Merge branch 'master' of http://github.com/netblue30/firejail

author: netblue30 <netblue30@yahoo.com> 2018-10-13 14:03:51 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-10-13 14:03:51 -0400
commit: 8155eefbc50f202312d1639bd71bb2c5ea285c86 (patch)
tree: d14d0dfd91d297594c398380d7c1a1165c00e528
parent: private-lib fix (diff)
parent: Merges (diff)
download: firejail-8155eefbc50f202312d1639bd71bb2c5ea285c86.tar.gz
firejail-8155eefbc50f202312d1639bd71bb2c5ea285c86.tar.zst
firejail-8155eefbc50f202312d1639bd71bb2c5ea285c86.zip
6 files changed, 78 insertions, 3 deletions
diff --git a/README b/README
index 7709de028..c122a006b 100644
--- a/README
+++ b/README
@@ -123,6 +123,8 @@ bn0785ac (https://github.com/bn0785ac)
        - fix inox, add snox profile
 BogDan Vatra (https://github.com/bog-dan-ro)
        - zoom profile
+Brad Ackerman
+        - blacklist Bitwarden config in disable-passwdmgr.inc
 Bruno Nova (https://github.com/brunonova)
        - whitelist fix
        - bash arguments fix
@@ -282,7 +284,8 @@ glitsj16 (https://github.com/glitsj16)
        - new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat
        - new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore
        - new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
-        - new profiles: nirtoshare-send, nitroshare-ui
+        - new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
+        - new profiles: masterpdfeditor
 graywolf (https://github.com/graywolf)
        - spelling fix
 greigdp (https://github.com/greigdp)
diff --git a/README.md b/README.md
index f0fcec6db..8ce9a84fa 100644
--- a/README.md
+++ b/README.md
@@ -136,5 +136,6 @@ The new LTS branch is here: https://github.com/netblue30/firejail/tree/LTSbase
 QMediathekView, aria2c, Authenticator, checkbashisms, devilspie, devilspie2, easystroke, github-desktop, min,
 bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep,
 lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore,
-lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui
+lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui, mencoder, gnome-pie,
+masterpdfeditor
diff --git a/RELNOTES b/RELNOTES
index 67a03be10..85f0c2b7a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -8,7 +8,8 @@ firejail (0.9.56.1) baseline; urgency=low
  * new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat
  * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore
  * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
-  * new profiles: nirtoshare-send, nitroshare-ui
+  * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
+  * new profiles: masterpdfeditor
 -- netblue30 <netblue30@yahoo.com>  Thu, 11 Oct 2018 08:00:00 -0500
 firejail (0.9.56) baseline; urgency=low
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc
index 6ef11780e..19fd871d3 100644
--- a/etc/disable-passwdmgr.inc
+++ b/etc/disable-passwdmgr.inc
@@ -2,6 +2,7 @@
 # Persistent customizations should go in a .local file.
 include /etc/firejail/disable-passwdmgr.local
+blacklist ${HOME}/.config/Bitwarden
 blacklist ${HOME}/.config/KeePass
 blacklist ${HOME}/.config/keepass
 blacklist ${HOME}/.config/keepassx
diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile
new file mode 100644
index 000000000..be408ea93
--- /dev/null
+++ b/etc/gnome-pie.profile
@@ -0,0 +1,41 @@
+# Firejail profile for gnome-pie
+# Description: Alternative AppMenu
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/gnome-pie.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+#include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+#include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+#include /etc/firejail/disable-programs.inc
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+disable-mnt
+private-cache
+private-dev
+private-etc fonts
+private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/mencoder.profile b/etc/mencoder.profile
new file mode 100644
index 000000000..9306d268e
--- /dev/null
+++ b/etc/mencoder.profile
@@ -0,0 +1,28 @@
+# Firejail profile for mencoder
+# Description: Free command line video decoding, encoding and filtering tool
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/mencoder.local
+# Persistent global definitions
+# added by included profile
+#include /etc/firejail/globals.local
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+net none
+no3d
+nodbus
+nosound
+notv
+nou2f
+protocol unix
+seccomp
+shell none
+private-bin mencoder
+include /etc/firejail/mplayer.profile
author	netblue30 <netblue30@yahoo.com>	2018-10-13 14:03:51 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-10-13 14:03:51 -0400
commit	8155eefbc50f202312d1639bd71bb2c5ea285c86 (patch)
tree	d14d0dfd91d297594c398380d7c1a1165c00e528
parent	private-lib fix (diff)
parent	Merges (diff)
download	firejail-8155eefbc50f202312d1639bd71bb2c5ea285c86.tar.gz firejail-8155eefbc50f202312d1639bd71bb2c5ea285c86.tar.zst firejail-8155eefbc50f202312d1639bd71bb2c5ea285c86.zip

