new profile: gapplication

author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-07-03 17:07:07 +0200
committer: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-07-03 17:10:15 +0200
commit: fcf14758b15117a03fc41da8281665da8f3f8838 (patch)
tree: df64ced690eed5370a52aa10a5b0684f6250760d
parent: fixes for /var/mail in mail clients (#3486) (diff)
download: firejail-fcf14758b15117a03fc41da8281665da8f3f8838.tar.gz
firejail-fcf14758b15117a03fc41da8281665da8f3f8838.tar.zst
firejail-fcf14758b15117a03fc41da8281665da8f3f8838.zip
4 files changed, 74 insertions, 2 deletions
diff --git a/README.md b/README.md
index 44a193847..bc8ed26f0 100644
--- a/README.md
+++ b/README.md
@@ -196,4 +196,4 @@ gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnom
 penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword,
 four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars,
 hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers,
-seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher
+seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication
diff --git a/RELNOTES b/RELNOTES
index e5c0f7a16..a06f3b23a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -36,7 +36,7 @@ firejail (0.9.63) baseline; urgency=low
  * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski
  * new profiles: swell-foop, fdns, five-or-more, steam-runtime, jitsi-meet-desktop
  * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im, strawberry
-  * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher
+  * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication
 -- netblue30 <netblue30@yahoo.com>  Tue, 21 Apr 2020 08:00:00 -0500
 firejail (0.9.62) baseline; urgency=low
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile
new file mode 100644
index 000000000..74b468020
--- /dev/null
+++ b/etc/profile-a-l/gapplication.profile
@@ -0,0 +1,71 @@
+# Firejail profile for gapplication
+# Description: D-Bus application launcher
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gapplication.local
+# Persistent global definitions
+include globals.local
+blacklist ${RUNUSER}/wayland-*
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+x11 none
+disable-mnt
+private
+private-bin gapplication
+private-cache
+private-dev
+private-etc none
+private-tmp
+# Uncomment (or add to your gapplcation.local) the next line to filter D-Bus names.
+# You might need to add additional dbus-user.talk rules. see 'gapplication list-apps'.
+#dbus-user filter
+dbus-user.talk org.gnome.Boxes
+dbus-user.talk org.gnome.Builder
+dbus-user.talk org.gnome.Calendar
+dbus-user.talk org.gnome.ChromeGnomeShell
+dbus-user.talk org.gnome.DejaDup
+dbus-user.talk org.gnome.DiskUtility
+dbus-user.talk org.gnome.Extensions
+dbus-user.talk org.gnome.Maps
+dbus-user.talk org.gnome.Nautilus
+dbus-user.talk org.gnome.Shell.PortalHelper
+dbus-user.talk org.gnome.Software
+dbus-user.talk org.gnome.Weather
+dbus-system none
+memory-deny-write-execute
+read-only ${HOME}
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 5082be7ac..34f6bf497 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -243,6 +243,7 @@ frozen-bubble
 gajim
 gajim-history-manager
 galculator
+gapplication
 gcalccmd
 gcloud
 gconf-editor
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-07-03 17:07:07 +0200
committer	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-07-03 17:10:15 +0200
commit	fcf14758b15117a03fc41da8281665da8f3f8838 (patch)
tree	df64ced690eed5370a52aa10a5b0684f6250760d
parent	fixes for /var/mail in mail clients (#3486) (diff)
download	firejail-fcf14758b15117a03fc41da8281665da8f3f8838.tar.gz firejail-fcf14758b15117a03fc41da8281665da8f3f8838.tar.zst firejail-fcf14758b15117a03fc41da8281665da8f3f8838.zip

diff --git a/README.md b/README.md index 44a193847..bc8ed26f0 100644 --- a/README.md +++ b/README.md
@@ -196,4 +196,4 @@ gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnom
196	penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword,	196	penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword,
197	four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars,	197	four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars,
198	hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers,	198	hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers,
199	seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher	199	seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication


diff --git a/RELNOTES b/RELNOTES index e5c0f7a16..a06f3b23a 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -36,7 +36,7 @@ firejail (0.9.63) baseline; urgency=low
36	* new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski	36	* new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski
37	* new profiles: swell-foop, fdns, five-or-more, steam-runtime, jitsi-meet-desktop	37	* new profiles: swell-foop, fdns, five-or-more, steam-runtime, jitsi-meet-desktop
38	* new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im, strawberry	38	* new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im, strawberry
39	* new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher	39	* new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication
40	-- netblue30 <netblue30@yahoo.com> Tue, 21 Apr 2020 08:00:00 -0500	40	-- netblue30 <netblue30@yahoo.com> Tue, 21 Apr 2020 08:00:00 -0500
41		41
42	firejail (0.9.62) baseline; urgency=low	42	firejail (0.9.62) baseline; urgency=low


diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile new file mode 100644 index 000000000..74b468020 --- /dev/null +++ b/etc/profile-a-l/gapplication.profile
@@ -0,0 +1,71 @@
		1	# Firejail profile for gapplication
		2	# Description: D-Bus application launcher
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include gapplication.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	blacklist ${RUNUSER}/wayland-*
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-shell.inc
		18	include disable-xdg.inc
		19
		20	include whitelist-common.inc
		21	include whitelist-runuser-common.inc
		22	include whitelist-usr-share-common.inc
		23	include whitelist-var-common.inc
		24
		25	apparmor
		26	caps.drop all
		27	ipc-namespace
		28	machine-id
		29	net none
		30	no3d
		31	nodvd
		32	nogroups
		33	nonewprivs
		34	noroot
		35	nosound
		36	notv
		37	nou2f
		38	novideo
		39	protocol unix
		40	seccomp
		41	shell none
		42	tracelog
		43	x11 none
		44
		45	disable-mnt
		46	private
		47	private-bin gapplication
		48	private-cache
		49	private-dev
		50	private-etc none
		51	private-tmp
		52
		53	# Uncomment (or add to your gapplcation.local) the next line to filter D-Bus names.
		54	# You might need to add additional dbus-user.talk rules. see 'gapplication list-apps'.
		55	#dbus-user filter
		56	dbus-user.talk org.gnome.Boxes
		57	dbus-user.talk org.gnome.Builder
		58	dbus-user.talk org.gnome.Calendar
		59	dbus-user.talk org.gnome.ChromeGnomeShell
		60	dbus-user.talk org.gnome.DejaDup
		61	dbus-user.talk org.gnome.DiskUtility
		62	dbus-user.talk org.gnome.Extensions
		63	dbus-user.talk org.gnome.Maps
		64	dbus-user.talk org.gnome.Nautilus
		65	dbus-user.talk org.gnome.Shell.PortalHelper
		66	dbus-user.talk org.gnome.Software
		67	dbus-user.talk org.gnome.Weather
		68	dbus-system none
		69
		70	memory-deny-write-execute
		71	read-only ${HOME}


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 5082be7ac..34f6bf497 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -243,6 +243,7 @@ frozen-bubble
243	gajim	243	gajim
244	gajim-history-manager	244	gajim-history-manager
245	galculator	245	galculator
		246	gapplication
246	gcalccmd	247	gcalccmd
247	gcloud	248	gcloud
248	gconf-editor	249	gconf-editor