github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 06:06:02 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions

More fixes for #3464

Browse source 
Backporting fixes for Atom 1.48 to firejail 0.9.52, 0.9.58, and 0.9.60

Summary:
- remove nonewprivs, noroot, protocol, and seccomp
- update caps filter to keep sys_admin and sys_chroot

Without these changes Atom 1.48 breaks and refuses to start (due to
Electron sandboxing)
This commit is contained in:
Fred Barclay 2020-06-13 12:02:53 -05:00
parent cb67995230
commit 55906959a9
3 changed files with 104 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

31
etc-fixes/0.9.52/atom.profile Normal file
View file

@ -0,0 +1,31 @@
# Firejail profile for atom
# This file is overwritten after every install/update
# Persistent local customizations
include /etc/firejail/atom.local
# Persistent global definitions
include /etc/firejail/globals.local
# blacklist /run/user/*/bus
noblacklist ${HOME}/.atom
noblacklist ${HOME}/.config/Atom
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
caps.keep sys_admin,sys_chroot
# net none
netfilter
nodvd
nogroups
nosound
notv
novideo
shell none
private-dev
private-tmp
noexec ${HOME}
noexec /tmp

36
etc-fixes/0.9.58/atom.profile Normal file
View file

@ -0,0 +1,36 @@
# Firejail profile for atom
# Description: A hackable text editor for the 21st Century
# This file is overwritten after every install/update
# Persistent local customizations
include atom.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.atom
noblacklist ${HOME}/.config/Atom
noblacklist ${HOME}/.cargo/config
noblacklist ${HOME}/.cargo/registry
include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc
caps.keep sys_admin,sys_chroot
# net none
netfilter
nodbus
nodvd
nogroups
nosound
notv
nou2f
novideo
shell none
private-cache
private-dev
private-tmp
noexec ${HOME}
noexec /tmp

37
etc-fixes/0.9.60/atom.profile Normal file
View file

@ -0,0 +1,37 @@
# Firejail profile for atom
# Description: A hackable text editor for the 21st Century
# This file is overwritten after every install/update
# Persistent local customizations
include atom.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.atom
noblacklist ${HOME}/.config/Atom
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.cargo/config
noblacklist ${HOME}/.cargo/registry
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.pythonrc.py
include disable-common.inc
include disable-exec.inc
include disable-passwdmgr.inc
include disable-programs.inc
caps.keep sys_admin,sys_chroot
# net none
netfilter
nodbus
nodvd
nogroups
nosound
notv
nou2f
novideo
shell none
private-cache
private-dev
private-tmp