mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
profiles: fixes and cleanups for opening links with firefox (#5919)
This commit is contained in:
glitsj16
GitHub
parent
63b306179f
commit
a95a742727
3 changed files with 24 additions and 14 deletions
|
|
@ -6,11 +6,10 @@ include kube.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
noblacklist ${HOME}/.gnupg
|
||||
noblacklist ${HOME}/.mozilla
|
||||
noblacklist ${HOME}/.cache/kube
|
||||
noblacklist ${HOME}/.config/kube
|
||||
noblacklist ${HOME}/.config/sink
|
||||
noblacklist ${HOME}/.gnupg
|
||||
noblacklist ${HOME}/.local/share/kube
|
||||
noblacklist ${HOME}/.local/share/sink
|
||||
|
||||
|
|
@ -22,23 +21,28 @@ include disable-programs.inc
|
|||
include disable-shell.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
mkdir ${HOME}/.gnupg
|
||||
# The lines below are needed to find the default Firefox profile name, to allow
|
||||
# opening links in an existing instance of Firefox (note that it still fails if
|
||||
# there isn't a Firefox instance running with the default profile; see #5352)
|
||||
noblacklist ${HOME}/.mozilla
|
||||
whitelist ${HOME}/.mozilla/firefox/profiles.ini
|
||||
|
||||
mkdir ${HOME}/.cache/kube
|
||||
mkdir ${HOME}/.config/kube
|
||||
mkdir ${HOME}/.config/sink
|
||||
mkdir ${HOME}/.gnupg
|
||||
mkdir ${HOME}/.local/share/kube
|
||||
mkdir ${HOME}/.local/share/sink
|
||||
whitelist ${HOME}/.gnupg
|
||||
whitelist ${HOME}/.mozilla/firefox/profiles.ini
|
||||
whitelist ${HOME}/.cache/kube
|
||||
whitelist ${HOME}/.config/kube
|
||||
whitelist ${HOME}/.config/sink
|
||||
whitelist ${HOME}/.gnupg
|
||||
whitelist ${HOME}/.local/share/kube
|
||||
whitelist ${HOME}/.local/share/sink
|
||||
whitelist ${RUNUSER}/gnupg
|
||||
whitelist /usr/share/kube
|
||||
whitelist /usr/share/gnupg
|
||||
whitelist /usr/share/gnupg2
|
||||
whitelist /usr/share/kube
|
||||
include whitelist-common.inc
|
||||
include whitelist-runuser-common.inc
|
||||
include whitelist-usr-share-common.inc
|
||||
|
|
@ -63,7 +67,6 @@ tracelog
|
|||
|
||||
# disable-mnt
|
||||
# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg
|
||||
# Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile.
|
||||
private-bin kube,sink_synchronizer
|
||||
private-cache
|
||||
private-dev
|
||||
|
|
@ -75,6 +78,8 @@ dbus-user filter
|
|||
dbus-user.talk ca.desrt.dconf
|
||||
dbus-user.talk org.freedesktop.secrets
|
||||
dbus-user.talk org.freedesktop.Notifications
|
||||
# allow D-Bus communication with firefox for opening links
|
||||
dbus-user.talk org.mozilla.*
|
||||
dbus-system none
|
||||
|
||||
restrict-namespaces
|
||||
|
|
|
|||
|
|
@ -11,7 +11,9 @@ ignore noexec /tmp
|
|||
|
||||
noblacklist ${HOME}/.config/Signal
|
||||
|
||||
# These lines are needed to allow Firefox to open links
|
||||
# The lines below are needed to find the default Firefox profile name, to allow
|
||||
# opening links in an existing instance of Firefox (note that it still fails if
|
||||
# there isn't a Firefox instance running with the default profile; see #5352)
|
||||
noblacklist ${HOME}/.mozilla
|
||||
whitelist ${HOME}/.mozilla/firefox/profiles.ini
|
||||
|
||||
|
|
@ -21,11 +23,9 @@ whitelist ${HOME}/.config/Signal
|
|||
private-etc @tls-ca
|
||||
|
||||
dbus-user filter
|
||||
|
||||
# allow D-Bus notifications
|
||||
dbus-user.talk org.freedesktop.Notifications
|
||||
|
||||
# allow D-Bus communication with Firefox browsers for opening links
|
||||
# allow D-Bus communication with firefox for opening links
|
||||
dbus-user.talk org.mozilla.*
|
||||
|
||||
ignore dbus-user none
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include trojita.local
|
|||
include globals.local
|
||||
|
||||
noblacklist ${HOME}/.abook
|
||||
noblacklist ${HOME}/.mozilla
|
||||
noblacklist ${HOME}/.cache/flaska.net/trojita
|
||||
noblacklist ${HOME}/.config/flaska.net
|
||||
|
||||
|
|
@ -19,11 +18,16 @@ include disable-programs.inc
|
|||
include disable-shell.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
# The lines below are needed to find the default Firefox profile name, to allow
|
||||
# opening links in an existing instance of Firefox (note that it still fails if
|
||||
# there isn't a Firefox instance running with the default profile; see #5352)
|
||||
noblacklist ${HOME}/.mozilla
|
||||
whitelist ${HOME}/.mozilla/firefox/profiles.ini
|
||||
|
||||
mkdir ${HOME}/.abook
|
||||
mkdir ${HOME}/.cache/flaska.net/trojita
|
||||
mkdir ${HOME}/.config/flaska.net
|
||||
whitelist ${HOME}/.abook
|
||||
whitelist ${HOME}/.mozilla/firefox/profiles.ini
|
||||
whitelist ${HOME}/.cache/flaska.net/trojita
|
||||
whitelist ${HOME}/.config/flaska.net
|
||||
include whitelist-common.inc
|
||||
|
|
@ -49,7 +53,6 @@ seccomp
|
|||
tracelog
|
||||
|
||||
# disable-mnt
|
||||
# Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile.
|
||||
private-bin trojita
|
||||
private-cache
|
||||
private-dev
|
||||
|
|
@ -58,6 +61,8 @@ private-tmp
|
|||
|
||||
dbus-user filter
|
||||
dbus-user.talk org.freedesktop.secrets
|
||||
# allow D-Bus communication with firefox for opening links
|
||||
dbus-user.talk org.mozilla.*
|
||||
dbus-system none
|
||||
|
||||
restrict-namespaces
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue