From 3d9f936f6dfd30bb6e9bc71da1404894e9bd1040 Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Sun, 4 Apr 2021 22:09:03 +0400 Subject: [PATCH 01/23] Add Sway profile --- etc/profile-a-l/sway.profile | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 etc/profile-a-l/sway.profile diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile new file mode 100644 index 00000000000..25de712d576 --- /dev/null +++ b/etc/profile-a-l/sway.profile @@ -0,0 +1,17 @@ +# Firejail profile for Sway +# Description: i3-compatible Wayland compositor +# This file is overwritten after every install/update +# Persistent local customizations +include sway.local +# Persistent global definitions +include globals.local + +# all applications started in sway will run in this profile +noblacklist ${HOME}/.config/sway +include disable-common.inc + +caps.drop all +netfilter +noroot +protocol unix,inet,inet6 +seccomp From 97f0eca1e9432da4aaee61ef87be4e5295e05f85 Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Sun, 4 Apr 2021 22:19:35 +0400 Subject: [PATCH 02/23] Fix issue Not working then including firefox-common-addons.profile --- etc/profile-a-l/librewolf.profile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 5208cb9792a..22712c9342c 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -19,6 +19,8 @@ whitelist ${HOME}/.librewolf #noblacklist ${HOME}/.mozilla #whitelist ${HOME}/.mozilla +include whitelist-usr-share-common.inc + # librewolf requires a shell to launch on Arch. We can possibly remove sh though. #private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which # private-etc must first be enabled in firefox-common.profile From 1e8e390a57a40c2f6b4c457d7fd9c8f627ed6384 Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Mon, 5 Apr 2021 01:17:02 +0400 Subject: [PATCH 03/23] Allow sway's fallback config --- etc/inc/disable-common.inc | 1 + etc/profile-a-l/sway.profile | 2 ++ 2 files changed, 3 insertions(+) diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 52534a9e9b5..35f89e11b87 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc @@ -34,6 +34,7 @@ blacklist ${HOME}/.config/autostart blacklist ${HOME}/.config/autostart-scripts blacklist ${HOME}/.config/awesome blacklist ${HOME}/.config/i3 +blacklist ${HOME}/.config/sway blacklist ${HOME}/.config/lxsession/LXDE/autostart blacklist ${HOME}/.config/openbox blacklist ${HOME}/.config/plasma-workspace diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile index 25de712d576..4637419bf31 100644 --- a/etc/profile-a-l/sway.profile +++ b/etc/profile-a-l/sway.profile @@ -8,6 +8,8 @@ include globals.local # all applications started in sway will run in this profile noblacklist ${HOME}/.config/sway +# sway uses ~/.config/i3 as fallback if there is no ~/.config/sway +noblacklist ${HOME}/.config/i3 include disable-common.inc caps.drop all From 146c8191ed736e05600c440cb0162e3748ea6874 Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Mon, 5 Apr 2021 02:44:53 +0400 Subject: [PATCH 04/23] So I agree with @glitsj16 and @BL4CKH47H4CK3R so.. `No its not needed as it reveals lots of important /usr/share folders like /usr/share/fonts which can used for font fingerprinting and OS detection. Like the site or attacker will know that which font you are using. Linux and windows common font are not same so its a problem. Besides there are so many other important folders as I see. Librewolf can launch and work perfectly without this options` --- etc/profile-a-l/librewolf.profile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 22712c9342c..0767aacc2d6 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -19,7 +19,11 @@ whitelist ${HOME}/.librewolf #noblacklist ${HOME}/.mozilla #whitelist ${HOME}/.mozilla -include whitelist-usr-share-common.inc +whitelist /usr/share/doc +whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini +whitelist /usr/share/gtk-doc/html +whitelist /usr/share/mozilla +whitelist /usr/share/webext # librewolf requires a shell to launch on Arch. We can possibly remove sh though. #private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which From 2bd2fc1789fb70f9ad8df593a87e8bab9134e8d4 Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Tue, 6 Apr 2021 00:47:08 +0400 Subject: [PATCH 05/23] well.. Revert `include whitelist-usr-share-common.inc` Sync with Firefox profile --- etc/profile-a-l/librewolf.profile | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 0767aacc2d6..032ccea0d15 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -19,16 +19,40 @@ whitelist ${HOME}/.librewolf #noblacklist ${HOME}/.mozilla #whitelist ${HOME}/.mozilla +# Uncomment or put in your librewolf.local one of the following whitelist to enable KeePassXC Plugin +# NOTE: start KeePassXC before Librewolf and keep it open to allow communication between them +#whitelist ${RUNUSER}/kpxc_server +#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer + whitelist /usr/share/doc -whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini whitelist /usr/share/gtk-doc/html whitelist /usr/share/mozilla whitelist /usr/share/webext -# librewolf requires a shell to launch on Arch. We can possibly remove sh though. -#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which +# librewolf requires a shell to launch on Arch. +#private-bin bash,dbus-launch,dbus-send,env,librewolf,sh,which +# Fedora use shell scripts to launch librewolf, at least this is required +#private-bin basename,bash,cat,dirname,expr,false,librewolf,getenforce,ln,mkdir,pidof,restorecon,rm,rmdir,sed,sh,tclsh,true,uname # private-etc must first be enabled in firefox-common.profile #private-etc librewolf +dbus-user filter +# Uncomment or put in your librewolf.local to enable native notifications. +#dbus-user.talk org.freedesktop.Notifications +# Uncomment or put in your librewolf.local to allow to inhibit screensavers +#dbus-user.talk org.freedesktop.ScreenSaver +# Uncomment or put in your librewolf.local for plasma browser integration +#dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration +#dbus-user.talk org.kde.JobViewServer +#dbus-user.talk org.kde.kuiserver +# Uncomment or put in your librewolf.local to allow screen sharing under wayland. +#whitelist ${RUNUSER}/pipewire-0 +#dbus-user.talk org.freedesktop.portal.* +# Also uncomment or put in your librewolf.local if screen sharing sharing still +# does not work with the above lines (might depend on the portal +# implementation) +#ignore noroot +ignore dbus-user none + # Redirect include firefox-common.profile From 6afe467904dbada30207cbfd80081b512d39748e Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Tue, 6 Apr 2021 00:58:50 +0400 Subject: [PATCH 06/23] =?UTF-8?q?=F0=9F=98=84=20What=20just=20hapened?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- etc/profile-a-l/librewolf.profile | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 032ccea0d15..f4300481482 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -28,6 +28,7 @@ whitelist /usr/share/doc whitelist /usr/share/gtk-doc/html whitelist /usr/share/mozilla whitelist /usr/share/webext +include whitelist-usr-share-common.inc # librewolf requires a shell to launch on Arch. #private-bin bash,dbus-launch,dbus-send,env,librewolf,sh,which From f2c8d741cf56381e1896160de07673e8853a315a Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Tue, 6 Apr 2021 23:00:10 +0400 Subject: [PATCH 07/23] =?UTF-8?q?=F0=9F=94=84=20Sync=20with=20upstream?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- etc/profile-a-l/librewolf.profile | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index f4300481482..ab21524c7a8 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -14,8 +14,7 @@ mkdir ${HOME}/.librewolf whitelist ${HOME}/.cache/librewolf whitelist ${HOME}/.librewolf -# Uncomment (or add to librewolf.local) the following lines if you want to -# use the migration wizard. +# Add the next lines to your librewolf.local if you want to use the migration wizard. #noblacklist ${HOME}/.mozilla #whitelist ${HOME}/.mozilla @@ -30,11 +29,11 @@ whitelist /usr/share/mozilla whitelist /usr/share/webext include whitelist-usr-share-common.inc -# librewolf requires a shell to launch on Arch. -#private-bin bash,dbus-launch,dbus-send,env,librewolf,sh,which -# Fedora use shell scripts to launch librewolf, at least this is required -#private-bin basename,bash,cat,dirname,expr,false,librewolf,getenforce,ln,mkdir,pidof,restorecon,rm,rmdir,sed,sh,tclsh,true,uname -# private-etc must first be enabled in firefox-common.profile +# librewolf requires a shell to launch on Arch. We can possibly remove sh though. +# Add the next line to your librewolf.local to enable private-bin. +#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which +# Add the next line to your librewolf.local to enable private-etc. Note +# that private-etc must first be enabled in firefox-common.local. #private-etc librewolf dbus-user filter From 7799b696bb77a860e32495e1dd96a0b5c96449a5 Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Wed, 7 Apr 2021 01:06:10 +0400 Subject: [PATCH 08/23] Merge tested from PR --- etc/profile-a-l/librewolf-nightly.profile | 3 +++ etc/profile-a-l/librewolf.profile | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/etc/profile-a-l/librewolf-nightly.profile b/etc/profile-a-l/librewolf-nightly.profile index e6c3da60877..72df5a52aad 100644 --- a/etc/profile-a-l/librewolf-nightly.profile +++ b/etc/profile-a-l/librewolf-nightly.profile @@ -6,5 +6,8 @@ include librewolf-nightly.local # added by included profile #include globals.local +# Add the next line to your librewolf-nightly.local to enable private-bin. +#private-bin librewolf-nightly + # Redirect include librewolf.profile diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index ab21524c7a8..3b7038a8216 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -31,7 +31,7 @@ include whitelist-usr-share-common.inc # librewolf requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your librewolf.local to enable private-bin. -#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which +#private-bin dbus-launch,dbus-send,librewolf,sh # Add the next line to your librewolf.local to enable private-etc. Note # that private-etc must first be enabled in firefox-common.local. #private-etc librewolf From abf26d1149b4ae7fe03597b1f8a5935837eeebac Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Thu, 8 Apr 2021 19:15:34 +0400 Subject: [PATCH 09/23] =?UTF-8?q?=F0=9F=94=84=20Sync=20with=20upstream?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- etc/profile-a-l/librewolf.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 3b7038a8216..ab21524c7a8 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -31,7 +31,7 @@ include whitelist-usr-share-common.inc # librewolf requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your librewolf.local to enable private-bin. -#private-bin dbus-launch,dbus-send,librewolf,sh +#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which # Add the next line to your librewolf.local to enable private-etc. Note # that private-etc must first be enabled in firefox-common.local. #private-etc librewolf From 1d8c94c07a8e35f27e9abf0ec0c00e5accd1894f Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Thu, 8 Apr 2021 21:50:43 +0400 Subject: [PATCH 10/23] Merge tested from PR --- etc/profile-a-l/librewolf.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index ab21524c7a8..3b7038a8216 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -31,7 +31,7 @@ include whitelist-usr-share-common.inc # librewolf requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your librewolf.local to enable private-bin. -#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which +#private-bin dbus-launch,dbus-send,librewolf,sh # Add the next line to your librewolf.local to enable private-etc. Note # that private-etc must first be enabled in firefox-common.local. #private-etc librewolf From 6ac9bb572f957f6a29d5a12e505f0ea7d06a9ec8 Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Thu, 8 Apr 2021 21:59:35 +0400 Subject: [PATCH 11/23] Revert changes --- etc/profile-a-l/librewolf.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 3b7038a8216..ab21524c7a8 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -31,7 +31,7 @@ include whitelist-usr-share-common.inc # librewolf requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your librewolf.local to enable private-bin. -#private-bin dbus-launch,dbus-send,librewolf,sh +#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which # Add the next line to your librewolf.local to enable private-etc. Note # that private-etc must first be enabled in firefox-common.local. #private-etc librewolf From b578b79b3562355a927f88738458dd90bafe0b0e Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Sun, 4 Apr 2021 22:09:03 +0400 Subject: [PATCH 12/23] Add Sway profile --- etc/profile-a-l/sway.profile | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 etc/profile-a-l/sway.profile diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile new file mode 100644 index 00000000000..25de712d576 --- /dev/null +++ b/etc/profile-a-l/sway.profile @@ -0,0 +1,17 @@ +# Firejail profile for Sway +# Description: i3-compatible Wayland compositor +# This file is overwritten after every install/update +# Persistent local customizations +include sway.local +# Persistent global definitions +include globals.local + +# all applications started in sway will run in this profile +noblacklist ${HOME}/.config/sway +include disable-common.inc + +caps.drop all +netfilter +noroot +protocol unix,inet,inet6 +seccomp From 5e8a7e708b8e014a3d950a55da13ed6ddd18933e Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Sun, 4 Apr 2021 22:19:35 +0400 Subject: [PATCH 13/23] Fix issue Not working then including firefox-common-addons.profile --- etc/profile-a-l/librewolf.profile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 8e891a930be..e6fb721d818 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -18,6 +18,8 @@ whitelist ${HOME}/.librewolf #noblacklist ${HOME}/.mozilla #whitelist ${HOME}/.mozilla +include whitelist-usr-share-common.inc + # librewolf requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your librewolf.local to enable private-bin. #private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which From 6d975f176a1e4aa032ae3e783d8005824566f015 Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Mon, 5 Apr 2021 01:17:02 +0400 Subject: [PATCH 14/23] Allow sway's fallback config --- etc/inc/disable-common.inc | 1 + etc/profile-a-l/sway.profile | 2 ++ 2 files changed, 3 insertions(+) diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 52534a9e9b5..35f89e11b87 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc @@ -34,6 +34,7 @@ blacklist ${HOME}/.config/autostart blacklist ${HOME}/.config/autostart-scripts blacklist ${HOME}/.config/awesome blacklist ${HOME}/.config/i3 +blacklist ${HOME}/.config/sway blacklist ${HOME}/.config/lxsession/LXDE/autostart blacklist ${HOME}/.config/openbox blacklist ${HOME}/.config/plasma-workspace diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile index 25de712d576..4637419bf31 100644 --- a/etc/profile-a-l/sway.profile +++ b/etc/profile-a-l/sway.profile @@ -8,6 +8,8 @@ include globals.local # all applications started in sway will run in this profile noblacklist ${HOME}/.config/sway +# sway uses ~/.config/i3 as fallback if there is no ~/.config/sway +noblacklist ${HOME}/.config/i3 include disable-common.inc caps.drop all From adea76c97ad1213f160b298259ae024091c7ae02 Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Mon, 5 Apr 2021 02:44:53 +0400 Subject: [PATCH 15/23] So I agree with @glitsj16 and @BL4CKH47H4CK3R so.. `No its not needed as it reveals lots of important /usr/share folders like /usr/share/fonts which can used for font fingerprinting and OS detection. Like the site or attacker will know that which font you are using. Linux and windows common font are not same so its a problem. Besides there are so many other important folders as I see. Librewolf can launch and work perfectly without this options` --- etc/profile-a-l/librewolf.profile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index e6fb721d818..5dcfebb96bd 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -18,7 +18,11 @@ whitelist ${HOME}/.librewolf #noblacklist ${HOME}/.mozilla #whitelist ${HOME}/.mozilla -include whitelist-usr-share-common.inc +whitelist /usr/share/doc +whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini +whitelist /usr/share/gtk-doc/html +whitelist /usr/share/mozilla +whitelist /usr/share/webext # librewolf requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your librewolf.local to enable private-bin. From 25e0946caa5292fcdc2c30ef3515d5e351c0332f Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Tue, 6 Apr 2021 00:47:08 +0400 Subject: [PATCH 16/23] =?UTF-8?q?=F0=9F=94=84=20Rebase?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- etc/profile-a-l/librewolf.profile | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 5dcfebb96bd..b3d124d3be6 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -18,18 +18,40 @@ whitelist ${HOME}/.librewolf #noblacklist ${HOME}/.mozilla #whitelist ${HOME}/.mozilla +# Uncomment or put in your librewolf.local one of the following whitelist to enable KeePassXC Plugin +# NOTE: start KeePassXC before Librewolf and keep it open to allow communication between them +#whitelist ${RUNUSER}/kpxc_server +#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer + whitelist /usr/share/doc -whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini whitelist /usr/share/gtk-doc/html whitelist /usr/share/mozilla whitelist /usr/share/webext # librewolf requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your librewolf.local to enable private-bin. -#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which +#private-bin dbus-launch,dbus-send,librewolf,sh # Add the next line to your librewolf.local to enable private-etc. Note # that private-etc must first be enabled in firefox-common.local. #private-etc librewolf +dbus-user filter +# Uncomment or put in your librewolf.local to enable native notifications. +#dbus-user.talk org.freedesktop.Notifications +# Uncomment or put in your librewolf.local to allow to inhibit screensavers +#dbus-user.talk org.freedesktop.ScreenSaver +# Uncomment or put in your librewolf.local for plasma browser integration +#dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration +#dbus-user.talk org.kde.JobViewServer +#dbus-user.talk org.kde.kuiserver +# Uncomment or put in your librewolf.local to allow screen sharing under wayland. +#whitelist ${RUNUSER}/pipewire-0 +#dbus-user.talk org.freedesktop.portal.* +# Also uncomment or put in your librewolf.local if screen sharing sharing still +# does not work with the above lines (might depend on the portal +# implementation) +#ignore noroot +ignore dbus-user none + # Redirect include firefox-common.profile From c11f21a9e934c7a29ce1463c825216a865c2a37a Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Tue, 6 Apr 2021 00:58:50 +0400 Subject: [PATCH 17/23] =?UTF-8?q?=F0=9F=98=84=20What=20just=20hapened?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- etc/profile-a-l/librewolf.profile | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index b3d124d3be6..3b7038a8216 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -27,6 +27,7 @@ whitelist /usr/share/doc whitelist /usr/share/gtk-doc/html whitelist /usr/share/mozilla whitelist /usr/share/webext +include whitelist-usr-share-common.inc # librewolf requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your librewolf.local to enable private-bin. From 5aedd492e6f470fc7fce822183efa44e05ad68f3 Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Wed, 7 Apr 2021 01:06:10 +0400 Subject: [PATCH 18/23] Merge tested from PR --- etc/profile-a-l/librewolf-nightly.profile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/etc/profile-a-l/librewolf-nightly.profile b/etc/profile-a-l/librewolf-nightly.profile index e6c3da60877..72df5a52aad 100644 --- a/etc/profile-a-l/librewolf-nightly.profile +++ b/etc/profile-a-l/librewolf-nightly.profile @@ -6,5 +6,8 @@ include librewolf-nightly.local # added by included profile #include globals.local +# Add the next line to your librewolf-nightly.local to enable private-bin. +#private-bin librewolf-nightly + # Redirect include librewolf.profile From d5a29c2764552def5eff555f0388ebefe9988fab Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Thu, 8 Apr 2021 19:15:34 +0400 Subject: [PATCH 19/23] =?UTF-8?q?=F0=9F=94=84=20Sync=20with=20upstream?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- etc/profile-a-l/librewolf.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 3b7038a8216..ab21524c7a8 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -31,7 +31,7 @@ include whitelist-usr-share-common.inc # librewolf requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your librewolf.local to enable private-bin. -#private-bin dbus-launch,dbus-send,librewolf,sh +#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which # Add the next line to your librewolf.local to enable private-etc. Note # that private-etc must first be enabled in firefox-common.local. #private-etc librewolf From e9111f27b3bf601ecd6ca2a15f42615dc46b7bb5 Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Thu, 8 Apr 2021 21:50:43 +0400 Subject: [PATCH 20/23] Merge tested from PR --- etc/profile-a-l/librewolf.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index ab21524c7a8..3b7038a8216 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -31,7 +31,7 @@ include whitelist-usr-share-common.inc # librewolf requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your librewolf.local to enable private-bin. -#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which +#private-bin dbus-launch,dbus-send,librewolf,sh # Add the next line to your librewolf.local to enable private-etc. Note # that private-etc must first be enabled in firefox-common.local. #private-etc librewolf From 737c1bd791ea587ee87bad722d3a7885e88fc45d Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Thu, 8 Apr 2021 21:59:35 +0400 Subject: [PATCH 21/23] Revert changes --- etc/profile-a-l/librewolf.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 3b7038a8216..ab21524c7a8 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -31,7 +31,7 @@ include whitelist-usr-share-common.inc # librewolf requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your librewolf.local to enable private-bin. -#private-bin dbus-launch,dbus-send,librewolf,sh +#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which # Add the next line to your librewolf.local to enable private-etc. Note # that private-etc must first be enabled in firefox-common.local. #private-etc librewolf From 3ae7a2e650b7d4140ac16afdef2bbf84f86ddec2 Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Sun, 18 Apr 2021 20:25:27 +0400 Subject: [PATCH 22/23] Update --- etc/profile-a-l/librewolf.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index ab21524c7a8..3b7038a8216 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -31,7 +31,7 @@ include whitelist-usr-share-common.inc # librewolf requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your librewolf.local to enable private-bin. -#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which +#private-bin dbus-launch,dbus-send,librewolf,sh # Add the next line to your librewolf.local to enable private-etc. Note # that private-etc must first be enabled in firefox-common.local. #private-etc librewolf From 807fea82aef66b9b988bf65a7d00970d2268c01b Mon Sep 17 00:00:00 2001 From: Vladislav Nepogodin Date: Tue, 20 Apr 2021 00:01:35 +0400 Subject: [PATCH 23/23] Update librewolf.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> --- etc/profile-a-l/librewolf.profile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 3b7038a8216..0934e127160 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile @@ -29,8 +29,7 @@ whitelist /usr/share/mozilla whitelist /usr/share/webext include whitelist-usr-share-common.inc -# librewolf requires a shell to launch on Arch. We can possibly remove sh though. -# Add the next line to your librewolf.local to enable private-bin. +# Add the next line to your librewolf.local to enable private-bin (Arch Linux). #private-bin dbus-launch,dbus-send,librewolf,sh # Add the next line to your librewolf.local to enable private-etc. Note # that private-etc must first be enabled in firefox-common.local.