add gnome-screenshot.profile

patch for xdg-dbus-proxy ``` --- a/etc/gnome-screenshot.profile +++ b/etc/gnome-screenshot.profile @@ -45,3 +45,8 @@ private-bin gnome-screenshot private-dev private-etc dconf,fonts,gtk-3.0,localtime,machine-id private-tmp + +dbus-user filter +dbus-user.own org.gnome.Screenshot +dbus-user.talk org.gnome.Shell.Screenshot +dbus-system block ``` patch for whitelist-runuser-common.inc ``` --- a/etc/gnome-screenshot.profile +++ b/etc/gnome-screenshot.profile @@ -17,11 +17,8 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc -whitelist ${RUNUSER}/bus -whitelist ${RUNUSER}/pulse -whitelist ${RUNUSER}/gdm/Xauthority -whitelist ${RUNUSER}/wayland-0 include whitelist-usr-share-common.inc +include whitelist-runuser-common.inc include whitelist-var-common.inc apparmor ```
author: rusty-snake <print_hello_world+Public@protonmail.com> 2020-03-15 12:55:09 +0100
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2020-03-15 12:55:09 +0100
commit: 35443058b6539e8ed251c40bd342912a7e2c1484 (patch)
tree: 106b848faf3ab7eb27dfbb2b3490fcc9d7949633
parent: Update file.profile (diff)
download: firejail-35443058b6539e8ed251c40bd342912a7e2c1484.tar.gz
firejail-35443058b6539e8ed251c40bd342912a7e2c1484.tar.zst
firejail-35443058b6539e8ed251c40bd342912a7e2c1484.zip
6 files changed, 58 insertions, 2 deletions
diff --git a/README.md b/README.md
index bc2708041..8fc636194 100644
--- a/README.md
+++ b/README.md
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ### New profiles:
-gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal
+gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, gnome-screenshot
diff --git a/RELNOTES b/RELNOTES
index df0e3ec85..664696cce 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -8,7 +8,7 @@ firejail (0.9.63) baseline; urgency=low
  * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool
  * new profiles: desktopeditors, impressive, planmaker18, planmaker18free
  * new profiles: presentations18, presentations18free, textmaker18, teams
-  * new profiles: textmaker18free, xournal
+  * new profiles: textmaker18free, xournal, gnome-screenshot
 firejail (0.9.62) baseline; urgency=low
  * added file-copy-limit in /etc/firejail/firejail.config
diff --git a/etc/Screenshot.profile b/etc/Screenshot.profile
new file mode 100644
index 000000000..d4b083736
--- /dev/null
+++ b/etc/Screenshot.profile
@@ -0,0 +1,6 @@
+# Firejail profile for gnome-screenshot
+# This file is overwritten after every install/update
+# Temporary fix for https://github.com/netblue30/firejail/issues/2624
+# Redirect
+include gnome-screenshot.profile
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index db257c1b6..0786ba7d2 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -759,6 +759,7 @@ blacklist ${HOME}/.cache/gfeeds
 blacklist ${HOME}/.cache/gimp
 blacklist ${HOME}/.cache/gnome-builder
 blacklist ${HOME}/.cache/gnome-recipes
+blacklist ${HOME}/.cache/gnome-screenshot
 blacklist ${HOME}/.cache/gnome-twitch
 blacklist ${HOME}/.cache/godot
 blacklist ${HOME}/.cache/google-chrome
diff --git a/etc/gnome-screenshot.profile b/etc/gnome-screenshot.profile
new file mode 100644
index 000000000..c00aefdb7
--- /dev/null
+++ b/etc/gnome-screenshot.profile
@@ -0,0 +1,47 @@
+# Firejail profile for gnome-screenshot
+# Description: GNOME screenshot tool
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-screenshot.local
+# Persistent global definitions
+include globals.local
+noblacklist ${PICTURES}
+noblacklist ${HOME}/.cache/gnome-screenshot
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist ${RUNUSER}/bus
+whitelist ${RUNUSER}/pulse
+whitelist ${RUNUSER}/gdm/Xauthority
+whitelist ${RUNUSER}/wayland-0
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin gnome-screenshot
+private-dev
+private-etc dconf,fonts,gtk-3.0,localtime,machine-id
+private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 4cd4fad6c..c27f78d0f 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -23,6 +23,7 @@ Natron
 PPSSPPQt
 QMediathekView
 QOwnNotes
+Screenshot
 Telegram
 Viber
 VirtualBox
@@ -275,6 +276,7 @@ gnome-passwordsafe
 gnome-photos
 gnome-recipes
 gnome-schedule
+gnome-screenshot
 gnome-system-log
 gnome-twitch
 gnome-weather
author	rusty-snake <print_hello_world+Public@protonmail.com>	2020-03-15 12:55:09 +0100
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2020-03-15 12:55:09 +0100
commit	35443058b6539e8ed251c40bd342912a7e2c1484 (patch)
tree	106b848faf3ab7eb27dfbb2b3490fcc9d7949633
parent	Update file.profile (diff)
download	firejail-35443058b6539e8ed251c40bd342912a7e2c1484.tar.gz firejail-35443058b6539e8ed251c40bd342912a7e2c1484.tar.zst firejail-35443058b6539e8ed251c40bd342912a7e2c1484.zip

