diff options
| author |  kortewegdevries <kortewegdevries@protonmail.ch> | 2020-09-03 08:11:05 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2020-09-03 08:11:05 +0000 |
| commit | fdc265b5b362db9dba3a8a03cae9e34d3e84fafb (patch) | |
| tree | 795595174899a5d53335b05b2c938c6d7cb1e70c | |
| parent | New profiles for balsa,trojita,kube (#3603) (diff) | |
| download | firejail-fdc265b5b362db9dba3a8a03cae9e34d3e84fafb.tar.gz firejail-fdc265b5b362db9dba3a8a03cae9e34d3e84fafb.tar.zst firejail-fdc265b5b362db9dba3a8a03cae9e34d3e84fafb.zip | |
Add profile for twitch,youtube,youtube-music; fix git-cola ,add cola (#3577)
* Add profile for twitch,youtube wrappers
* Fix git-cola, add Youtube music wrapper profiles
* Fixes for git-cola again
* Add profile for alternative name for git-cola
* Fixes
* Fix
| -rw-r--r-- | etc/inc/disable-programs.inc | 4 | ||||
| -rw-r--r-- | etc/profile-a-l/cola.profile | 10 | ||||
| -rw-r--r-- | etc/profile-a-l/git-cola.profile | 29 | ||||
| -rw-r--r-- | etc/profile-m-z/twitch.profile | 36 | ||||
| -rw-r--r-- | etc/profile-m-z/youtube.profile | 37 | ||||
| -rw-r--r-- | etc/profile-m-z/youtubemusic-nativefier.profile | 38 | ||||
| -rw-r--r-- | etc/profile-m-z/ytmdesktop.profile | 39 | ||||
| -rw-r--r-- | src/firecfg/firecfg.config | 5 |
8 files changed, 192 insertions, 6 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index e22a9ae3a..c7206686c 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
| @@ -135,9 +135,11 @@ blacklist ${HOME}/.config/Slack | |||
| 135 | blacklist ${HOME}/.config/Standard Notes | 135 | blacklist ${HOME}/.config/Standard Notes |
| 136 | blacklist ${HOME}/.config/SubDownloader | 136 | blacklist ${HOME}/.config/SubDownloader |
| 137 | blacklist ${HOME}/.config/Thunar | 137 | blacklist ${HOME}/.config/Thunar |
| 138 | blacklist ${HOME}/.config/Twitch | ||
| 138 | blacklist ${HOME}/.config/Unknown Organization | 139 | blacklist ${HOME}/.config/Unknown Organization |
| 139 | blacklist ${HOME}/.config/VirtualBox | 140 | blacklist ${HOME}/.config/VirtualBox |
| 140 | blacklist ${HOME}/.config/Wire | 141 | blacklist ${HOME}/.config/Wire |
| 142 | blacklist ${HOME}/.config/Youtube | ||
| 141 | blacklist ${HOME}/.config/Zeal | 143 | blacklist ${HOME}/.config/Zeal |
| 142 | blacklist ${HOME}/.config/ZeGrapher Project | 144 | blacklist ${HOME}/.config/ZeGrapher Project |
| 143 | blacklist ${HOME}/.config/abiword | 145 | blacklist ${HOME}/.config/abiword |
| @@ -410,6 +412,8 @@ blacklist ${HOME}/.config/yandex-browser | |||
| 410 | blacklist ${HOME}/.config/yandex-browser-beta | 412 | blacklist ${HOME}/.config/yandex-browser-beta |
| 411 | blacklist ${HOME}/.config/yelp | 413 | blacklist ${HOME}/.config/yelp |
| 412 | blacklist ${HOME}/.config/youtube-dl | 414 | blacklist ${HOME}/.config/youtube-dl |
| 415 | blacklist ${HOME}/.config/youtubemusic-nativefier-040164 | ||
| 416 | blacklist ${HOME}/.config/youtube-music-desktop-app | ||
| 413 | blacklist ${HOME}/.config/youtube-viewer | 417 | blacklist ${HOME}/.config/youtube-viewer |
| 414 | blacklist ${HOME}/.config/zathura | 418 | blacklist ${HOME}/.config/zathura |
| 415 | blacklist ${HOME}/.config/zoomus.conf | 419 | blacklist ${HOME}/.config/zoomus.conf |
diff --git a/etc/profile-a-l/cola.profile b/etc/profile-a-l/cola.profile new file mode 100644 index 000000000..e5debfd82 --- /dev/null +++ b/etc/profile-a-l/cola.profile | |||
| @@ -0,0 +1,10 @@ | |||
| 1 | # Firejail profile for cola | ||
| 2 | # Description: Linux native frontend for Git,alternative call for git-cola | ||
| 3 | # This file is overwritten after every install/update | ||
