profiles: browsers: format and improve comments

Author: kmk3

etc/profile-a-l/cachy-browser.profile

@@ -1,5 +1,5 @@
-# Firejail profile for Cachy-Browser
-# Description: Librewolf fork based on enhanced privacy with gentoo patchset
+# Firejail profile for cachy-browser
+# Description: Librewolf fork based on enhanced privacy with Gentoo patchset
 # This file is overwritten after every install/update
 # Persistent local customizations
 include cachy-browser.local
@@ -15,7 +15,7 @@ whitelist ${HOME}/.cache/cachy
 whitelist ${HOME}/.cachy
 whitelist /usr/share/cachy-browser
 
-# Add the next line to your cachy-browser.local to enable private-bin (Arch Linux).
+# Add the next line to cachy-browser.local to enable private-bin.
 #private-bin dbus-launch,dbus-send,cachy-browser,sh
 private-etc cachy-browser
 

etc/profile-a-l/chromium-common.profile

@@ -20,8 +20,9 @@ noblacklist ${HOME}/.local/share/pki
 noblacklist ${HOME}/.pki
 noblacklist /usr/lib/chromium/chrome-sandbox
 
-# Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser
-# to have access to Gnome extensions (extensions.gnome.org) via browser connector
+# Add the next line to chromium-common.local if you want the web browser to
+# have access to Gnome extensions (extensions.gnome.org) via the browser
+# connector.
 #include allow-python3.inc
 
 blacklist ${PATH}/curl
@@ -38,16 +39,16 @@ include whitelist-run-common.inc
 
 # If your kernel allows the creation of user namespaces by unprivileged users
 # (for example, if running `unshare -U echo enabled` prints "enabled"), you
-# can add the next line to your chromium-common.local.
+# can add the next line to chromium-common.local.
 #include chromium-common-hardened.inc.profile
 
 ?BROWSER_DISABLE_U2F: nou2f
 
 ?BROWSER_DISABLE_U2F: private-dev
 #private-tmp # issues when using multiple browser sessions
 
-# This prevents access to passwords saved in GNOME Keyring and KWallet, also
-# breaks Gnome connector.
+# Note: This prevents access to passwords saved in GNOME Keyring and KWallet
+# and breaks Gnome connector.
 #dbus-user none
 
 # The file dialog needs to work without d-bus.

etc/profile-a-l/firefox-common-addons.profile

@@ -79,7 +79,7 @@ whitelist ${HOME}/dwhelper
 whitelist /usr/share/lua*
 whitelist /usr/share/mpv
 
-# GNOME Shell integration (chrome-gnome-shell) needs dbus and python
+# GNOME Shell integration (chrome-gnome-shell) needs dbus and python.
 noblacklist ${HOME}/.local/share/gnome-shell
 whitelist ${HOME}/.local/share/gnome-shell
 dbus-user.talk ca.desrt.dconf

etc/profile-a-l/firefox-common.profile

@@ -23,7 +23,8 @@ include firefox-common.local
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
 
-# Add the next line to your firefox-common.local to allow access to common programs/addons/plugins.
+# Add the next line to firefox-common.local to allow access to common
+# programs/addons/plugins.
 #include firefox-common-addons.profile
 
 noblacklist ${HOME}/.local/share/pki
@@ -59,31 +60,37 @@ apparmor
 # Fixme!
 apparmor-replace
 caps.drop all
-# machine-id breaks pulse audio; add it to your firefox-common.local if sound is not required.
+# Note: machine-id breaks pulseaudio; add it to firefox-common.local if sound
+# is not required.
 #machine-id
 netfilter
 nodvd
 nogroups
 noinput
 nonewprivs
-# noroot breaks GTK_USE_PORTAL=1 usage, see https://github.com/netblue30/firejail/issues/2506.
+# Note: noroot breaks GTK_USE_PORTAL=1 usage; see
+# https://github.com/netblue30/firejail/issues/2506.
 noroot
 notv
 ?BROWSER_DISABLE_U2F: nou2f
 protocol unix,inet,inet6,netlink
-# The below seccomp configuration still permits chroot syscall. See https://github.com/netblue30/firejail/issues/2506 for possible workarounds.
+# Note: The seccomp line below still permits the chroot syscall; see
+# https://github.com/netblue30/firejail/issues/2506 for possible workarounds.
 seccomp !chroot
-# Disable tracelog, it breaks or causes major issues with many firefox based browsers, see https://github.com/netblue30/firejail/issues/1930.
+# Note: tracelog may break or cause major issues with many Firefox-based
+# browsers; see https://github.com/netblue30/firejail/issues/1930.
 #tracelog
 
 disable-mnt
 ?BROWSER_DISABLE_U2F: private-dev
-# private-etc below works fine on most distributions. There could be some problems on CentOS.
+# Note: The private-etc line below works fine on most distributions but it
+# could cause problems on CentOS.
 private-etc @tls-ca,@x11,mailcap,mime.types,os-release
 private-tmp
 
-# 'dbus-user none' breaks various desktop integration features like global menus, native notifications,
-# Gnome connector, KDE connect and power management on KDE Plasma.
+# Note: `dbus-user none` breaks various desktop integration features like
+# global menus, native notifications, Gnome connector, KDE Connect and power
+# management on KDE Plasma.
 dbus-user none
 dbus-system none
 

etc/profile-a-l/firefox.profile

@@ -6,10 +6,10 @@ include firefox.local
 # Persistent global definitions
 include globals.local
 
-# Note: Sandboxing web browsers is as important as it is complex. Users might be
-# interested in creating custom profiles depending on use case (e.g. one for
-# general browsing, another for banking, ...). Consult our FAQ/issue tracker for more
-# info. Here are a few links to get you going.
+# Note: Sandboxing web browsers is as important as it is complex. Users might
+# be interested in creating custom profiles depending on the use case (e.g. one
+# for general browsing, another for banking, ...). Consult our FAQ/issue
+# tracker for more information. Here are a few links to get you going:
 # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#firefox-doesnt-open-in-a-new-sandbox-instead-it-opens-a-new-tab-in-an-existing-firefox-instance
 # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox
 # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968
@@ -34,9 +34,9 @@ whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
 whitelist ${RUNUSER}/*firefox*
 whitelist ${RUNUSER}/psd/*firefox*
 
-# firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin.
+# Note: Firefox requires a shell to launch on Arch and Fedora.
+# Add the next lines to firefox.local to enable private-bin.
 #private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which
-# Fedora uses shell scripts to launch firefox - add the next line to your firefox.local to enable private-bin.
 #private-bin basename,bash,cat,dirname,expr,false,firefox,firefox-wayland,getenforce,ln,mkdir,pidof,restorecon,rm,rmdir,sed,sh,tclsh,true,uname
 private-etc firefox
 

etc/profile-a-l/librewolf.profile

@@ -1,4 +1,4 @@
-# Firejail profile for Librewolf
+# Firejail profile for librewolf
 # Description: Firefox fork based on privacy
 # This file is overwritten after every install/update
 # Persistent local customizations
@@ -16,7 +16,7 @@ whitelist ${HOME}/.librewolf
 
 whitelist /usr/share/librewolf
 
-# Add the next line to your librewolf.local to enable private-bin (Arch Linux).
+# Add the next line to librewolf.local to enable private-bin.
 #private-bin dbus-launch,dbus-send,librewolf,sh
 private-etc librewolf