diff options
author | netblue30 <netblue30@yahoo.com> | 2017-04-25 12:00:07 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-04-25 12:00:07 -0400 |
commit | 4d32f53c721c4040232c9a5dcf67cfdef8c6e4a4 (patch) | |
tree | 699f06181e98d29da2decd679ae9fe01d3c2f9df | |
parent | firemon --top fix (diff) | |
download | firejail-4d32f53c721c4040232c9a5dcf67cfdef8c6e4a4.tar.gz firejail-4d32f53c721c4040232c9a5dcf67cfdef8c6e4a4.tar.zst firejail-4d32f53c721c4040232c9a5dcf67cfdef8c6e4a4.zip |
added Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict and Ristretto profiles
-rw-r--r-- | README.md | 3 | ||||
-rw-r--r-- | etc/disable-programs.inc | 8 | ||||
-rw-r--r-- | etc/globaltime.profile | 26 | ||||
-rw-r--r-- | etc/orage.profile | 27 | ||||
-rw-r--r-- | etc/ristretto.profile | 26 | ||||
-rw-r--r-- | etc/xfce4-dict.profile | 26 | ||||
-rw-r--r-- | etc/xfce4-notes.profile | 28 | ||||
-rw-r--r-- | platform/debian/conffiles | 5 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 5 |
9 files changed, 153 insertions, 1 deletions
@@ -196,4 +196,5 @@ simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, | |||
196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, | 196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, |
197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, | 197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, |
198 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, | 198 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, |
199 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, akregator, kcalc, ktorrent | 199 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, akregator, kcalc, ktorrent, |
200 | Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fbe614b0d..9b84f5e8a 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -76,6 +76,7 @@ blacklist ${HOME}/.config/flowblade | |||
76 | blacklist ${HOME}/.config/gajim | 76 | blacklist ${HOME}/.config/gajim |
77 | blacklist ${HOME}/.config/geeqie | 77 | blacklist ${HOME}/.config/geeqie |
78 | blacklist ${HOME}/.config/gedit | 78 | blacklist ${HOME}/.config/gedit |
79 | blacklist ${HOME}/.config/globaltime | ||
79 | blacklist ${HOME}/.config/google-chrome | 80 | blacklist ${HOME}/.config/google-chrome |
80 | blacklist ${HOME}/.config/google-chrome-beta | 81 | blacklist ${HOME}/.config/google-chrome-beta |
81 | blacklist ${HOME}/.config/google-chrome-unstable | 82 | blacklist ${HOME}/.config/google-chrome-unstable |
@@ -104,10 +105,12 @@ blacklist ${HOME}/.config/okularpartrc | |||
104 | blacklist ${HOME}/.config/okularrc | 105 | blacklist ${HOME}/.config/okularrc |
105 | blacklist ${HOME}/.config/opera | 106 | blacklist ${HOME}/.config/opera |
106 | blacklist ${HOME}/.config/opera-beta | 107 | blacklist ${HOME}/.config/opera-beta |
108 | blacklist ${HOME}/.config/orage | ||
107 | blacklist ${HOME}/.config/org.kde.gwenviewrc | 109 | blacklist ${HOME}/.config/org.kde.gwenviewrc |
108 | blacklist ${HOME}/.config/pix | 110 | blacklist ${HOME}/.config/pix |
109 | blacklist ${HOME}/.config/pluma | 111 | blacklist ${HOME}/.config/pluma |
110 | blacklist ${HOME}/.config/psi+ | 112 | blacklist ${HOME}/.config/psi+ |
113 | blacklist ${HOME}/.config/ristretto | ||
111 | blacklist ${HOME}/.config/qpdfview | 114 | blacklist ${HOME}/.config/qpdfview |
112 | blacklist ${HOME}/.config/qt5ct | 115 | blacklist ${HOME}/.config/qt5ct |
113 | blacklist ${HOME}/.config/qutebrowser | 116 | blacklist ${HOME}/.config/qutebrowser |
@@ -135,6 +138,9 @@ blacklist ${HOME}/.config/xchat | |||
135 | blacklist ${HOME}/.config/xed | 138 | blacklist ${HOME}/.config/xed |
136 | blacklist ${HOME}/.config/xfburn | 139 | blacklist ${HOME}/.config/xfburn |
137 | blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | 140 | blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml |
141 | blacklist ${HOME}/.config/xfce4/xfce4-notes.rc | ||
142 | blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | ||
143 | blacklist ${HOME}/.config/xfce4-dict | ||
138 | blacklist ${HOME}/.config/xplayer | 144 | blacklist ${HOME}/.config/xplayer |
139 | blacklist ${HOME}/.config/xreader | 145 | blacklist ${HOME}/.config/xreader |
140 | blacklist ${HOME}/.config/xviewer | 146 | blacklist ${HOME}/.config/xviewer |
@@ -242,6 +248,7 @@ blacklist ${HOME}/.local/share/mupen64plus | |||
242 | blacklist ${HOME}/.local/share/nautilus | 248 | blacklist ${HOME}/.local/share/nautilus |
243 | blacklist ${HOME}/.local/share/nemo | 249 | blacklist ${HOME}/.local/share/nemo |
244 | blacklist ${HOME}/.local/share/okular | 250 | blacklist ${HOME}/.local/share/okular |
251 | blacklist ${HOME}/.local/share/orage | ||
245 | blacklist ${HOME}/.local/share/org.kde.gwenview | 252 | blacklist ${HOME}/.local/share/org.kde.gwenview |
246 | blacklist ${HOME}/.local/share/pix | 253 | blacklist ${HOME}/.local/share/pix |
247 | blacklist ${HOME}/.local/share/psi+ | 254 | blacklist ${HOME}/.local/share/psi+ |
@@ -256,6 +263,7 @@ blacklist ${HOME}/.local/share/vpltd | |||
256 | blacklist ${HOME}/.local/share/vulkan | 263 | blacklist ${HOME}/.local/share/vulkan |
