Verified Commit 24b76eff authored by dr460nf1r3's avatar dr460nf1r3 🐉
Browse files

Add firejail & psd profiles

parent 2e33b150
# Firejail profile for firedragon-common
# This file is overwritten after every install/update
# Persistent local customizations
include firedragon-common.local
# Persistent global definitions
# added by caller profile
#include globals.local
# noexec ${HOME} breaks DRM binaries.
?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
# Uncomment the following line (or put it in your firedragon-common.local) to allow access to common programs/addons/plugins.
include firedragon-common-addons.inc
noblacklist ${HOME}/.pki
noblacklist ${HOME}/.local/share/pki
include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-programs.inc
mkdir ${HOME}/.pki
mkdir ${HOME}/.local/share/pki
whitelist ${DOWNLOADS}
whitelist ${HOME}/.pki
whitelist ${HOME}/.local/share/pki
include whitelist-common.inc
include whitelist-var-common.inc
apparmor
caps.drop all
# machine-id breaks pulse audio; it should work fine in setups where sound is not required.
#machine-id
netfilter
# nodbus breaks various desktop integration features
# among other things global menus, native notifications, Gnome connector, KDE connect and power management on KDE Plasma
#nodbus
nodvd
nogroups
nonewprivs
# noroot breaks GTK_USE_PORTAL=1 usage, see https://github.com/netblue30/firejail/issues/2506.
#noroot
notv
?BROWSER_DISABLE_U2F: nou2f
protocol unix,inet,inet6,netlink
# The below seccomp configuration still permits chroot syscall. See https://github.com/netblue30/firejail/issues/2506 for possible workarounds.
seccomp !chroot
shell none
# Disable tracelog, it breaks or causes major issues with many firedragon based browsers, see https://github.com/netblue30/firejail/issues/1930.
#tracelog
disable-mnt
private-dev
# private-etc below works fine on most distributions. There are some problems on CentOS.
#private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
private-tmp
# Firejail profile for firedragon
# Description: Safe and easy web browser from Mozilla
# This file is overwritten after every install/update
# Persistent local customizations
include firedragon.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.cache/mozilla
noblacklist ${HOME}/.firedragon
mkdir ${HOME}/.cache/mozilla/firedragon
mkdir ${HOME}/.firedragon
whitelist ${HOME}/.cache/mozilla/firedragon
whitelist ${HOME}/.firedragon
whitelist /usr/share/mozilla
include whitelist-usr-share-common.inc
# firedragon requires a shell to launch on Arch.
#private-bin firedragon,which,sh,dbus-launch,dbus-send,env,bash
# private-etc must first be enabled in firedragon-common.profile
#private-etc firedragon
# Redirect
include firedragon-common.profile
if [[ -d $HOME/.firedragon ]]; then
profileArr=( $(grep '[P,p]'ath= $HOME/.firedragon/profiles.ini |
sed 's/[P,p]ath=//') )
index=0
PSNAME="$browser"
for profileItem in ${profileArr[@]}; do
if [[ $(echo $profileItem | cut -c1) = "/" ]]; then
# path is not relative
DIRArr[index]="$profileItem"
else
# we need to append the default path to give a
# fully qualified path
DIRArr[index]="$HOME/.firedragon/$profileItem"
fi
index=$index+1
done
fi
check_suffix=1
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment