diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 52534a9e9b5..35f89e11b87 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc @@ -34,6 +34,7 @@ blacklist ${HOME}/.config/autostart blacklist ${HOME}/.config/autostart-scripts blacklist ${HOME}/.config/awesome blacklist ${HOME}/.config/i3 +blacklist ${HOME}/.config/sway blacklist ${HOME}/.config/lxsession/LXDE/autostart blacklist ${HOME}/.config/openbox blacklist ${HOME}/.config/plasma-workspace diff --git a/etc/profile-a-l/librewolf-nightly.profile b/etc/profile-a-l/librewolf-nightly.profile index e6c3da60877..72df5a52aad 100644 --- a/etc/profile-a-l/librewolf-nightly.profile +++ b/etc/profile-a-l/librewolf-nightly.profile @@ -6,5 +6,8 @@ include librewolf-nightly.local # added by included profile #include globals.local +# Add the next line to your librewolf-nightly.local to enable private-bin. +#private-bin librewolf-nightly + # Redirect include librewolf.profile diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 8e891a930be..0934e127160 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -18,12 +18,40 @@ whitelist ${HOME}/.librewolf #noblacklist ${HOME}/.mozilla #whitelist ${HOME}/.mozilla -# librewolf requires a shell to launch on Arch. We can possibly remove sh though. -# Add the next line to your librewolf.local to enable private-bin. -#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which +# Uncomment or put in your librewolf.local one of the following whitelist to enable KeePassXC Plugin +# NOTE: start KeePassXC before Librewolf and keep it open to allow communication between them +#whitelist ${RUNUSER}/kpxc_server +#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer + +whitelist /usr/share/doc +whitelist /usr/share/gtk-doc/html +whitelist /usr/share/mozilla +whitelist /usr/share/webext +include whitelist-usr-share-common.inc + +# Add the next line to your librewolf.local to enable private-bin (Arch Linux). +#private-bin dbus-launch,dbus-send,librewolf,sh # Add the next line to your librewolf.local to enable private-etc. Note # that private-etc must first be enabled in firefox-common.local. #private-etc librewolf +dbus-user filter +# Uncomment or put in your librewolf.local to enable native notifications. +#dbus-user.talk org.freedesktop.Notifications +# Uncomment or put in your librewolf.local to allow to inhibit screensavers +#dbus-user.talk org.freedesktop.ScreenSaver +# Uncomment or put in your librewolf.local for plasma browser integration +#dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration +#dbus-user.talk org.kde.JobViewServer +#dbus-user.talk org.kde.kuiserver +# Uncomment or put in your librewolf.local to allow screen sharing under wayland. +#whitelist ${RUNUSER}/pipewire-0 +#dbus-user.talk org.freedesktop.portal.* +# Also uncomment or put in your librewolf.local if screen sharing sharing still +# does not work with the above lines (might depend on the portal +# implementation) +#ignore noroot +ignore dbus-user none + # Redirect include firefox-common.profile diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile new file mode 100644 index 00000000000..4637419bf31 --- /dev/null +++ b/etc/profile-a-l/sway.profile @@ -0,0 +1,19 @@ +# Firejail profile for Sway +# Description: i3-compatible Wayland compositor +# This file is overwritten after every install/update +# Persistent local customizations +include sway.local +# Persistent global definitions +include globals.local + +# all applications started in sway will run in this profile +noblacklist ${HOME}/.config/sway +# sway uses ~/.config/i3 as fallback if there is no ~/.config/sway +noblacklist ${HOME}/.config/i3 +include disable-common.inc + +caps.drop all +netfilter +noroot +protocol unix,inet,inet6 +seccomp