Merge pull request #3853 from botherder/master

New profile for CoyIM
author: netblue30 <netblue30@protonmail.com> 2021-01-25 09:05:54 -0500
committer: GitHub <noreply@github.com> 2021-01-25 09:05:54 -0500
commit: f45534d17d6262a00aac6c631b7dcd7542f7eeae (patch)
tree: 015c5a2d270091b9606ce50f985590826581c752
parent: Merge pull request #3899 from rootalc/nolocal6 (diff)
parent: Added additional whitelists (diff)
download: firejail-f45534d17d6262a00aac6c631b7dcd7542f7eeae.tar.gz
firejail-f45534d17d6262a00aac6c631b7dcd7542f7eeae.tar.zst
firejail-f45534d17d6262a00aac6c631b7dcd7542f7eeae.zip
3 files changed, 51 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index d24713fe5..72b1c86fb 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -191,6 +191,7 @@ blacklist ${HOME}/.config/cmus
 blacklist ${HOME}/.config/com.github.bleakgrey.tootle
 blacklist ${HOME}/.config/corebird
 blacklist ${HOME}/.config/cower
+blacklist ${HOME}/.config/coyim
 blacklist ${HOME}/.config/darktable
 blacklist ${HOME}/.config/deadbeef
 blacklist ${HOME}/.config/deluge
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile
new file mode 100644
index 000000000..75813c494
--- /dev/null
+++ b/etc/profile-a-l/coyim.profile
@@ -0,0 +1,49 @@
+# Firejail profile for coyim
+# Description: GTK Jabber client written in Go
+# This file is overwritten after every install/update
+# Persistent local customizations
+include coyim.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/coyim
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/coyim
+whitelist ${HOME}/.config/coyim
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc
+include whitelist-var-common.inc
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,ssl
+private-tmp
+dbus-user none
+dbus-system none
+#memory-deny-write-execute
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index d6fcdb38f..e924ef2ec 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -149,6 +149,7 @@ conkeror
 conky
 conplay
 corebird
+coyim
 crawl
 crawl-tiles
 crow
author	netblue30 <netblue30@protonmail.com>	2021-01-25 09:05:54 -0500
committer	GitHub <noreply@github.com>	2021-01-25 09:05:54 -0500
commit	f45534d17d6262a00aac6c631b7dcd7542f7eeae (patch)
tree	015c5a2d270091b9606ce50f985590826581c752
parent	Merge pull request #3899 from rootalc/nolocal6 (diff)
parent	Added additional whitelists (diff)
download	firejail-f45534d17d6262a00aac6c631b7dcd7542f7eeae.tar.gz firejail-f45534d17d6262a00aac6c631b7dcd7542f7eeae.tar.zst firejail-f45534d17d6262a00aac6c631b7dcd7542f7eeae.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index d24713fe5..72b1c86fb 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -191,6 +191,7 @@ blacklist ${HOME}/.config/cmus
191	blacklist ${HOME}/.config/com.github.bleakgrey.tootle	191	blacklist ${HOME}/.config/com.github.bleakgrey.tootle
192	blacklist ${HOME}/.config/corebird	192	blacklist ${HOME}/.config/corebird
193	blacklist ${HOME}/.config/cower	193	blacklist ${HOME}/.config/cower
		194	blacklist ${HOME}/.config/coyim
194	blacklist ${HOME}/.config/darktable	195	blacklist ${HOME}/.config/darktable
195	blacklist ${HOME}/.config/deadbeef	196	blacklist ${HOME}/.config/deadbeef
196	blacklist ${HOME}/.config/deluge	197	blacklist ${HOME}/.config/deluge


diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile new file mode 100644 index 000000000..75813c494 --- /dev/null +++ b/etc/profile-a-l/coyim.profile
@@ -0,0 +1,49 @@
		1	# Firejail profile for coyim
		2	# Description: GTK Jabber client written in Go
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include coyim.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/coyim
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-shell.inc
		18	include disable-xdg.inc
		19
		20	mkdir ${HOME}/.config/coyim
		21	whitelist ${HOME}/.config/coyim
		22	include whitelist-common.inc
		23	include whitelist-usr-share-common.inc
		24	include whitelist-runuser-common.inc
		25	include whitelist-var-common.inc
		26
		27	caps.drop all
		28	netfilter
		29	nodvd
		30	nogroups
		31	nonewprivs
		32	noroot
		33	notv
		34	nou2f
		35	protocol unix,inet,inet6
		36	seccomp
		37	shell none
		38	tracelog
		39
		40	disable-mnt
		41	private-cache
		42	private-dev
		43	private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,ssl
		44	private-tmp
		45
		46	dbus-user none
		47	dbus-system none
		48
		49	#memory-deny-write-execute


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index d6fcdb38f..e924ef2ec 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -149,6 +149,7 @@ conkeror
149	conky	149	conky
150	conplay	150	conplay
151	corebird	151	corebird
		152	coyim
152	crawl	153	crawl
153	crawl-tiles	154	crawl-tiles
154	crow	155	crow