general:linux:firejail
This is an old revision of the document!
Table of Contents
Firejail
Firefox modifications
~/.config/firejail/firefox-common.local
# private-tmp does not work with kerberos (at least not when CCACHE it is stored in /tmp) #ignore private-tmp # To keep screen on when playing videos #ignore nodbus # private-tmp does not work with kerberos (at least not when CCACHE it is stored in /tmp) ignore private-tmp # Uncomment or put in your firefox.local to enable native notifications. dbus-user.talk org.freedesktop.Notifications # Uncomment or put in your firefox.local to allow to inhibit screensavers dbus-user.talk org.freedesktop.ScreenSaver # Uncomment or put in your firefox.local for plasma browser integration dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration dbus-user.talk org.kde.JobViewServer dbus-user.talk org.kde.kuiserver # To allow nss mymachines to query nspawn machine names # Probably should be replaced by some other more specific rule though. ignore dbus-system none # Allow ICAClient to access its config etc. whitelist ${HOME}/.ICAClient
Spotify
~/.config/firejail/spotify.local
# Workaround after spotify-client 1:1.1.84.716.gc5f8b819-2 that installs symlink for /usr/bin/spotify #private-bin bash,cat,dirname,find,grep,head,rm,sh,spotify,tclsh,touch,zenity private-bin bash,cat,dirname,find,grep,head,rm,sh,tclsh,touch,zenity ignore private-bin
Also need to change firetools to launch /usr/share/spotify/spotify instead of /usr/bin/spotify which is now just a symlink
general/linux/firejail.1669367419.txt.gz · Last modified: 2022/11/25 09:10 by sunkan