Firejail profile request for vesktop netblue30/firejail#1139 (comment)
I've installed vesktop-bin for creating/testing a profile for vesktop. Here are instructions to test that on your system with Firejail 0.9.72.
(1) Copy vesktop.profile to your ~/.config/firejail directory (which might need to be created if that doesn't exist).
(2) Check if your kernel supports unprivileged user namespaces:
$ unshare -U echo enabled
| # Maintainer: Radoslav Georgiev <rgeorgiev583@gmail.com> | |
| # Contributor: Felix Golatofski <contact@xdfr.de> | |
| # Contributor: hellwoofa (at arcor dot de) | |
| _pkgname=xbindkeys_config | |
| pkgname=${_pkgname}-gtk2 | |
| pkgver=0.1.4 | |
| pkgrel=1 | |
| pkgdesc="XBindKeys_Config is an easy to use GTK2 program for configuring Xbindkeys." | |
| arch=(i686 x86_64) | |
| url="https://github.com/rgeorgiev583/xbindkeys_config" |
| # Maintainer: Helle Vaanzinn <glitsj16@riseup.net> | |
| _pkgbase=mplayer | |
| pkgname=("${_pkgbase}-svn" 'mencoder-svn') | |
| pkgver=38522 | |
| pkgrel=1 | |
| arch=(x86_64) | |
| license=('GPL') | |
| url="https://www.mplayerhq.hu/" | |
| makedepends=('a52dec' 'aalib' 'alsa-lib' 'desktop-file-utils' 'enca' |
| # Firejail profile for loupe | |
| # Description: GNOME's modern Image Viewer program | |
| # This file is overwritten after every install/update | |
| # Persistent local customizations | |
| include loupe.local | |
| # Persistent global definitions | |
| include globals.local | |
| noblacklist ${HOME}/.local/share/Trash | |
| noblacklist ${HOME}/.Steam |
| --- a/data/interface/manager_window.ui | |
| +++ b/data/interface/manager_window.ui | |
| @@ -679,7 +679,7 @@ | |
| </child> | |
| <child> | |
| <object class="GtkLabel" id="licenses_label"> | |
| - <property name="visible">True</property> | |
| + <property name="visible">False</property> | |
| <property name="can_focus">False</property> | |
| <property name="halign">start</property> |
| # pacman 6.1 LDFLAGS break the build due to the extra '-Wl's | |
| #LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now \ | |
| # -Wl,-z,pack-relative-relocs" | |
| LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now,-z,pack-relative-relocs" | |
| $ makechrootpkg -- -rs | |
| ... | |
| Checking for ffmpeg/libavcodec/allcodecs.c ... not found | |
| Checking for ffmpeg/libavcodec/hwaccels.h ... not found |
| checking for gcc... gcc | |
| checking whether the C compiler works... yes | |
| checking for C compiler default output file name... a.out | |
| checking for suffix of executables... | |
| checking whether we are cross compiling... no | |
| checking for suffix of object files... o | |
| checking whether the compiler supports GNU C... yes | |
| checking whether gcc accepts -g... yes | |
| checking for gcc option to enable C11 features... none needed | |
| checking whether gcc understands -c and -o together... yes |
| $ cat /etc/firejail/firefox.local | |
| # testing https://github.com/netblue30/firejail/issues/6195 | |
| # with firejail from git @ | |
| # https://github.com/netblue30/firejail/commit/760f50f78ad13664d7a32b4577381c0341ab2d4a | |
| # | |
| # test 02 :: WITHOUT including landlock-common.inc | |
| # | |
| # $ firejail --debug --profile=firefox --landlock.enforce true | |
| # move our local overrides out of the way while testing |
| $ cat /etc/firejail/firefox.local | |
| # testing https://github.com/netblue30/firejail/issues/6195 | |
| # with firejail from git @ | |
| # https://github.com/netblue30/firejail/commit/760f50f78ad13664d7a32b4577381c0341ab2d4a | |
| # | |
| # test 01 :: including landlock-common.inc | |
| # | |
| # $ firejail --debug --profile=firefox --landlock.enforce true | |
| # move our local overrides out of the way while testing |
| $ gcc --version | head -n 1 | |
| gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0 | |
| $ ./configure \ | |
| --prefix=/usr \ | |
| --enable-analyzer \ | |
| --enable-apparmor \ | |
| --enable-landlock \ | |
| --enable-private-lib | |
| checking for gcc... gcc |