diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index d36dd32e48b..562d6b9e1f2 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -36,6 +36,7 @@ Other context about the problem like related errors to understand the problem. - [ ] Programs needed for interaction are listed in the profile. - [ ] A short search for duplicates was performed. - [ ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. + - [ ] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages.
debug output diff --git a/README.md b/README.md index 253c3ec105f..cc50df2f768 100644 --- a/README.md +++ b/README.md @@ -194,4 +194,4 @@ Stats: ### New profiles: -spectacle +spectacle, chromium-browser-privacy diff --git a/RELNOTES b/RELNOTES index 18ea99c1fd6..3cdea6d9d54 100644 --- a/RELNOTES +++ b/RELNOTES @@ -1,7 +1,7 @@ firejail (0.9.65) baseline; urgency=low * allow --tmpfs inside $HOME for unprivileged users * --disable-usertmpfs compile time option - * new profiles: spectacle + * new profiles: spectacle, chromium-browser-privacy -- netblue30 Wed, 21 Oct 2020 09:00:00 -0500 firejail (0.9.64) baseline; urgency=low diff --git a/etc/inc/firefox-common-addons.inc b/etc/inc/firefox-common-addons.inc index 11acb7b42fd..198941ac90c 100644 --- a/etc/inc/firefox-common-addons.inc +++ b/etc/inc/firefox-common-addons.inc @@ -69,3 +69,20 @@ include allow-python3.inc # Flash plugin # private-etc must first be enabled in firefox-common.profile and in profiles including it. #private-etc adobe + +# ff2mpv +#ignore noexec ${HOME} +#noblacklist ${HOME}/.config/mpv +#noblacklist ${HOME}/.config/youtube-dl +#noblacklist ${HOME}/.netrc +#include allow-lua.inc +#include allow-python3.inc +#mkdir ${HOME}/.config/mpv +#mkdir ${HOME}/.config/youtube-dl +#whitelist ${HOME}/.config/mpv +#whitelist ${HOME}/.config/youtube-dl +#whitelist ${HOME}/.netrc +#whitelist /usr/share/lua +#whitelist /usr/share/lua* +#whitelist /usr/share/vulkan +#private-bin env,mpv,python3*,waf,youtube-dl diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index 8093c0c39d9..ed27de7f51d 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile @@ -6,6 +6,14 @@ include gimp.local # Persistent global definitions include globals.local +# Uncomment or add to gimp.local in order to support scanning via xsane (see #3640). +# TODO: Replace 'ignore seccomp' with a less permissive option. +#ignore seccomp +#ignore dbus-system +#ignore net +#protocol unix,inet,inet6 + + # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory # if you are not using external plugins, you can comment 'ignore noexec' statement below # or put 'noexec ${HOME}' in your gimp.local diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile index d297b209b7a..be85fdbc490 100644 --- a/etc/profile-m-z/min.profile +++ b/etc/profile-m-z/min.profile @@ -6,8 +6,7 @@ include min.local # Persistent global definitions include globals.local -# Disable for now, see https://github.com/netblue30/firejail/pull/3688#issuecomment-718711565 -ignore whitelist /usr/share/chromium +nowhitelist /usr/share/chromium noblacklist ${HOME}/.config/Min diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile index addeeac4494..414eaf31216 100644 --- a/etc/profile-m-z/mpsyt.profile +++ b/etc/profile-m-z/mpsyt.profile @@ -13,6 +13,9 @@ noblacklist ${HOME}/.mplayer noblacklist ${HOME}/.netrc noblacklist ${HOME}/mps +# Allow lua (blacklisted by disable-interpreters.inc) +include allow-lua.inc + # Allow python (blacklisted by disable-interpreters.inc) include allow-python2.inc include allow-python3.inc diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile index 81ec1bc6b7f..2fb02aefc27 100644 --- a/etc/profile-m-z/qbittorrent.profile +++ b/etc/profile-m-z/qbittorrent.profile @@ -56,6 +56,7 @@ private-dev # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl,X11,xdg private-tmp +# See https://github.com/netblue30/firejail/issues/3707 for tray-icon dbus-user none dbus-system none diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile index 363c685e0d6..8dbbfcc627e 100644 --- a/etc/profile-m-z/transmission-daemon.profile +++ b/etc/profile-m-z/transmission-daemon.profile @@ -14,6 +14,7 @@ whitelist ${HOME}/.config/transmission-daemon whitelist /var/lib/transmission caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot +protocol unix,inet,inet6,packet private-bin transmission-daemon private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl