diff options
author | netblue30 <netblue30@yahoo.com> | 2016-09-30 10:13:00 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-09-30 10:13:00 -0400 |
commit | b806f35192817e78b95a92dd658f1430bcc6fb56 (patch) | |
tree | 8ec9c12b8aa5b1616c2cc605d357ea05efe8aaaa | |
parent | added luminance-hdr and synfigstudio profiles (diff) | |
download | firejail-b806f35192817e78b95a92dd658f1430bcc6fb56.tar.gz firejail-b806f35192817e78b95a92dd658f1430bcc6fb56.tar.zst firejail-b806f35192817e78b95a92dd658f1430bcc6fb56.zip |
gimp and inkscape profiles
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/gimp.profile | 18 | ||||
-rw-r--r-- | etc/inkscape.profile | 18 | ||||
-rw-r--r-- | etc/luminance-hdr.profile | 2 | ||||
-rw-r--r-- | platform/debian/conffiles | 2 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 |
8 files changed, 44 insertions, 4 deletions
@@ -88,5 +88,5 @@ x11 xpra, x11 xephyr, x11 block, allusers, join-or-start | |||
88 | 88 | ||
89 | ## New profiles | 89 | ## New profiles |
90 | 90 | ||
91 | qpdfview, mupdf, Luminance HDR, Synfig Studio | 91 | qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape |
92 | 92 | ||
@@ -13,7 +13,7 @@ firejail (0.9.43) baseline; urgency=low | |||
13 | * feature: blocking x11 (--x11=block) | 13 | * feature: blocking x11 (--x11=block) |
14 | * feature: disable 3D hardware acceleration (--no3d) | 14 | * feature: disable 3D hardware acceleration (--no3d) |
15 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands | 15 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands |
16 | * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio | 16 | * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape |
17 | * bugfixes | 17 | * bugfixes |
18 | -- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500 | 18 | -- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500 |
19 | 19 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 8566ea0c5..1e2b81d27 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -30,6 +30,8 @@ blacklist ${HOME}/.config/qpdfview | |||
30 | blacklist ${HOME}/.config/Luminance | 30 | blacklist ${HOME}/.config/Luminance |
31 | blacklist ${HOME}/.config/synfig | 31 | blacklist ${HOME}/.config/synfig |
32 | blacklist ${HOME}/.synfig | 32 | blacklist ${HOME}/.synfig |
33 | blacklist ${HOME}/.inkscape | ||
34 | blacklist ${HOME}/.gimp* | ||
33 | 35 | ||
34 | # Media players | 36 | # Media players |
35 | blacklist ${HOME}/.config/cmus | 37 | blacklist ${HOME}/.config/cmus |
diff --git a/etc/gimp.profile b/etc/gimp.profile new file mode 100644 index 000000000..23361b771 --- /dev/null +++ b/etc/gimp.profile | |||
@@ -0,0 +1,18 @@ | |||
1 | # gimp | ||
2 | noblacklist ${HOME}/.gimp* | ||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | netfilter | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | protocol unix | ||
12 | seccomp | ||
13 | private-dev | ||
14 | private-tmp | ||
15 | noexec ${HOME} | ||
16 | noexec /tmp | ||
17 | nogroups | ||
18 | nosound | ||
diff --git a/etc/inkscape.profile b/etc/inkscape.profile new file mode 100644 index 000000000..cf885fba2 --- /dev/null +++ b/etc/inkscape.profile | |||
@@ -0,0 +1,18 @@ | |||
1 | # inkscape | ||
2 | noblacklist ${HOME}/.inkscape | ||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | netfilter | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | protocol unix | ||
12 | seccomp | ||
13 | private-dev | ||
14 | private-tmp | ||
15 | noexec ${HOME} | ||
16 | noexec /tmp | ||
17 | nogroups | ||
18 | nosound | ||
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index e9207fba3..6e059ea52 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile | |||
@@ -3,8 +3,6 @@ noblacklist ${HOME}/.config/Luminance | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | include /etc/firejail/disable-devel.inc | ||
7 | |||
8 | 6 | ||
9 | caps.drop all | 7 | caps.drop all |
10 | netfilter | 8 | netfilter |
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 86f5564fd..75e7a469b 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -147,4 +147,6 @@ | |||
147 | /etc/firejail/qpdfview.profile | 147 | /etc/firejail/qpdfview.profile |
148 | /etc/firejail/luminance-hdr.profile | 148 | /etc/firejail/luminance-hdr.profile |
149 | /etc/firejail/synfigstudio.profile | 149 | /etc/firejail/synfigstudio.profile |
150 | /etc/firejail/gimp.profile | ||
151 | /etc/firejail/inkscape.profile | ||
150 | 152 | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2fec8ef90..75265545b 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -132,6 +132,8 @@ mupdf | |||
132 | qpdfview | 132 | qpdfview |
133 | luminance-hdr | 133 | luminance-hdr |
134 | synfigstudio | 134 | synfigstudio |
135 | gimp | ||
136 | inkscape | ||
135 | 137 | ||
136 | # other | 138 | # other |
137 | ssh | 139 | ssh |