Added minitube profile

[bbhtt]

Request: # 1139

This needs to be merged before I push profiles for apps from the same author. They all have common directory Flavio Tordini

[rusty-snake]

+1

[bbhtt]

Off-topic, but related somewhat: Is there a way to monitor dbus accesses of a program with something, other than, filtering dbus-monitor or 'flatpak'? I don't want to allow more than it needs. Also how do other distros like Arch,SUSE handle pop-up notifications,pretty sure notify-send is common across Ubuntu (atleast Xubuntu), do we allow pop-ups?

[rusty-snake]

Is there a way to monitor dbus accesses of a program with something, other than, filtering dbus-monitor or 'flatpak'?

If the policy is filter, you can use --dbus-log. I plan to write a python-script which can parse the output and generate rules.

Also how do other distros like Arch,SUSE handle pop-up notifications,pretty sure notify-send is common across Ubuntu (atleast Xubuntu),

notify-send exists also in Fedora, Arch, …
If there would be own standards they would be part of a DE not a distro.

do we allow pop-ups?

org.freedesktop.Notifications can be used to escape the sandbox. I should be avoided on sandboxed with high-attack-surface / strict profile / whitelist profile. If it is essential for a program or the program has "crash" as "error-handling" it must be allowed.

[bbhtt]

Thanks. Is there a list of what can potentially leak what? For example NetworkManager.

[rusty-snake]

Not yet complete https://github.com/netblue30/firejail/wiki/Restrict-D-Bus

[rusty-snake]

org.freedesktop.Notifications:

• sway: safe (AFAIK)
• gnome <= 3.36.0: unsafe
• gnome >= 3.36.1: safe
• kde: unsafe

[rusty-snake]

Merged, Thanks.