[skip ci]

netblue30 · May 1, 2020 · cedc7da · cedc7da
1 parent 9efdd63
commit cedc7da
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 13 deletions.
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile
@@ -56,9 +56,8 @@ dbus-user.talk ca.desrt.dconf
 #dbus-user.talk org.gnome.evolution.dataserver.Sources5
 #dbus-user.talk org.gnome.evolution.dataserver.Subprocess.Backend.*
 #dbus-user.talk org.gnome.OnlineAccounts
-#dbus-user.talk org.gnome.SettingsDaemon.Color
+dbus-system none
 #dbus-system filter
 #dbus-system.talk org.freedesktop.login1
-dbus-system none
 
 read-only ${HOME}
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile
@@ -50,15 +50,16 @@ private-tmp
 
 dbus-user filter
 #dbus-user.own org.keepassxc.KeePassXC
+dbus-user.talk com.canonical.Unity.Session
 dbus-user.talk org.freedesktop.ScreenSaver
+dbus-user.talk org.freedesktop.login1.Manager
+dbus-user.talk org.freedesktop.login1.Session
 dbus-user.talk org.gnome.ScreenSaver
+dbus-user.talk org.gnome.SessionManager
+dbus-user.talk org.gnome.SessionManager.Presence
+# Uncomment or add to your keepassxc.local to allow Notifications.
 #dbus-user.talk org.freedesktop.Notifications
-# dbus-user.talk org.freedesktop.login1.Manager
 #dbus-user.talk org.kde.StatusNotifierWatcher
-#dbus-user.talk org.gnome.SessionManager.Presence
-#dbus-user.talk org.gnome.SessionManager
-#dbus-user.talk com.canonical.Unity.Session
-#dbus-user.talk org.freedesktop.login1.Session
 dbus-system none
 
 # Mutex is stored in /tmp by default, which is broken by private-tmp

diff --git a/etc/profile-m-z/rhythmbox.profile b/etc/profile-m-z/rhythmbox.profile
@@ -53,5 +53,6 @@ dbus-user.own org.mpris.MediaPlayer2.rhythmbox
 dbus-user.own org.gnome.UPnP.MediaServer2.Rhythmbox
 dbus-user.talk ca.desrt.dconf
 dbus-user.talk org.freedesktop.Notifications
+dbus-system none
 dbus-system filter
 dbus-system.talk org.freedesktop.Avahi
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile
@@ -47,7 +47,3 @@ tracelog
 private-dev
 # private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,machine-id,passwd,pki,ssl
 private-tmp
-
-dbus-user filter
-dbus-user.own org.wireshark.Wireshark
-dbus-system none
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
@@ -188,13 +188,15 @@ include globals.local
 ##writable-var-log
 
 # Since 0.9.63 also a more granular regulation of dbus is supported.
-# To get the dbus-addresses to which an application needs access to you can look
-# at flatpak if the application is also distriputed with flatpak:
+# To get the dbus-addresses to which an application needs access to.
+# You can look at flatpak if the application is also distriputed via flatpak:
 #    flatpak remote-info --show-metadata flathub <APP-ID>
 # Notes:
 #  - flatpak implicitly allows an app to own <APP-ID> on the session bus
 #  - In order to make dconf work (if it is used by the app) you need to allow
 #    'ca.desrt.dconf' even if it is not allowed by flatpak.
+# Notes and Policiy about addresses can be found at
+# <https://github.com/netblue30/firejail/wiki/Restrict-D-Bus>
 #dbus-user filter
 #dbus-user.own com.github.netblue30.firejail
 #dbus-user.talk ca.desrt.dconf