profiles: browsers: centralize/sync/improve comments

etc/profile-a-l/cachy-browser.profile

@@ -1,5 +1,5 @@
-# Firejail profile for Cachy-Browser
-# Description: Librewolf fork based on enhanced privacy with gentoo patchset
+# Firejail profile for cachy-browser
+# Description: Librewolf fork based on enhanced privacy with Gentoo patchset
 # This file is overwritten after every install/update
 # Persistent local customizations
 include cachy-browser.local
@@ -15,34 +15,12 @@ whitelist ${HOME}/.cache/cachy
 whitelist ${HOME}/.cachy
 whitelist /usr/share/cachy-browser
 
-# Add the next lines to your cachy-browser.local if you want to use the migration wizard.
-#noblacklist ${HOME}/.mozilla
-#whitelist ${HOME}/.mozilla
-
-# To enable KeePassXC Plugin add one of the following lines to your cachy-browser.local.
-# Note: Start KeePassXC before CachyBrowser and keep it open to allow communication between them.
-#whitelist ${RUNUSER}/kpxc_server
-#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
-
-# Add the next line to your cachy-browser.local to enable private-bin (Arch Linux).
+# Add the next line to cachy-browser.local to enable private-bin.
 #private-bin dbus-launch,dbus-send,cachy-browser,sh
 private-etc cachy-browser
 
 dbus-user filter
 dbus-user.own org.mozilla.cachybrowser.*
-# Add the next line to your cachy-browser.local to enable native notifications.
-#dbus-user.talk org.freedesktop.Notifications
-# Add the next line to your cachy-browser.local to allow inhibiting screensavers.
-#dbus-user.talk org.freedesktop.ScreenSaver
-# Add the next lines to your cachy-browser.local for plasma browser integration.
-#dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration
-#dbus-user.talk org.kde.JobViewServer
-#dbus-user.talk org.kde.kuiserver
-# Add the next line to your cachy-browser.local to allow screensharing under Wayland.
-#dbus-user.talk org.freedesktop.portal.Desktop
-# Also add the next line to your cachy-browser.local if screensharing does not work with
-# the above lines (depends on the portal implementation).
-#ignore noroot
 ignore dbus-user none
 
 # Redirect

etc/profile-a-l/chromium-common.profile

@@ -9,12 +9,20 @@ include chromium-common.local
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
 
+# To enable support for the KeePassXC extension, add the following lines to
+# chromium-common.local.
+# Note: Start KeePassXC before the web browser and keep it open to allow
+# communication between them.
+#whitelist ${RUNUSER}/kpxc_server
+#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
+
 noblacklist ${HOME}/.local/share/pki
 noblacklist ${HOME}/.pki
 noblacklist /usr/lib/chromium/chrome-sandbox
 
-# Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser
-# to have access to Gnome extensions (extensions.gnome.org) via browser connector
+# Add the next line to chromium-common.local if you want the web browser to
+# have access to Gnome extensions (extensions.gnome.org) via the browser
+# connector.
 #include allow-python3.inc
 
 blacklist ${PATH}/curl
@@ -31,16 +39,16 @@ include whitelist-run-common.inc
 
 # If your kernel allows the creation of user namespaces by unprivileged users
 # (for example, if running `unshare -U echo enabled` prints "enabled"), you
-# can add the next line to your chromium-common.local.
+# can add the next line to chromium-common.local.
 #include chromium-common-hardened.inc.profile
 
 ?BROWSER_DISABLE_U2F: nou2f
 
 ?BROWSER_DISABLE_U2F: private-dev
 #private-tmp # issues when using multiple browser sessions
 
-# This prevents access to passwords saved in GNOME Keyring and KWallet, also
-# breaks Gnome connector.
+# Note: This prevents access to passwords saved in GNOME Keyring and KWallet
+# and breaks Gnome connector.
 #dbus-user none
 
 # The file dialog needs to work without d-bus.

etc/profile-a-l/firefox-common-addons.profile

@@ -79,7 +79,7 @@ whitelist ${HOME}/dwhelper
 whitelist /usr/share/lua*
 whitelist /usr/share/mpv
 
-# GNOME Shell integration (chrome-gnome-shell) needs dbus and python
+# GNOME Shell integration (chrome-gnome-shell) needs dbus and python.
 noblacklist ${HOME}/.local/share/gnome-shell
 whitelist ${HOME}/.local/share/gnome-shell
 dbus-user.talk ca.desrt.dconf

etc/profile-a-l/firefox-common.profile

@@ -11,7 +11,20 @@ include firefox-common.local
 # noexec ${RUNUSER} breaks DRM binaries when using profile-sync-daemon.
 ?BROWSER_ALLOW_DRM: ignore noexec ${RUNUSER}
 
