Follow-up for #3326 (#3397)

* use the new dbus format in chromium-common.profile * use new dbus format in firejail.config Now that #3326 landed I think it might be less confusing to keep using the --nodbus wording. Couldn't come up with a better alternative (yet), so this might need future improvements. * block dbus system bus Blocking the system bus shouldn't affect password functionality etc, as that uses the session bus.
netblue30 · May 4, 2020 · 276f250 · 276f250
1 parent b69ce6a
commit 276f250
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/etc/firejail.config b/etc/firejail.config
@@ -27,7 +27,7 @@
 # Enable or disable chroot support, default enabled.
 # chroot yes
 
-# Enable or disable dbus handling by --nodbus flag, default enabled.
+# Enable or disable dbus handling, default enabled.
 # dbus yes
 
 # Disable /mnt, /media, /run/mount and /run/media access. By default access

diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile
@@ -29,7 +29,6 @@ include whitelist-var-common.inc
 apparmor
 caps.keep sys_admin,sys_chroot
 netfilter
-# nodbus - prevents access to passwords saved in GNOME Keyring and KWallet, also breaks Gnome connector
 nodvd
 nogroups
 notv
@@ -40,5 +39,9 @@ disable-mnt
 ?BROWSER_DISABLE_U2F: private-dev
 # private-tmp - problems with multiple browser sessions
 
+# prevents access to passwords saved in GNOME Keyring and KWallet, also breaks Gnome connector
+# dbus-user none
+dbus-system none
+
 # the file dialog needs to work without d-bus
 ?HAS_NODBUS: env NO_CHROME_KDE_FILE_DIALOG=1