257 | blacklist ${HOME}/.local/share/wesnoth | 264 | blacklist ${HOME}/.local/share/wesnoth |
258 | blacklist ${HOME}/.local/share/xplayer | 265 | blacklist ${HOME}/.local/share/xplayer |
266 | blacklist ${HOME}/.local/share/notes | ||
259 | blacklist ${HOME}/.local/share/xreader | 267 | blacklist ${HOME}/.local/share/xreader |
260 | blacklist ${HOME}/.local/share/zathura | 268 | blacklist ${HOME}/.local/share/zathura |
261 | blacklist ${HOME}/.lv2 | 269 | blacklist ${HOME}/.lv2 |
diff --git a/etc/globaltime.profile b/etc/globaltime.profile new file mode 100644 index 000000000..271c331a9 --- /dev/null +++ b/etc/globaltime.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/globaltime.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/globaltime | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | # private-tmp | ||
26 | |||
diff --git a/etc/orage.profile b/etc/orage.profile new file mode 100644 index 000000000..b0bd8b9c3 --- /dev/null +++ b/etc/orage.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/orage.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/orage | ||
6 | noblacklist ${HOME}/.local/share/orage | ||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | |||
11 | caps.drop all | ||
12 | netfilter | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | protocol unix,inet,inet6 | ||
16 | seccomp | ||
17 | |||
18 | # | ||
19 | # depending on you usage, you can enable some of the commands below: | ||
20 | # | ||
21 | nogroups | ||
22 | shell none | ||
23 | # private-bin program | ||
24 | # private-etc none | ||
25 | private-dev | ||
26 | # private-tmp | ||
27 | |||
diff --git a/etc/ristretto.profile b/etc/ristretto.profile new file mode 100644 index 000000000..9499febe1 --- /dev/null +++ b/etc/ristretto.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/risretto.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/ristretto | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | # private-tmp | ||
26 | |||
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile new file mode 100644 index 000000000..41544e6b9 --- /dev/null +++ b/etc/xfce4-dict.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/xfce4-dict.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/xfce4-dict | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | # private-tmp | ||
26 | |||
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile new file mode 100644 index 000000000..f2cb9a5f1 --- /dev/null +++ b/etc/xfce4-notes.profile | |||
@@ -0,0 +1,28 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/xfce4-notes.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc | ||
6 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | ||
7 | noblacklist ${HOME}/.local/share/notes | ||
8 | include /etc/firejail/disable-common.inc | ||
9 | include /etc/firejail/disable-programs.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | |||
12 | caps.drop all | ||
13 | netfilter | ||
14 | nonewprivs | ||
15 | noroot | ||
16 | protocol unix,inet,inet6 | ||
17 | seccomp | ||
18 | |||
19 | # | ||
20 | # depending on you usage, you can enable some of the commands below: | ||
21 | # | ||
22 | nogroups | ||
23 | shell none | ||
24 | # private-bin program | ||
25 | # private-etc none | ||
26 | private-dev | ||
27 | # private-tmp | ||
28 | |||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 4169184df..355faf44f 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -271,3 +271,8 @@ | |||
271 | /etc/firejail/akregator.profile | 271 | /etc/firejail/akregator.profile |
272 | /etc/firejail/kcalc.profile | 272 | /etc/firejail/kcalc.profile |
273 | /etc/firejail/ktorrent.profile | 273 | /etc/firejail/ktorrent.profile |
274 | /etc/firejail/globaltime.profile | ||
275 | /etc/firejail/orage.profile | ||
276 | /etc/firejail/ristretto.profile | ||
277 | /etc/firejail/xfce4-dict.profile | ||
278 | /etc/firejail/xfce4-notes.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2569c36ef..c44d83e7b 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -65,6 +65,7 @@ geeqie | |||
65 | gimp | 65 | gimp |
66 | gitter | 66 | gitter |
67 | gjs | 67 | gjs |
68 | globaltime | ||
68 | gnome-2048 | 69 | gnome-2048 |
69 | gnome-books | 70 | gnome-books |
70 | gnome-calculator | 71 | gnome-calculator |
@@ -144,6 +145,7 @@ okular | |||
144 | openshot | 145 | openshot |
145 | opera | 146 | opera |
146 | opera-beta | 147 | opera-beta |
148 | orage | ||
147 | palemoon | 149 | palemoon |
148 | parole | 150 | parole |
149 | pdfsam | 151 | pdfsam |
@@ -164,6 +166,7 @@ quiterss | |||
164 | qutebrowser | 166 | qutebrowser |
165 | ranger | 167 | ranger |
166 | rhythmbox | 168 | rhythmbox |
169 | ristretto | ||
167 | rtorrent | 170 | rtorrent |
168 | scribus | 171 | scribus |
169 | seamonkey | 172 | seamonkey |
@@ -211,6 +214,8 @@ wireshark | |||
211 | xchat | 214 | xchat |
212 | xed | 215 | xed |
213 | xfburn | 216 | xfburn |
217 | xfce4-dict | ||
218 | xfce4-notes | ||
214 | xiphos | 219 | xiphos |
215 | xmms | 220 | xmms |
216 | xonotic-glx | 221 | xonotic-glx |