github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1

Fix private-etc of electron-mail, fix geary,minitube (#3588)

Browse source 
* Fix private-etc of electron-mail

* Fix dbus of geary

* Fix geary again, remove GPG

* Fix seccomp on Arch
This commit is contained in:
kortewegdevries 2020-09-02 10:47:54 +00:00 committed by GitHub
parent fb713f688d
commit 3801eb32b4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 14 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
etc/inc/disable-programs.inc
View file

@ -216,6 +216,7 @@ blacklist ${HOME}/.config/gajim
blacklist ${HOME}/.config/galculator
blacklist ${HOME}/.config/gconf
blacklist ${HOME}/.config/geany
blacklist ${HOME}/.config/geary
blacklist ${HOME}/.config/gedit
blacklist ${HOME}/.config/geeqie
blacklist ${HOME}/.config/ghb
@ -865,6 +866,7 @@ blacklist ${HOME}/.cache/fossamail
blacklist ${HOME}/.cache/fractal
blacklist ${HOME}/.cache/freecol
blacklist ${HOME}/.cache/gajim
blacklist ${HOME}/.cache/geary
blacklist ${HOME}/.cache/gegl-0.4
blacklist ${HOME}/.cache/geeqie
blacklist ${HOME}/.cache/gfeeds

10
etc/profile-a-l/electron-mail.profile
View file

@ -8,8 +8,6 @@ include globals.local
noblacklist ${HOME}/.config/electron-mail
whitelist ${DOWNLOADS}
include disable-common.inc
include disable-devel.inc
include disable-exec.inc
@ -21,8 +19,10 @@ include disable-xdg.inc
mkdir ${HOME}/.config/electron-mail
whitelist ${HOME}/.config/electron-mail
whitelist ${DOWNLOADS}
include whitelist-common.inc
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc
@ -45,12 +45,12 @@ shell none
private-bin electron-mail
private-cache
private-dev
private-etc alternatives,fonts
private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,nsswitch.conf,pki,resolv.conf,ssl,selinux,xdg
private-opt ElectronMail
private-tmp
# breaks tray functionality
# dbus-user none
# dbus-system none
dbus-system none
# memory-deny-write-execute - breaks on Arch
# memory-deny-write-execute - breaks on Arch

12
etc/profile-a-l/geary.profile
View file

@ -10,24 +10,24 @@ include geary.local
# Users have Geary set to open a browser by clicking a link in an email
# We are not allowed to blacklist browser-specific directories
ignore dbus-user none
ignore dbus-user filter
ignore dbus-system none
ignore private-tmp
noblacklist ${HOME}/.gnupg
noblacklist ${HOME}/.cache/geary
noblacklist ${HOME}/.config/geary
noblacklist ${HOME}/.local/share/geary
mkdir ${HOME}/.gnupg
mkdir ${HOME}/.cache/geary
mkdir ${HOME}/.config/geary
mkdir ${HOME}/.local/share/geary
whitelist ${HOME}/.gnupg
whitelist ${HOME}/.cache/geary
whitelist ${HOME}/.config/geary
whitelist ${HOME}/.local/share/geary
whitelist /usr/share/geary
read-only ${HOME}/.config/mimeapps.list
whitelist /usr/share/geary
# allow Mozilla browsers
# Redirect
include firefox.profile

2
etc/profile-m-z/minitube.profile
View file

@ -46,7 +46,7 @@ notv
nou2f
novideo
protocol unix,inet,inet6,netlink
seccomp
seccomp !kcmp
shell none
tracelog