diff --git a/README b/README index 7709de028..c122a006b 100644 --- a/README +++ b/README
@@ -123,6 +123,8 @@ bn0785ac (https://github.com/bn0785ac)
123	- fix inox, add snox profile	123	- fix inox, add snox profile
124	BogDan Vatra (https://github.com/bog-dan-ro)	124	BogDan Vatra (https://github.com/bog-dan-ro)
125	- zoom profile	125	- zoom profile
		126	Brad Ackerman
		127	- blacklist Bitwarden config in disable-passwdmgr.inc
126	Bruno Nova (https://github.com/brunonova)	128	Bruno Nova (https://github.com/brunonova)
127	- whitelist fix	129	- whitelist fix
128	- bash arguments fix	130	- bash arguments fix
@@ -282,7 +284,8 @@ glitsj16 (https://github.com/glitsj16)
282	- new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat	284	- new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat
283	- new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore	285	- new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore
284	- new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh	286	- new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
285	- new profiles: nirtoshare-send, nitroshare-ui	287	- new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
		288	- new profiles: masterpdfeditor
286	graywolf (https://github.com/graywolf)	289	graywolf (https://github.com/graywolf)
287	- spelling fix	290	- spelling fix
288	greigdp (https://github.com/greigdp)	291	greigdp (https://github.com/greigdp)


diff --git a/README.md b/README.md index f0fcec6db..8ce9a84fa 100644 --- a/README.md +++ b/README.md
@@ -136,5 +136,6 @@ The new LTS branch is here: https://github.com/netblue30/firejail/tree/LTSbase
136	QMediathekView, aria2c, Authenticator, checkbashisms, devilspie, devilspie2, easystroke, github-desktop, min,	136	QMediathekView, aria2c, Authenticator, checkbashisms, devilspie, devilspie2, easystroke, github-desktop, min,
137	bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep,	137	bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep,
138	lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore,	138	lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore,
139	lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui	139	lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui, mencoder, gnome-pie,
		140	masterpdfeditor
140		141


diff --git a/RELNOTES b/RELNOTES index 67a03be10..85f0c2b7a 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -8,7 +8,8 @@ firejail (0.9.56.1) baseline; urgency=low
8	* new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat	8	* new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat
9	* new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore	9	* new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore
10	* new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh	10	* new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
11	* new profiles: nirtoshare-send, nitroshare-ui	11	* new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
		12	* new profiles: masterpdfeditor
12	-- netblue30 <netblue30@yahoo.com> Thu, 11 Oct 2018 08:00:00 -0500	13	-- netblue30 <netblue30@yahoo.com> Thu, 11 Oct 2018 08:00:00 -0500
13		14
14	firejail (0.9.56) baseline; urgency=low	15	firejail (0.9.56) baseline; urgency=low


diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index 6ef11780e..19fd871d3 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc
@@ -2,6 +2,7 @@
2	# Persistent customizations should go in a .local file.	2	# Persistent customizations should go in a .local file.
3	include /etc/firejail/disable-passwdmgr.local	3	include /etc/firejail/disable-passwdmgr.local
4		4
		5	blacklist ${HOME}/.config/Bitwarden
5	blacklist ${HOME}/.config/KeePass	6	blacklist ${HOME}/.config/KeePass
6	blacklist ${HOME}/.config/keepass	7	blacklist ${HOME}/.config/keepass
7	blacklist ${HOME}/.config/keepassx	8	blacklist ${HOME}/.config/keepassx


diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile new file mode 100644 index 000000000..be408ea93 --- /dev/null +++ b/etc/gnome-pie.profile
@@ -0,0 +1,41 @@
		1	# Firejail profile for gnome-pie
		2	# Description: Alternative AppMenu
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include /etc/firejail/gnome-pie.local
		6	# Persistent global definitions
		7	include /etc/firejail/globals.local
		8
		9	#include /etc/firejail/disable-common.inc
		10	include /etc/firejail/disable-devel.inc
		11	#include /etc/firejail/disable-interpreters.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13	#include /etc/firejail/disable-programs.inc
		14
		15	caps.drop all
		16	ipc-namespace
		17	machine-id
		18	net none
		19	no3d
		20	nodvd
		21	nogroups
		22	nonewprivs
		23	noroot
		24	nosound
		25	notv
		26	nou2f
		27	novideo
		28	protocol unix
		29	seccomp
		30	shell none
		31
		32	disable-mnt
		33	private-cache
		34	private-dev
		35	private-etc fonts
		36	private-lib gdk-pixbuf-2.,gio,gvfs/libgvfscommon.so,libgconf-2.so.,librsvg-2.so.*
		37	private-tmp
		38
		39	memory-deny-write-execute
		40	noexec ${HOME}
		41	noexec /tmp


diff --git a/etc/mencoder.profile b/etc/mencoder.profile new file mode 100644 index 000000000..9306d268e --- /dev/null +++ b/etc/mencoder.profile
@@ -0,0 +1,28 @@
		1	# Firejail profile for mencoder
		2	# Description: Free command line video decoding, encoding and filtering tool
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include /etc/firejail/mencoder.local
		6	# Persistent global definitions
		7	# added by included profile
		8	#include /etc/firejail/globals.local
		9
		10	include /etc/firejail/disable-common.inc
		11	include /etc/firejail/disable-devel.inc
		12	include /etc/firejail/disable-interpreters.inc
		13	include /etc/firejail/disable-passwdmgr.inc
		14	include /etc/firejail/disable-programs.inc
		15
		16	net none
		17	no3d
		18	nodbus
		19	nosound
		20	notv
		21	nou2f
		22	protocol unix
		23	seccomp
		24	shell none
		25
		26	private-bin mencoder
		27
		28	include /etc/firejail/mplayer.profile