Add cheese.profile

author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-04-09 16:38:47 +0200
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-04-09 16:38:47 +0200
commit: a3307a905ce69baa44f63079fbac78a0967eeb4c (patch)
tree: cdebe093240119da470c742cab3c69010b11cace
parent: seccomp testing (diff)
download: firejail-a3307a905ce69baa44f63079fbac78a0967eeb4c.tar.gz
firejail-a3307a905ce69baa44f63079fbac78a0967eeb4c.tar.zst
firejail-a3307a905ce69baa44f63079fbac78a0967eeb4c.zip
5 files changed, 54 insertions, 4 deletions
diff --git a/README b/README
index d41ae967a..6bb17d4f3 100644
--- a/README
+++ b/README
@@ -545,12 +545,12 @@ rusty-snake (https://github.com/rusty-snake)
        - added profiles: kid3-qt, kid3-cli, anki
        - fixed profiles: kdenlive, bibletime, rhythmbox, gajim, seahorse
        - fixed profiles: libreoffice, gnome-maps, wget, seahorse-tool
-        - fixed profiles: gnome-logs
+        - fixed profiles: gnome-logs, atom, brackets, gnome-builder, geany
+        - fixed profiles: vim, emacs, pycharm-community, gedit
        - hardened profiles: disable-common.inc, disable-programs.inc
        - hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox
        - hardened profiles: gnome-clocks, meld, minetest, youtube-dl
        - gnome-mpv was renamed to celluloid
-        - updates for ~/.cargo and ~/.python-history
 Salvo 'LtWorf' Tomaselli (https://github.com/ltworf)
        - fixed ktorrent profile
 sarneaud (https://github.com/sarneaud)
diff --git a/README.md b/README.md
index 429f3362c..8509bf44d 100644
--- a/README.md
+++ b/README.md
@@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## Current development version: 0.9.59
 ## New profiles:
-anki, assogiate, autokey-gtk, autokey-qt, autokey-run, autokey-shell, bzflag, celluoid, code-oss, crawl, crawl-tiles, crow, d-feet, dconf, dconf-editor, devhelp, exfalso, font-manager, freeciv, freecol, freemind, gconf-editor, geekbench, gnome-keyring, gnome-nettool, gnome-system-log, gsettings, kid3, kid3-cli, kid3-qt, klavaro, lincity-ng, lugaru, Maelstrom, manaplus, megaglest, mpdris2, mypaint, nano, netactview, nomacs, nyx, opencity, openclonk, openttd, ostrichriders, pavucontrol, pioneer, pragha, redshift, regextester, seahorse, seahorse-tool, scorched3d, secret-tool, simplescreenrecorder, slashem, subdownloader, sysprof, sysprof-cli, teeworlds, torcs, tremulous, transgui, vulturesclaw, vultureseye, warsow, widelands, xfce4-mixer
+anki, assogiate, autokey-gtk, autokey-qt, autokey-run, autokey-shell, bzflag, celluoid, code-oss, crawl, crawl-tiles, crow, d-feet, dconf, dconf-editor, devhelp, exfalso, font-manager, freeciv, freecol, freemind, gconf-editor, geekbench, gnome-keyring, gnome-nettool, gnome-system-log, gsettings, kid3, kid3-cli, kid3-qt, klavaro, lincity-ng, lugaru, Maelstrom, manaplus, megaglest, mpdris2, mypaint, nano, netactview, nomacs, nyx, opencity, openclonk, openttd, ostrichriders, pavucontrol, pioneer, pragha, redshift, regextester, seahorse, seahorse-tool, scorched3d, secret-tool, simplescreenrecorder, slashem, subdownloader, sysprof, sysprof-cli, teeworlds, torcs, tremulous, transgui, vulturesclaw, vultureseye, warsow, widelands, xfce4-mixer, cheese
diff --git a/RELNOTES b/RELNOTES
index a3cf6bea0..2238ee57d 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -11,7 +11,7 @@ firejail (0.9.59) baseline; urgency=low
  * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus
  * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt
  * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem
-  * new profiles: vultureseye, vulturesclaw, anki
+  * new profiles: vultureseye, vulturesclaw, anki, cheese
  * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell
  * memory-deny-write-execute now also blocks memfd_create
  * drop support for flatpak/snap packages
diff --git a/etc/Cheese.profile b/etc/Cheese.profile
new file mode 100644
index 000000000..4bfce53a9
--- /dev/null
+++ b/etc/Cheese.profile
@@ -0,0 +1,7 @@
+# Firejail profile for cheese
+# This file is overwritten after every install/update
+# Temporary fix for https://github.com/netblue30/firejail/issues/2624
+# Redirect
+include cheese.profile
diff --git a/etc/cheese.profile b/etc/cheese.profile
new file mode 100644
index 000000000..b6cb0c9ce
--- /dev/null
+++ b/etc/cheese.profile
@@ -0,0 +1,43 @@
+# Firejail profile for cheese
+# Description: taking pictures and movies from a webcam
+# This file is overwritten after every install/update
+# Persistent local customizations
+include cheese.local
+# Persistent global definitions
+include globals.local
+noblacklist ${VIDEOS}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist ${VIDEOS}
+include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin cheese
+private-cache
+private-etc alternatives,fonts,drirc,clutter-1.0,gtk-3.0,dconf
+private-tmp
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-04-09 16:38:47 +0200
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-04-09 16:38:47 +0200
commit	a3307a905ce69baa44f63079fbac78a0967eeb4c (patch)
tree	cdebe093240119da470c742cab3c69010b11cace
parent	seccomp testing (diff)
download	firejail-a3307a905ce69baa44f63079fbac78a0967eeb4c.tar.gz firejail-a3307a905ce69baa44f63079fbac78a0967eeb4c.tar.zst firejail-a3307a905ce69baa44f63079fbac78a0967eeb4c.zip

