diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-18 09:38:54 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-18 09:38:54 -0400 |
commit | 96e801fd8a8f4a743e2286b9367177ce8f7b3c65 (patch) | |
tree | b2f89daf4ae9655535fc4cadd480fe2f53279797 | |
parent | added --writable-etc and --writable-var options (diff) | |
download | firejail-96e801fd8a8f4a743e2286b9367177ce8f7b3c65.tar.gz firejail-96e801fd8a8f4a743e2286b9367177ce8f7b3c65.tar.zst firejail-96e801fd8a8f4a743e2286b9367177ce8f7b3c65.zip |
added okular and gwenview profiles
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | README | 7 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/disable-programs.inc | 5 | ||||
-rw-r--r-- | etc/gwenview.profile | 19 | ||||
-rw-r--r-- | etc/okular.profile | 21 | ||||
-rw-r--r-- | platform/debian/conffiles | 3 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 |
9 files changed, 58 insertions, 4 deletions
diff --git a/Makefile.in b/Makefile.in index 590f2cd5f..bc8061985 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -166,6 +166,8 @@ realinstall: | |||
166 | install -c -m 0644 .etc/0ad.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 166 | install -c -m 0644 .etc/0ad.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
167 | install -c -m 0644 .etc/netsurf.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 167 | install -c -m 0644 .etc/netsurf.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
168 | install -c -m 0644 .etc/warzone2100.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 168 | install -c -m 0644 .etc/warzone2100.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
169 | install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
170 | install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
169 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 171 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
170 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 172 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
171 | rm -fr .etc | 173 | rm -fr .etc |
@@ -18,6 +18,10 @@ License: GPL v2 | |||
18 | Firejail Authors: | 18 | Firejail Authors: |
19 | 19 | ||
20 | netblue30 (netblue30@yahoo.com) | 20 | netblue30 (netblue30@yahoo.com) |
21 | curiosity-seeker (https://github.com/curiosity-seeker) | ||
22 | - tightening unbound and dnscrypt-proxy profiles | ||
23 | - dnsmasq profile | ||
24 | - okular and gwenview profiles | ||
21 | Matthew Gyurgyik (https://github.com/pyther) | 25 | Matthew Gyurgyik (https://github.com/pyther) |
22 | - rpm spec and several fixes | 26 | - rpm spec and several fixes |
23 | Joan Figueras (https://github.com/figue) | 27 | Joan Figueras (https://github.com/figue) |
@@ -86,9 +90,6 @@ Rahiel Kasim (https://github.com/rahiel) | |||
86 | - Mathematica profile | 90 | - Mathematica profile |
87 | creideiki (https://github.com/creideiki) | 91 | creideiki (https://github.com/creideiki) |
88 | - make the sandbox process reap all children | 92 | - make the sandbox process reap all children |
89 | curiosity-seeker (https://github.com/curiosity-seeker) | ||
90 | - tightening unbound and dnscrypt-proxy profiles | ||
91 | - dnsmasq profile | ||
92 | sinkuu (https://github.com/sinkuu) | 93 | sinkuu (https://github.com/sinkuu) |
93 | - blacklisting kwalletd | 94 | - blacklisting kwalletd |
94 | - fix symlink invocation for programs placing symlinks in $PATH | 95 | - fix symlink invocation for programs placing symlinks in $PATH |
@@ -282,5 +282,5 @@ $ man firejail-profile | |||
282 | ## New security profiles | 282 | ## New security profiles |
283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, | 283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, |
284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf, | 284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf, |
285 | Warzone2100 | 285 | Warzone2100, okular, gwenview |
286 | 286 | ||
@@ -20,6 +20,7 @@ firejail (0.9.40-rc1) baseline; urgency=low | |||
20 | * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars | 20 | * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars |
21 | * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq | 21 | * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq |
22 | * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100 | 22 | * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100 |
23 | * new profiles: okular, gwenview | ||
23 | * build rpm packages using "make rpms" | 24 | * build rpm packages using "make rpms" |
24 | * bugfixes | 25 | * bugfixes |
25 | -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 | 26 | -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 43b9cff38..23dd8e025 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -8,6 +8,11 @@ blacklist ${HOME}/.Wolfram Research | |||
8 | blacklist ${HOME}/.config/mupen64plus | 8 | blacklist ${HOME}/.config/mupen64plus |
9 | blacklist ${HOME}/.config/transmission | 9 | blacklist ${HOME}/.config/transmission |
10 | blacklist ${HOME}/.config/uGet | 10 | blacklist ${HOME}/.config/uGet |
11 | blacklist ~/.kde/share/apps/okular | ||
12 | blacklist ~/.kde/share/config/okularrc | ||
13 | blacklist ~/.kde/share/config/okularpartrc | ||
14 | blacklist ~/.kde/share/apps/gwenview | ||
15 | blacklist ~/.kde/share/config/gwenviewrc | ||
11 | 16 | ||
12 | # Media players | 17 | # Media players |
13 | blacklist ${HOME}/.config/cmus | 18 | blacklist ${HOME}/.config/cmus |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile new file mode 100644 index 000000000..d61c57adc --- /dev/null +++ b/etc/gwenview.profile | |||
@@ -0,0 +1,19 @@ | |||
1 | # KDE gwenview profile | ||
2 | noblacklist ~/.kde/share/apps/gwenview | ||
3 | noblacklist ~/.kde/share/config/gwenviewrc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | caps.drop all | ||
9 | seccomp | ||
10 | protocol unix | ||
11 | noroot | ||
12 | nogroups | ||
13 | private-dev | ||
14 | |||
15 | #Experimental: | ||
16 | #shell none | ||
17 | #private-bin gwenview | ||
18 | #private-etc X11 | ||
19 | |||
diff --git a/etc/okular.profile b/etc/okular.profile new file mode 100644 index 000000000..7929a8796 --- /dev/null +++ b/etc/okular.profile | |||
@@ -0,0 +1,21 @@ | |||
1 | # KDE okular profile | ||
2 | noblacklist ~/.kde/share/apps/okular | ||
3 | noblacklist ~/.kde/share/config/okularrc | ||
4 | noblacklist ~/.kde/share/config/okularpartrc | ||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | caps.drop all | ||
10 | seccomp | ||
11 | protocol unix | ||
12 | noroot | ||
13 | nogroups | ||
14 | private-dev | ||
15 | |||
16 | #Experimental: | ||
17 | #net none | ||
18 | #shell none | ||
19 | #private-bin okular,kbuildsycoca4,kbuildsycoca5 | ||
20 | #private-etc X11 | ||
21 | |||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 2413965ba..1ea112301 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -85,3 +85,6 @@ | |||
85 | /etc/firejail/0ad.profile | 85 | /etc/firejail/0ad.profile |
86 | /etc/firejail/netsurf.profile | 86 | /etc/firejail/netsurf.profile |
87 | /etc/firejail/warzone2100.profile | 87 | /etc/firejail/warzone2100.profile |
88 | /etc/firejail/okular.profile | ||
89 | /etc/firejail/gwenview.profile | ||
90 | |||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 80433f1e5..d732796e9 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -51,6 +51,8 @@ loweb | |||
51 | lowriter | 51 | lowriter |
52 | Mathematica | 52 | Mathematica |
53 | mathematica | 53 | mathematica |
54 | gwenview | ||
55 | okular | ||
54 | 56 | ||
55 | # Media | 57 | # Media |
56 | vlc | 58 | vlc |