From 337d7aeecf427ca88bb0aff2fb4557165a0fcab4 Mon Sep 17 00:00:00 2001 From: bbhtt <62639087+bbhtt@users.noreply.github.com> Date: Mon, 11 Jan 2021 16:23:35 +0000 Subject: Improvements to balsa,fractal,gajim,trojita (#3791) * Improvements to balsa,fractal,gajim,trojita * sort * Add gpg plugin support to gajim,remove notifications dbus from trojita * Add dbus policy from flatpak per @rusty-snake * Add python* to private-bin; remove some dbus Co-authored-by: kortewegdevries --- etc/profile-a-l/balsa.profile | 12 ++++++++---- etc/profile-a-l/fractal.profile | 5 ++++- etc/profile-a-l/gajim.profile | 30 +++++++++++++++++++++++++++--- etc/profile-m-z/trojita.profile | 3 ++- 4 files changed, 41 insertions(+), 9 deletions(-) (limited to 'etc') diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile index cda6b1aa0..d755fd803 100644 --- a/etc/profile-a-l/balsa.profile +++ b/etc/profile-a-l/balsa.profile @@ -9,6 +9,7 @@ include globals.local noblacklist ${HOME}/.balsa noblacklist ${HOME}/.gnupg noblacklist ${HOME}/.mozilla +noblacklist ${HOME}/.signature noblacklist ${HOME}/mail noblacklist /var/mail noblacklist /var/spool/mail @@ -24,10 +25,12 @@ include disable-xdg.inc mkdir ${HOME}/.balsa mkdir ${HOME}/.gnupg +mkfile ${HOME}/.signature mkdir ${HOME}/mail whitelist ${HOME}/.balsa whitelist ${HOME}/.gnupg whitelist ${HOME}/.mozilla/firefox/profiles.ini +whitelist ${HOME}/.signature whitelist ${HOME}/mail whitelist ${RUNUSER}/gnupg whitelist /usr/share/balsa @@ -58,9 +61,9 @@ shell none tracelog # disable-mnt -# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg +# Add "pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg # Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile. -private-bin balsa,balsa-ab +private-bin balsa,balsa-ab,gpg,gpg-agent,gpg2,gpgsm private-cache private-dev private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,mailname,passwd,pki,resolv.conf,selinux,ssl,xdg @@ -71,8 +74,9 @@ writable-var dbus-user filter dbus-user.own org.desktop.Balsa dbus-user.talk ca.desrt.dconf -dbus-user.talk org.freedesktop.secrets dbus-user.talk org.freedesktop.Notifications +dbus-user.talk org.freedesktop.secrets +dbus-user.talk org.gnome.keyring.SystemPrompter dbus-system none -read-only ${HOME}/.mozilla/firefox/profiles.ini +read-only ${HOME}/.mozilla/firefox/profiles.ini \ No newline at end of file diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index c3af29e15..dc8d6e3ad 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile @@ -8,6 +8,9 @@ include globals.local noblacklist ${HOME}/.cache/fractal +include allow-python2.inc +include allow-python3.inc + include disable-common.inc include disable-devel.inc include disable-exec.inc @@ -49,6 +52,6 @@ private-tmp dbus-user filter dbus-user.own org.gnome.Fractal dbus-user.talk ca.desrt.dconf -dbus-user.talk org.freedesktop.secrets dbus-user.talk org.freedesktop.Notifications +dbus-user.talk org.freedesktop.secrets dbus-system none diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index 85d9b9bd9..125ddf79c 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile @@ -6,6 +6,7 @@ include gajim.local # Persistent global definitions include globals.local +noblacklist ${HOME}/.gnupg noblacklist ${HOME}/.cache/gajim noblacklist ${HOME}/.config/gajim noblacklist ${HOME}/.local/share/gajim @@ -20,19 +21,27 @@ include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc -# Comment the following line if you need to whitelist other folders than ~/Downloads +# Comment the following line if you need to whitelist folders other than ~/Downloads include disable-xdg.inc +mkdir ${HOME}/.gnupg mkdir ${HOME}/.cache/gajim mkdir ${HOME}/.config/gajim mkdir ${HOME}/.local/share/gajim +whitelist ${HOME}/.gnupg whitelist ${HOME}/.cache/gajim whitelist ${HOME}/.config/gajim whitelist ${HOME}/.local/share/gajim whitelist ${DOWNLOADS} +whitelist ${RUNUSER}/gnupg +whitelist /usr/share/gnupg +whitelist /usr/share/gnupg2 include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc include whitelist-var-common.inc +apparmor caps.drop all netfilter nodvd @@ -47,9 +56,24 @@ shell none tracelog disable-mnt -private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python,python3,sh,zsh +private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python*,sh,zsh +private-cache private-dev -private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,xdg private-tmp +writable-run-user + +dbus-user filter +dbus-user.own org.gajim.Gajim +dbus-user.talk org.gnome.Mutter.IdleMonitor +dbus-user.talk ca.desrt.dconf +dbus-user.talk org.freedesktop.Notifications +dbus-user.talk org.freedesktop.secrets +dbus-user.talk org.kde.kwalletd5 +dbus-user.talk org.mpris.MediaPlayer2.* +dbus-system filter +dbus-system.talk org.freedesktop.login1 +# Uncomment for location plugin support +#dbus-system.talk org.freedesktop.GeoClue2 join-or-start gajim diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile index a8641af85..b82aadd13 100644 --- a/etc/profile-m-z/trojita.profile +++ b/etc/profile-m-z/trojita.profile @@ -57,7 +57,8 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,selinux,ssl,xdg private-tmp -dbus-user none +dbus-user filter +dbus-user.talk org.freedesktop.secrets dbus-system none read-only ${HOME}/.mozilla/firefox/profiles.ini -- cgit v1.2.3-70-g09d2