Merge pull request #2691 from curiosity-seeker/master

cantata.profile
author: SkewedZeppelin <8296104+SkewedZeppelin@users.noreply.github.com> 2019-05-13 11:07:21 +0000
committer: GitHub <noreply@github.com> 2019-05-13 11:07:21 +0000
commit: e8e1eed08d9e405675a6d034559426f85a7400a1 (patch)
tree: cf33e043c11cbbd5a5c9a09f4966bbd0880ed052
parent: harden & fix xiphos.profile (diff)
parent: Remove trailing commas in cantata.profile (diff)
download: firejail-e8e1eed08d9e405675a6d034559426f85a7400a1.tar.gz
firejail-e8e1eed08d9e405675a6d034559426f85a7400a1.tar.zst
firejail-e8e1eed08d9e405675a6d034559426f85a7400a1.zip
3 files changed, 44 insertions, 0 deletions
diff --git a/etc/cantata.profile b/etc/cantata.profile
new file mode 100644
index 000000000..e4a4de9c1
--- /dev/null
+++ b/etc/cantata.profile
@@ -0,0 +1,40 @@
+# Firejail profile for Cantata
+# Description: Multimedia player - Qt5 client for the music Player daemon (MPD)
+# This file is overwritten during software install.
+# Persistent local customizations
+include cantata.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/cantata
+noblacklist ${HOME}/.config/cantata
+noblacklist ${HOME}/.local/share/cantata
+noblacklist ${MUSIC}
+noblacklist ${PATH}/perl
+noblacklist /usr/lib/perl*
+noblacklist /usr/share/perl*
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+# apparmor
+caps.drop all
+ipc-namespace
+netfilter
+nonewprivs
+noroot
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+# private-etc samba,gcrypt,drirc,fonts,mpd.conf,kde5rc,passwd,xdg,hosts,ssl
+private-bin cantata,mpd,perl
+private-dev
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 7de2a620f..cd0cb1f2e 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -128,6 +128,7 @@ blacklist ${HOME}/.config/brasero
 blacklist ${HOME}/.config/brave
 blacklist ${HOME}/.config/caja
 blacklist ${HOME}/.config/calibre
+blacklist ${HOME}/.config/cantata
 blacklist ${HOME}/.config/catfish
 blacklist ${HOME}/.config/celluloid
 blacklist ${HOME}/.config/cherrytree
@@ -451,6 +452,7 @@ blacklist ${HOME}/.local/share/aspyr-media
 blacklist ${HOME}/.local/share/baloo
 blacklist ${HOME}/.local/share/bibletime
 blacklist ${HOME}/.local/share/caja-python
+blacklist ${HOME}/.local/share/cantata
 blacklist ${HOME}/.local/share/cdprojektred
 blacklist ${HOME}/.local/share/clipit
 blacklist ${HOME}/.local/share/contacts
@@ -648,6 +650,7 @@ blacklist ${HOME}/.cache/attic
 blacklist ${HOME}/.cache/bnox
 blacklist ${HOME}/.cache/borg
 blacklist ${HOME}/.cache/calibre
+blacklist ${HOME}/.cache/cantata
 blacklist ${HOME}/.cache/champlain
 blacklist ${HOME}/.cache/chromium
 blacklist ${HOME}/.cache/chromium-dev
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 2d4902b91..aba0e9f60 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -92,6 +92,7 @@ calligraplanwork
 calligrasheets
 calligrastage
 calligrawords
+cantata
 catfish
 celluloid
 checkbashisms
author	SkewedZeppelin <8296104+SkewedZeppelin@users.noreply.github.com>	2019-05-13 11:07:21 +0000
committer	GitHub <noreply@github.com>	2019-05-13 11:07:21 +0000
commit	e8e1eed08d9e405675a6d034559426f85a7400a1 (patch)
tree	cf33e043c11cbbd5a5c9a09f4966bbd0880ed052
parent	harden & fix xiphos.profile (diff)
parent	Remove trailing commas in cantata.profile (diff)
download	firejail-e8e1eed08d9e405675a6d034559426f85a7400a1.tar.gz firejail-e8e1eed08d9e405675a6d034559426f85a7400a1.tar.zst firejail-e8e1eed08d9e405675a6d034559426f85a7400a1.zip