-# Add the next line to your firefox-common.local to allow access to common programs/addons/plugins.
+# Add the next lines to firefox-common.local if you want to use the migration
+# wizard.
+#noblacklist ${HOME}/.mozilla
+#whitelist ${HOME}/.mozilla
+
+# To enable support for the KeePassXC extension, add the following lines to
+# firefox-common.local.
+# Note: Start KeePassXC before the web browser and keep it open to allow
+# communication between them.
+#whitelist ${RUNUSER}/kpxc_server
+#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
+
+# Add the next line to firefox-common.local to allow access to common
+# programs/addons/plugins.
 #include firefox-common-addons.profile
 
 noblacklist ${HOME}/.local/share/pki
@@ -47,32 +60,54 @@ apparmor
 # Fixme!
 apparmor-replace
 caps.drop all
-# machine-id breaks pulse audio; add it to your firefox-common.local if sound is not required.
+# Note: machine-id breaks pulseaudio; add it to firefox-common.local if sound
+# is not required.
 #machine-id
 netfilter
 nodvd
 nogroups
 noinput
 nonewprivs
-# noroot breaks GTK_USE_PORTAL=1 usage, see https://github.com/netblue30/firejail/issues/2506.
+# Note: noroot breaks GTK_USE_PORTAL=1 usage; see
+# https://github.com/netblue30/firejail/issues/2506.
 noroot
 notv
 ?BROWSER_DISABLE_U2F: nou2f
 protocol unix,inet,inet6,netlink
-# The below seccomp configuration still permits chroot syscall. See https://github.com/netblue30/firejail/issues/2506 for possible workarounds.
+# Note: The seccomp line below still permits the chroot syscall; see
+# https://github.com/netblue30/firejail/issues/2506 for possible workarounds.
 seccomp !chroot
-# Disable tracelog, it breaks or causes major issues with many firefox based browsers, see https://github.com/netblue30/firejail/issues/1930.
+# Note: tracelog may break or cause major issues with many Firefox-based
+# browsers; see https://github.com/netblue30/firejail/issues/1930.
 #tracelog
 
 disable-mnt
 ?BROWSER_DISABLE_U2F: private-dev
-# private-etc below works fine on most distributions. There could be some problems on CentOS.
+# Note: The private-etc line below works fine on most distributions but it
+# could cause problems on CentOS.
 private-etc @tls-ca,@x11,mailcap,mime.types,os-release
 private-tmp
 
-# 'dbus-user none' breaks various desktop integration features like global menus, native notifications,
-# Gnome connector, KDE connect and power management on KDE Plasma.
+# Note: `dbus-user none` breaks various desktop integration features like
+# global menus, native notifications, Gnome connector, KDE Connect and power
+# management on KDE Plasma.
 dbus-user none
 dbus-system none
 
+# Add the next line to firefox-common.local to enable native notifications.
+#dbus-user.talk org.freedesktop.Notifications
+# Add the next line to firefox-common.local to allow inhibiting screensavers.
+#dbus-user.talk org.freedesktop.ScreenSaver
+# Add the next lines to firefox-common.local for plasma browser integration.
+#dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration
+#dbus-user.talk org.kde.JobViewServer
+#dbus-user.talk org.kde.kdeconnect
+#dbus-user.talk org.kde.kuiserver
+# Add the next line to firefox-common.local to allow screensharing under
+# Wayland.
+#dbus-user.talk org.freedesktop.portal.Desktop
+# Also add the next line to firefox-common.local if screensharing does not work
+# with the above lines (depends on the portal implementation).
+#ignore noroot
+
 #restrict-namespaces

etc/profile-a-l/firefox.profile

@@ -6,10 +6,10 @@ include firefox.local
 # Persistent global definitions
 include globals.local
 
-# Note: Sandboxing web browsers is as important as it is complex. Users might be
-# interested in creating custom profiles depending on use case (e.g. one for
-# general browsing, another for banking, ...). Consult our FAQ/issue tracker for more
-# info. Here are a few links to get you going.
+# Note: Sandboxing web browsers is as important as it is complex. Users might
+# be interested in creating custom profiles depending on the use case (e.g. one
+# for general browsing, another for banking, ...). Consult our FAQ/issue
+# tracker for more information. Here are a few links to get you going:
 # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#firefox-doesnt-open-in-a-new-sandbox-instead-it-opens-a-new-tab-in-an-existing-firefox-instance
 # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox
 # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968
@@ -29,39 +29,20 @@ mkdir ${HOME}/.mozilla
 whitelist ${HOME}/.cache/mozilla/firefox
 whitelist ${HOME}/.mozilla
 
-# Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support.
-# Note: Start KeePassXC before Firefox and keep it open to allow communication between them.
-#whitelist ${RUNUSER}/kpxc_server
-#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
-
 whitelist /usr/share/firefox
 whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
 whitelist ${RUNUSER}/*firefox*
 whitelist ${RUNUSER}/psd/*firefox*
 
-# firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin.
+# Note: Firefox requires a shell to launch on Arch and Fedora.
+# Add the next lines to firefox.local to enable private-bin.
 #private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which
-# Fedora uses shell scripts to launch firefox - add the next line to your firefox.local to enable private-bin.
 #private-bin basename,bash,cat,dirname,expr,false,firefox,firefox-wayland,getenforce,ln,mkdir,pidof,restorecon,rm,rmdir,sed,sh,tclsh,true,uname
 private-etc firefox
 
 dbus-user filter
 dbus-user.own org.mozilla.*
 dbus-user.own org.mpris.MediaPlayer2.firefox.*
-# Add the next line to your firefox.local to enable native notifications.
-#dbus-user.talk org.freedesktop.Notifications
-# Add the next line to your firefox.local to allow inhibiting screensavers.
-#dbus-user.talk org.freedesktop.ScreenSaver
-# Add the next lines to your firefox.local for plasma browser integration.
-#dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration
-#dbus-user.talk org.kde.JobViewServer
-#dbus-user.talk org.kde.kdeconnect
-#dbus-user.talk org.kde.kuiserver
-# Add the next line to your firefox.local to allow screen sharing under wayland.
-#dbus-user.talk org.freedesktop.portal.Desktop
-# Add the next line to your firefox.local if screen sharing sharing still does not work
-# with the above lines (might depend on the portal implementation).
-#ignore noroot
 ignore dbus-user none
 
 # Redirect

etc/profile-a-l/floorp.profile

@@ -14,30 +14,8 @@ mkdir ${HOME}/.floorp
 whitelist ${HOME}/.cache/floorp
 whitelist ${HOME}/.floorp
 
-# Add the next lines to your floorp.local if you want to use the migration wizard.
-#noblacklist ${HOME}/.mozilla
-#whitelist ${HOME}/.mozilla
-
-# To enable KeePassXC Plugin add one of the following lines to your floorp.local.
-# Note: Start KeePassXC before floorp and keep it open to allow communication between them.
-#whitelist ${RUNUSER}/kpxc_server
-#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
-
 dbus-user filter
 dbus-user.own org.mozilla.floorp.*
-# Add the next line to your floorp.local to enable native notifications.
-#dbus-user.talk org.freedesktop.Notifications
-# Add the next line to your floorp.local to allow inhibiting screensavers.
-#dbus-user.talk org.freedesktop.ScreenSaver
-# Add the next lines to your floorp.local for plasma browser integration.
-#dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration
-#dbus-user.talk org.kde.JobViewServer
-#dbus-user.talk org.kde.kuiserver
-# Add the next line to your floorp.local to allow screensharing under Wayland.
-#dbus-user.talk org.freedesktop.portal.Desktop
-# Also add the next line to your floorp.local if screensharing does not work with
-# the above lines (depends on the portal implementation).
-#ignore noroot
 ignore apparmor
 ignore dbus-user none
 

etc/profile-a-l/librewolf.profile

@@ -1,4 +1,4 @@
-# Firejail profile for Librewolf
+# Firejail profile for librewolf
 # Description: Firefox fork based on privacy
 # This file is overwritten after every install/update
 # Persistent local customizations
@@ -14,38 +14,16 @@ mkdir ${HOME}/.librewolf
 whitelist ${HOME}/.cache/librewolf
 whitelist ${HOME}/.librewolf
 
-# Add the next lines to your librewolf.local if you want to use the migration wizard.
-#noblacklist ${HOME}/.mozilla
-#whitelist ${HOME}/.mozilla
-
-# To enable KeePassXC Plugin add one of the following lines to your librewolf.local.
-# Note: Start KeePassXC before Librewolf and keep it open to allow communication between them.
-#whitelist ${RUNUSER}/kpxc_server
-#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
-
 whitelist /usr/share/librewolf
 
-# Add the next line to your librewolf.local to enable private-bin (Arch Linux).
+# Add the next line to librewolf.local to enable private-bin.
 #private-bin dbus-launch,dbus-send,librewolf,sh
 private-etc librewolf
 
 dbus-user filter
 dbus-user.own io.gitlab.firefox.*
 dbus-user.own io.gitlab.librewolf.*
 dbus-user.own org.mozilla.librewolf.*
-# Add the next line to your librewolf.local to enable native notifications.
-#dbus-user.talk org.freedesktop.Notifications
-# Add the next line to your librewolf.local to allow inhibiting screensavers.
-#dbus-user.talk org.freedesktop.ScreenSaver
-# Add the next lines to your librewolf.local for plasma browser integration.
-#dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration
-#dbus-user.talk org.kde.JobViewServer
-#dbus-user.talk org.kde.kuiserver
-# Add the next line to your librewolf.local to allow screensharing under Wayland.
-#dbus-user.talk org.freedesktop.portal.Desktop
-# Also add the next line to your librewolf.local if screensharing does not work with
-# the above lines (depends on the portal implementation).
-#ignore noroot
 ignore apparmor
 ignore dbus-user none