fixes, closes, enhances, improvements, and so on

- .github/ISSUE_TEMPLATE/bug_report.md: get ride off spanish, french, ... error messages - etc/inc/firefox-common-addons.inc: support ff2mpv - etc/profile-a-l/gimp.profile: note about xsane - etc/profile-m-z/min.profile: prettify - etc/profile-m-z/mpsyt.profile: fix, add lua - etc/profile-m-z/qbittorrent.profile: add note for tray-icons; this will get a better note once I investigated and audited all the D-Bus tray stuff. - etc/profile-m-z/transmission-daemon.profile: fix, add protocol packet close #3686 - mps-youtube needs lua close #3701 - Firefox native messaging regression in 0.9.62.4 -> 0.9.64rc1 close #3636 - transmission-daemon fills log with error close #3640 - Gimp - add note how to enable scanning (xsane) close #3707 - qBittorrent tray icon missing from notification panel when running it with firejail
netblue30 · Nov 9, 2020 · f3585e5 · f3585e5
1 parent 796b4cf
commit f3585e5
Show file tree

Hide file tree

Showing 9 changed files with 34 additions and 4 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -36,6 +36,7 @@ Other context about the problem like related errors to understand the problem.
  - [ ] Programs needed for interaction are listed in the profile.
  - [ ] A short search for duplicates was performed.
  - [ ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile.
+ - [ ] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages.
 
 
 <details><summary> debug output </summary>

diff --git a/README.md b/README.md
@@ -194,4 +194,4 @@ Stats:
 
 ### New profiles:
 
-spectacle
+spectacle, chromium-browser-privacy
diff --git a/RELNOTES b/RELNOTES
@@ -1,7 +1,7 @@
 firejail (0.9.65) baseline; urgency=low
  * allow --tmpfs inside $HOME for unprivileged users
  * --disable-usertmpfs compile time option
- * new profiles: spectacle
+ * new profiles: spectacle, chromium-browser-privacy
  -- netblue30 <[email protected]> Wed, 21 Oct 2020 09:00:00 -0500
 
 firejail (0.9.64) baseline; urgency=low

diff --git a/etc/inc/firefox-common-addons.inc b/etc/inc/firefox-common-addons.inc
@@ -69,3 +69,20 @@ include allow-python3.inc
 # Flash plugin
 # private-etc must first be enabled in firefox-common.profile and in profiles including it.
 #private-etc adobe
+
+# ff2mpv
+#ignore noexec ${HOME}
+#noblacklist ${HOME}/.config/mpv
+#noblacklist ${HOME}/.config/youtube-dl
+#noblacklist ${HOME}/.netrc
+#include allow-lua.inc
+#include allow-python3.inc
+#mkdir ${HOME}/.config/mpv
+#mkdir ${HOME}/.config/youtube-dl
+#whitelist ${HOME}/.config/mpv
+#whitelist ${HOME}/.config/youtube-dl
+#whitelist ${HOME}/.netrc
+#whitelist /usr/share/lua
+#whitelist /usr/share/lua*
+#whitelist /usr/share/vulkan
+#private-bin env,mpv,python3*,waf,youtube-dl
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile
@@ -6,6 +6,14 @@ include gimp.local
 # Persistent global definitions
 include globals.local
 
+# Uncomment or add to gimp.local in order to support scanning via xsane (see #3640).
+# TODO: Replace 'ignore seccomp' with a less permissive option.
+#ignore seccomp
+#ignore dbus-system
+#ignore net
+#protocol unix,inet,inet6
+
+
 # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory
 # if you are not using external plugins, you can comment 'ignore noexec' statement below
 # or put 'noexec ${HOME}' in your gimp.local

diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile
@@ -6,8 +6,7 @@ include min.local
 # Persistent global definitions
 include globals.local
 
-# Disable for now, see https://github.com/netblue30/firejail/pull/3688#issuecomment-718711565
-ignore whitelist /usr/share/chromium
+nowhitelist /usr/share/chromium
 
 noblacklist ${HOME}/.config/Min
 

diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile
@@ -13,6 +13,9 @@ noblacklist ${HOME}/.mplayer
 noblacklist ${HOME}/.netrc
 noblacklist ${HOME}/mps
 
+# Allow lua (blacklisted by disable-interpreters.inc)
+include allow-lua.inc
+
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc

diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile
@@ -56,6 +56,7 @@ private-dev
 # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl,X11,xdg
 private-tmp
 
+# See https://github.com/netblue30/firejail/issues/3707 for tray-icon
 dbus-user none
 dbus-system none
 

diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile
@@ -14,6 +14,7 @@ whitelist ${HOME}/.config/transmission-daemon
 whitelist /var/lib/transmission
 
 caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
+protocol unix,inet,inet6,packet
 
 private-bin transmission-daemon
 private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl