Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New profile: koi #6329

Draft
wants to merge 7 commits into
base: master
Choose a base branch
from
Draft

New profile: koi #6329

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
87c5e1e
Create koi.profile
toboil-features May 4, 2024
b3e294b
Update firecfg.config
toboil-features May 4, 2024
cbf372b
Update koi.profile
toboil-features Jul 14, 2024
28d5a4f
Merge branch 'netblue30:master' into koi-profile
toboil-features Jul 14, 2024
540e1a1
Merge branch 'netblue30:master' into koi-profile
toboil-features Aug 19, 2024
9b8dc96
Update koi.profile
toboil-features Aug 19, 2024
03b8343
Removed DBUS stuff
toboil-features Aug 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions etc/profile-a-l/koi.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Firejail profile for koi
# Description: Theme scheduling for the KDE Plasma Desktop
# This file is overwritten after every install/update
# Persistent local customizations
include koi.local
# Persistent global definitions
include globals.local

# Restriction below breaks program on Arch.
#include disable-common.inc

include disable-devel.inc
Comment on lines +9 to +12
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# Restriction below breaks program on Arch.
#include disable-common.inc
include disable-devel.inc
include disable-common.inc
include disable-devel.inc

disable-common.inc is a rather important include.

I'd suggest including it and commenting lines in it until you find which ones
are causing problems.

Then for the relevant lines add ignore <entry> before the include.

include disable-exec.inc
include disable-interpreters.inc
include disable-proc.inc
include disable-programs.inc
include disable-xdg.inc

apparmor
caps.drop all
ipc-namespace
machine-id
# Add 'net none' to your koi.local if you don't use Sunset/Sunrise feature.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add netfilter below this line.

no3d
nodvd
nogroups
noinput
nonewprivs
noprinters
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
seccomp.block-secondary

disable-mnt
private-cache
private-dev
private-etc @network,@tls-ca,@X11,mime.types
private-tmp

glitsj16 marked this conversation as resolved.
Show resolved Hide resolved
dbus-user filter
dbus-user.talk org.kde.*
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
dbus-user.talk org.kde.*

This seems overly broad and may allow escaping the sandbox.

Try to figure out more specifically what dbus names the program actually
uses/needs.

dbus-user.talk org.kde.KWin
dbus-user.talk org.kde.StatusNotifierItem
dbus-system none

deterministic-shutdown
memory-deny-write-execute
restrict-namespaces cgroup,ipc,net,mnt,pid,time,user,uts
1 change: 1 addition & 0 deletions src/firecfg/firecfg.config
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -489,6 +489,7 @@ kmail
kmplayer
knotes
kodi
koi
konversation
kopete
koreader
Expand Down
Loading