| 4 | # Persistent local customizations | ||
| 5 | include cola.local | ||
| 6 | # Persistent global definitions | ||
| 7 | include globals.local | ||
| 8 | |||
| 9 | # Redirect | ||
| 10 | include git-cola.profile \ No newline at end of file | ||
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 30e80f519..4708078dd 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.gitconfig | |||
| 12 | noblacklist ${HOME}/.git-credentials | 12 | noblacklist ${HOME}/.git-credentials |
| 13 | noblacklist ${HOME}/.gnupg | 13 | noblacklist ${HOME}/.gnupg |
| 14 | noblacklist ${HOME}/.ssh | 14 | noblacklist ${HOME}/.ssh |
| 15 | noblacklist ${HOME}/.subversion | ||
| 15 | noblacklist ${HOME}/.config/git | 16 | noblacklist ${HOME}/.config/git |
| 16 | noblacklist ${HOME}/.config/git-cola | 17 | noblacklist ${HOME}/.config/git-cola |
| 17 | # Put your editor,diff viewer config path below and uncomment to load settings | 18 | # Put your editor,diff viewer config path below and uncomment to load settings |
| @@ -28,7 +29,19 @@ include disable-passwdmgr.inc | |||
| 28 | include disable-programs.inc | 29 | include disable-programs.inc |
| 29 | include disable-xdg.inc | 30 | include disable-xdg.inc |
| 30 | 31 | ||
| 32 | whitelist ${RUNUSER}/gnupg | ||
| 33 | whitelist ${RUNUSER}/keyring | ||
| 34 | # Whitelist your editor, diff viewer, gnupg path below in /usr/share/ | ||
| 35 | whitelist /usr/share/git | ||
| 36 | whitelist /usr/share/git-cola | ||
| 37 | whitelist /usr/share/git-core | ||
| 38 | whitelist /usr/share/git-gui | ||
| 39 | whitelist /usr/share/gitk | ||
| 40 | whitelist /usr/share/gitweb | ||
| 41 | whitelist /usr/share/gnupg | ||
| 42 | whitelist /usr/share/gnupg2 | ||
| 31 | include whitelist-runuser-common.inc | 43 | include whitelist-runuser-common.inc |
| 44 | include whitelist-usr-share-common.inc | ||
| 32 | include whitelist-var-common.inc | 45 | include whitelist-var-common.inc |
| 33 | 46 | ||
| 34 | apparmor | 47 | apparmor |
| @@ -49,18 +62,22 @@ seccomp | |||
| 49 | shell none | 62 | shell none |
| 50 | tracelog | 63 | tracelog |
| 51 | 64 | ||
| 52 | # private-bin atom,bash,colordiff,emacs,fldiff,geany,gedit,git,git gui,git-cola,git-dag,gitk,gpg,gvim,leafpad,meld,mousepad,nano,notepadqq,python*,sh,ssh,vim,vimdiff,which,xed | 65 | # Add your own diff viewer,editor,pinentry program |
| 66 | # pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg | ||
| 67 | private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed | ||
| 53 | private-cache | 68 | private-cache |
| 54 | private-dev | 69 | private-dev |
| 55 | # Comment if you sign commits with GPG | 70 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg |
| 56 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,X11,xdg | ||
| 57 | private-tmp | 71 | private-tmp |
| 72 | writable-run-user | ||
| 58 | 73 | ||
| 59 | dbus-user filter | 74 | # Breaks meld as diff viewer |
| 75 | # dbus-user filter | ||
| 60 | # Uncomment if you need keyring access | 76 | # Uncomment if you need keyring access |
| 61 | # dbus-user.talk org.freedesktop.secrets | 77 | # dbus-user.talk org.freedesktop.secrets |
| 62 | dbus-system none | 78 | dbus-system none |
| 63 | 79 | ||
| 64 | read-only ${HOME}/.ssh | ||
| 65 | read-only ${HOME}/.gnupg | ||
| 66 | read-only ${HOME}/.git-credentials | 80 | read-only ${HOME}/.git-credentials |
| 81 | |||
| 82 | # Comment if you need to allow hosts | ||
| 83 | read-only ${HOME}/.ssh | ||
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile new file mode 100644 index 000000000..3c50344f1 --- /dev/null +++ b/etc/profile-m-z/twitch.profile | |||
