profiles: update obsidian profile file

2026-05-21 06:45:29 -06:00 · 2024-04-23 16:03:02 +03:00 · 2024-04-23 16:03:02 +03:00 · 7a935a4468
commit 7a935a4468
parent ca4106207e
3 changed files with 52 additions and 88 deletions
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@ -1254,3 +1254,4 @@ blacklist /var/games/slashem
 blacklist /var/games/vulturesclaw
 blacklist /var/games/vultureseye
 blacklist /var/lib/games/Maelstrom-Scores
+blacklist ${HOME}/.config/obsidian
--- a/etc/profile-m-z/obsidian-wayland.profile
+++ b/etc/profile-m-z/obsidian-wayland.profile
@ -0,0 +1,51 @@
+# Firejail profile for obsidian-wayland
+# Description: Personal knowledge base and note-taking with Markdown files.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include obsidian-wayland.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.cache/AMD
+noblacklist ${HOME}/.cache/nvidia
+noblacklist ${HOME}/.cache/mesa_shader_cache
+noblacklist ${HOME}/.local/share/applnk
+noblacklist ${HOME}/.local/share/vulkan
+noblacklist ${HOME}/.local/share/vulkan
+noblacklist ${HOME}/.config/vulkan
+noblacklist ${HOME}/.config/kdedefaults
+noblacklist ${HOME}/.config/obsidian
+
+whitelist ${HOME}/.cache/AMD
+whitelist ${HOME}/.cache/nvidia
+whitelist ${HOME}/.cache/mesa_shader_cache
+whitelist ${HOME}/.local/share/applnk
+whitelist ${HOME}/.local/share/vulkan
+whitelist ${HOME}/.local/share/vulkan
+whitelist ${HOME}/.config/vulkan
+whitelist ${HOME}/.config/kdedefaults
+whitelist ${HOME}/.config/obsidian
+
+ipc-namespace
+nonewprivs
+noroot
+
+protocol unix,inet,inet6,netlink,
+
+# If you need net disable "net none" and uncomment the rest in this block
+net none
+#
+#noblacklist ${HOME}/.pki/nssdb
+#whitelist ${HOME}/.pki/nssdb
+#
+#private-etc ca-certificates,nsswitch.conf,hosts,gnutls,
+
+private-bin cat,gawk,tr,realpath,cut,grep,basename,bash,obsidian,electron28,
+private-etc libva.conf,vulkan,ati,xdg,gtk-3.0,drirc,fonts,
+
+?HAS_APPIMAGE: private-lib
+
+read-only ${HOME}/.config/vulkan
+read-only ${HOME}/.config/kdedefaults
+
+include electron-common.profile
--- a/etc/profile-m-z/obsidian.profile
+++ b/etc/profile-m-z/obsidian.profile
@ -1,88 +0,0 @@
-# Firejail profile for obsidian
-# Description: Obsidian is the private and flexible writing app that adapts to the way you think.
-# This file is overwritten after every install/update
-# Persistent local customizations
-include obsidian.local
-# Persistent global definitions
-include globals.local
-
-### Basic Blacklisting ###
-include disable-common.inc              # dangerous directories like ~/.ssh and ~/.gnupg
-include disable-devel.inc               # development tools such as gcc and gdb
-include disable-exec.inc                # non-executable directories such as /var, /tmp, and /home
-include disable-interpreters.inc        # perl, python, lua etc.
-include disable-programs.inc            # user configuration for programs such as firefox, vlc etc.
-include disable-xdg.inc                 # standard user directories: Documents, Pictures, Videos, Music
-
-### Home Directory Whitelisting ###
-whitelist ${HOME}/.gitconfig            # for the git plugin
-whitelist ${HOME}/.config/git           # for the git plugin
-whitelist ${HOME}/.pki/nssdb
-whitelist ${HOME}/.cache/AMD
-whitelist ${HOME}/.cache/nvidia
-whitelist ${HOME}/.local/share/vulkan
-whitelist ${HOME}/.local/share/vulkan/implicit_layer.d
-whitelist ${HOME}/.config/vulkan
-whitelist ${HOME}/.local/share/vulkan/loader_settings.d
-whitelist ${HOME}/.config/kdedefaults
-whitelist ${HOME}/.Xdefaults-desktop-pc
-whitelist ${HOME}/.config/kdedefaults/gtk-3.0
-whitelist ${HOME}/.cache/mesa_shader_cache
-whitelist ${HOME}/.local/share/applnk
-whitelist ${HOME}/.config/obsidian
-
-include whitelist-common.inc
-
-### Filesystem Whitelisting ###
-whitelist /run/systemd/machines/api.obsidian.md
-whitelist /run/systemd/resolve/io.systemd.Resolve
-whitelist /run/systemd/machines/raw.githubusercontent.com
-whitelist /run/udev/control
-
-include whitelist-run-common.inc
-include whitelist-runuser-common.inc
-
-whitelist /usr/share/applnk
-
-include whitelist-usr-share-common.inc
-include whitelist-var-common.inc
-
-#apparmor       # if you have AppArmor running, try this one!
-
-caps.drop all
-ipc-namespace
-
-#no3d           # disable 3D acceleration
-#nodvd          # disable DVD and CD devices
-#nogroups       # disable supplementary user groups
-#noinput        # disable input devices
-#novideo        # disable video capture devices
-
-nonewprivs
-noroot
-?HAS_APPIMAGE: notv            # disable DVB TV devices
-?HAS_APPIMAGE: nou2f           # disable U2F devices
-
-protocol unix,inet,inet6,netlink,
-
-# If you need networking, enable the firewall and disable "net none"
-#net none        # disable network
-netfilter      # enable default firewall in sandbox
-
-seccomp !chroot # allowing chroot, just in case this is an Electron app
-shell none
-
-#tracelog       # send blacklist violations to syslog
-
-disable-mnt     # no access to /mnt, /media, /run/mount and /run/media
-
-private-bin git,cat,gawk,tr,realpath,cut,grep,basename,bash,obsidian,electron28
-private-dev
-private-etc gitattributes,gitconfig,ca-certificates,libva.conf,vulkan,ati,nsswitch.conf,hosts,xdg,gtk-3.0,drirc,fonts,gnutls,
-
-?HAS_APPIMAGE: private-lib
-?HAS_APPIMAGE: private-tmp
-
-#dbus-user none
-#dbus-system none
-dbus-user filter