QuakeSpasm is a modern multi-platform Quake source port designed as an
improved successor to GLQuake and FitzQuake. It aims to preserve the
classic gameplay and graphics while enhancing compatibility and
modernization.
https://sourceforge.net/projects/quakespasm
One of the profile requests lists GZDoom.
So create profiles for GZDoom and its variants: UZDoom and LZDoom.
GZDoom served as the primary port for several years after ZDoom was
discontinued.
UZDoom has now become the latest version targeting systems with modern
graphics hardware.
LZDoom is geared towards systems with legacy hardware.
All three profiles work.
https://zdoom.org
OpenRA is an open source project that recreates and modernizes classic
real time strategy games, like Red Alert, Command & Conquer, and Dune
2000.
This profile works for all three AppImage editions of Openra: Red Alert,
Tiberium Dawn, and Dune 2000.
https://www.openra.net
Note: We ship a file in this directory since commit 16afd8c8e ("Add
basic gtksourceview language-spec (#5502)", 2022-12-04)
This is a follow-up to #6909.
Allow the folder that Day of the Tentacle Remastered uses to store save
files. Without adding them in the steam profile, save states don't work
in the game (or it didn't even start, don't remember exactly).
See https://www.pcgamingwiki.com/wiki/Day_of_the_Tentacle_Remastered
Probably it would also allow save games for other games done by
doublefine (https://store.steampowered.com/developer/doublefine), but I
have no other game from them and I have not checked it.
This directory is part of the gtk4 package (version 1:4.20.1-1) on Artix
Linux.
Add it just in case, as wusc already contains the same analogous paths
for gtk2 and gtk3.
This is a follow-up to #6907.
This is apparently needed by glycin/gdk-pixbuf2, which is used by many
programs, such as Firefox and GIMP.
Relates to #6906.
Reported-by: @myrslint
Suggsted-by: @myrslint
With xkeyboard-config 2.45, many programs fail to start, such as:
Firefox, Thunderbird, Gajim, KeepassXC, GoldenDict, and Zathura.
Example[1]:
Reading profile /etc/firejail/zathura.profile
[...]
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
firejail version 0.9.75
[...]
Child process initialized in 197.83 ms
xkbcommon: ERROR: failed to add default include path /usr/share/X11/xkb
xkbcommon: ERROR: failed to add default include path /usr/share/X11/xkb
Parent is shutting down, bye...
It seems that in xkeyboard-config 2.45 the path was changed from:
* /usr/share/X11/xkb
To:
* /usr/share/xkeyboard-config-2
With the former now being a symlink to the latter and with the goal of
using a versioning scheme for the directories, in order to introduce new
file formats with breaking changes while keeping backwards compatibility
in the current file format[2] [3].
Fixes#6773.
Thanks to @oddfellow for finding the root cause and the relevant commit.
[1] https://github.com/netblue30/firejail/issues/6773#issue-3130459006
[2] https://github.com/netblue30/firejail/issues/6773#issuecomment-2956384127
[3] fd1d8d2d4f
Reported-by: @myrslint
Reported-by: @aminvakil
Reported-by: @oddfellow
Reported-by: @reagentoo
This adds support for Ansel, a Darktable fork:
https://github.com/aurelienpierreeng/ansel/
The profile is based on darktable.profile. I have personally tested it
and it works.
And use it in etc/inc/disable-X11.inc.
This allows printing a warning message from inside a profile.
Everything after the command is printed in a warning message as is (that
is, without macro expansion).
Example:
$ firejail --noprofile --include=/etc/firejail/disable-X11.inc true
Reading profile /etc/firejail/disable-X11.inc
Warning: /etc/firejail/disable-X11.inc:5: This file is deprecated; use disable-x11.inc (lowercase) instead.
Reading profile /etc/firejail/disable-x11.inc
[...]
Relates to #6294.
This is a follow-up to #6709.
Add the following files, which may be used to configure X clients:
* `~/.Xdefaults`
* `~/.Xdefaults-*` (`~/.Xdefaults-$(hostname)`)
* `~/.Xresources`
And block the following paths, which are intended for the X server:
* `~/.local/share/xorg` (rootless Xorg log directory)
* `/etc/X11/xinit`
* `/etc/X11/xorg.conf.d`
* `/var/log/Xorg.*` (default Xorg log path)
Note: ~/.Xdefaults is read directly by each application when it starts,
while ~/.Xresources is loaded once into the X root window with xrdb(1)
when starting the session, such as by a DE or directly in ~/.xinitrc.
Both use the same format and it appears that users are encouraged to use
~/.Xresources instead of ~/.Xdefaults but applications still try to read
~/.Xdefaults if it exists.
From xrdb(1):
> FILES
> Xrdb does not load any files on its own, but many desktop
> environments use xrdb to load ~/.Xresources files on session
> startup to initialize the resource database, as a generalized
> replacement for ~/.Xdefaults files.
See X(1), Xorg(1), xinit(1) and xrdb(1).
These paths are apparently used for attachments.
Disable private-tmp to make it easier to open attachments with external
programs.
Relates to #5101.
Reported-by: @githlp
Suggested-by: @rusty-snake
It's used by libdvdcss (which is used to play copy-restricted dvds).
It seems to be just a cache directory, so just allow without mkdir.
Relates to #5391.
Suggested-by: @reinerh
Much like the i3 IPC socket (#6361), the sway IPC socket also allows
arbitrary code execution via the `exec` subcommand. Access should only
be permitted to sway itself by default.
The location of the IPC socket is set in sway/ipc-server.c:
7e74a49142/sway/ipc-server.c (L126)
Fractal 7 (and possibly earlier) stores messages and key material in
${XDG_DATA_DIR}/fractal which defaults to ~/.local/share/fractal.
Lack of access causes it to be unable to load messages offline and
de- or encrypt messages even when online without sharing keys again.
It is apparently used by the (widely used) "Fancy" plugin, which
"Renders HTML e-mail using the WebKit library".
https://www.claws-mail.org/plugins.php
Relates to #6377.
Note: etc/profile-a-l/email-common.profile contains `private-cache`.
