Merge branch 'master' of https://github.com/netblue30/firejail

author: startx2017 <vradu.startx@yandex.com> 2018-01-15 08:28:47 -0500
committer: startx2017 <vradu.startx@yandex.com> 2018-01-15 08:28:47 -0500
commit: 73d49c638fa51ba56b01605e7079c8e0556e755b (patch)
tree: cf02716c4ad722255d3e7987ab4e2c01143d92e9
parent: move copyright statement to 2018 (diff)
parent: Fix #1724, Tor browser not working on Ubuntu and Fedora (diff)
download: firejail-73d49c638fa51ba56b01605e7079c8e0556e755b.tar.gz
firejail-73d49c638fa51ba56b01605e7079c8e0556e755b.tar.zst
firejail-73d49c638fa51ba56b01605e7079c8e0556e755b.zip
5 files changed, 71 insertions, 1 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index e6d425df2..667c209ed 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -155,6 +155,7 @@ blacklist ${HOME}/.config/netsurf
 blacklist ${HOME}/.config/nheko
 blacklist ${HOME}/.config/okularpartrc
 blacklist ${HOME}/.config/okularrc
+blacklist ${HOME}/.config/onionshare
 blacklist ${HOME}/.config/opera
 blacklist ${HOME}/.config/opera-beta
 blacklist ${HOME}/.config/orage
diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile
new file mode 100644
index 000000000..f7a69fa94
--- /dev/null
+++ b/etc/ideaIC.profile
@@ -0,0 +1,10 @@
+# Firejail profile for ideaIC
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/ideaIC.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+# Redirect
+include /etc/firejail/idea.sh.profile
diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile
new file mode 100644
index 000000000..7220f7e1c
--- /dev/null
+++ b/etc/onionshare-gui.profile
@@ -0,0 +1,35 @@
+# Firejail profile for onionshare-gui
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/onionshare-gui.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.config/onionshare
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+private-dev
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 51a5d7735..49b083919 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -33,7 +33,7 @@ tracelog
 disable-mnt
 private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher
 private-dev
-private-etc fonts
+private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates
 private-tmp
 noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 6f6dd3f06..3dbd8df1a 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -21,6 +21,7 @@ amule
 android-studio
 apktool
 arch-audit
+archaudit-report
 ardour4
 ardour5
 arduino
@@ -42,6 +43,7 @@ bleachbit
 blender
 bless
 bluefish
+bnox
 brackets
 brasero
 brave
@@ -94,6 +96,7 @@ dropbox
 ebook-viewer
 elinks
 empathy
+enpass
 eog
 eom
 epiphany
@@ -170,6 +173,7 @@ icecat
 icedove
 iceweasel
 idea.sh
+ideaIC
 imagej
 img2txt
 inkscape
@@ -250,6 +254,7 @@ nylas
 obs
 odt2txt
 okular
+onionshare-gui
 open-invaders
 openshot
 openshot-qt
@@ -270,6 +275,7 @@ pinta
 pithos
 pitivi
 pix
+playonlinux
 pluma
 polari
 psi-plus
@@ -306,6 +312,7 @@ skype
 skypeforlinux
 slack
 smplayer
+smtube
 soffice
 soundconverter
 spotify
@@ -317,13 +324,30 @@ steam
 stellarium
 strings
 supertux2
+surf
+sylpheed
 synfigstudio
 teamspeak3
 telegram
 telegram-desktop
 terasology
 thunderbird
+tor-browser-ar
 tor-browser-en
+tor-browser-en-us
+tor-browser-es-es
+tor-browser-es
+tor-browser-fa
+tor-browser-fr
+tor-browser-it
+tor-browser-ja
+tor-browser-ko
+torbrowser-launcher
+tor-browser-pl
+tor-browser-pt-br
+tor-browser-ru
+tor-browser-vi
+tor-browser-zh-cn
 totem
 tracker
 transmission-cli
author	startx2017 <vradu.startx@yandex.com>	2018-01-15 08:28:47 -0500
committer	startx2017 <vradu.startx@yandex.com>	2018-01-15 08:28:47 -0500
commit	73d49c638fa51ba56b01605e7079c8e0556e755b (patch)
tree	cf02716c4ad722255d3e7987ab4e2c01143d92e9
parent	move copyright statement to 2018 (diff)
parent	Fix #1724, Tor browser not working on Ubuntu and Fedora (diff)
download	firejail-73d49c638fa51ba56b01605e7079c8e0556e755b.tar.gz firejail-73d49c638fa51ba56b01605e7079c8e0556e755b.tar.zst firejail-73d49c638fa51ba56b01605e7079c8e0556e755b.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e6d425df2..667c209ed 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -155,6 +155,7 @@ blacklist ${HOME}/.config/netsurf
155	blacklist ${HOME}/.config/nheko	155	blacklist ${HOME}/.config/nheko
156	blacklist ${HOME}/.config/okularpartrc	156	blacklist ${HOME}/.config/okularpartrc
157	blacklist ${HOME}/.config/okularrc	157	blacklist ${HOME}/.config/okularrc
		158	blacklist ${HOME}/.config/onionshare
158	blacklist ${HOME}/.config/opera	159	blacklist ${HOME}/.config/opera
159	blacklist ${HOME}/.config/opera-beta	160	blacklist ${HOME}/.config/opera-beta
160	blacklist ${HOME}/.config/orage	161	blacklist ${HOME}/.config/orage


diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile new file mode 100644 index 000000000..f7a69fa94 --- /dev/null +++ b/etc/ideaIC.profile
@@ -0,0 +1,10 @@
		1	# Firejail profile for ideaIC
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/ideaIC.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8
		9	# Redirect
		10	include /etc/firejail/idea.sh.profile


diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile new file mode 100644 index 000000000..7220f7e1c --- /dev/null +++ b/etc/onionshare-gui.profile
@@ -0,0 +1,35 @@
		1	# Firejail profile for onionshare-gui
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/onionshare-gui.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	noblacklist ${HOME}/.config/onionshare
		9
		10	include /etc/firejail/disable-common.inc
		11	include /etc/firejail/disable-devel.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13	include /etc/firejail/disable-programs.inc
		14
		15	caps.drop all
		16	ipc-namespace
		17	netfilter
		18	no3d
		19	nodvd
		20	nogroups
		21	nonewprivs
		22	noroot
		23	nosound
		24	notv
		25	novideo
		26	protocol unix,inet,inet6
		27	seccomp
		28	shell none
		29
		30	private-dev
		31	private-tmp
		32
		33	memory-deny-write-execute
		34	noexec ${HOME}
		35	noexec /tmp


diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 51a5d7735..49b083919 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile
@@ -33,7 +33,7 @@ tracelog
33	disable-mnt	33	disable-mnt
34	private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher	34	private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher
35	private-dev	35	private-dev
36	private-etc fonts	36	private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates
37	private-tmp	37	private-tmp
38		38
39	noexec /tmp	39	noexec /tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 6f6dd3f06..3dbd8df1a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -21,6 +21,7 @@ amule
21	android-studio	21	android-studio
22	apktool	22	apktool
23	arch-audit	23	arch-audit
		24	archaudit-report
24	ardour4	25	ardour4
25	ardour5	26	ardour5
26	arduino	27	arduino
@@ -42,6 +43,7 @@ bleachbit
42	blender	43	blender
43	bless	44	bless
44	bluefish	45	bluefish
		46	bnox
45	brackets	47	brackets
46	brasero	48	brasero
47	brave	49	brave
@@ -94,6 +96,7 @@ dropbox
94	ebook-viewer	96	ebook-viewer
95	elinks	97	elinks
96	empathy	98	empathy
		99	enpass
97	eog	100	eog
98	eom	101	eom
99	epiphany	102	epiphany
@@ -170,6 +173,7 @@ icecat
170	icedove	173	icedove
171	iceweasel	174	iceweasel
172	idea.sh	175	idea.sh
		176	ideaIC
173	imagej	177	imagej
174	img2txt	178	img2txt
175	inkscape	179	inkscape
@@ -250,6 +254,7 @@ nylas
250	obs	254	obs
251	odt2txt	255	odt2txt
252	okular	256	okular
		257	onionshare-gui
253	open-invaders	258	open-invaders
254	openshot	259	openshot
255	openshot-qt	260	openshot-qt
@@ -270,6 +275,7 @@ pinta
270	pithos	275	pithos
271	pitivi	276	pitivi
272	pix	277	pix
		278	playonlinux
273	pluma	279	pluma
274	polari	280	polari
275	psi-plus	281	psi-plus
@@ -306,6 +312,7 @@ skype
306	skypeforlinux	312	skypeforlinux
307	slack	313	slack
308	smplayer	314	smplayer
		315	smtube
309	soffice	316	soffice
310	soundconverter	317	soundconverter
311	spotify	318	spotify
@@ -317,13 +324,30 @@ steam
317	stellarium	324	stellarium
318	strings	325	strings
319	supertux2	326	supertux2
		327	surf
		328	sylpheed
320	synfigstudio	329	synfigstudio
321	teamspeak3	330	teamspeak3
322	telegram	331	telegram
323	telegram-desktop	332	telegram-desktop
324	terasology	333	terasology
325	thunderbird	334	thunderbird
		335	tor-browser-ar
326	tor-browser-en	336	tor-browser-en
		337	tor-browser-en-us
		338	tor-browser-es-es
		339	tor-browser-es
		340	tor-browser-fa
		341	tor-browser-fr
		342	tor-browser-it
		343	tor-browser-ja
		344	tor-browser-ko
		345	torbrowser-launcher
		346	tor-browser-pl
		347	tor-browser-pt-br
		348	tor-browser-ru
		349	tor-browser-vi
		350	tor-browser-zh-cn
327	totem	351	totem
328	tracker	352	tracker
329	transmission-cli	353	transmission-cli