From a95a742727b09dd773fff08e1bdc9b9415dc0c27 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Tue, 25 Jul 2023 19:36:31 +0000 Subject: profiles: fixes and cleanups for opening links with firefox (#5919) --- etc/profile-a-l/kube.profile | 19 ++++++++++++------- etc/profile-m-z/signal-desktop.profile | 8 ++++---- etc/profile-m-z/trojita.profile | 11 ++++++++--- 3 files changed, 24 insertions(+), 14 deletions(-) (limited to 'etc') diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 5cf30ed40..82336969d 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile @@ -6,11 +6,10 @@ include kube.local # Persistent global definitions include globals.local -noblacklist ${HOME}/.gnupg -noblacklist ${HOME}/.mozilla noblacklist ${HOME}/.cache/kube noblacklist ${HOME}/.config/kube noblacklist ${HOME}/.config/sink +noblacklist ${HOME}/.gnupg noblacklist ${HOME}/.local/share/kube noblacklist ${HOME}/.local/share/sink @@ -22,23 +21,28 @@ include disable-programs.inc include disable-shell.inc include disable-xdg.inc -mkdir ${HOME}/.gnupg +# The lines below are needed to find the default Firefox profile name, to allow +# opening links in an existing instance of Firefox (note that it still fails if +# there isn't a Firefox instance running with the default profile; see #5352) +noblacklist ${HOME}/.mozilla +whitelist ${HOME}/.mozilla/firefox/profiles.ini + mkdir ${HOME}/.cache/kube mkdir ${HOME}/.config/kube mkdir ${HOME}/.config/sink +mkdir ${HOME}/.gnupg mkdir ${HOME}/.local/share/kube mkdir ${HOME}/.local/share/sink -whitelist ${HOME}/.gnupg -whitelist ${HOME}/.mozilla/firefox/profiles.ini whitelist ${HOME}/.cache/kube whitelist ${HOME}/.config/kube whitelist ${HOME}/.config/sink +whitelist ${HOME}/.gnupg whitelist ${HOME}/.local/share/kube whitelist ${HOME}/.local/share/sink whitelist ${RUNUSER}/gnupg -whitelist /usr/share/kube whitelist /usr/share/gnupg whitelist /usr/share/gnupg2 +whitelist /usr/share/kube include whitelist-common.inc include whitelist-runuser-common.inc include whitelist-usr-share-common.inc @@ -63,7 +67,6 @@ tracelog # disable-mnt # Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg -# Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile. private-bin kube,sink_synchronizer private-cache private-dev @@ -75,6 +78,8 @@ dbus-user filter dbus-user.talk ca.desrt.dconf dbus-user.talk org.freedesktop.secrets dbus-user.talk org.freedesktop.Notifications +# allow D-Bus communication with firefox for opening links +dbus-user.talk org.mozilla.* dbus-system none restrict-namespaces diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile index 3e1899ef3..8cb4e4173 100644 --- a/etc/profile-m-z/signal-desktop.profile +++ b/etc/profile-m-z/signal-desktop.profile @@ -11,7 +11,9 @@ ignore noexec /tmp noblacklist ${HOME}/.config/Signal -# These lines are needed to allow Firefox to open links +# The lines below are needed to find the default Firefox profile name, to allow +# opening links in an existing instance of Firefox (note that it still fails if +# there isn't a Firefox instance running with the default profile; see #5352) noblacklist ${HOME}/.mozilla whitelist ${HOME}/.mozilla/firefox/profiles.ini @@ -21,11 +23,9 @@ whitelist ${HOME}/.config/Signal private-etc @tls-ca dbus-user filter - # allow D-Bus notifications dbus-user.talk org.freedesktop.Notifications - -# allow D-Bus communication with Firefox browsers for opening links +# allow D-Bus communication with firefox for opening links dbus-user.talk org.mozilla.* ignore dbus-user none diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile index ba68ccb53..2578eb0be 100644 --- a/etc/profile-m-z/trojita.profile +++ b/etc/profile-m-z/trojita.profile @@ -7,7 +7,6 @@ include trojita.local include globals.local noblacklist ${HOME}/.abook -noblacklist ${HOME}/.mozilla noblacklist ${HOME}/.cache/flaska.net/trojita noblacklist ${HOME}/.config/flaska.net @@ -19,11 +18,16 @@ include disable-programs.inc include disable-shell.inc include disable-xdg.inc +# The lines below are needed to find the default Firefox profile name, to allow +# opening links in an existing instance of Firefox (note that it still fails if +# there isn't a Firefox instance running with the default profile; see #5352) +noblacklist ${HOME}/.mozilla +whitelist ${HOME}/.mozilla/firefox/profiles.ini + mkdir ${HOME}/.abook mkdir ${HOME}/.cache/flaska.net/trojita mkdir ${HOME}/.config/flaska.net whitelist ${HOME}/.abook -whitelist ${HOME}/.mozilla/firefox/profiles.ini whitelist ${HOME}/.cache/flaska.net/trojita whitelist ${HOME}/.config/flaska.net include whitelist-common.inc @@ -49,7 +53,6 @@ seccomp tracelog # disable-mnt -# Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile. private-bin trojita private-cache private-dev @@ -58,6 +61,8 @@ private-tmp dbus-user filter dbus-user.talk org.freedesktop.secrets +# allow D-Bus communication with firefox for opening links +dbus-user.talk org.mozilla.* dbus-system none restrict-namespaces -- cgit v1.2.3-54-g00ecf