Create nomacs.profile (#2535)

* Create nomacs.profile * Fix nomacs.profile
author: rusty-snake <print_hello_world+GitHub@protonmail.com> 2019-03-12 13:15:53 +0000
committer: glitsj16 <glitsj16@users.noreply.github.com> 2019-03-12 13:15:53 +0000
commit: c5e95ec4a680799c83036f00d48862bda60d2d26 (patch)
tree: 9f37a313e9824c0a595eef49221ff5f972b4c305
parent: Add new profiles for lrzip and friends (#2574) (diff)
download: firejail-c5e95ec4a680799c83036f00d48862bda60d2d26.tar.gz
firejail-c5e95ec4a680799c83036f00d48862bda60d2d26.tar.zst
firejail-c5e95ec4a680799c83036f00d48862bda60d2d26.zip
3 files changed, 52 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 7e39f7d3d..e2eaea38b 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -223,6 +223,7 @@ blacklist ${HOME}/.config/nemo
 blacklist ${HOME}/.config/netsurf
 blacklist ${HOME}/.config/nheko
 blacklist ${HOME}/.config/NitroShare
+blacklist ${HOME}/.config/nomacs
 blacklist ${HOME}/.config/obs-studio
 blacklist ${HOME}/.config/okularpartrc
 blacklist ${HOME}/.config/okularrc
@@ -437,6 +438,7 @@ blacklist ${HOME}/.local/share/data/Mendeley Ltd.
 blacklist ${HOME}/.local/share/data/Mumble
 blacklist ${HOME}/.local/share/data/MusE
 blacklist ${HOME}/.local/share/data/MuseScore
+blacklist ${HOME}/.local/share/data/nomacs
 blacklist ${HOME}/.local/share/data/qBittorrent
 blacklist ${HOME}/.local/share/dino
 blacklist ${HOME}/.local/share/dolphin
@@ -483,6 +485,7 @@ blacklist ${HOME}/.local/share/nautilus
 blacklist ${HOME}/.local/share/nautilus-python
 blacklist ${HOME}/.local/share/nemo
 blacklist ${HOME}/.local/share/nemo-python
+blacklist ${HOME}/.local/share/nomacs
 blacklist ${HOME}/.local/share/notes
 blacklist ${HOME}/.local/share/ocenaudio
 blacklist ${HOME}/.local/share/okular
diff --git a/etc/nomacs.profile b/etc/nomacs.profile
new file mode 100644
index 000000000..4bda5cbce
--- /dev/null
+++ b/etc/nomacs.profile
@@ -0,0 +1,48 @@
+# Firejail profile for nomacs
+# Description: a fast and small image viewer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nomacs.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/nomacs
+noblacklist ${HOME}/.local/share/nomacs
+noblacklist ${HOME}/.local/share/data/nomacs
+noblacklist ${PICTURES}
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+#private-bin nomacs
+private-cache
+private-dev
+private-etc alternatives,hosts,ca-certificates,ssl,pki,crypto-policies,resolv.conf,drirc,fonts,gtk-3.0,dconf,machine-id,login.defs
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index a654560d3..87c427f72 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -361,6 +361,7 @@ nitroshare-cli
 nitroshare-nmh
 nitroshare-send
 nitroshare-ui
+nomacs
 nylas
 nyx
 obs
author	rusty-snake <print_hello_world+GitHub@protonmail.com>	2019-03-12 13:15:53 +0000
committer	glitsj16 <glitsj16@users.noreply.github.com>	2019-03-12 13:15:53 +0000
commit	c5e95ec4a680799c83036f00d48862bda60d2d26 (patch)
tree	9f37a313e9824c0a595eef49221ff5f972b4c305
parent	Add new profiles for lrzip and friends (#2574) (diff)
download	firejail-c5e95ec4a680799c83036f00d48862bda60d2d26.tar.gz firejail-c5e95ec4a680799c83036f00d48862bda60d2d26.tar.zst firejail-c5e95ec4a680799c83036f00d48862bda60d2d26.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 7e39f7d3d..e2eaea38b 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -223,6 +223,7 @@ blacklist ${HOME}/.config/nemo
223	blacklist ${HOME}/.config/netsurf	223	blacklist ${HOME}/.config/netsurf
224	blacklist ${HOME}/.config/nheko	224	blacklist ${HOME}/.config/nheko
225	blacklist ${HOME}/.config/NitroShare	225	blacklist ${HOME}/.config/NitroShare
		226	blacklist ${HOME}/.config/nomacs
226	blacklist ${HOME}/.config/obs-studio	227	blacklist ${HOME}/.config/obs-studio
227	blacklist ${HOME}/.config/okularpartrc	228	blacklist ${HOME}/.config/okularpartrc
228	blacklist ${HOME}/.config/okularrc	229	blacklist ${HOME}/.config/okularrc
@@ -437,6 +438,7 @@ blacklist ${HOME}/.local/share/data/Mendeley Ltd.
