fixes

- RELNOTS: protocol now accumulates - fix #3978 -- Android Studio: cannot create the directory Unresolved: > google-earth.profile has a 'noblacklist ${HOME}/.config/Google' too, > so we should consider to add additional blacklists for ~/.config/Google/*. - marker.profile: allow ${DOCUMENTS} - profile.template: add bluetooth protocol - profile.template: add DBus portal note - firejail-profile.txt: revert 17fe4b9 -- fix private=directory in man firejail-profile see #3970 (comment)
netblue30 · Mar 1, 2021 · f09bb2a · f09bb2a
1 parent d1acb31
commit f09bb2a
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 3 deletions.
diff --git a/RELNOTES b/RELNOTES
@@ -2,6 +2,7 @@ firejail (0.9.65) baseline; urgency=low
  * filtering environment variables
  * zsh completion
  * --mkdir, --mkfile
+ * protocol now accumulates
  * Jolla/SailfishOS patches
  * private-lib rework
  * jailtest

diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile
@@ -5,6 +5,7 @@ include android-studio.local
 # Persistent global definitions
 include globals.local
 
+noblacklist ${HOME}/.config/Google
 noblacklist ${HOME}/.AndroidStudio*
 noblacklist ${HOME}/.android
 noblacklist ${HOME}/.jack-server

diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile
@@ -12,6 +12,7 @@ include globals.local
 #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf
 
 noblacklist ${HOME}/.cache/marker
+noblacklist ${DOCUMENTS}
 
 include disable-common.inc
 include disable-devel.inc

diff --git a/etc/templates/profile.template b/etc/templates/profile.template
@@ -155,8 +155,8 @@ include globals.local
 # - unix is usually needed
 # - inet,inet6 only if internet access is required (see 'net none'/'netfilter' above)
 # - netlink is rarely needed
-# - packet almost never
-#protocol unix,inet,inet6,netlink,packet
+# - packet and bluetooth almost never
+#protocol unix,inet,inet6,netlink,packet,bluetooth
 #seccomp
 ##seccomp !chroot
 ##seccomp.drop SYSCALLS (see syscalls.txt)
@@ -200,6 +200,7 @@ include globals.local
 # flatpak remote-info --show-metadata flathub <APP-ID>
 # Notes:
 # - flatpak implicitly allows an app to own <APP-ID> on the session bus
+# - Some features like native notifications are implemented as portal too.
 # - In order to make dconf work (when used by the app) you need to allow
 # 'ca.desrt.dconf' even when not allowed by flatpak.
 # Notes and Policiy about addresses can be found at

diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
@@ -266,7 +266,7 @@ Mount new /root and /home/user directories in temporary
 filesystems. All modifications are discarded when the sandbox is
 closed.
 .TP
-\fBprivate=directory
+\fBprivate directory
 Use directory as user home.
 .TP
 \fBprivate-bin file,file