From f09bb2af9af7f3fec9346bd138c79f1cdd12eab5 Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Sat, 27 Feb 2021 09:06:02 +0100 Subject: fixes - RELNOTS: protocol now accumulates - fix #3978 -- Android Studio: cannot create the directory Unresolved: > google-earth.profile has a 'noblacklist ${HOME}/.config/Google' too, > so we should consider to add additional blacklists for ~/.config/Google/*. - marker.profile: allow ${DOCUMENTS} - profile.template: add bluetooth protocol - profile.template: add DBus portal note - firejail-profile.txt: revert 17fe4b9e -- fix private=directory in man firejail-profile see https://github.com/netblue30/firejail/pull/3970#discussion_r574411745 --- etc/templates/profile.template | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'etc/templates/profile.template') diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 72b7d3025..17d7f55b2 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template @@ -155,8 +155,8 @@ include globals.local # - unix is usually needed # - inet,inet6 only if internet access is required (see 'net none'/'netfilter' above) # - netlink is rarely needed -# - packet almost never -#protocol unix,inet,inet6,netlink,packet +# - packet and bluetooth almost never +#protocol unix,inet,inet6,netlink,packet,bluetooth #seccomp ##seccomp !chroot ##seccomp.drop SYSCALLS (see syscalls.txt) @@ -200,6 +200,7 @@ include globals.local # flatpak remote-info --show-metadata flathub # Notes: # - flatpak implicitly allows an app to own on the session bus +# - Some features like native notifications are implemented as portal too. # - In order to make dconf work (when used by the app) you need to allow # 'ca.desrt.dconf' even when not allowed by flatpak. # Notes and Policiy about addresses can be found at -- cgit v1.2.3-70-g09d2