diff options
author | netblue30 <netblue30@yahoo.com> | 2017-04-24 20:39:23 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-04-24 20:39:23 -0400 |
commit | bc257b6a4cdd0d335d744a0e70d06cef0c81ea26 (patch) | |
tree | 777f5c8558eba98704003f9d0ee7db833cc6a9da | |
parent | fcopy - no checking for group in order to fix files such as /usr/bin/mutt_do... (diff) | |
download | firejail-bc257b6a4cdd0d335d744a0e70d06cef0c81ea26.tar.gz firejail-bc257b6a4cdd0d335d744a0e70d06cef0c81ea26.tar.zst firejail-bc257b6a4cdd0d335d744a0e70d06cef0c81ea26.zip |
added akregator, kcalc and ktorrent profiles
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | etc/akregator.profile | 30 | ||||
-rw-r--r-- | etc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/kcalc.profile | 29 | ||||
-rw-r--r-- | etc/ktorrent.profile | 30 | ||||
-rw-r--r-- | platform/debian/conffiles | 3 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 356 |
7 files changed, 264 insertions, 190 deletions
@@ -196,4 +196,4 @@ simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, | |||
196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, | 196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, |
197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, | 197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, |
198 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, | 198 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, |
199 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino | 199 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, akregator, kcalc, ktorrent |
diff --git a/etc/akregator.profile b/etc/akregator.profile new file mode 100644 index 000000000..c99153450 --- /dev/null +++ b/etc/akregator.profile | |||
@@ -0,0 +1,30 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/akregator.local | ||
4 | |||
5 | ################################ | ||
6 | # Generic GUI application profile | ||
7 | ################################ | ||
8 | noblacklist ${HOME}/.config/akregatorrc | ||
9 | noblacklist ${HOME}/.local/share/akregator | ||
10 | include /etc/firejail/disable-common.inc | ||
11 | include /etc/firejail/disable-programs.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | |||
14 | caps.drop all | ||
15 | netfilter | ||
16 | nonewprivs | ||
17 | noroot | ||
18 | protocol unix,inet,inet6 | ||
19 | seccomp | ||
20 | |||
21 | # | ||
22 | # depending on you usage, you can enable some of the commands below: | ||
23 | # | ||
24 | # nogroups | ||
25 | # shell none | ||
26 | # private-bin program | ||
27 | # private-etc none | ||
28 | # private-dev | ||
29 | # private-tmp | ||
30 | |||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 32adac298..fbe614b0d 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -21,6 +21,7 @@ blacklist ${HOME}/.bcast5 | |||
21 | blacklist ${HOME}/.bibletime | 21 | blacklist ${HOME}/.bibletime |
22 | blacklist ${HOME}/.claws-mail | 22 | blacklist ${HOME}/.claws-mail |
23 | blacklist ${HOME}/.config/0ad | 23 | blacklist ${HOME}/.config/0ad |
24 | blacklist ${HOME}/.config/akregatorrc | ||
24 | blacklist ${HOME}/.config/Atom | 25 | blacklist ${HOME}/.config/Atom |
25 | blacklist ${HOME}/.config/Audaciousrc | 26 | blacklist ${HOME}/.config/Audaciousrc |
26 | blacklist ${HOME}/.config/Brackets | 27 | blacklist ${HOME}/.config/Brackets |
@@ -179,6 +180,7 @@ blacklist ${HOME}/.kde4/share/config/konqsidebartngrc | |||
179 | blacklist ${HOME}/.kde4/share/config/konquerorrc | 180 | blacklist ${HOME}/.kde4/share/config/konquerorrc |
180 | blacklist ${HOME}/.kde4/share/config/okularpartrc | 181 | blacklist ${HOME}/.kde4/share/config/okularpartrc |
