Add profile for links and xlinks #2734

jose1711 · 2019-05-31T21:16:44Z

No description provided.

Fred-Barclay

Looks really good! I had a few comments on the links profile -- can you check them and also try them for the xlinks profile?
Cheers!
Fred

etc/xlinks.profile

etc/links.profile

Fred-Barclay · 2019-06-01T00:52:22Z

etc/links.profile

+disable-mnt
+private-cache
+private-dev
+private-tmp


Also try this please: private-etc ca-certificates,crypto-policies,resolv.conf,ssl

This is often too limiting for associated programs (e. g. mpv was unable to start)

we usually don't write profiles that allow other programs to work
see #1718 (comment)
and
#1770 (comment)

Better: private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl and if e.g. exists /etc/links also links.

we usually don't write profiles that allow other programs to work
see #1718 (comment)
and
#1770 (comment)

hmm... if this is the case then the whole novideo, noaudio, x11 discussion is pointless, right?

@rusty-snake how about doing this:

private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl # Uncomment the following line to allow external media players # private-etc alsa,asound.conf,alternatives,machine-id,openal,pulse

@Fred-Barclay sound good, but

# Uncomment the following line (or put it in your links.local) …

On Fedora: ll /bin/links: /bin/links -> /etc/alternatives/links

xlinks will need fonts

@rusty-snake I don't understand 2.

added private-etc + comment on how to enable media players

@Fred-Barclay we need alternatives, because on some system is links a symlink to /etc/alternativs/links

etc/links.profile

rusty-snake

Additional nitpicking.

I'm also think that is it better to write always "media player" instead of "audio player"/"video player" because the most options are needed of both.

etc/links.profile

+disable-mnt
+private-cache
+private-dev
+private-tmp


etc/links.profile

etc/xlinks.profile

etc/links.profile

rusty-snake · 2019-06-01T14:29:53Z

For links.profile I came to this.

etc/links.profile

…ks-profile

etc/xlinks.profile

rusty-snake

After long discussions... the time has come.

@Fred-Barclay ?

* Create allow-INTERPETER.inc * allow-lua.inc * allow-perl.inc * allow-python2.inc * allow-python3.inc * Create allow-java.inc * Update profiles to use new allow-INTERPRETER.inc includes * Update profiles to use new allow-INTERPRETER.inc includes 2/x * Fix order of allow-INTERPRETER.inc includes * Update profiles to use new allow-INTERPRETER.inc includes 3/x * Fixup comment about allow-java.inc netblue30#2736 (comment) * Add Arch Linux specific paths to allow-perl.inc

Fred-Barclay · 2019-06-01T20:21:01Z

@rusty-snake just need one update on private-etc. Then whichever of us gets to this first should be good to merge! 😄

EDIT: if you merge this, please choose squash and merge

rusty-snake · 2019-06-01T20:28:02Z

I almost always use squash, because I don't like ugly commit-messages like Merge pull request #ABCD from USER/BRANCH 😉 .

Fred-Barclay · 2019-06-01T20:31:21Z

@jose1711 @rusty-snake New idea... since xlinks shares a lot with links, why not just re-direct?
I.e.:


# Firejail profile for xlinks
# Description: Text WWW browser (X11)
# This file is overwritten after every install/update
# Persistent local customizations
include xlinks.local
# Persistent global definitions
include globals.local

noblacklist /tmp/.X11-unix
private-bin xlinks

# Redirect
include links.profile

rusty-snake · 2019-06-01T20:34:53Z

But now

# added by included profile
#include globals.local

…into links-profile

Fred-Barclay · 2019-06-01T21:05:57Z

@rusty-snake I think it's ok to include globals.inc here and also in links.profile. Other redirect profiles (like for google chrome beta) do the same.

glitsj16 · 2019-06-01T21:44:33Z

@Fred-Barclay If I follow this thread correctly I do think @rusty-snake has a fair point in wanting to avoid including globals.local twice. See #2006 and #2010 for reference.

@rusty-snake I think it's ok to include globals.inc here and also in links.profile. Other redirect profiles (like for google chrome beta) do the same.

google-chrome-beta.profile does include globals.local because its redirect profile (chromium-common.profile) does not. Your proposed xlinks redirect profile needs to have include globals.local commented because its redirect profile (links.profile) already takes care of including that file. Hope this helps to clear up any confusion.

xlinks redirects to links Add basic private-etc line and a commented, extended private-etc

Fred-Barclay · 2019-06-01T22:20:14Z

I added some changes. @jose1711 @rusty-snake review por favor.

jose1711 · 2019-06-02T04:58:58Z

I added some changes. @jose1711 @rusty-snake review por favor.

Don't know how badly xlinks wants access to fonts but maybe we still want private-etc fonts in its profile?

rusty-snake

Just add alternativs to private-etc, because on fedora /usr/bin/links is a symlink to /etc/altenatives/links.

etc/links.profile

rusty-snake · 2019-06-02T11:14:06Z

Merged, Thanks.

Add profile for links and xlinks

d97fdc4

Fred-Barclay requested changes Jun 1, 2019

View reviewed changes

Add profile for links and xlinks

02240a9