mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
98e34c444b
To match how things are sorted elsewhere, such as with `noblacklist` /
`whitelist` lines (vertically) in profiles and in
ci/check/profiles/sort-disable-programs.sh and src/etc-cleanup/main.c.
This makes the order in `private-etc` always be groups (`@group`), then
uppercase paths, then lowercase paths. Example from
etc/profile-m-z/softmaker-common.profile:
private-etc @tls-ca,SoftMaker,fstab
Note that this does not affect a significant amount of profiles; most
changes are in `private-bin` / `private-lib` lines and in `private-etc`
lines for newer profiles that do not use groups. This is partly due to
commit 5d0822c52 ("private-etc: big profile changes", 2023-02-05)
replacing `X11` with `@x11` in `private-etc` lines and then commit
0f996ea4d ("private-etc: groups modified", 2023-02-05) removing
`Trolltech.conf` from `private-etc` lines and using case-sensitive
sorting in them.
Relates to #5610.
62 lines
1.5 KiB
Text
62 lines
1.5 KiB
Text
# Firejail profile for enpass
|
|
# Description: A multiplatform password manager
|
|
# This file is overwritten after every install/update.
|
|
# Persistent local customisations
|
|
include enpass.local
|
|
# Persistent global definitions
|
|
include globals.local
|
|
|
|
noblacklist ${HOME}/.cache/Enpass
|
|
noblacklist ${HOME}/.config/sinew.in
|
|
noblacklist ${HOME}/.config/Sinew Software Systems
|
|
noblacklist ${HOME}/.local/share/Enpass
|
|
noblacklist ${DOCUMENTS}
|
|
|
|
include disable-common.inc
|
|
include disable-devel.inc
|
|
include disable-exec.inc
|
|
include disable-interpreters.inc
|
|
include disable-programs.inc
|
|
include disable-xdg.inc
|
|
|
|
mkdir ${HOME}/.cache/Enpass
|
|
mkfile ${HOME}/.config/sinew.in
|
|
mkdir ${HOME}/.config/Sinew Software Systems
|
|
mkdir ${HOME}/.local/share/Enpass
|
|
whitelist ${HOME}/.cache/Enpass
|
|
whitelist ${HOME}/.config/sinew.in
|
|
whitelist ${HOME}/.config/Sinew Software Systems
|
|
whitelist ${HOME}/.local/share/Enpass
|
|
whitelist ${DOCUMENTS}
|
|
include whitelist-common.inc
|
|
include whitelist-var-common.inc
|
|
|
|
# machine-id and nosound break audio notification functionality.
|
|
# Add the next lines to your enpass.local if you need that functionality.
|
|
#ignore machine-id
|
|
#ignore nosound
|
|
caps.drop all
|
|
machine-id
|
|
netfilter
|
|
no3d
|
|
nodvd
|
|
nogroups
|
|
noinput
|
|
nonewprivs
|
|
noroot
|
|
nosound
|
|
notv
|
|
nou2f
|
|
novideo
|
|
protocol unix,inet,inet6,netlink
|
|
seccomp
|
|
tracelog
|
|
|
|
private-bin Enpass,dirname,importer_enpass,readlink,sh
|
|
?HAS_APPIMAGE: ignore private-dev
|
|
private-dev
|
|
private-opt Enpass
|
|
private-tmp
|
|
|
|
#memory-deny-write-execute # breaks on Arch (see issue #1803)
|
|
restrict-namespaces
|