github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1
firejail/etc/profile-a-l/keepassxc.profile
Kelvin M. Klann 88652cdb38
profiles: firefox: add new ~/.config/mozilla dir (#7061) 
Default directories in Firefox 146 and earlier:

* ~/.cache/mozilla  # cache files
* ~/.mozilla        # config and data

In Firefox 147[1]:

* ~/.cache/mozilla  # cache files
* ~/.config/mozilla # config and data

Note that the new location apparently contains the same files as in the
former location (including settings, bookmarks, extensions, etc).
That is, even though the new directory resides in `$XDG_CONFIG_HOME` /
~/.config, it is not solely used for program configuration as described
in the XDG Base Directory specification[2] and `$XDG_DATA_HOME` /
~/.local/share/mozilla is seemingly not used at all (see also the
discussion in the bug tracker[3]).

Commands used to search and replace:

    $ perl -pi -e 's/(.* )(\${HOME}\/\.mozilla)(.*)/$1\${HOME}\/.config\/mozilla$3\n$1$2$3/' \
      -- \
      etc/inc/*.inc \
      etc/profile*/*.profile \

Note: The entries in the following profiles were sorted manually:

* etc/inc/disable-common.inc
* etc/inc/disable-programs.inc
* etc/profile-a-l/keepassxc.profile
* etc/profile-a-l/krunner.profile
* etc/profile-m-z/seamonkey.profile

Relates to #7040.

[1] https://www.firefox.com/en-US/firefox/147.0/releasenotes/
[2] https://specifications.freedesktop.org/basedir/latest/
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=259356
2026-02-15 08:49:28 +00:00

125 lines
4.9 KiB
Text
Raw Blame History

# Firejail profile for keepassxc
# Description: Cross Platform Password Manager
# This file is overwritten after every install/update
# Persistent local customizations
include keepassxc.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/*.kdb
noblacklist ${HOME}/*.kdbx
noblacklist ${HOME}/.cache/keepassxc
noblacklist ${HOME}/.config/keepassxc
noblacklist ${HOME}/.config/KeePassXCrc
noblacklist ${HOME}/.keepassxc
noblacklist ${DOCUMENTS}
noblacklist ${RUNUSER}/app
noblacklist ${RUNUSER}/openssh_agent
noblacklist /tmp/ssh-*
# Allow browser profiles, required for browser integration.
noblacklist ${HOME}/.config/BraveSoftware
noblacklist ${HOME}/.config/chromium
noblacklist ${HOME}/.config/google-chrome
noblacklist ${HOME}/.config/mozilla
noblacklist ${HOME}/.config/vivaldi
noblacklist ${HOME}/.local/share/torbrowser
noblacklist ${HOME}/.mozilla
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-programs.inc
include disable-shell.inc
include disable-xdg.inc
# You can enable whitelisting for keepassxc by adding the below to your keepassxc.local.
# If you do, you MUST store your database under ${HOME}/Documents/KeePassXC/foo.kdbx.
#mkdir ${HOME}/Documents/KeePassXC
#whitelist ${HOME}/Documents/KeePassXC
# Needed for KeePassXC-Browser.
#mkdir ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts
#mkfile ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
#whitelist ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
#mkdir ${HOME}/.config/chromium/NativeMessagingHosts
#mkfile ${HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
#whitelist ${HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
#mkdir ${HOME}/.config/google-chrome/NativeMessagingHosts
#mkfile ${HOME}/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
#whitelist ${HOME}/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
#mkdir ${HOME}/.config/vivaldi/NativeMessagingHosts
#mkfile ${HOME}/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
#whitelist ${HOME}/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
#mkdir ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts
#mkfile ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
#whitelist ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
#mkdir ${HOME}/.config/mozilla/native-messaging-hosts
#mkdir ${HOME}/.mozilla/native-messaging-hosts
#mkfile ${HOME}/.config/mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
#mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
#whitelist ${HOME}/.config/mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
#whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
#mkdir ${HOME}/.cache/keepassxc
#mkdir ${HOME}/.config/keepassxc
#whitelist ${HOME}/.cache/keepassxc
#whitelist ${HOME}/.config/keepassxc
#whitelist ${HOME}/.config/KeePassXCrc
#include whitelist-common.inc
mkdir ${RUNUSER}/app/org.keepassxc.KeePassXC
whitelist ${RUNUSER}/app/org.keepassxc.KeePassXC
whitelist ${RUNUSER}/openssh_agent
whitelist /tmp/ssh-*
whitelist /usr/share/keepassxc
include whitelist-run-common.inc
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc
caps.drop all
machine-id
net none
no3d
nodvd
nogroups
noinput
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp !name_to_handle_at
seccomp.block-secondary
tracelog
private-bin keepassxc,keepassxc-cli,keepassxc-proxy
# Note: private-dev prevents the program from seeing new devices (such as
# hardware keys) on /dev after it has already started; add "ignore private-dev"
# to keepassxc.local if this is an issue (see #4883).
private-dev
private-etc @x11
private-tmp
dbus-user filter
dbus-user.own org.freedesktop.secrets
dbus-user.own org.keepassxc.KeePassXC.*
dbus-user.talk com.canonical.Unity
dbus-user.talk org.freedesktop.ScreenSaver
dbus-user.talk org.gnome.ScreenSaver
dbus-user.talk org.gnome.SessionManager
dbus-user.talk org.xfce.ScreenSaver
?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
?ALLOW_TRAY: dbus-user.own org.kde.*
# Add the next line to your keepassxc.local to allow notifications.
#dbus-user.talk org.freedesktop.Notifications
dbus-system filter
dbus-system.talk org.freedesktop.login1
restrict-namespaces
# Mutex is stored in /tmp by default, which is broken by private-tmp.
join-or-start keepassxc
Reference in a new issue View git blame Copy permalink