diff --git a/README.md b/README.md index bc2708041..8fc636194 100644 --- a/README.md +++ b/README.md
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
151		151
152	### New profiles:	152	### New profiles:
153		153
154	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal	154	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, gnome-screenshot


diff --git a/RELNOTES b/RELNOTES index df0e3ec85..664696cce 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -8,7 +8,7 @@ firejail (0.9.63) baseline; urgency=low
8	* new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool	8	* new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool
9	* new profiles: desktopeditors, impressive, planmaker18, planmaker18free	9	* new profiles: desktopeditors, impressive, planmaker18, planmaker18free
10	* new profiles: presentations18, presentations18free, textmaker18, teams	10	* new profiles: presentations18, presentations18free, textmaker18, teams
11	* new profiles: textmaker18free, xournal	11	* new profiles: textmaker18free, xournal, gnome-screenshot
12		12
13	firejail (0.9.62) baseline; urgency=low	13	firejail (0.9.62) baseline; urgency=low
14	* added file-copy-limit in /etc/firejail/firejail.config	14	* added file-copy-limit in /etc/firejail/firejail.config


diff --git a/etc/Screenshot.profile b/etc/Screenshot.profile new file mode 100644 index 000000000..d4b083736 --- /dev/null +++ b/etc/Screenshot.profile
@@ -0,0 +1,6 @@
		1	# Firejail profile for gnome-screenshot
		2	# This file is overwritten after every install/update
		3
		4	# Temporary fix for https://github.com/netblue30/firejail/issues/2624
		5	# Redirect
		6	include gnome-screenshot.profile


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index db257c1b6..0786ba7d2 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -759,6 +759,7 @@ blacklist ${HOME}/.cache/gfeeds
759	blacklist ${HOME}/.cache/gimp	759	blacklist ${HOME}/.cache/gimp
760	blacklist ${HOME}/.cache/gnome-builder	760	blacklist ${HOME}/.cache/gnome-builder
761	blacklist ${HOME}/.cache/gnome-recipes	761	blacklist ${HOME}/.cache/gnome-recipes
		762	blacklist ${HOME}/.cache/gnome-screenshot
762	blacklist ${HOME}/.cache/gnome-twitch	763	blacklist ${HOME}/.cache/gnome-twitch
763	blacklist ${HOME}/.cache/godot	764	blacklist ${HOME}/.cache/godot
764	blacklist ${HOME}/.cache/google-chrome	765	blacklist ${HOME}/.cache/google-chrome


diff --git a/etc/gnome-screenshot.profile b/etc/gnome-screenshot.profile new file mode 100644 index 000000000..c00aefdb7 --- /dev/null +++ b/etc/gnome-screenshot.profile
@@ -0,0 +1,47 @@
		1	# Firejail profile for gnome-screenshot
		2	# Description: GNOME screenshot tool
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include gnome-screenshot.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${PICTURES}
		10	noblacklist ${HOME}/.cache/gnome-screenshot
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-passwdmgr.inc
		17	include disable-programs.inc
		18	include disable-xdg.inc
		19
		20	whitelist ${RUNUSER}/bus
		21	whitelist ${RUNUSER}/pulse
		22	whitelist ${RUNUSER}/gdm/Xauthority
		23	whitelist ${RUNUSER}/wayland-0
		24	include whitelist-usr-share-common.inc
		25	include whitelist-var-common.inc
		26
		27	apparmor
		28	caps.drop all
		29	net none
		30	no3d
		31	nodvd
		32	nogroups
		33	nonewprivs
		34	noroot
		35	notv
		36	nou2f
		37	novideo
		38	protocol unix
		39	seccomp
		40	shell none
		41	tracelog
		42
		43	disable-mnt
		44	private-bin gnome-screenshot
		45	private-dev
		46	private-etc dconf,fonts,gtk-3.0,localtime,machine-id
		47	private-tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 4cd4fad6c..c27f78d0f 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -23,6 +23,7 @@ Natron
23	PPSSPPQt	23	PPSSPPQt
24	QMediathekView	24	QMediathekView
25	QOwnNotes	25	QOwnNotes
		26	Screenshot
26	Telegram	27	Telegram
27	Viber	28	Viber
28	VirtualBox	29	VirtualBox
@@ -275,6 +276,7 @@ gnome-passwordsafe
275	gnome-photos	276	gnome-photos
276	gnome-recipes	277	gnome-recipes
277	gnome-schedule	278	gnome-schedule
		279	gnome-screenshot
278	gnome-system-log	280	gnome-system-log
279	gnome-twitch	281	gnome-twitch
280	gnome-weather	282	gnome-weather