diff --git a/README b/README index d41ae967a..6bb17d4f3 100644 --- a/README +++ b/README
@@ -545,12 +545,12 @@ rusty-snake (https://github.com/rusty-snake)
545	- added profiles: kid3-qt, kid3-cli, anki	545	- added profiles: kid3-qt, kid3-cli, anki
546	- fixed profiles: kdenlive, bibletime, rhythmbox, gajim, seahorse	546	- fixed profiles: kdenlive, bibletime, rhythmbox, gajim, seahorse
547	- fixed profiles: libreoffice, gnome-maps, wget, seahorse-tool	547	- fixed profiles: libreoffice, gnome-maps, wget, seahorse-tool
548	- fixed profiles: gnome-logs	548	- fixed profiles: gnome-logs, atom, brackets, gnome-builder, geany
		549	- fixed profiles: vim, emacs, pycharm-community, gedit
549	- hardened profiles: disable-common.inc, disable-programs.inc	550	- hardened profiles: disable-common.inc, disable-programs.inc
550	- hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox	551	- hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox
551	- hardened profiles: gnome-clocks, meld, minetest, youtube-dl	552	- hardened profiles: gnome-clocks, meld, minetest, youtube-dl
552	- gnome-mpv was renamed to celluloid	553	- gnome-mpv was renamed to celluloid
553	- updates for ~/.cargo and ~/.python-history
554	Salvo 'LtWorf' Tomaselli (https://github.com/ltworf)	554	Salvo 'LtWorf' Tomaselli (https://github.com/ltworf)
555	- fixed ktorrent profile	555	- fixed ktorrent profile
556	sarneaud (https://github.com/sarneaud)	556	sarneaud (https://github.com/sarneaud)