437	blacklist ${HOME}/.local/share/data/Mumble	438	blacklist ${HOME}/.local/share/data/Mumble
438	blacklist ${HOME}/.local/share/data/MusE	439	blacklist ${HOME}/.local/share/data/MusE
439	blacklist ${HOME}/.local/share/data/MuseScore	440	blacklist ${HOME}/.local/share/data/MuseScore
		441	blacklist ${HOME}/.local/share/data/nomacs
440	blacklist ${HOME}/.local/share/data/qBittorrent	442	blacklist ${HOME}/.local/share/data/qBittorrent
441	blacklist ${HOME}/.local/share/dino	443	blacklist ${HOME}/.local/share/dino
442	blacklist ${HOME}/.local/share/dolphin	444	blacklist ${HOME}/.local/share/dolphin
@@ -483,6 +485,7 @@ blacklist ${HOME}/.local/share/nautilus
483	blacklist ${HOME}/.local/share/nautilus-python	485	blacklist ${HOME}/.local/share/nautilus-python
484	blacklist ${HOME}/.local/share/nemo	486	blacklist ${HOME}/.local/share/nemo
485	blacklist ${HOME}/.local/share/nemo-python	487	blacklist ${HOME}/.local/share/nemo-python
		488	blacklist ${HOME}/.local/share/nomacs
486	blacklist ${HOME}/.local/share/notes	489	blacklist ${HOME}/.local/share/notes
487	blacklist ${HOME}/.local/share/ocenaudio	490	blacklist ${HOME}/.local/share/ocenaudio
488	blacklist ${HOME}/.local/share/okular	491	blacklist ${HOME}/.local/share/okular


diff --git a/etc/nomacs.profile b/etc/nomacs.profile new file mode 100644 index 000000000..4bda5cbce --- /dev/null +++ b/etc/nomacs.profile
@@ -0,0 +1,48 @@
		1	# Firejail profile for nomacs
		2	# Description: a fast and small image viewer
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include nomacs.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/nomacs
		10	noblacklist ${HOME}/.local/share/nomacs
		11	noblacklist ${HOME}/.local/share/data/nomacs
		12	noblacklist ${PICTURES}
		13
		14	include disable-common.inc
		15	include disable-devel.inc
		16	include disable-interpreters.inc
		17	include disable-passwdmgr.inc
		18	include disable-programs.inc
		19	include disable-xdg.inc
		20
		21	include whitelist-var-common.inc
		22
		23	apparmor
		24	caps.drop all
		25	machine-id
		26	netfilter
		27	nodvd
		28	nogroups
		29	nonewprivs
		30	noroot
		31	nosound
		32	notv
		33	nou2f
		34	novideo
		35	protocol unix,inet,inet6,netlink
		36	seccomp
		37	shell none
		38	tracelog
		39
		40	#private-bin nomacs
		41	private-cache
		42	private-dev
		43	private-etc alternatives,hosts,ca-certificates,ssl,pki,crypto-policies,resolv.conf,drirc,fonts,gtk-3.0,dconf,machine-id,login.defs
		44	private-tmp
		45
		46	memory-deny-write-execute
		47	noexec ${HOME}
		48	noexec /tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index a654560d3..87c427f72 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -361,6 +361,7 @@ nitroshare-cli
361	nitroshare-nmh	361	nitroshare-nmh
362	nitroshare-send	362	nitroshare-send
363	nitroshare-ui	363	nitroshare-ui
		364	nomacs
364	nylas	365	nylas
365	nyx	366	nyx
366	obs	367	obs