| @@ -0,0 +1,36 @@ | |||
| 1 | # Firejail profile for twitch | ||
| 2 | # Description: Unofficial electron based desktop warpper for Twitch | ||
| 3 | # This file is overwritten after every install/update | ||
| 4 | # Persistent local customizations | ||
| 5 | include twitch.local | ||
| 6 | # Persistent global definitions | ||
| 7 | include globals.local | ||
| 8 | |||
| 9 | noblacklist ${HOME}/.config/Twitch | ||
| 10 | |||
| 11 | include disable-devel.inc | ||
| 12 | include disable-exec.inc | ||
| 13 | include disable-interpreters.inc | ||
| 14 | include disable-shell.inc | ||
| 15 | include disable-xdg.inc | ||
| 16 | |||
| 17 | mkdir ${HOME}/.config/Twitch | ||
| 18 | whitelist ${HOME}/.config/Twitch | ||
| 19 | include whitelist-common.inc | ||
| 20 | include whitelist-runuser-common.inc | ||
| 21 | include whitelist-usr-share-common.inc | ||
| 22 | include whitelist-var-common.inc | ||
| 23 | |||
| 24 | seccomp !chroot | ||
| 25 | shell none | ||
| 26 | |||
| 27 | disable-mnt | ||
| 28 | private-bin twitch | ||
| 29 | private-cache | ||
| 30 | private-dev | ||
| 31 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | ||
| 32 | private-opt Twitch | ||
| 33 | private-tmp | ||
| 34 | |||
| 35 | # Redirect | ||
| 36 | include electron.profile | ||
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile new file mode 100644 index 000000000..a6c7750a9 --- /dev/null +++ b/etc/profile-m-z/youtube.profile | |||
| @@ -0,0 +1,37 @@ | |||
| 1 | # Firejail profile for youtube | ||
| 2 | # Description: Unofficial electron based desktop warpper for YouTube | ||
| 3 | # This file is overwritten after every install/update | ||
| 4 | # Persistent local customizations | ||
| 5 | include youtube.local | ||
| 6 | # Persistent global definitions | ||
| 7 | include globals.local | ||
| 8 | |||
| 9 | noblacklist ${HOME}/.config/Youtube | ||
| 10 | |||
| 11 | include disable-devel.inc | ||
| 12 | include disable-exec.inc | ||
| 13 | include disable-interpreters.inc | ||
| 14 | include disable-shell.inc | ||
| 15 | include disable-xdg.inc | ||
| 16 | |||
| 17 | mkdir ${HOME}/.config/Youtube | ||
| 18 | whitelist ${HOME}/.config/Youtube | ||
| 19 | include whitelist-common.inc | ||
| 20 | include whitelist-runuser-common.inc | ||
| 21 | include whitelist-usr-share-common.inc | ||
| 22 | include whitelist-var-common.inc | ||
| 23 | |||
| 24 | novideo | ||
| 25 | seccomp !chroot | ||
| 26 | shell none | ||
| 27 | |||
| 28 | disable-mnt | ||
| 29 | private-bin youtube | ||
| 30 | private-cache | ||
| 31 | private-dev | ||
| 32 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | ||
| 33 | private-opt Youtube | ||
| 34 | private-tmp | ||
| 35 | |||
| 36 | # Redirect | ||
| 37 | include electron.profile | ||
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile new file mode 100644 index 000000000..3a94a5707 --- /dev/null +++ b/etc/profile-m-z/youtubemusic-nativefier.profile | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | # Firejail profile for youtubemusic-nativefier | ||
| 2 | # Description: Unofficial electron based desktop warpper for YouTube Music | ||
| 3 | # This file is overwritten after every install/update | ||
| 4 | # Persistent local customizations | ||
| 5 | include youtube.local | ||
| 6 | # Persistent global definitions | ||
| 7 | include globals.local | ||
| 8 | |||
| 9 | noblacklist ${HOME}/.config/youtubemusic-nativefier-040164 | ||
| 10 | |||
| 11 | include disable-devel.inc | ||
| 12 | include disable-exec.inc | ||
| 13 | include disable-interpreters.inc | ||
