Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

reorganizing links browsers #4320

Merged
merged 24 commits into from
May 31, 2021
Merged
Show file tree
Hide file tree
Changes from 18 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions etc/inc/disable-programs.inc
Original file line number Diff line number Diff line change
Expand Up @@ -589,6 +589,7 @@ blacklist ${HOME}/.kodi
blacklist ${HOME}/.librewolf
blacklist ${HOME}/.lincity-ng
blacklist ${HOME}/.links
blacklist ${HOME}/.links2
blacklist ${HOME}/.linphone-history.db
blacklist ${HOME}/.linphonerc
blacklist ${HOME}/.lmmsrc.xml
Expand Down
38 changes: 6 additions & 32 deletions etc/profile-a-l/elinks.profile
Original file line number Diff line number Diff line change
@@ -1,44 +1,18 @@
# Firejail profile for elinks
# Description: Advanced text-mode WWW browser
# This file is overwritten after every install/update
quiet
# Persistent local customizations
include elinks.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/.elinks

blacklist /tmp/.X11-unix
blacklist ${RUNUSER}/wayland-*
mkdir ${HOME}/.elinks
whitelist ${HOME}/.elinks

include disable-common.inc
include disable-devel.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc
private-bin elinks

include whitelist-runuser-common.inc

caps.drop all
netfilter
no3d
nodvd
nogroups
noinput
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
tracelog

# private-bin elinks
private-cache
private-dev
# private-etc alternatives,ca-certificates,crypto-policies,pki,ssl
private-tmp
# Redirect
include links-common.profile
63 changes: 63 additions & 0 deletions etc/profile-a-l/links-common.profile
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# This file is overwritten during software install.
# Persistent customizations should go in a .local file.
include links-common.local

# common profile for links browsers

blacklist /tmp/.X11-unix
blacklist ${RUNUSER}/wayland-*

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
# Additional noblacklist files/directories (blacklisted in disable-programs.inc)
# used as associated programs can be added in your links-common.local.
include disable-programs.inc
include disable-xdg.inc

whitelist ${DOWNLOADS}
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc
pirate486743186 marked this conversation as resolved.
Show resolved Hide resolved

caps.drop all
ipc-namespace
# Add 'ignore machine-id' to your links-common.local if you want to restrict access to
# the user-configured associated media player.
machine-id
netfilter
# Add 'ignore no3d' to your links-common.local if you want to restrict access to
# the user-configured associated media player.
no3d
nodvd
nogroups
noinput
nonewprivs
noroot
# Add 'ignore nosound' to your links-common.local if you want to restrict access to
# the user-configured associated media player.
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
tracelog

disable-mnt
# Add 'private-bin PROGRAM1,PROGRAM2' to your links-common.local if you want to use user-configured programs.
private-bin sh
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
# Add the next line to your links-common.local to allow external media players.
# private-etc alsa,asound.conf,machine-id,openal,pulse
private-tmp

pirate486743186 marked this conversation as resolved.
Show resolved Hide resolved
dbus-user none
dbus-system none

memory-deny-write-execute
54 changes: 3 additions & 51 deletions etc/profile-a-l/links.profile
Original file line number Diff line number Diff line change
Expand Up @@ -9,58 +9,10 @@ include globals.local

noblacklist ${HOME}/.links

blacklist /tmp/.X11-unix
blacklist ${RUNUSER}/wayland-*

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
# Additional noblacklist files/directories (blacklisted in disable-programs.inc)
# used as associated programs can be added in your links.local.
include disable-programs.inc
include disable-xdg.inc

mkdir ${HOME}/.links
whitelist ${HOME}/.links
whitelist ${DOWNLOADS}
include whitelist-runuser-common.inc
include whitelist-var-common.inc

caps.drop all
ipc-namespace
# Add 'ignore machine-id' to your links.local if you want to restrict access to
# the user-configured associated media player.
machine-id
netfilter
# Add 'ignore no3d' to your links.local if you want to restrict access to
# the user-configured associated media player.
no3d
nodvd
nogroups
noinput
nonewprivs
noroot
# Add 'ignore nosound' to your links.local if you want to restrict access to
# the user-configured associated media player.
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
tracelog

disable-mnt
# Add 'private-bin PROGRAM1,PROGRAM2' to your links.local if you want to use user-configured programs.
private-bin links,sh
private-cache
private-dev
private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
# Add the next line to your links.local to allow external media players.
# private-etc alsa,asound.conf,machine-id,openal,pulse
private-tmp
private-bin links

memory-deny-write-execute
# Redirect
include links-common.profile
18 changes: 18 additions & 0 deletions etc/profile-a-l/links2.profile
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Firejail profile for links2
# Description: Text WWW browser with a graphic version
# This file is overwritten after every install/update
quiet
# Persistent local customizations
include links2.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/.links2

mkdir ${HOME}/.links2
whitelist ${HOME}/.links2

private-bin links2

# Redirect
include links-common.profile
2 changes: 1 addition & 1 deletion etc/profile-m-z/xlinks.profile
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ include xlinks.local
#include globals.local

noblacklist /tmp/.X11-unix
noblacklist ${HOME}/.links
noblacklist ${RUNUSER}/wayland-*
pirate486743186 marked this conversation as resolved.
Show resolved Hide resolved

include whitelist-common.inc

Expand Down
21 changes: 21 additions & 0 deletions etc/profile-m-z/xlinks2
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Firejail profile for xlinks2
# Description: Text WWW browser (X11)
# This file is overwritten after every install/update
# Persistent local customizations
include xlinks2.local
# Persistent global definitions
# added by included profile
#include globals.local

noblacklist /tmp/.X11-unix
noblacklist ${RUNUSER}/wayland-*

include whitelist-common.inc

# if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2'
# to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line
private-bin xlinks2
private-etc fonts

# Redirect
include links2.profile
2 changes: 2 additions & 0 deletions src/firecfg/firecfg.config
Original file line number Diff line number Diff line change
Expand Up @@ -452,6 +452,7 @@ liferea
lightsoff
lincity-ng
links
links2
linphone
lmms
lobase
Expand Down Expand Up @@ -871,6 +872,7 @@ xfce4-notes
xfce4-screenshooter
xiphos
xlinks
xlinks2
xmms
xmr-stak
xonotic
Expand Down