summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar glitsj16 <glitsj16@users.noreply.github.com>2019-05-02 00:15:12 +0000
committerLibravatar GitHub <noreply@github.com>2019-05-02 00:15:12 +0000
commit7734a60d6fa12b22f179fe502d4bec70dba6d243 (patch)
tree57f8f69d6079ab42bf0f00c5341661d7d976e0d5
parentComment fixes (#2674) (diff)
downloadfirejail-7734a60d6fa12b22f179fe502d4bec70dba6d243.tar.gz
firejail-7734a60d6fa12b22f179fe502d4bec70dba6d243.tar.zst
firejail-7734a60d6fa12b22f179fe502d4bec70dba6d243.zip
Support Enpass v6 (#2672)
* Refactor enpass profile Upstream enpass version 6 needs profile adjustments. These are integrated into the refactored profile without dropping support for older versions. * Support newer Enpass in disable-programs.inc * Re-add no3d and move whitelist lines in enpass.profile
Diffstat
-rw-r--r--etc/disable-programs.inc4
-rw-r--r--etc/enpass.profile22
2 files changed, 22 insertions, 4 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index f0d6611ad..3b540b8a2 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -100,6 +100,7 @@ blacklist ${HOME}/.config/Rambox
100blacklist ${HOME}/.config/Riot 100blacklist ${HOME}/.config/Riot
101blacklist ${HOME}/.config/Rocket.Chat 101blacklist ${HOME}/.config/Rocket.Chat
102blacklist ${HOME}/.config/Signal 102blacklist ${HOME}/.config/Signal
103blacklist ${HOME}/.config/Sinew Software Systems
103blacklist ${HOME}/.config/Slack 104blacklist ${HOME}/.config/Slack
104blacklist ${HOME}/.config/Standard Notes 105blacklist ${HOME}/.config/Standard Notes
105blacklist ${HOME}/.config/SubDownloader 106blacklist ${HOME}/.config/SubDownloader
@@ -261,6 +262,7 @@ blacklist ${HOME}/.config/redshift.conf
261blacklist ${HOME}/.config/remmina 262blacklist ${HOME}/.config/remmina
262blacklist ${HOME}/.config/ristretto 263blacklist ${HOME}/.config/ristretto
263blacklist ${HOME}/.config/scribus 264blacklist ${HOME}/.config/scribus
265blacklist ${HOME}/.config/sinew.in
264blacklist ${HOME}/.config/skypeforlinux 266blacklist ${HOME}/.config/skypeforlinux
265blacklist ${HOME}/.config/slimjet 267blacklist ${HOME}/.config/slimjet
266blacklist ${HOME}/.config/smplayer 268blacklist ${HOME}/.config/smplayer
@@ -428,6 +430,7 @@ blacklist ${HOME}/.local/share/0ad
428blacklist ${HOME}/.local/share/3909/PapersPlease 430blacklist ${HOME}/.local/share/3909/PapersPlease
429blacklist ${HOME}/.local/share/Anki2 431blacklist ${HOME}/.local/share/Anki2
430blacklist ${HOME}/.local/share/Empathy 432blacklist ${HOME}/.local/share/Empathy
433blacklist ${HOME}/.local/share/Enpass
431blacklist ${HOME}/.local/share/JetBrains 434blacklist ${HOME}/.local/share/JetBrains
432blacklist ${HOME}/.local/share/Mendeley Ltd. 435blacklist ${HOME}/.local/share/Mendeley Ltd.
433blacklist ${HOME}/.local/share/Mumble 436blacklist ${HOME}/.local/share/Mumble
@@ -633,6 +636,7 @@ blacklist ${HOME}/.cache/8pecxstudios
633blacklist ${HOME}/.cache/Authenticator 636blacklist ${HOME}/.cache/Authenticator
634blacklist ${HOME}/.cache/Clementine 637blacklist ${HOME}/.cache/Clementine
635blacklist ${HOME}/.cache/Enox 638blacklist ${HOME}/.cache/Enox
639blacklist ${HOME}/.cache/Enpass
636blacklist ${HOME}/.cache/Franz 640blacklist ${HOME}/.cache/Franz
637blacklist ${HOME}/.cache/INRIA 641blacklist ${HOME}/.cache/INRIA
638blacklist ${HOME}/.cache/MusicBrainz 642blacklist ${HOME}/.cache/MusicBrainz
diff --git a/etc/enpass.profile b/etc/enpass.profile
index 284b9259d..b337c721d 100644
--- a/etc/enpass.profile
+++ b/etc/enpass.profile
@@ -6,7 +6,10 @@ include enpass.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/Enpass
10noblacklist ${HOME}/.config/sinew.in
9noblacklist ${HOME}/.config/Sinew Software Systems 11noblacklist ${HOME}/.config/Sinew Software Systems
12noblacklist ${HOME}/.local/share/Enpass
10noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
11 14
12include disable-common.inc 15include disable-common.inc
@@ -17,11 +20,21 @@ include disable-passwdmgr.inc
17include disable-programs.inc 20include disable-programs.inc
18include disable-xdg.inc 21include disable-xdg.inc
19 22
23whitelist ${HOME}/.cache/Enpass
24whitelist ${HOME}/.config/sinew.in
25whitelist ${HOME}/.config/Sinew Software Systems
26whitelist ${HOME}/.local/share/Enpass
27whitelist ${DOCUMENTS}
28
20include whitelist-var-common.inc 29include whitelist-var-common.inc
21 30
31# machine-id and nosound break audio notification functionality
32# comment both if you need that functionality or put 'ignore machine-id'
33# and 'ignore nosound' in your enpass.local
34
22caps.drop all 35caps.drop all
23machine-id 36machine-id
24net none 37netfilter
25no3d 38no3d
26nodvd 39nodvd
27nogroups 40nogroups
@@ -31,14 +44,15 @@ nosound
31notv 44notv
32nou2f 45nou2f
33novideo 46novideo
34protocol unix 47protocol unix,inet,inet6,netlink
35seccomp 48seccomp
36shell none 49shell none
37tracelog 50tracelog
38 51
39private-bin sh,readlink,dirname 52private-bin dirname,Enpass,importer_enpass,sh,readlink
53?HAS_APPIMAGE: ignore private-dev
40private-dev 54private-dev
41private-opt Enpass 55private-opt Enpass
42private-tmp 56private-tmp
43 57
44memory-deny-write-execute 58#memory-deny-write-execute - breaks on Arch
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 14:43:25 +0000