new profile: gnome-passwordsafe

author: rusty-snake <print_hello_world+Public@protonmail.com> 2020-01-25 19:37:18 +0100
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2020-01-25 19:38:00 +0100
commit: baf72cb8f8f6542f0e9e463007f39dd1dafa474f (patch)
tree: e0024e54acfb77d42c7faa990d22bf6a8614b99b
parent: Allow request_key syscall for udiskie (#3177) (diff)
download: firejail-baf72cb8f8f6542f0e9e463007f39dd1dafa474f.tar.gz
firejail-baf72cb8f8f6542f0e9e463007f39dd1dafa474f.tar.zst
firejail-baf72cb8f8f6542f0e9e463007f39dd1dafa474f.zip
4 files changed, 60 insertions, 1 deletions
diff --git a/README.md b/README.md
index 2bf935e6f..f9b730a36 100644
--- a/README.md
+++ b/README.md
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ### New profiles:
-gfeeds, firefox-x11, tvbrowser, rtv, clipgrab
+gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe
diff --git a/RELNOTES b/RELNOTES
index 708f5b297..8372467fd 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -2,6 +2,7 @@ firejail (0.9.63) baseline; urgency=low
  * work in progress
  * DHCP client support
  * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab
+  * new profiles: gnome-passwordsafe
 firejail (0.9.62) baseline; urgency=low
  * added file-copy-limit in /etc/firejail/firejail.config
diff --git a/etc/gnome-passwordsafe.profile b/etc/gnome-passwordsafe.profile
new file mode 100644
index 000000000..685a5cc3f
--- /dev/null
+++ b/etc/gnome-passwordsafe.profile
@@ -0,0 +1,56 @@
+# Firejail profile for gnome-passwordsafe
+# Description: Password manager for GNOME
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-passwordsafe.local
+# Persistent global definitions
+include globals.local
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/*.kdb
+noblacklist ${HOME}/*.kdbx
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist ${RUNUSER}/bus
+whitelist ${RUNUSER}/wayland-?
+whitelist ${RUNUSER}/gdm/Xauthority
+whitelist /usr/share/cracklib
+whitelist /usr/share/passwordsafe
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin gnome-passwordsafe,python3*
+private-cache
+private-dev
+private-etc dconf,fonts,gtk-3.0,passwd
+private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index a212915e0..88c6ab50a 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -122,6 +122,7 @@ clawsker
 clementine
 clion
 clipit
+clipgrab
 cliqz
 clocks
 cmus
@@ -266,6 +267,7 @@ gnome-mplayer
 gnome-mpv
 gnome-music
 gnome-nettool
+gnome-passwordsafe
 gnome-photos
 gnome-recipes
 gnome-schedule
author	rusty-snake <print_hello_world+Public@protonmail.com>	2020-01-25 19:37:18 +0100
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2020-01-25 19:38:00 +0100
commit	baf72cb8f8f6542f0e9e463007f39dd1dafa474f (patch)
tree	e0024e54acfb77d42c7faa990d22bf6a8614b99b
parent	Allow request_key syscall for udiskie (#3177) (diff)
download	firejail-baf72cb8f8f6542f0e9e463007f39dd1dafa474f.tar.gz firejail-baf72cb8f8f6542f0e9e463007f39dd1dafa474f.tar.zst firejail-baf72cb8f8f6542f0e9e463007f39dd1dafa474f.zip

diff --git a/README.md b/README.md index 2bf935e6f..f9b730a36 100644 --- a/README.md +++ b/README.md
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
151		151
152	### New profiles:	152	### New profiles:
153		153
154	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab	154	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe


diff --git a/RELNOTES b/RELNOTES index 708f5b297..8372467fd 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -2,6 +2,7 @@ firejail (0.9.63) baseline; urgency=low
2	* work in progress	2	* work in progress
3	* DHCP client support	3	* DHCP client support
4	* new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab	4	* new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab
		5	* new profiles: gnome-passwordsafe
5		6
6	firejail (0.9.62) baseline; urgency=low	7	firejail (0.9.62) baseline; urgency=low
7	* added file-copy-limit in /etc/firejail/firejail.config	8	* added file-copy-limit in /etc/firejail/firejail.config


diff --git a/etc/gnome-passwordsafe.profile b/etc/gnome-passwordsafe.profile new file mode 100644 index 000000000..685a5cc3f --- /dev/null +++ b/etc/gnome-passwordsafe.profile
@@ -0,0 +1,56 @@
		1	# Firejail profile for gnome-passwordsafe
		2	# Description: Password manager for GNOME
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include gnome-passwordsafe.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${DOCUMENTS}
		10	noblacklist ${HOME}/*.kdb
		11	noblacklist ${HOME}/*.kdbx
		12
		13	# Allow python (blacklisted by disable-interpreters.inc)
		14	include allow-python3.inc
		15
		16	include disable-common.inc
		17	include disable-devel.inc
		18	include disable-exec.inc
		19	include disable-interpreters.inc
		20	include disable-passwdmgr.inc
		21	include disable-programs.inc
		22	include disable-xdg.inc
		23
		24	whitelist ${RUNUSER}/bus
		25	whitelist ${RUNUSER}/wayland-?
		26	whitelist ${RUNUSER}/gdm/Xauthority
		27
		28	whitelist /usr/share/cracklib
		29	whitelist /usr/share/passwordsafe
		30	include whitelist-usr-share-common.inc
		31	include whitelist-var-common.inc
		32
		33	apparmor
		34	caps.drop all
		35	machine-id
		36	net none
		37	no3d
		38	nodvd
		39	nogroups
		40	nonewprivs
		41	noroot
		42	nosound
		43	notv
		44	nou2f
		45	novideo
		46	protocol unix
		47	seccomp
		48	shell none
		49	tracelog
		50
		51	disable-mnt
		52	private-bin gnome-passwordsafe,python3*
		53	private-cache
		54	private-dev
		55	private-etc dconf,fonts,gtk-3.0,passwd
		56	private-tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index a212915e0..88c6ab50a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -122,6 +122,7 @@ clawsker
122	clementine	122	clementine
123	clion	123	clion
124	clipit	124	clipit
		125	clipgrab
125	cliqz	126	cliqz
126	clocks	127	clocks
127	cmus	128	cmus
@@ -266,6 +267,7 @@ gnome-mplayer
266	gnome-mpv	267	gnome-mpv
267	gnome-music	268	gnome-music
268	gnome-nettool	269	gnome-nettool
		270	gnome-passwordsafe
269	gnome-photos	271	gnome-photos
270	gnome-recipes	272	gnome-recipes
271	gnome-schedule	273	gnome-schedule