glitsj16

## linuxqq.profile
# Firejail profile for linuxqq
# Description: IM client based on Electron
# This file is overwritten after every install/update
# Persistent local customizations
include linuxqq.local
# Persistent global definitions
include globals.local

# REMINDER: add counterpart `blacklist ${HOME}/.config/QQ` to `disable-programs.inc`
noblacklist ${HOME}/.config/QQ

## README.md

      
              4 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                glitsj16
                / README.md
            
            
              Last active
              December 19, 2022 07:22
            
              
                Experimental Firejail profiles for ssmtp
              
          
    Inspired by netblue30/firejail#5525.
The sandbox is very restrictive (whitelisting type) and in my preliminary tests everything seems to be working as expected. There is one (minor) glitch though. It concerns the dead.letter file that MTA's produce when something went wrong in processing mail requests. Which is a good thing. Using the mkfile ${HOME}/dead.letter option in ssmtp.profile that file is _always_created in the filesystem, regardless of the processing being succesful or not. Having the choice between (1) creating a weaker sandbox (by ditching the whitelisting and avoiding the potential false positive) and (2) a more hardened sandbox, I opted for the latter. If you happen to create a shell wrapper to sandbox ssmtp via Firejail anyway, it's only a few extra lines to check for a zero-sized ${HOME}/dead.letter file and remove it after ssmtp is done. See the provided ssmtp file for an example.
NOTES:
The restricted-namespaces option is currently not available in

  
## postman.profile
# Firejail profile for postman
# Description: Build, test, and document your APIs faster
# This file is overwritten after every install/update
quiet
# Persistent local customizations
include postman.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/.config/Postman

## psd-6_47-fix
profile-sync-daemon version 6.47 [0] changed VOLATILE from "$XDG_RUNTIME_DIR" to "$XDG_RUNTIME_DIR/psd".
A fix [1] is merged in the Firejail git repo.
Until this comes down through your distro's package you can either make the
implemented changes in your .local files or build firejail from git [2].

$ cat ~/.config/firejail/disable-programs.local
blacklist ${RUNUSER}/psd/*firefox*

$ cat ~/.config/firejail/firefox.local
noblacklist ${RUNUSER}/psd/*firefox*

## fj-issue-5032.profile
# Firejail profile for issue testing
# Persistent local customizations

# https://github.com/netblue30/firejail/issues/5032
private ${HOME}/Data/jail
whitelist ${HOME}/Data/jail/Downloads

# noexec ${HOME} breaks DRM binaries
ignore noexec ${HOME}

## mupdf.local
# Firejail :: persistent local customizations for mupdf.profile

# blacklisted in globals.local
# globals.local isn't included in mupdf.profile <-- BUG
noblacklist /mnt/lab16.sda3/user/Desktop
include globals.local

# blacklisted in disable-xdg.local
noblacklist ${DESKTOP}
ignore noblacklist ${DOCUMENTS}

## notable.profile
# Firejail profile for notable
# Description: The Markdown-based note-taking app that doesn't suck
# This file is overwritten after every install/update
# Persistent local customizations
include notable.local
# Persistent global definitions
include globals.local

# Note: On debian-based distributions the binary might be located in
# /opt/Notable/notable, and therefore not be in PATH.

## notable.profile
# Firejail profile for notable
# Description: The Markdown-based note-taking app that doesn't suck
# This file is overwritten after every install/update
# Persistent local customizations
include notable.local
# Persistent global definitions
include globals.local

# Note: On debian-based distributions the binary might be located in
# /opt/Notable/notable, and therefore not be in PATH.

## PKGBUILD
# Maintainer: Jonathon Fernyhough <jonathon+m2x.dev>
# Contributor: Luke Horwell <code@horwell.me>
# Contributor: Tomasz Gąsior <tomaszgasior.pl>

# This file is based on original PKGBUILD of GTK3 package.
# https://git.archlinux.org/svntogit/packages.git/plain/trunk/PKGBUILD?h=packages/gtk3

__arch_pkg_commit="408873e9af613dc26f6d434fe489735fb8c5de75"
_gtkver=3.24.29

## PKGBUILD
# Maintainer: Helle Vaanzinn <glitsj16@riseup.net>

_pkgname=firecfg.py
pkgname=${_pkgname}-git
pkgver=r21.e577b6c
pkgrel=1
pkgdesc="An improved firecfg written in python - git version"
arch=('any')
url="https://github.com/rusty-snake/firecfg.py"
license=('GPL3')
	# Firejail profile for linuxqq
	# Description: IM client based on Electron
	# This file is overwritten after every install/update
	# Persistent local customizations
	include linuxqq.local
	# Persistent global definitions
	include globals.local

	# REMINDER: add counterpart `blacklist ${HOME}/.config/QQ` to `disable-programs.inc`
	noblacklist ${HOME}/.config/QQ
	# Firejail profile for postman
	# Description: Build, test, and document your APIs faster
	# This file is overwritten after every install/update
	quiet
	# Persistent local customizations
	include postman.local
	# Persistent global definitions
	include globals.local

	noblacklist ${HOME}/.config/Postman
	profile-sync-daemon version 6.47 [0] changed VOLATILE from "$XDG_RUNTIME_DIR" to "$XDG_RUNTIME_DIR/psd".
	A fix [1] is merged in the Firejail git repo.
	Until this comes down through your distro's package you can either make the
	implemented changes in your .local files or build firejail from git [2].

	$ cat ~/.config/firejail/disable-programs.local
	blacklist ${RUNUSER}/psd/firefox

	$ cat ~/.config/firejail/firefox.local
	noblacklist ${RUNUSER}/psd/firefox
	# Firejail profile for issue testing
	# Persistent local customizations

	# https://github.com/netblue30/firejail/issues/5032
	private ${HOME}/Data/jail
	whitelist ${HOME}/Data/jail/Downloads

	# noexec ${HOME} breaks DRM binaries
	ignore noexec ${HOME}
	# Firejail :: persistent local customizations for mupdf.profile

	# blacklisted in globals.local
	# globals.local isn't included in mupdf.profile <-- BUG
	noblacklist /mnt/lab16.sda3/user/Desktop
	include globals.local

	# blacklisted in disable-xdg.local
	noblacklist ${DESKTOP}
	ignore noblacklist ${DOCUMENTS}
	# Firejail profile for notable
	# Description: The Markdown-based note-taking app that doesn't suck
	# This file is overwritten after every install/update
	# Persistent local customizations
	include notable.local
	# Persistent global definitions
	include globals.local

	# Note: On debian-based distributions the binary might be located in
	# /opt/Notable/notable, and therefore not be in PATH.
	# Maintainer: Jonathon Fernyhough <jonathon+m2x.dev>
	# Contributor: Luke Horwell <code@horwell.me>
	# Contributor: Tomasz Gąsior <tomaszgasior.pl>

	# This file is based on original PKGBUILD of GTK3 package.
	# https://git.archlinux.org/svntogit/packages.git/plain/trunk/PKGBUILD?h=packages/gtk3

	__arch_pkg_commit="408873e9af613dc26f6d434fe489735fb8c5de75"
	_gtkver=3.24.29
	# Maintainer: Helle Vaanzinn <glitsj16@riseup.net>

	_pkgname=firecfg.py
	pkgname=${_pkgname}-git
	pkgver=r21.e577b6c
	pkgrel=1
	pkgdesc="An improved firecfg written in python - git version"
	arch=('any')
	url="https://github.com/rusty-snake/firecfg.py"
	license=('GPL3')