diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-11-15 10:01:54 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-11-15 10:01:54 -0500 |
| commit | 2509b0f8d740b9384d30aa95d3eaf64fbe27bf27 (patch) | |
| tree | 5a87044129b4d827a9d39cd9f35e875c7beee52b | |
| parent | fix thunderbird profile (diff) | |
| download | firejail-2509b0f8d740b9384d30aa95d3eaf64fbe27bf27.tar.gz firejail-2509b0f8d740b9384d30aa95d3eaf64fbe27bf27.tar.zst firejail-2509b0f8d740b9384d30aa95d3eaf64fbe27bf27.zip | |
added Guayadeque profile
| -rw-r--r-- | README | 13 | ||||
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | RELNOTES | 3 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/guayadeque.profile | 19 | ||||
| -rw-r--r-- | platform/debian/conffiles | 1 |
6 files changed, 31 insertions, 8 deletions
| @@ -80,6 +80,13 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
| 80 | - evince profile enhancement | 80 | - evince profile enhancement |
| 81 | - tightened Spotify profile | 81 | - tightened Spotify profile |
| 82 | - added xiphos and Tor Browser Bundle profiles | 82 | - added xiphos and Tor Browser Bundle profiles |
| 83 | curiosity-seeker (https://github.com/curiosity-seeker) | ||
| 84 | - tightening unbound and dnscrypt-proxy profiles | ||
| 85 | - dnsmasq profile | ||
| 86 | - okular and gwenview profiles | ||
| 87 | - cherrytree profile fixes | ||
| 88 | - added quiterss profile | ||
| 89 | - added guayadeque profile | ||
| 83 | Simon Peter (https://github.com/probonopd) | 90 | Simon Peter (https://github.com/probonopd) |
| 84 | - set $APPIMAGE and $APPDIR environment variables | 91 | - set $APPIMAGE and $APPDIR environment variables |
| 85 | - AppImage version detection | 92 | - AppImage version detection |
| @@ -194,12 +201,6 @@ Vasya Novikov (https://github.com/vn971) | |||
| 194 | - manpage fixes | 201 | - manpage fixes |
| 195 | - fixed firecfg clean/clear issue | 202 | - fixed firecfg clean/clear issue |
| 196 | - found the ugliest bug so far | 203 | - found the ugliest bug so far |
| 197 | curiosity-seeker (https://github.com/curiosity-seeker) | ||
| 198 | - tightening unbound and dnscrypt-proxy profiles | ||
| 199 | - dnsmasq profile | ||
| 200 | - okular and gwenview profiles | ||
| 201 | - cherrytree profile fixes | ||
| 202 | - added quiterss profile | ||
| 203 | Matthew Gyurgyik (https://github.com/pyther) | 204 | Matthew Gyurgyik (https://github.com/pyther) |
| 204 | - rpm spec and several fixes | 205 | - rpm spec and several fixes |
| 205 | Joan Figueras (https://github.com/figue) | 206 | Joan Figueras (https://github.com/figue) |
| @@ -52,5 +52,5 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is | |||
| 52 | 52 | ||
| 53 | ````` | 53 | ````` |
| 54 | ## New Profiles | 54 | ## New Profiles |
| 55 | xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom | 55 | xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom,Guayadeque |
| 56 | 56 | ||
| @@ -6,7 +6,8 @@ firejail (0.9.45) baseline; urgency=low | |||
| 6 | * security: split most of networking code in a separate executable | 6 | * security: split most of networking code in a separate executable |
| 7 | * security: split seccomp filter code configuration in a separate executable | 7 | * security: split seccomp filter code configuration in a separate executable |
| 8 | * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) | 8 | * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) |
| 9 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire | 9 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, |
| 10 | * new profiles: mumble, zoom, Guayadeque | ||
| 10 | * bugfixes | 11 | * bugfixes |
| 11 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 | 12 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 |
| 12 | 13 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0d9bd1bb4..f4e66dc66 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -53,6 +53,7 @@ blacklist ${HOME}/.config/mpv | |||
| 53 | blacklist ${HOME}/.config/totem | 53 | blacklist ${HOME}/.config/totem |
| 54 | blacklist ${HOME}/.config/xplayer | 54 | blacklist ${HOME}/.config/xplayer |
| 55 | blacklist ${HOME}/.audacity-data | 55 | blacklist ${HOME}/.audacity-data |
| 56 | blacklist ${HOME}/.guayadeque | ||
| 56 | 57 | ||
| 57 | # HTTP / FTP / Mail | 58 | # HTTP / FTP / Mail |
| 58 | blacklist ${HOME}/.icedove | 59 | blacklist ${HOME}/.icedove |
diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile new file mode 100644 index 000000000..0c6ad00be --- /dev/null +++ b/etc/guayadeque.profile | |||
| @@ -0,0 +1,19 @@ | |||
| 1 | noblacklist ${HOME}/.guayadeque | ||
| 2 | |||
| 3 | include /etc/firejail/disable-common.inc | ||
| 4 | include /etc/firejail/disable-programs.inc | ||
| 5 | include /etc/firejail/disable-passwdmgr.inc | ||
| 6 | include /etc/firejail/disable-devel.inc | ||
| 7 | |||
| 8 | caps.drop all | ||
| 9 | netfilter | ||
| 10 | nogroups | ||
| 11 | nonewprivs | ||
| 12 | noroot | ||
| 13 | protocol unix,inet,inet6,netlink | ||
| 14 | seccomp | ||
| 15 | shell none | ||
| 16 | |||
| 17 | private-bin guayadeque | ||
| 18 | private-dev | ||
| 19 | private-tmp | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index ff3909c17..321a96f80 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
| @@ -173,3 +173,4 @@ | |||
| 173 | /etc/firejail/wire.profile | 173 | /etc/firejail/wire.profile |
| 174 | /etc/firejail/mumble.profile | 174 | /etc/firejail/mumble.profile |
| 175 | /etc/firejail/zoom.profile | 175 | /etc/firejail/zoom.profile |
| 176 | /etc/firejail/guayadeque.profile | ||