whitelist ${HOME}/.newsrc #whitelist ${HOME}/.tin #include whitelist-common.inc -- cgit v1.2.3-70-g09d2