diff --git a/etc/cantata.profile b/etc/cantata.profile new file mode 100644 index 000000000..e4a4de9c1 --- /dev/null +++ b/etc/cantata.profile
@@ -0,0 +1,40 @@
		1	# Firejail profile for Cantata
		2	# Description: Multimedia player - Qt5 client for the music Player daemon (MPD)
		3	# This file is overwritten during software install.
		4	# Persistent local customizations
		5	include cantata.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.cache/cantata
		10	noblacklist ${HOME}/.config/cantata
		11	noblacklist ${HOME}/.local/share/cantata
		12	noblacklist ${MUSIC}
		13
		14	noblacklist ${PATH}/perl
		15	noblacklist /usr/lib/perl*
		16	noblacklist /usr/share/perl*
		17
		18	include disable-common.inc
		19	include disable-devel.inc
		20	include disable-exec.inc
		21	include disable-interpreters.inc
		22	include disable-passwdmgr.inc
		23	include disable-programs.inc
		24	include disable-xdg.inc
		25
		26	# apparmor
		27	caps.drop all
		28	ipc-namespace
		29	netfilter
		30	nonewprivs
		31	noroot
		32	nou2f
		33	novideo
		34	protocol unix,inet,inet6,netlink
		35	seccomp
		36	shell none
		37
		38	# private-etc samba,gcrypt,drirc,fonts,mpd.conf,kde5rc,passwd,xdg,hosts,ssl
		39	private-bin cantata,mpd,perl
		40	private-dev


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 7de2a620f..cd0cb1f2e 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -128,6 +128,7 @@ blacklist ${HOME}/.config/brasero
128	blacklist ${HOME}/.config/brave	128	blacklist ${HOME}/.config/brave
129	blacklist ${HOME}/.config/caja	129	blacklist ${HOME}/.config/caja
130	blacklist ${HOME}/.config/calibre	130	blacklist ${HOME}/.config/calibre
		131	blacklist ${HOME}/.config/cantata
131	blacklist ${HOME}/.config/catfish	132	blacklist ${HOME}/.config/catfish
132	blacklist ${HOME}/.config/celluloid	133	blacklist ${HOME}/.config/celluloid
133	blacklist ${HOME}/.config/cherrytree	134	blacklist ${HOME}/.config/cherrytree
@@ -451,6 +452,7 @@ blacklist ${HOME}/.local/share/aspyr-media
451	blacklist ${HOME}/.local/share/baloo	452	blacklist ${HOME}/.local/share/baloo
452	blacklist ${HOME}/.local/share/bibletime	453	blacklist ${HOME}/.local/share/bibletime
453	blacklist ${HOME}/.local/share/caja-python	454	blacklist ${HOME}/.local/share/caja-python
		455	blacklist ${HOME}/.local/share/cantata
454	blacklist ${HOME}/.local/share/cdprojektred	456	blacklist ${HOME}/.local/share/cdprojektred
455	blacklist ${HOME}/.local/share/clipit	457	blacklist ${HOME}/.local/share/clipit
456	blacklist ${HOME}/.local/share/contacts	458	blacklist ${HOME}/.local/share/contacts
@@ -648,6 +650,7 @@ blacklist ${HOME}/.cache/attic
648	blacklist ${HOME}/.cache/bnox	650	blacklist ${HOME}/.cache/bnox
649	blacklist ${HOME}/.cache/borg	651	blacklist ${HOME}/.cache/borg
650	blacklist ${HOME}/.cache/calibre	652	blacklist ${HOME}/.cache/calibre
		653	blacklist ${HOME}/.cache/cantata
651	blacklist ${HOME}/.cache/champlain	654	blacklist ${HOME}/.cache/champlain
652	blacklist ${HOME}/.cache/chromium	655	blacklist ${HOME}/.cache/chromium
653	blacklist ${HOME}/.cache/chromium-dev	656	blacklist ${HOME}/.cache/chromium-dev


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2d4902b91..aba0e9f60 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -92,6 +92,7 @@ calligraplanwork
92	calligrasheets	92	calligrasheets
93	calligrastage	93	calligrastage
94	calligrawords	94	calligrawords
		95	cantata
95	catfish	96	catfish
96	celluloid	97	celluloid
97	checkbashisms	98	checkbashisms