-
Notifications
You must be signed in to change notification settings - Fork 561
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Profile requests #1139
Comments
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
1 brl-cad (a millitary-veteran CAD..but common at civilian enviorments)
|
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
would be nice to have profiles for |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
InSync variety KDE connect
and Would be nice to have too. |
We'll look into HTH |
This works but netfilter needs removed otherwise. |
The following options can be added to the sandbox when your kernel supports caps.drop all This results in a significant hardening of the sandbox. So if you can, it's advised to enable it. Based on the ArmCord packages available in the AUR I've created the below (untested) armcord.profile. It would be awesome if you could test it, but as hinted above, you'll need the firejail-git version to do so. $ cat ~/.config/firejail/armcord.profile
# Firejail profile for armcord
# Description: Standalone Discord client
# This file is overwritten after every install/update
# Persistent local customizations
include armcord.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.config/ArmCord
# sh is needed to allow Firefox to open links
#include allow-bin-sh.inc
ignore noexec ${HOME}
mkdir ${HOME}/.config/ArmCord
whitelist ${HOME}/.config/ArmCord
#whitelist /opt/Armcord
whitelist /opt/armcord
whitelist /usr/share/armcord
# The lines below are needed to find the default Firefox profile name, to allow
# opening links in an existing instance of Firefox (note that it still fails if
# there isn't a Firefox instance running with the default profile; see #5352)
noblacklist ${HOME}/.mozilla
whitelist ${HOME}/.mozilla/firefox/profiles.ini
ignore novideo
private-bin armcord
dbus-user filter
dbus-user.talk io.gitlab.librewolf.*
dbus-user.talk org.cachyos.cachy_browser.*
dbus-user.talk org.freedesktop.Notifications
# Allow D-Bus communication with Firefox for opening links
dbus-user.talk org.mozilla.*
ignore dbus-user none
join-or-start armcord
# Redirect
include electron-common.profile
|
We have floorp.profile now. You can either use firejail-git or wait until it comes down whenever your OS receives the upcoming |
oh ok thanks |
Description: Standalone Discord client. https://armcord.app/ https://github.com/NextWork123/ArmCord Requested in netblue30#1139 (comment).
Description: Standalone Discord client. https://armcord.app/ https://github.com/NextWork123/ArmCord Requested in #1139 (comment).
I came up with the following profile which could be used to start with:
It does require vesktop to be run with
which I'm not sure how to fix. |
Here's a HTH |
Major thanks @glitsj16, testing now but I'm having some issues. Will post in the gist to avoid bloating the convo here. |
I'm running archlinux, the bleeding-edgiest of the bleeding-edges, and it's not up to version 0.9.74 yet? Also requesting a profile for |
On Arch Linux myself. There simply isn't a 0.9.74 release yet. Best you can do is install firejail-git from AUR and keep that in sync with the git commits. |
I've looked into webapp-manager. Although creating a dedicated Firejail profile for it is possible, it would have to create a very weak sandbox due to the upstream use of Personally I wouldn't feel comfortable using this app to run web browsers in such a weak sandbox. Other collaborators may of course see this differently and create a webapp-manager.profile in the future. So I'm not saying it won't happen. In any case, stay vigilant when using this app... |
@glitsj16 Oh |
OnlyOffice-Desktopeditors bases on libreoffice.profile:
This works for me just fine. |
This comment was marked as resolved.
This comment was marked as resolved.
https://pulsar-edit.dev/ Not much different from atom.profile, yet a few changes creeped in.
|
prismlauncher by @ipaqmaster in #6381 |
gifsicle and gifski by @salisbury-espinosa in #6481 |
I'd like a betterbird.profile, please... |
|
Issue to ask for and discuss about new profiles.
Progress is tracked in: https://github.com/users/netblue30/projects/7
latex2*
,pdf*
,rst2*
,pod2
,pcp2pdf
,wkhtmltopdf
, ...)disable-sys.inc
to restrict access to files in/sys/{block,bus,class,dev,devices,kernel}
io.elementary.calculator
)io.elementary.calendar
io.elementary.calendar-daemon
io.elementary.camera
)io.elementary.capnet-assist
)io.elementary.code
)io.elementary.files
io.elementary.files-daemon
io.elementary.files-pkexec
io.elementary.music
)io.elementary.photos
) - Based on the old Shotwell codeio.elementary.terminal
)io.elementary.videos
)gnome-podcasts
)pass
gopass
kbfsfuse
(not sure if this one makes sense...)keybase
keybase-gui
ykman
ykman-gui
gzdoom
)quake
)rrootage
)Resolved
gnome-online-minersGhetto-skypeTbb PPAGnome-boxesTor MessengerTemaviewerProfile requests #825 (comment)qemu-system-*
qemu-kvmThe text was updated successfully, but these errors were encountered: