Merge branch 'master' of http://github.com/netblue30/firejail

2026-05-21 06:45:29 -06:00 · 2018-03-30 14:22:54 -04:00 · 2018-03-30 14:22:54 -04:00 · dd94e54c70
commit dd94e54c70
parent 021bfd0792 0c251af630
7 changed files with 14 additions and 32 deletions
--- a/etc/akonadi_control.profile
+++ b/etc/akonadi_control.profile
@ -23,8 +23,8 @@ include /etc/firejail/disable-programs.inc

 include /etc/firejail/whitelist-var-common.inc

-# the default mysqld-akonadi apparmor profile in debian and ubuntu
-# is not compatible with the commented options below
+# disabled options below are not compatible with the apparmor profile for mysqld-akonadi.
+# this affects ubuntu and debian currently

 # apparmor
 caps.drop all
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@ -385,6 +385,7 @@ blacklist ${HOME}/.local/share/kate
 blacklist ${HOME}/.local/share/kdenlive
 blacklist ${HOME}/.local/share/kget
 blacklist ${HOME}/.local/share/kmail2
+blacklist ${HOME}/.local/share/knotes
 blacklist ${HOME}/.local/share/krita
 blacklist ${HOME}/.local/share/ktorrentrc
 blacklist ${HOME}/.local/share/ktorrent
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@ -28,6 +28,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc

+include /etc/firejail/whitelist-var-common.inc
+
 # apparmor
 caps.drop all
 netfilter
--- a/etc/knotes.profile
+++ b/etc/knotes.profile
@ -5,34 +5,12 @@ include /etc/firejail/knotes.local
 # Persistent global definitions
 include /etc/firejail/globals.local

-noblacklist ${HOME}/.config/akonadi*
+# knotes has problems launching akonadi in debian and ubuntu.
+# one solution is to have akonadi already running when knotes is started
+
 noblacklist ${HOME}/.config/knotesrc
-noblacklist ${HOME}/.local/share/akonadi*
-noblacklist /tmp/akonadi-*
+noblacklist ${HOME}/.local/share/knotes

-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-passwdmgr.inc
-include /etc/firejail/disable-programs.inc

-include /etc/firejail/whitelist-var-common.inc
-
-caps.drop all
-netfilter
-nodvd
-nogroups
-nonewprivs
-noroot
-nosound
-notv
-novideo
-protocol unix
-seccomp
-shell none
-tracelog
-
-private-dev
-# private-tmp - interrupts connection to akonadi
-
-noexec ${HOME}
-noexec /tmp
+# Redirect
+include /etc/firejail/kmail.profile
--- a/etc/krunner.profile
+++ b/etc/krunner.profile
@ -11,6 +11,7 @@ include /etc/firejail/globals.local

 # noblacklist ${HOME}/.cache/krunner
 # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite
+# noblacklist ${HOME}/.config/chromium
 noblacklist ${HOME}/.config/krunnerrc
 noblacklist ${HOME}/.kde/share/config/krunnerrc
 noblacklist ${HOME}/.kde4/share/config/krunnerrc
--- a/etc/smplayer.profile
+++ b/etc/smplayer.profile
@ -18,7 +18,7 @@ include /etc/firejail/whitelist-var-common.inc
 apparmor
 caps.drop all
 netfilter
-# nodbus
+# nodbus - problems with KDE
 # nogroups
 nonewprivs
 noroot
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@ -19,7 +19,7 @@ include /etc/firejail/whitelist-var-common.inc
 apparmor
 caps.drop all
 netfilter
-# nodbus
+# nodbus - problems with KDE
 # nogroups
 nonewprivs
 noroot