From f3585e53933c95d3be31bb53214145d9219ff3ea Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Mon, 9 Nov 2020 20:57:33 +0100 Subject: [PATCH] fixes, closes, enhances, improvements, and so on - .github/ISSUE_TEMPLATE/bug_report.md: get ride off spanish, french, ... error messages - etc/inc/firefox-common-addons.inc: support ff2mpv - etc/profile-a-l/gimp.profile: note about xsane - etc/profile-m-z/min.profile: prettify - etc/profile-m-z/mpsyt.profile: fix, add lua - etc/profile-m-z/qbittorrent.profile: add note for tray-icons; this will get a better note once I investigated and audited all the D-Bus tray stuff. - etc/profile-m-z/transmission-daemon.profile: fix, add protocol packet close #3686 - mps-youtube needs lua close #3701 - Firefox native messaging regression in 0.9.62.4 -> 0.9.64rc1 close #3636 - transmission-daemon fills log with error close #3640 - Gimp - add note how to enable scanning (xsane) close #3707 - qBittorrent tray icon missing from notification panel when running it with firejail --- .github/ISSUE_TEMPLATE/bug_report.md | 1 + README.md | 2 +- RELNOTES | 2 +- etc/inc/firefox-common-addons.inc | 17 +++++++++++++++++ etc/profile-a-l/gimp.profile | 8 ++++++++ etc/profile-m-z/min.profile | 3 +-- etc/profile-m-z/mpsyt.profile | 3 +++ etc/profile-m-z/qbittorrent.profile | 1 + etc/profile-m-z/transmission-daemon.profile | 1 + 9 files changed, 34 insertions(+), 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index d36dd32e48b..562d6b9e1f2 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -36,6 +36,7 @@ Other context about the problem like related errors to understand the problem. - [ ] Programs needed for interaction are listed in the profile. - [ ] A short search for duplicates was performed. - [ ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. + - [ ] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages.
debug output diff --git a/README.md b/README.md index 253c3ec105f..cc50df2f768 100644 --- a/README.md +++ b/README.md @@ -194,4 +194,4 @@ Stats: ### New profiles: -spectacle +spectacle, chromium-browser-privacy diff --git a/RELNOTES b/RELNOTES index 18ea99c1fd6..3cdea6d9d54 100644 --- a/RELNOTES +++ b/RELNOTES @@ -1,7 +1,7 @@ firejail (0.9.65) baseline; urgency=low * allow --tmpfs inside $HOME for unprivileged users * --disable-usertmpfs compile time option - * new profiles: spectacle + * new profiles: spectacle, chromium-browser-privacy -- netblue30 Wed, 21 Oct 2020 09:00:00 -0500 firejail (0.9.64) baseline; urgency=low diff --git a/etc/inc/firefox-common-addons.inc b/etc/inc/firefox-common-addons.inc index 11acb7b42fd..198941ac90c 100644 --- a/etc/inc/firefox-common-addons.inc +++ b/etc/inc/firefox-common-addons.inc @@ -69,3 +69,20 @@ include allow-python3.inc # Flash plugin # private-etc must first be enabled in firefox-common.profile and in profiles including it. #private-etc adobe + +# ff2mpv +#ignore noexec ${HOME} +#noblacklist ${HOME}/.config/mpv +#noblacklist ${HOME}/.config/youtube-dl +#noblacklist ${HOME}/.netrc +#include allow-lua.inc +#include allow-python3.inc +#mkdir ${HOME}/.config/mpv +#mkdir ${HOME}/.config/youtube-dl +#whitelist ${HOME}/.config/mpv +#whitelist ${HOME}/.config/youtube-dl +#whitelist ${HOME}/.netrc +#whitelist /usr/share/lua +#whitelist /usr/share/lua* +#whitelist /usr/share/vulkan +#private-bin env,mpv,python3*,waf,youtube-dl diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index 8093c0c39d9..ed27de7f51d 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile @@ -6,6 +6,14 @@ include gimp.local # Persistent global definitions include globals.local +# Uncomment or add to gimp.local in order to support scanning via xsane (see #3640). +# TODO: Replace 'ignore seccomp' with a less permissive option. +#ignore seccomp +#ignore dbus-system +#ignore net +#protocol unix,inet,inet6 + + # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory # if you are not using external plugins, you can comment 'ignore noexec' statement below # or put 'noexec ${HOME}' in your gimp.local diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile index d297b209b7a..be85fdbc490 100644 --- a/etc/profile-m-z/min.profile +++ b/etc/profile-m-z/min.profile @@ -6,8 +6,7 @@ include min.local # Persistent global definitions include globals.local -# Disable for now, see https://github.com/netblue30/firejail/pull/3688#issuecomment-718711565 -ignore whitelist /usr/share/chromium +nowhitelist /usr/share/chromium noblacklist ${HOME}/.config/Min diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile index addeeac4494..414eaf31216 100644 --- a/etc/profile-m-z/mpsyt.profile +++ b/etc/profile-m-z/mpsyt.profile @@ -13,6 +13,9 @@ noblacklist ${HOME}/.mplayer noblacklist ${HOME}/.netrc noblacklist ${HOME}/mps +# Allow lua (blacklisted by disable-interpreters.inc) +include allow-lua.inc + # Allow python (blacklisted by disable-interpreters.inc) include allow-python2.inc include allow-python3.inc diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile index 81ec1bc6b7f..2fb02aefc27 100644 --- a/etc/profile-m-z/qbittorrent.profile +++ b/etc/profile-m-z/qbittorrent.profile @@ -56,6 +56,7 @@ private-dev # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl,X11,xdg private-tmp +# See https://github.com/netblue30/firejail/issues/3707 for tray-icon dbus-user none dbus-system none diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile index 363c685e0d6..8dbbfcc627e 100644 --- a/etc/profile-m-z/transmission-daemon.profile +++ b/etc/profile-m-z/transmission-daemon.profile @@ -14,6 +14,7 @@ whitelist ${HOME}/.config/transmission-daemon whitelist /var/lib/transmission caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot +protocol unix,inet,inet6,packet private-bin transmission-daemon private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl