[PR #755] [MERGED] Profile tightening #3743

New issue

Closed

opened 2026-05-05 10:07:06 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:07:06 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/755
Author: @Fred-Barclay
Created: 8/31/2016
Status: ✅ Merged
Merged: 9/1/2016
Merged by: @netblue30

Base: master ← Head: fixes

📝 Commits (2)

f67614c may break on some systems
c26be70 tested and stable

📊 Changes

23 files changed (+61 additions, -18 deletions)

View changed files

📝 etc/0ad.profile (+2 -2)
📝 etc/atom-beta.profile (+4 -3)
📝 etc/atom.profile (+4 -2)
📝 etc/atril.profile (+1 -0)
📝 etc/audacity.profile (+2 -0)
📝 etc/aweather.profile (+2 -1)
➕ etc/dosbox.profile (+21 -0)
📝 etc/eom.profile (+1 -0)
📝 etc/gitter.profile (+3 -1)
📝 etc/gthumb.profile (+0 -1)
📝 etc/hexchat.profile (+7 -3)
📝 etc/libreoffice.profile (+1 -2)
📝 etc/palemoon.profile (+1 -0)
📝 etc/pidgin.profile (+1 -0)
📝 etc/qtox.profile (+1 -0)
📝 etc/rhythmbox.profile (+1 -0)
📝 etc/stellarium.profile (+1 -1)
📝 etc/transmission-gtk.profile (+1 -1)
📝 etc/vlc.profile (+2 -0)
📝 etc/warzone2100.profile (+1 -0)

...and 3 more files

📄 Description

These tighten many profiles a bit--mostly via private-tmp. I've also added a profile for dosbox, and removed private-tmp from the gthumb profile since it already had a /tmp whitelist.
The profiles in the "tested and stable" commit have all been tested and I don't expect them to break anything.
I've also committed a revised hexchat profile in "may break on some systems" and added a private-bin filter. It works perfectly on my machine, but I suspect it may break on other distros that require python or perl for hexchat since they are not included in the private-bin filter (I don't know which distros these would be, but I remember something about this from an old bug report). If you do commit this, we'll probably need to revise the profile a couple of times based on the bug reports that might trickle in.
Then again, it might work perfectly as-is.

Cheers!
Fred

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/755 **Author:** [@Fred-Barclay](https://github.com/Fred-Barclay) **Created:** 8/31/2016 **Status:** ✅ Merged **Merged:** 9/1/2016 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `fixes` --- ### 📝 Commits (2) - [`f67614c`](https://github.com/netblue30/firejail/commit/f67614cef6c9f6513b3efa72f05f763c510021ad) may break on some systems - [`c26be70`](https://github.com/netblue30/firejail/commit/c26be70b30582400dc88a4bb213368a6d7250302) tested and stable ### 📊 Changes **23 files changed** (+61 additions, -18 deletions) <details> <summary>View changed files</summary> 📝 `etc/0ad.profile` (+2 -2) 📝 `etc/atom-beta.profile` (+4 -3) 📝 `etc/atom.profile` (+4 -2) 📝 `etc/atril.profile` (+1 -0) 📝 `etc/audacity.profile` (+2 -0) 📝 `etc/aweather.profile` (+2 -1) ➕ `etc/dosbox.profile` (+21 -0) 📝 `etc/eom.profile` (+1 -0) 📝 `etc/gitter.profile` (+3 -1) 📝 `etc/gthumb.profile` (+0 -1) 📝 `etc/hexchat.profile` (+7 -3) 📝 `etc/libreoffice.profile` (+1 -2) 📝 `etc/palemoon.profile` (+1 -0) 📝 `etc/pidgin.profile` (+1 -0) 📝 `etc/qtox.profile` (+1 -0) 📝 `etc/rhythmbox.profile` (+1 -0) 📝 `etc/stellarium.profile` (+1 -1) 📝 `etc/transmission-gtk.profile` (+1 -1) 📝 `etc/vlc.profile` (+2 -0) 📝 `etc/warzone2100.profile` (+1 -0) _...and 3 more files_ </details> ### 📄 Description These tighten many profiles a bit--mostly via `private-tmp`. I've also added a profile for dosbox, and removed private-tmp from the gthumb profile since it already had a /tmp whitelist. The profiles in the "tested and stable" commit have all been tested and I don't expect them to break anything. I've also committed a revised hexchat profile in "may break on some systems" and added a private-bin filter. It works perfectly on my machine, but I suspect it may break on other distros that require python or perl for hexchat since they are not included in the private-bin filter (I don't know which distros these would be, but I remember something about this from an old bug report). If you do commit this, we'll probably need to revise the profile a couple of times based on the bug reports that might trickle in. Then again, it might work perfectly as-is. Cheers! Fred --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:07:06 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3743

No description provided.

Rows
Columns