Skip to content

Commit

Permalink
private-etc: corss-distro test for curl, gimp, inkscape, firefox, war…
Browse files Browse the repository at this point in the history
…zone2100
  • Loading branch information
netblue30 committed Jan 28, 2023
1 parent b0822c0 commit 34d0048
Show file tree
Hide file tree
Showing 6 changed files with 8 additions and 1 deletion.
1 change: 1 addition & 0 deletions etc/profile-a-l/curl.profile
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ tracelog
private-cache
private-dev
# private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl
private-etc TLS-CA
private-tmp

dbus-user none
Expand Down
1 change: 1 addition & 0 deletions etc/profile-a-l/firefox-common.profile
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ disable-mnt
# private-etc below works fine on most distributions. There are some problems on CentOS.
# Add it to your firefox-common.local if you want to enable it.
#private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
private-etc GUI,NETWORK,TLS-CA,os-release,mime.types,mailcap
private-tmp

blacklist ${PATH}/curl
Expand Down
1 change: 1 addition & 0 deletions etc/profile-a-l/gimp.profile
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ seccomp !mbind
tracelog

private-dev
private-etc GUI,gcrypt,python*
private-tmp

dbus-user none
Expand Down
1 change: 1 addition & 0 deletions etc/profile-a-l/inkscape.profile
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ tracelog
# private-bin inkscape,potrace,python* - problems on Debian stretch
private-cache
private-dev
private-etc inkscape: GUI,ImageMagick*,python*

This comment has been minimized.

Copy link
@kmk3

kmk3 Jan 29, 2023

Collaborator

@netblue30

private-etc inkscape: GUI,ImageMagick*,python*

What does inkscape: GUI mean?

This comment has been minimized.

Copy link
@glitsj16

glitsj16 Jan 29, 2023

Collaborator

Odd construct. After installing inkscape and testing the app it did seem to put together the expected files under /etc in the sandbox. In fact, I changed it to private-etc GUI,ImageMagick*,python* on a whim and that produced the exact same list of files. Allowing spaces in private-etc does feel weird though and I guess it will break more CI tests.

This comment has been minimized.

Copy link
@netblue30

netblue30 Jan 30, 2023

Author Owner

GUI gets renamed as @X11

This comment has been minimized.

Copy link
@kmk3

kmk3 Jan 30, 2023

Collaborator

So apparently inkscape: was just a typo; it was removed on commit 5d5f554
("private-etc: moved group names to @group syntax; GUI group renamed as @X11
group; added nvidia and X11 directories to @X11 group.", 2023-01-30).

private-tmp

dbus-user none
Expand Down
1 change: 1 addition & 0 deletions etc/profile-m-z/warzone2100.profile
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ tracelog
disable-mnt
private-bin bash,dash,sh,warzone2100,which
private-dev
private-etc GUI,GAMES
private-tmp

restrict-namespaces
4 changes: 3 additions & 1 deletion src/include/etc_groups.h
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,10 @@ static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer
"locale.alias",
"locale.conf",
"localtime",
"login.defs", // firejail reading UID/GID MIN and MAX at startup
"nsswitch.conf",
"passwd",
"group",
NULL
};

Expand Down Expand Up @@ -77,6 +79,7 @@ static char *etc_group_gui[] = {
"gtk-3.0",
"kde4rc",
"kde5rc",
"pango", // text rendering/internationalization
NULL
};

Expand All @@ -85,7 +88,6 @@ static char *etc_group_games[] = {
"timidity", // MIDI
"timidity.cfg",
"openal", // 3D sound
"gcrypt", // GNU crypto library
NULL
};

Expand Down

0 comments on commit 34d0048

Please sign in to comment.