Apparently Tor Browser 13.0.11 (based on Mozilla Firefox 115.8.0esr)
changed a few things. The former versions installed under
`${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser`
and now under
`${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser/Browser`.
All of our tor-browser-foo.profile profiles redirect to
torbrowser-launcher.profile and are covered by the fixes.
torbrowser.profile was not tested. It redirects to
firefox-common.profile and seems to be Gentoo-specific.
Fixes#6269.
Blacklisting qt5ct/qt6ct configuration and data paths breaks styling in all
apps that use them.
This was working as expected before #6249 and #6250, so remove the
blacklisting.
Commit 29da82d added `private-etc` to `archiver-common.profile`.
To avoid doubled options this PR removes it from archiver profiles which
already had it.
Relates to #5610.
When starting an instance, in the logs, a failed attempt to load the lwjgl
library is shown and the game doesn't run.
The library is in the /tmp directory. The reason for this appears to
be, in the lwjgl source code, the shared library loading function,
extracts in the temporary directory and continues from there.
This is fixed by whitelisting.
The reason for adding "ignore noexec /tmp" as well, is that without it, the game
can't run, even if the directory is whitelisted. It seems the library needs
to be loaded from /tmp.
A second error for a failed attempt to access /home/user/.cache/JNA is also
shown in the logs. This is also fixed by whitelisting.
Tesseract is a CLI program and its output may be parsed by other
programs (such as `ocrmypdf`). Including messages from firejail in the
output may break the parsing, so remove them.
Fixes#6171.
Reported-by: @kmille
Committer note: For each profile there is both XXX-gtk and gtk-XXX (such
as lbry-viewer-gtk and gtk-lbry-viewer).
XXX-gtk is the symlink
gtk-XXX is the actual file
Co-authored-by: exponential <echo ZXhwb25lbnRpYWxtYXRyaXhAcHJvdG9ubWFpbC5jb20K | base64 -d>
To ensure that it includes luajit paths as well:
* /usr/share/lua
* /usr/share/luajit-2.1
And remove all entries of the same path without the wildcard, to avoid
redundancy.
Misc: The wildcard entries were added on commit 56b60dfd0 ("additional
Lua blacklisting (#3246)", 2020-02-24) and the entries without the
wildcard were partially removed on commit 721a984a5 ("Fix Lua in
disable-interpreters.inc", 2020-02-24).
This is a follow-up to #6128.
Reported-by: @pirate486743186
To match how things are sorted elsewhere, such as with `noblacklist` /
`whitelist` lines (vertically) in profiles and in
ci/check/profiles/sort-disable-programs.sh and src/etc-cleanup/main.c.
This makes the order in `private-etc` always be groups (`@group`), then
uppercase paths, then lowercase paths. Example from
etc/profile-m-z/softmaker-common.profile:
private-etc @tls-ca,SoftMaker,fstab
Note that this does not affect a significant amount of profiles; most
changes are in `private-bin` / `private-lib` lines and in `private-etc`
lines for newer profiles that do not use groups. This is partly due to
commit 5d0822c52 ("private-etc: big profile changes", 2023-02-05)
replacing `X11` with `@x11` in `private-etc` lines and then commit
0f996ea4d ("private-etc: groups modified", 2023-02-05) removing
`Trolltech.conf` from `private-etc` lines and using case-sensitive
sorting in them.
Relates to #5610.
