Add Bitwarden profile (#2673)

* Add bitwarden to firecfg * Add support for bitwarden in disable-programs.inc * Create bitwarden.profile * Fix whitelisting and no3d in bitwarden
author: glitsj16 <glitsj16@users.noreply.github.com> 2019-05-02 00:48:21 +0000
committer: GitHub <noreply@github.com> 2019-05-02 00:48:21 +0000
commit: c813294e47fb9e65b42506125fd24aea760f1c40 (patch)
tree: 7d6382693500fbf4a38e88b10b188cc3f56ced5d
parent: Support Enpass v6 (#2672) (diff)
download: firejail-c813294e47fb9e65b42506125fd24aea760f1c40.tar.gz
firejail-c813294e47fb9e65b42506125fd24aea760f1c40.tar.zst
firejail-c813294e47fb9e65b42506125fd24aea760f1c40.zip
3 files changed, 56 insertions, 0 deletions
diff --git a/etc/bitwarden.profile b/etc/bitwarden.profile
new file mode 100644
index 000000000..3e6308622
--- /dev/null
+++ b/etc/bitwarden.profile
@@ -0,0 +1,54 @@
+# Firejail profile for bitwarden
+# Description: A secure and free password manager for all of your devices
+# This file is overwritten after every install/update.
+# Persistent local customisations
+include bitwarden.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/Bitwarden
+ignore noexec /tmp
+noblacklist ${DOWNLOADS}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-var-common.inc
+whitelist ${HOME}/.config/Bitwarden
+whitelist ${DOWNLOADS}
+apparmor
+caps.drop all
+machine-id
+netfilter
+no3d
+#nodbus - breaks appindicator (tray) functionality
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+#tracelog - breaks on Arch
+private-bin bitwarden
+private-cache
+?HAS_APPIMAGE: ignore private-dev
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,hosts,nsswitch.conf,fonts,pki,resolv.conf,ssl
+private-opt Bitwarden
+private-tmp
+#memory-deny-write-execute - breaks on Arch
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 3b540b8a2..7de2a620f 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -60,6 +60,7 @@ blacklist ${HOME}/.config/Audaciousrc
 blacklist ${HOME}/.config/Authenticator
 blacklist ${HOME}/.config/Beaker Browser
 blacklist ${HOME}/.config/Bitcoin
+blacklist ${HOME}/.config/Bitwarden
 blacklist ${HOME}/.config/Brackets
 blacklist ${HOME}/.config/BraveSoftware
 blacklist ${HOME}/.config/Clementine
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 9f5f7a7a8..2d4902b91 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -68,6 +68,7 @@ beaker
 bibletime
 bitcoin-qt
 bitlbee
+bitwarden
 bleachbit
 blender
 blender-2.8
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-05-02 00:48:21 +0000
committer	GitHub <noreply@github.com>	2019-05-02 00:48:21 +0000
commit	c813294e47fb9e65b42506125fd24aea760f1c40 (patch)
tree	7d6382693500fbf4a38e88b10b188cc3f56ced5d
parent	Support Enpass v6 (#2672) (diff)
download	firejail-c813294e47fb9e65b42506125fd24aea760f1c40.tar.gz firejail-c813294e47fb9e65b42506125fd24aea760f1c40.tar.zst firejail-c813294e47fb9e65b42506125fd24aea760f1c40.zip

diff --git a/etc/bitwarden.profile b/etc/bitwarden.profile new file mode 100644 index 000000000..3e6308622 --- /dev/null +++ b/etc/bitwarden.profile
@@ -0,0 +1,54 @@
		1	# Firejail profile for bitwarden
		2	# Description: A secure and free password manager for all of your devices
		3	# This file is overwritten after every install/update.
		4	# Persistent local customisations
		5	include bitwarden.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/Bitwarden
		10	ignore noexec /tmp
		11	noblacklist ${DOWNLOADS}
		12
		13	include disable-common.inc
		14	include disable-devel.inc
		15	include disable-exec.inc
		16	include disable-interpreters.inc
		17	include disable-passwdmgr.inc
		18	include disable-programs.inc
		19	include disable-xdg.inc
		20
		21	include whitelist-common.inc
		22	include whitelist-var-common.inc
		23
		24	whitelist ${HOME}/.config/Bitwarden
		25	whitelist ${DOWNLOADS}
		26
		27	apparmor
		28	caps.drop all
		29	machine-id
		30	netfilter
		31	no3d
		32	#nodbus - breaks appindicator (tray) functionality
		33	nodvd
		34	nogroups
		35	nonewprivs
		36	noroot
		37	nosound
		38	notv
		39	nou2f
		40	novideo
		41	protocol unix,inet,inet6,netlink
		42	seccomp
		43	shell none
		44	#tracelog - breaks on Arch
		45
		46	private-bin bitwarden
		47	private-cache
		48	?HAS_APPIMAGE: ignore private-dev
		49	private-dev
		50	private-etc alternatives,ca-certificates,crypto-policies,hosts,nsswitch.conf,fonts,pki,resolv.conf,ssl
		51	private-opt Bitwarden
		52	private-tmp
		53
		54	#memory-deny-write-execute - breaks on Arch


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 3b540b8a2..7de2a620f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -60,6 +60,7 @@ blacklist ${HOME}/.config/Audaciousrc
60	blacklist ${HOME}/.config/Authenticator	60	blacklist ${HOME}/.config/Authenticator
61	blacklist ${HOME}/.config/Beaker Browser	61	blacklist ${HOME}/.config/Beaker Browser
62	blacklist ${HOME}/.config/Bitcoin	62	blacklist ${HOME}/.config/Bitcoin
		63	blacklist ${HOME}/.config/Bitwarden
63	blacklist ${HOME}/.config/Brackets	64	blacklist ${HOME}/.config/Brackets
64	blacklist ${HOME}/.config/BraveSoftware	65	blacklist ${HOME}/.config/BraveSoftware
65	blacklist ${HOME}/.config/Clementine	66	blacklist ${HOME}/.config/Clementine


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 9f5f7a7a8..2d4902b91 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -68,6 +68,7 @@ beaker
68	bibletime	68	bibletime
69	bitcoin-qt	69	bitcoin-qt
70	bitlbee	70	bitlbee
		71	bitwarden
71	bleachbit	72	bleachbit
72	blender	73	blender
73	blender-2.8	74	blender-2.8