From f3585e53933c95d3be31bb53214145d9219ff3ea Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Mon, 9 Nov 2020 20:57:33 +0100 Subject: fixes, closes, enhances, improvements, and so on - .github/ISSUE_TEMPLATE/bug_report.md: get ride off spanish, french, ... error messages - etc/inc/firefox-common-addons.inc: support ff2mpv - etc/profile-a-l/gimp.profile: note about xsane - etc/profile-m-z/min.profile: prettify - etc/profile-m-z/mpsyt.profile: fix, add lua - etc/profile-m-z/qbittorrent.profile: add note for tray-icons; this will get a better note once I investigated and audited all the D-Bus tray stuff. - etc/profile-m-z/transmission-daemon.profile: fix, add protocol packet close #3686 - mps-youtube needs lua close #3701 - Firefox native messaging regression in 0.9.62.4 -> 0.9.64rc1 close #3636 - transmission-daemon fills log with error close #3640 - Gimp - add note how to enable scanning (xsane) close #3707 - qBittorrent tray icon missing from notification panel when running it with firejail --- etc/inc/firefox-common-addons.inc | 17 +++++++++++++++++ etc/profile-a-l/gimp.profile | 8 ++++++++ etc/profile-m-z/min.profile | 3 +-- etc/profile-m-z/mpsyt.profile | 3 +++ etc/profile-m-z/qbittorrent.profile | 1 + etc/profile-m-z/transmission-daemon.profile | 1 + 6 files changed, 31 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/inc/firefox-common-addons.inc b/etc/inc/firefox-common-addons.inc index 11acb7b42..198941ac9 100644 --- a/etc/inc/firefox-common-addons.inc +++ b/etc/inc/firefox-common-addons.inc @@ -69,3 +69,20 @@ include allow-python3.inc # Flash plugin # private-etc must first be enabled in firefox-common.profile and in profiles including it. #private-etc adobe + +# ff2mpv +#ignore noexec ${HOME} +#noblacklist ${HOME}/.config/mpv +#noblacklist ${HOME}/.config/youtube-dl +#noblacklist ${HOME}/.netrc +#include allow-lua.inc +#include allow-python3.inc +#mkdir ${HOME}/.config/mpv +#mkdir ${HOME}/.config/youtube-dl +#whitelist ${HOME}/.config/mpv +#whitelist ${HOME}/.config/youtube-dl +#whitelist ${HOME}/.netrc +#whitelist /usr/share/lua +#whitelist /usr/share/lua* +#whitelist /usr/share/vulkan +#private-bin env,mpv,python3*,waf,youtube-dl diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index 8093c0c39..ed27de7f5 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile @@ -6,6 +6,14 @@ include gimp.local # Persistent global definitions include globals.local +# Uncomment or add to gimp.local in order to support scanning via xsane (see #3640). +# TODO: Replace 'ignore seccomp' with a less permissive option. +#ignore seccomp +#ignore dbus-system +#ignore net +#protocol unix,inet,inet6 + + # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory # if you are not using external plugins, you can comment 'ignore noexec' statement below # or put 'noexec ${HOME}' in your gimp.local diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile index d297b209b..be85fdbc4 100644 --- a/etc/profile-m-z/min.profile +++ b/etc/profile-m-z/min.profile @@ -6,8 +6,7 @@ include min.local # Persistent global definitions include globals.local -# Disable for now, see https://github.com/netblue30/firejail/pull/3688#issuecomment-718711565 -ignore whitelist /usr/share/chromium +nowhitelist /usr/share/chromium noblacklist ${HOME}/.config/Min diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile index addeeac44..414eaf312 100644 --- a/etc/profile-m-z/mpsyt.profile +++ b/etc/profile-m-z/mpsyt.profile @@ -13,6 +13,9 @@ noblacklist ${HOME}/.mplayer noblacklist ${HOME}/.netrc noblacklist ${HOME}/mps +# Allow lua (blacklisted by disable-interpreters.inc) +include allow-lua.inc + # Allow python (blacklisted by disable-interpreters.inc) include allow-python2.inc include allow-python3.inc diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile index 81ec1bc6b..2fb02aefc 100644 --- a/etc/profile-m-z/qbittorrent.profile +++ b/etc/profile-m-z/qbittorrent.profile @@ -56,6 +56,7 @@ private-dev # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl,X11,xdg private-tmp +# See https://github.com/netblue30/firejail/issues/3707 for tray-icon dbus-user none dbus-system none diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile index 363c685e0..8dbbfcc62 100644 --- a/etc/profile-m-z/transmission-daemon.profile +++ b/etc/profile-m-z/transmission-daemon.profile @@ -14,6 +14,7 @@ whitelist ${HOME}/.config/transmission-daemon whitelist /var/lib/transmission caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot +protocol unix,inet,inet6,packet private-bin transmission-daemon private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl -- cgit v1.2.3-70-g09d2