diff options
author | netblue30 <netblue30@yahoo.com> | 2015-09-16 07:33:08 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-09-16 07:33:08 -0400 |
commit | 1265803f63a2f7e5fcb778dac34efe7436eba8c1 (patch) | |
tree | 00390b5812c63d43111de8e7dba3cbabd0fd7712 | |
parent | release 0.9.30 (diff) | |
download | firejail-1265803f63a2f7e5fcb778dac34efe7436eba8c1.tar.gz firejail-1265803f63a2f7e5fcb778dac34efe7436eba8c1.tar.zst firejail-1265803f63a2f7e5fcb778dac34efe7436eba8c1.zip |
Default profiles work
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | RELNOTES | 9 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | etc/disable-common.inc | 20 | ||||
-rw-r--r-- | etc/fbreader.profile | 11 |
6 files changed, 50 insertions, 11 deletions
diff --git a/Makefile.in b/Makefile.in index 10b057997..bb00a7911 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -100,6 +100,7 @@ realinstall: | |||
100 | install -c -m 0644 etc/quassel.profile $(DESTDIR)/etc/firejail/. | 100 | install -c -m 0644 etc/quassel.profile $(DESTDIR)/etc/firejail/. |
101 | install -c -m 0644 etc/deadbeef.profile $(DESTDIR)/etc/firejail/. | 101 | install -c -m 0644 etc/deadbeef.profile $(DESTDIR)/etc/firejail/. |
102 | install -c -m 0644 etc/filezilla.profile $(DESTDIR)/etc/firejail/. | 102 | install -c -m 0644 etc/filezilla.profile $(DESTDIR)/etc/firejail/. |
103 | install -c -m 0644 etc/fbreader.profile $(DESTDIR)/etc/firejail/. | ||
103 | bash -c "if [ ! -f /etc/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/.; fi;" | 104 | bash -c "if [ ! -f /etc/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/.; fi;" |
104 | # man pages | 105 | # man pages |
105 | rm -f firejail.1.gz | 106 | rm -f firejail.1.gz |
@@ -1,4 +1,11 @@ | |||
1 | firejail (0.9.30) baseline; urgency=low | 1 | ffirejail (0.9.31) baseline; urgency=low |
2 | * disable X11 autostart folders in default profiles | ||
3 | * disable subversion and git config files in home directory | ||
4 | * added FBReader default profile | ||
5 | -- netblue30 <netblue30@yahoo.com> current development | ||
6 | |||
7 | |||
8 | irejail (0.9.30) baseline; urgency=low | ||
2 | * added a disable-history.inc profile as a result of Firefox PDF.js exploit; | 9 | * added a disable-history.inc profile as a result of Firefox PDF.js exploit; |
3 | disable-history.inc included in all default profiles | 10 | disable-history.inc included in all default profiles |
4 | * Firefox PDF.js exploit (CVE-2015-4495) fixes | 11 | * Firefox PDF.js exploit (CVE-2015-4495) fixes |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.30. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.31. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.30' | 583 | PACKAGE_VERSION='0.9.31' |
584 | PACKAGE_STRING='firejail 0.9.30' | 584 | PACKAGE_STRING='firejail 0.9.31' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='http://firejail.sourceforge.net' | 586 | PACKAGE_URL='http://firejail.sourceforge.net' |
587 | 587 | ||
@@ -1238,7 +1238,7 @@ if test "$ac_init_help" = "long"; then | |||
1238 | # Omit some internal or obsolete options to make the list less imposing. | 1238 | # Omit some internal or obsolete options to make the list less imposing. |
1239 | # This message is too long to be a string in the A/UX 3.1 sh. | 1239 | # This message is too long to be a string in the A/UX 3.1 sh. |
1240 | cat <<_ACEOF | 1240 | cat <<_ACEOF |
1241 | \`configure' configures firejail 0.9.30 to adapt to many kinds of systems. | 1241 | \`configure' configures firejail 0.9.31 to adapt to many kinds of systems. |
1242 | 1242 | ||
1243 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1243 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1244 | 1244 | ||
@@ -1299,7 +1299,7 @@ fi | |||
1299 | 1299 | ||
1300 | if test -n "$ac_init_help"; then | 1300 | if test -n "$ac_init_help"; then |
1301 | case $ac_init_help in | 1301 | case $ac_init_help in |
1302 | short | recursive ) echo "Configuration of firejail 0.9.30:";; | 1302 | short | recursive ) echo "Configuration of firejail 0.9.31:";; |
1303 | esac | 1303 | esac |
1304 | cat <<\_ACEOF | 1304 | cat <<\_ACEOF |
1305 | 1305 | ||
@@ -1389,7 +1389,7 @@ fi | |||
1389 | test -n "$ac_init_help" && exit $ac_status | 1389 | test -n "$ac_init_help" && exit $ac_status |
1390 | if $ac_init_version; then | 1390 | if $ac_init_version; then |
1391 | cat <<\_ACEOF | 1391 | cat <<\_ACEOF |
1392 | firejail configure 0.9.30 | 1392 | firejail configure 0.9.31 |
1393 | generated by GNU Autoconf 2.69 | 1393 | generated by GNU Autoconf 2.69 |
1394 | 1394 | ||
1395 | Copyright (C) 2012 Free Software Foundation, Inc. | 1395 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1691,7 +1691,7 @@ cat >config.log <<_ACEOF | |||
1691 | This file contains any messages produced by compilers while | 1691 | This file contains any messages produced by compilers while |
1692 | running configure, to aid debugging if configure makes a mistake. | 1692 | running configure, to aid debugging if configure makes a mistake. |
1693 | 1693 | ||
1694 | It was created by firejail $as_me 0.9.30, which was | 1694 | It was created by firejail $as_me 0.9.31, which was |
1695 | generated by GNU Autoconf 2.69. Invocation command line was | 1695 | generated by GNU Autoconf 2.69. Invocation command line was |
1696 | 1696 | ||
1697 | $ $0 $@ | 1697 | $ $0 $@ |
@@ -4102,7 +4102,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4102 | # report actual input values of CONFIG_FILES etc. instead of their | 4102 | # report actual input values of CONFIG_FILES etc. instead of their |
4103 | # values after options handling. | 4103 | # values after options handling. |
4104 | ac_log=" | 4104 | ac_log=" |
4105 | This file was extended by firejail $as_me 0.9.30, which was | 4105 | This file was extended by firejail $as_me 0.9.31, which was |
4106 | generated by GNU Autoconf 2.69. Invocation command line was | 4106 | generated by GNU Autoconf 2.69. Invocation command line was |
4107 | 4107 | ||
4108 | CONFIG_FILES = $CONFIG_FILES | 4108 | CONFIG_FILES = $CONFIG_FILES |
@@ -4156,7 +4156,7 @@ _ACEOF | |||
4156 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4156 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4157 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4157 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4158 | ac_cs_version="\\ | 4158 | ac_cs_version="\\ |
4159 | firejail config.status 0.9.30 | 4159 | firejail config.status 0.9.31 |
4160 | configured by $0, generated by GNU Autoconf 2.69, | 4160 | configured by $0, generated by GNU Autoconf 2.69, |
4161 | with options \\"\$ac_cs_config\\" | 4161 | with options \\"\$ac_cs_config\\" |
4162 | 4162 | ||
diff --git a/configure.ac b/configure.ac index ff11d95b6..0ccba0a13 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.30, netblue30@yahoo.com, , http://firejail.sourceforge.net) | 2 | AC_INIT(firejail, 0.9.31, netblue30@yahoo.com, , http://firejail.sourceforge.net) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index f4aea1b6a..984bbe628 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -20,3 +20,23 @@ blacklist ${HOME}/.remmina | |||
20 | 20 | ||
21 | # Other | 21 | # Other |
22 | blacklist ${HOME}/.tconn | 22 | blacklist ${HOME}/.tconn |
23 | blacklist ${HOME}/.FBReader | ||
24 | |||
25 | # X11 session autostart | ||
26 | blacklist ${HOME}/.xinitrc | ||
27 | blacklist ${HOME}/.xprofile | ||
28 | blacklist ${HOME}/.config/autostart | ||
29 | blacklist /etc/xdg/autostart | ||
30 | blacklist ${HOME}/.kde4/Autostart | ||
31 | blacklist ${HOME}/.kde/Autostart | ||
32 | blacklist ${HOME}/.config/plasma-workspace/shutdown | ||
33 | blacklist ${HOME}/.config/plasma-workspace/env | ||
34 | blacklist ${HOME}/.config/lxsession/LXDE/autostart | ||
35 | blacklist ${HOME}/.fluxbox/startup | ||
36 | blacklist ${HOME}/.config/openbox/autostart | ||
37 | blacklist ${HOME}/.config/openbox/environment | ||
38 | |||
39 | # git, subversion | ||
40 | blacklist ${HOME}/.subversion | ||
41 | blacklist ${HOME}/.gitconfig | ||
42 | blacklist ${HOME}/.git-credential-cache | ||
diff --git a/etc/fbreader.profile b/etc/fbreader.profile new file mode 100644 index 000000000..97baa2a3e --- /dev/null +++ b/etc/fbreader.profile | |||
@@ -0,0 +1,11 @@ | |||
1 | # fbreader profile | ||
2 | noblacklist ${HOME}/.FBReader | ||
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-history.inc | ||
7 | caps.drop all | ||
8 | seccomp | ||
9 | netfilter | ||
10 | noroot | ||
11 | |||