mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
88652cdb38
Default directories in Firefox 146 and earlier:
* ~/.cache/mozilla # cache files
* ~/.mozilla # config and data
In Firefox 147[1]:
* ~/.cache/mozilla # cache files
* ~/.config/mozilla # config and data
Note that the new location apparently contains the same files as in the
former location (including settings, bookmarks, extensions, etc).
That is, even though the new directory resides in `$XDG_CONFIG_HOME` /
~/.config, it is not solely used for program configuration as described
in the XDG Base Directory specification[2] and `$XDG_DATA_HOME` /
~/.local/share/mozilla is seemingly not used at all (see also the
discussion in the bug tracker[3]).
Commands used to search and replace:
$ perl -pi -e 's/(.* )(\${HOME}\/\.mozilla)(.*)/$1\${HOME}\/.config\/mozilla$3\n$1$2$3/' \
-- \
etc/inc/*.inc \
etc/profile*/*.profile \
Note: The entries in the following profiles were sorted manually:
* etc/inc/disable-common.inc
* etc/inc/disable-programs.inc
* etc/profile-a-l/keepassxc.profile
* etc/profile-a-l/krunner.profile
* etc/profile-m-z/seamonkey.profile
Relates to #7040.
[1] https://www.firefox.com/en-US/firefox/147.0/releasenotes/
[2] https://specifications.freedesktop.org/basedir/latest/
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=259356
74 lines
1.9 KiB
Text
74 lines
1.9 KiB
Text
# Firejail profile for fluffychat
|
|
# Description: Easy to use matrix messenger
|
|
# This file is overwritten after every install/update
|
|
# Persistent local customizations
|
|
include fluffychat.local
|
|
# Persistent global definitions
|
|
include globals.local
|
|
|
|
noblacklist ${HOME}/.local/share/fluffychat
|
|
|
|
# Allow /bin/sh (blacklisted by disable-shell.inc)
|
|
include allow-bin-sh.inc
|
|
|
|
include disable-common.inc
|
|
include disable-devel.inc
|
|
include disable-exec.inc
|
|
include disable-interpreters.inc
|
|
include disable-proc.inc
|
|
include disable-programs.inc
|
|
include disable-shell.inc
|
|
include disable-xdg.inc
|
|
|
|
# The lines below are needed to find the default Firefox profile name, to allow
|
|
# opening links in an existing instance of Firefox (note that it still fails if
|
|
# there isn't a Firefox instance running with the default profile; see #5352)
|
|
noblacklist ${HOME}/.config/mozilla
|
|
noblacklist ${HOME}/.mozilla
|
|
whitelist ${HOME}/.config/mozilla/firefox/profiles.ini
|
|
whitelist ${HOME}/.mozilla/firefox/profiles.ini
|
|
|
|
mkdir ${HOME}/.local/share/fluffychat
|
|
whitelist ${DOWNLOADS}
|
|
whitelist ${HOME}/.local/share/fluffychat
|
|
whitelist /opt/fluffychat
|
|
whitelist /usr/share/fluffychat
|
|
include whitelist-common.inc
|
|
include whitelist-run-common.inc
|
|
include whitelist-runuser-common.inc
|
|
include whitelist-usr-share-common.inc
|
|
include whitelist-var-common.inc
|
|
|
|
apparmor
|
|
caps.drop all
|
|
netfilter
|
|
no3d
|
|
nodvd
|
|
nogroups
|
|
noinput
|
|
nonewprivs
|
|
noprinters
|
|
noroot
|
|
notv
|
|
nou2f
|
|
novideo
|
|
protocol unix,inet,inet6
|
|
seccomp
|
|
seccomp.block-secondary
|
|
tracelog
|
|
|
|
disable-mnt
|
|
private-bin firefox,fluffychat,sh,which,zenity
|
|
private-cache
|
|
private-dev
|
|
private-etc @network,@sound,@tls-ca,@x11,gconf,host.conf,mime.types,rpc,services
|
|
private-tmp
|
|
|
|
dbus-user filter
|
|
dbus-user.talk org.freedesktop.secrets
|
|
# Allow D-Bus communication with Firefox for opening links
|
|
dbus-user.talk org.mozilla.*
|
|
dbus-system filter
|
|
dbus-system.talk org.freedesktop.NetworkManager
|
|
|
|
restrict-namespaces
|