More liberal use of an already existing fall back path in pulseaudio.c
removes issues caused by symlinks in ~/.config/pulse (issue #3351 and
some others)
Don't die, but print warnings during /home directory masking,
so that users with a symbolic link in their home directory path can
at least make it to a shell prompt (only in combination with pulseaudio fix).
* Profile for Jitsi Meet desktop app (electron)
* Update description.
* Correctly include global definitions.
* Add jitsi-meet-desktop to firecfg.
* blacklist Jitsi-meet config directory in disable-programs.inc
* Disable more things.
disable-exec.inc not included, as the application shows some error if I
include it.
* Disable more stuff.
* No need to whitelist Downloads directory.
I don't think this application has any file sharing / downloading
feature.
* Use private-bin
I needed to allow the bash executable as well for this to work.
* Add some whitelist rules.
* Use private-cache option
* include disable-exec.inc
Apparently one needs to allow execution in /tmp for the program to work.
* Redirect to electron.profile.
* Use private-etc.
* Do not whitelist Downloads directory.
electron.profile does this, but I do not think this program needs it.
* Rearrange whitelisted files to alphabetical order.
* Move nonwhitelist to appropriate section.
* Newlines as section separators.
firejail can blacklist (and now also whitelist) files based on glob
pattern. This pattern is evaluated at firejail start, and not updated
at run time. This patch documents this behavior.
- disable-interpreters: blacklist /usr/lib64/libmozjs-*
- fdns:
- fix .local name
- remove server.profile comment (do we need /sbin and /usr/sbin?)
- add wusc and wvc (commented because untested)
- minimize caps.keep (based on fdns.service)
- fix protocol position
- add private-etc (based on fdns.service)
Otherwise, fails with error
CreateDirectories: failed to mkdir /usr/share/games (mode 448)
file_system.cpp(158): Function call failed: return value was -110300 (Insufficient access rights to open file)
Function call failed: return value was -110300 (Insufficient access rights to open file)
Location: file_system.cpp:158 (CreateDirectories)
Observed on Debian 10, 0ad 0.0.23
Fixed the identation for copy/past problems and added a console character that returns the console to it's original colour after the SYSCALLS_OUTPUT_FILE param is printed.
