diff options
-rw-r--r-- | .SRCINFO | 8 | ||||
-rw-r--r-- | PKGBUILD | 9 | ||||
-rw-r--r-- | linuxqq.profile | 51 | ||||
-rw-r--r-- | tencent-qq.profile | 53 |
4 files changed, 60 insertions, 61 deletions
@@ -1,13 +1,13 @@ pkgbase = linuxqq-firejail pkgdesc = Run QQ in Firejail (security sandbox). Install linuxqq before this. pkgver = 0.0.1 - pkgrel = 2 - url = https://github.com/BeautyYuYanli/linuxqq-new-firejail + pkgrel = 3 + url = https://github.com/BeautyYuYanli/linuxqq-firejail arch = x86_64 arch = aarch64 license = unknown depends = firejail - source = tencent-qq.profile - sha512sums = 8c6a8075a74c8ffaac4ee2f96c6e41d51de1a040d81f5e3d55543d614f5e60d76ec1d42d935d37cd7031999eadfe4d5597277d35f5ed20b87c781e7eb836edb4 + source = linuxqq.profile + sha512sums = a4ee0f052e34868363067afd7a0964a1e3b8967c153fac0a52b0669e2f1ab84c0a1a2709f855c42fb3bb5271c3c909d7bdae285772e3b599cb3a77f6b298d376 pkgname = linuxqq-firejail @@ -1,17 +1,18 @@ # Maintainer: Yanli <beautyyuyanli@gmail.com> # Contributor: cubercsl <hi@cubercsl.site> +# Contributor: glitsj16 pkgname=linuxqq-firejail pkgver=0.0.1 -pkgrel=2 +pkgrel=3 pkgdesc='Run QQ in Firejail (security sandbox). Install linuxqq before this.' arch=('x86_64' 'aarch64') -url="https://github.com/BeautyYuYanli/linuxqq-new-firejail" +url="https://github.com/BeautyYuYanli/linuxqq-firejail" license=('unknown') # TODO: add linuxqq depends=('firejail') -profile="tencent-qq.profile" +profile="linuxqq.profile" source=("${profile}") -sha512sums=('8c6a8075a74c8ffaac4ee2f96c6e41d51de1a040d81f5e3d55543d614f5e60d76ec1d42d935d37cd7031999eadfe4d5597277d35f5ed20b87c781e7eb836edb4') +sha512sums=('a4ee0f052e34868363067afd7a0964a1e3b8967c153fac0a52b0669e2f1ab84c0a1a2709f855c42fb3bb5271c3c909d7bdae285772e3b599cb3a77f6b298d376') package() { # Patch Firejail diff --git a/linuxqq.profile b/linuxqq.profile new file mode 100644 index 000000000000..f5a4a25b84df --- /dev/null +++ b/linuxqq.profile @@ -0,0 +1,51 @@ +# Firejail profile for linuxqq +# Description: IM client based on Electron +# This file is overwritten after every install/update +# Persistent local customizations +include linuxqq.local +# Persistent global definitions +include globals.local + +# REMINDER: add counterpart `blacklist ${HOME}/.config/QQ` to `disable-programs.inc` +noblacklist ${HOME}/.config/QQ + +# Allow opening hyperlinks with Firefox +# profiles access +noblacklist ${HOME}/.mozilla +whitelist ${HOME}/.mozilla +whitelist ${HOME}/.mozilla/firefox/profiles.ini +read-only ${HOME}/.mozilla/firefox/profiles.ini +# shell access +include allow-bin-sh.inc +include disable-shell.inc +# D-Bus access +dbus-user.talk org.mozilla.* + +mkdir ${HOME}/.config/QQ +whitelist ${HOME}/.config/QQ +whitelist ${DESKTOP} + +ignore apparmor +noprinters + +# If you don't need/want to save anything to disk you can add `private` to your linuxqq.local. +#private +# REMINDER: QQ executable name on Debian/Ubuntu is `qq` +# https://github.com/BeautyYuYanli/linuxqq-new-firejail/issues/1#issuecomment-1368366777 +# create an alias profile for that and reshuffle private-bin accordingly +private-bin awk,bash,cut,echo,egrep,firefox,fish,gio,grep,head,linuxqq,qq,readlink,sed,sh,tclsh,tr,which,www-browser,xdg-mime,xdg-open,x-www-browser +private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,nsswitch.conf,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg +private-opt QQ + +dbus-user filter +dbus-user.talk org.freedesktop.Notifications +dbus-user.talk org.freedesktop.portal.Desktop +dbus-user.talk org.freedesktop.portal.Fcitx +dbus-user.talk org.freedesktop.portal.IBus +dbus-user.talk org.freedesktop.ScreenSaver +dbus-user.talk org.gnome.Mutter.IdleMonitor +?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher +ignore dbus-user none + +# Redirect +include electron.profile
\ No newline at end of file diff --git a/tencent-qq.profile b/tencent-qq.profile deleted file mode 100644 index 5086901f2d7c..000000000000 --- a/tencent-qq.profile +++ /dev/null @@ -1,53 +0,0 @@ -include tencent-qq.local -# Persistent global definitions -include globals.local - -noblacklist ${HOME}/.config/QQ - -# Allow opening hyperlinks -include allow-bin-sh.inc - -include disable-common.inc -include disable-devel.inc -include disable-exec.inc -include disable-interpreters.inc -include disable-programs.inc -include disable-shell.inc -include disable-xdg.inc - -mkdir ${HOME}/.config/QQ -whitelist ${HOME}/.config/QQ -whitelist ${DOWNLOADS} -include whitelist-common.inc -include whitelist-runuser-common.inc -include whitelist-usr-share-common.inc -include whitelist-var-common.inc - -apparmor -caps.drop all -netfilter -nodvd -noinput -nonewprivs -noroot -notv -protocol unix,inet,inet6,netlink -seccomp !chroot -seccomp.block-secondary -shell none - -disable-mnt -# TODO: https://github.com/BeautyYuYanli/linuxqq-new-firejail/issues/1#issuecomment-1368246014 -# private-bin bash,sh,tencent-qq,xdg-open -private-cache -private-dev -private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg -private-opt QQ -private-tmp - -dbus-user filter -dbus-user.talk org.freedesktop.Notifications -?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher -dbus-user.talk org.gnome.Mutter.IdleMonitor -dbus-user.talk org.freedesktop.ScreenSaver -dbus-system none |