diff --git a/README.md b/README.md index 429f3362c..8509bf44d 100644 --- a/README.md +++ b/README.md
@@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
102	## Current development version: 0.9.59	102	## Current development version: 0.9.59
103		103
104	## New profiles:	104	## New profiles:
105	anki, assogiate, autokey-gtk, autokey-qt, autokey-run, autokey-shell, bzflag, celluoid, code-oss, crawl, crawl-tiles, crow, d-feet, dconf, dconf-editor, devhelp, exfalso, font-manager, freeciv, freecol, freemind, gconf-editor, geekbench, gnome-keyring, gnome-nettool, gnome-system-log, gsettings, kid3, kid3-cli, kid3-qt, klavaro, lincity-ng, lugaru, Maelstrom, manaplus, megaglest, mpdris2, mypaint, nano, netactview, nomacs, nyx, opencity, openclonk, openttd, ostrichriders, pavucontrol, pioneer, pragha, redshift, regextester, seahorse, seahorse-tool, scorched3d, secret-tool, simplescreenrecorder, slashem, subdownloader, sysprof, sysprof-cli, teeworlds, torcs, tremulous, transgui, vulturesclaw, vultureseye, warsow, widelands, xfce4-mixer	105	anki, assogiate, autokey-gtk, autokey-qt, autokey-run, autokey-shell, bzflag, celluoid, code-oss, crawl, crawl-tiles, crow, d-feet, dconf, dconf-editor, devhelp, exfalso, font-manager, freeciv, freecol, freemind, gconf-editor, geekbench, gnome-keyring, gnome-nettool, gnome-system-log, gsettings, kid3, kid3-cli, kid3-qt, klavaro, lincity-ng, lugaru, Maelstrom, manaplus, megaglest, mpdris2, mypaint, nano, netactview, nomacs, nyx, opencity, openclonk, openttd, ostrichriders, pavucontrol, pioneer, pragha, redshift, regextester, seahorse, seahorse-tool, scorched3d, secret-tool, simplescreenrecorder, slashem, subdownloader, sysprof, sysprof-cli, teeworlds, torcs, tremulous, transgui, vulturesclaw, vultureseye, warsow, widelands, xfce4-mixer, cheese


diff --git a/RELNOTES b/RELNOTES index a3cf6bea0..2238ee57d 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -11,7 +11,7 @@ firejail (0.9.59) baseline; urgency=low
11	* new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus	11	* new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus
12	* new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt	12	* new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt
13	* new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem	13	* new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem
14	* new profiles: vultureseye, vulturesclaw, anki	14	* new profiles: vultureseye, vulturesclaw, anki, cheese
15	* new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell	15	* new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell
16	* memory-deny-write-execute now also blocks memfd_create	16	* memory-deny-write-execute now also blocks memfd_create
17	* drop support for flatpak/snap packages	17	* drop support for flatpak/snap packages


diff --git a/etc/Cheese.profile b/etc/Cheese.profile new file mode 100644 index 000000000..4bfce53a9 --- /dev/null +++ b/etc/Cheese.profile
@@ -0,0 +1,7 @@
		1	# Firejail profile for cheese
		2	# This file is overwritten after every install/update
		3
		4
		5	# Temporary fix for https://github.com/netblue30/firejail/issues/2624
		6	# Redirect
		7	include cheese.profile


diff --git a/etc/cheese.profile b/etc/cheese.profile new file mode 100644 index 000000000..b6cb0c9ce --- /dev/null +++ b/etc/cheese.profile
@@ -0,0 +1,43 @@
		1	# Firejail profile for cheese
		2	# Description: taking pictures and movies from a webcam
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include cheese.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${VIDEOS}
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	whitelist ${VIDEOS}
		20	include whitelist-common.inc
		21	include whitelist-var-common.inc
		22
		23	apparmor
		24	caps.drop all
		25	machine-id
		26	net none
		27	nodbus
		28	nodvd
		29	nogroups
		30	nonewprivs
		31	noroot
		32	notv
		33	nou2f
		34	protocol unix
		35	seccomp
		36	shell none
		37	tracelog
		38
		39	disable-mnt
		40	private-bin cheese
		41	private-cache
		42	private-etc alternatives,fonts,drirc,clutter-1.0,gtk-3.0,dconf
		43	private-tmp