private-etc: corss-distro test for curl, gimp, inkscape, firefox, warzone2100

2026-05-15 14:16:14 -06:00 · 2023-01-28 11:49:28 -05:00 · 2023-01-28 11:49:28 -05:00 · 34d004892f
commit 34d004892f
parent b0822c0d65
6 changed files with 8 additions and 1 deletions
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@ -54,6 +54,7 @@ tracelog
 private-cache
 private-dev
 # private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl
+private-etc TLS-CA
 private-tmp

 dbus-user none
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@ -60,6 +60,7 @@ disable-mnt
 # private-etc below works fine on most distributions. There are some problems on CentOS.
 # Add it to your firefox-common.local if you want to enable it.
 #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-etc GUI,NETWORK,TLS-CA,os-release,mime.types,mailcap
 private-tmp

 blacklist ${PATH}/curl
--- a/etc/profile-a-l/gimp.profile
+++ b/etc/profile-a-l/gimp.profile
@ -59,6 +59,7 @@ seccomp !mbind
 tracelog

 private-dev
+private-etc GUI,gcrypt,python*
 private-tmp

 dbus-user none
--- a/etc/profile-a-l/inkscape.profile
+++ b/etc/profile-a-l/inkscape.profile
@ -54,6 +54,7 @@ tracelog
 # private-bin inkscape,potrace,python* - problems on Debian stretch
 private-cache
 private-dev
+private-etc inkscape: GUI,ImageMagick*,python*
 private-tmp

 dbus-user none
--- a/etc/profile-m-z/warzone2100.profile
+++ b/etc/profile-m-z/warzone2100.profile
@ -46,6 +46,7 @@ tracelog
 disable-mnt
 private-bin bash,dash,sh,warzone2100,which
 private-dev
+private-etc GUI,GAMES
 private-tmp

 restrict-namespaces
--- a/src/include/etc_groups.h
+++ b/src/include/etc_groups.h
@ -35,8 +35,10 @@ static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer
 	"locale.alias",
 	"locale.conf",
 	"localtime",
+	"login.defs", // firejail reading UID/GID MIN and MAX at startup
 	"nsswitch.conf",
 	"passwd",
+	"group",
 	NULL
 };

@ -77,6 +79,7 @@ static char *etc_group_gui[] = {
 	"gtk-3.0",
 	"kde4rc",
 	"kde5rc",
+	"pango", // text rendering/internationalization
 	NULL
 };

@ -85,7 +88,6 @@ static char *etc_group_games[] = {
 	"timidity", // MIDI
 	"timidity.cfg",
 	"openal", // 3D sound
-	"gcrypt", // GNU crypto library
 	NULL
 };