From 99295853b6321897c52de159ebcbdbc711fc3d0b Mon Sep 17 00:00:00 2001 From: haarp <781030+haarp@users.noreply.github.com> Date: Sun, 27 Aug 2023 12:52:35 +0200 Subject: [PATCH] discord-common.profile: harden & allow notifications What works: - Basic functionality - Receiving notifications - Voice communication - Watching streams What wasn't tested: - Casting streams - Opening links - Tracking/displaying "current activity" as status message - Apparmor Notes: - Discord tries to access system dbus (`[ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied`). I don't know what business it has with the system dbus, and didn't notice any problems due to that. - I had one crash after 2h of watching a stream. Probably unrelated. Fixes #5971. --- etc/profile-a-l/discord-common.profile | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile index 83fca877295..b7744a83c41 100644 --- a/etc/profile-a-l/discord-common.profile +++ b/etc/profile-a-l/discord-common.profile @@ -7,15 +7,7 @@ include discord-common.local #include globals.local # Disabled until someone reported positive feedback -ignore include disable-interpreters.inc -ignore include disable-xdg.inc -ignore include whitelist-runuser-common.inc -ignore include whitelist-usr-share-common.inc ignore apparmor -ignore disable-mnt -ignore private-cache -ignore dbus-user none -ignore dbus-system none ignore noexec ${HOME} ignore novideo @@ -26,6 +18,11 @@ whitelist ${HOME}/.local/share/betterdiscordctl private-bin awk,bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],fish,grep,head,sed,sh,tclsh,tr,which,xdg-mime,xdg-open,zsh private-etc @tls-ca +# allow D-Bus notifications +dbus-user filter +dbus-user.talk org.freedesktop.Notifications +ignore dbus-user none + join-or-start discord # Redirect