| 14 | include disable-shell.inc | ||
| 15 | include disable-xdg.inc | ||
| 16 | |||
| 17 | mkdir ${HOME}/.config/youtubemusic-nativefier-040164 | ||
| 18 | whitelist ${HOME}/.config/youtubemusic-nativefier-040164 | ||
| 19 | include whitelist-common.inc | ||
| 20 | include whitelist-runuser-common.inc | ||
| 21 | include whitelist-usr-share-common.inc | ||
| 22 | include whitelist-var-common.inc | ||
| 23 | |||
| 24 | nou2f | ||
| 25 | novideo | ||
| 26 | seccomp !chroot | ||
| 27 | shell none | ||
| 28 | |||
| 29 | disable-mnt | ||
| 30 | private-bin youtubemusic-nativefier | ||
| 31 | private-cache | ||
| 32 | private-dev | ||
| 33 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | ||
| 34 | private-opt youtubemusic-nativefier | ||
| 35 | private-tmp | ||
| 36 | |||
| 37 | # Redirect | ||
| 38 | include electron.profile | ||
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile new file mode 100644 index 000000000..5c37b838b --- /dev/null +++ b/etc/profile-m-z/ytmdesktop.profile | |||
| @@ -0,0 +1,39 @@ | |||
| 1 | # Firejail profile for ytmdesktop | ||
| 2 | # Description: Unofficial electron based desktop warpper for YouTube Music | ||
| 3 | # This file is overwritten after every install/update | ||
| 4 | # Persistent local customizations | ||
| 5 | include youtube.local | ||
| 6 | # Persistent global definitions | ||
| 7 | include globals.local | ||
| 8 | |||
| 9 | ignore dbus-user none | ||
| 10 | |||
| 11 | noblacklist ${HOME}/.config/youtube-music-desktop-app | ||
| 12 | |||
| 13 | include disable-devel.inc | ||
| 14 | include disable-exec.inc | ||
| 15 | include disable-interpreters.inc | ||
| 16 | include disable-xdg.inc | ||
| 17 | |||
| 18 | mkdir ${HOME}/.config/youtube-music-desktop-app | ||
| 19 | whitelist ${HOME}/.config/youtube-music-desktop-app | ||
| 20 | include whitelist-common.inc | ||
| 21 | include whitelist-runuser-common.inc | ||
| 22 | include whitelist-usr-share-common.inc | ||
| 23 | include whitelist-var-common.inc | ||
| 24 | |||
| 25 | nou2f | ||
| 26 | novideo | ||
| 27 | seccomp !chroot | ||
| 28 | shell none | ||
| 29 | |||
| 30 | disable-mnt | ||
| 31 | # private-bin env,ytmdesktop | ||
| 32 | private-cache | ||
| 33 | private-dev | ||
| 34 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | ||
| 35 | # private-opt | ||
| 36 | private-tmp | ||
| 37 | |||
| 38 | # Redirect | ||
| 39 | include electron.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 5e0ca8de4..3eb33908d 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
| @@ -136,6 +136,7 @@ clocks | |||
| 136 | cmus | 136 | cmus |
| 137 | code | 137 | code |
| 138 | code-oss | 138 | code-oss |
| 139 | cola | ||
| 139 | com.github.dahenson.agenda | 140 | com.github.dahenson.agenda |
| 140 | com.github.johnfactotum.Foliate | 141 | com.github.johnfactotum.Foliate |
| 141 | com.gitlab.newsflash | 142 | com.gitlab.newsflash |
| @@ -755,6 +756,7 @@ truecraft | |||
| 755 | tshark | 756 | tshark |
| 756 | tuxguitar | 757 | tuxguitar |
| 757 | tvbrowser | 758 | tvbrowser |
| 759 | twitch | ||
| 758 | udiskie | 760 | udiskie |
| 759 | uefitool | 761 | uefitool |
| 760 | uget-gtk | 762 | uget-gtk |
| @@ -832,8 +834,11 @@ xreader-thumbnailer | |||
| 832 | xviewer | 834 | xviewer |
| 833 | yandex-browser | 835 | yandex-browser |
| 834 | yelp | 836 | yelp |
| 837 | youtube | ||
| 835 | youtube-dl | 838 | youtube-dl |
| 836 | youtube-viewer | 839 | youtube-viewer |
| 840 | youtubemusic-nativefier | ||
| 841 | ytmdesktop | ||
| 837 | zaproxy | 842 | zaproxy |
| 838 | zart | 843 | zart |
| 839 | zathura | 844 | zathura |