Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add profile for otter-browser #3564

Merged
merged 2 commits into from
Aug 4, 2020
Merged

Add profile for otter-browser #3564

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dae8e27
Add profile for otter-browser
Aug 1, 2020
037d817
private-bin,sorting
Aug 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions etc/inc/disable-programs.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,7 @@ blacklist ${HOME}/.config/opera-beta
blacklist ${HOME}/.config/orage
blacklist ${HOME}/.config/org.gabmus.gfeeds.json
blacklist ${HOME}/.config/org.kde.gwenviewrc
blacklist ${HOME}/.config/otter
blacklist ${HOME}/.config/pavucontrol-qt
blacklist ${HOME}/.config/pavucontrol.ini
blacklist ${HOME}/.config/pcmanfm
Expand Down Expand Up @@ -821,6 +822,7 @@ blacklist ${HOME}/.cache/Franz
blacklist ${HOME}/.cache/INRIA
blacklist ${HOME}/.cache/MusicBrainz
blacklist ${HOME}/.cache/NewsFlashGTK
blacklist ${HOME}/.cache/Otter
blacklist ${HOME}/.cache/QuiteRss
blacklist ${HOME}/.cache/Shortwave
blacklist ${HOME}/.cache/Tox
Expand Down
57 changes: 57 additions & 0 deletions etc/profile-m-z/otter-browser.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
# Firejail profile for otter-browser
# Description: Lightweight web browser based on Qt5
# This file is overwritten after every install/update
# Persistent local customizations
include otter-browser.local
# Persistent global definitions
include globals.local

?BROWSER_ALLOW_DRM: ignore noexec ${HOME}

noblacklist ${HOME}/.pki
noblacklist ${HOME}/.local/share/pki
noblacklist ${HOME}/.cache/Otter
noblacklist ${HOME}/.config/otter

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alphabetise

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

include disable-xdg.inc?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sort.py keeps copying each line twice!


mkdir ${HOME}/.pki
mkdir ${HOME}/.cache/Otter
mkdir ${HOME}/.config/otter
mkdir ${HOME}/.local/share/pki
whitelist ${DOWNLOADS}
whitelist ${HOME}/.pki
whitelist ${HOME}/.cache/Otter
whitelist ${HOME}/.config/otter
whitelist ${HOME}/.local/share/pki
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also alphabetise

whitelist /usr/share/otter-browser
include whitelist-common.inc
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc

apparmor
caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
notv
?BROWSER_DISABLE_U2F: nou2f
protocol unix,inet,inet6,netlink
seccomp !chroot
shell none

disable-mnt
private-cache
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is a private-bin possible?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

private-bin will break right-clicking Downloads and opening files among other things. Opera,Falkon,Firefox Chromium-common, all have none or commented. Do you want me to add the basic stuff like otter,sh,bash,which?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will break right-clicking Downloads and opening files

I don't think we support this for other browsers

Opera,Falkon,Firefox Chromium-common

The reason is that the most distros ship custom/own shell-scripts to start firefox.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll add the above private-bin.

?BROWSER_DISABLE_U2F: private-dev
private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
private-tmp

dbus-system none
1 change: 1 addition & 0 deletions src/firecfg/firecfg.config
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -547,6 +547,7 @@ opera
opera-beta
orage
ostrichriders
otter-browser
out123
palemoon
#pandoc
Expand Down