181 | blacklist ${HOME}/.kde4/share/config/okularrc | 182 | blacklist ${HOME}/.kde4/share/config/okularrc |
183 | blacklist ${HOME}/.kde4/share/config/ktorrentrc | ||
182 | blacklist ${HOME}/.kde/share/apps/gwenview | 184 | blacklist ${HOME}/.kde/share/apps/gwenview |
183 | blacklist ${HOME}/.kde/share/apps/kcookiejar | 185 | blacklist ${HOME}/.kde/share/apps/kcookiejar |
184 | blacklist ${HOME}/.kde/share/apps/khtml | 186 | blacklist ${HOME}/.kde/share/apps/khtml |
@@ -196,6 +198,7 @@ blacklist ${HOME}/.kde/share/config/konqsidebartngrc | |||
196 | blacklist ${HOME}/.kde/share/config/konquerorrc | 198 | blacklist ${HOME}/.kde/share/config/konquerorrc |
197 | blacklist ${HOME}/.kde/share/config/okularpartrc | 199 | blacklist ${HOME}/.kde/share/config/okularpartrc |
198 | blacklist ${HOME}/.kde/share/config/okularrc | 200 | blacklist ${HOME}/.kde/share/config/okularrc |
201 | blacklist ${HOME}/.kde/share/config/ktorrentrc | ||
199 | blacklist ${HOME}/.killingfloor | 202 | blacklist ${HOME}/.killingfloor |
200 | blacklist ${HOME}/.kino-history | 203 | blacklist ${HOME}/.kino-history |
201 | blacklist ${HOME}/.kinorc | 204 | blacklist ${HOME}/.kinorc |
@@ -207,6 +210,7 @@ blacklist ${HOME}/.local/.share/maps-places.json | |||
207 | blacklist ${HOME}/.local/lib/python2.7/site-packages | 210 | blacklist ${HOME}/.local/lib/python2.7/site-packages |
208 | blacklist ${HOME}/.local/share/0ad | 211 | blacklist ${HOME}/.local/share/0ad |
209 | blacklist ${HOME}/.local/share/3909/PapersPlease | 212 | blacklist ${HOME}/.local/share/3909/PapersPlease |
213 | blacklist ${HOME}/.local/share/akregator | ||
210 | blacklist ${HOME}/.local/share/Empathy | 214 | blacklist ${HOME}/.local/share/Empathy |
211 | blacklist ${HOME}/.local/share/Mumble | 215 | blacklist ${HOME}/.local/share/Mumble |
212 | blacklist ${HOME}/.local/share/QuiteRss | 216 | blacklist ${HOME}/.local/share/QuiteRss |
diff --git a/etc/kcalc.profile b/etc/kcalc.profile new file mode 100644 index 000000000..88f84fdf6 --- /dev/null +++ b/etc/kcalc.profile | |||
@@ -0,0 +1,29 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/kcalc.local | ||
4 | |||
5 | ################################ | ||
6 | # Generic GUI application profile | ||
7 | ################################ | ||
8 | include /etc/firejail/disable-common.inc | ||
9 | include /etc/firejail/disable-programs.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | |||
12 | caps.drop all | ||
13 | netfilter | ||
14 | nonewprivs | ||
15 | noroot | ||
16 | protocol unix,inet,inet6 | ||
17 | seccomp | ||
18 | |||
19 | # | ||
20 | # depending on you usage, you can enable some of the commands below: | ||
21 | # | ||
22 | private | ||
23 | nogroups | ||
24 | shell none | ||
25 | # private-bin program | ||
26 | # private-etc none | ||
27 | private-dev | ||
28 | private-tmp | ||
29 | |||
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile new file mode 100644 index 000000000..f1a5d995d --- /dev/null +++ b/etc/ktorrent.profile | |||
@@ -0,0 +1,30 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/ktorrent.local | ||
4 | |||
5 | ################################ | ||
6 | # Generic GUI application profile | ||
7 | ################################ | ||
8 | blacklist ${HOME}/.kde/share/config/ktorrentrc | ||
9 | blacklist ${HOME}/.kde4/share/config/ktorrentrc | ||
10 | include /etc/firejail/disable-common.inc | ||
11 | include /etc/firejail/disable-programs.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | |||
14 | caps.drop all | ||
15 | netfilter | ||
16 | nonewprivs | ||
17 | noroot | ||
18 | protocol unix,inet,inet6 | ||
19 | seccomp | ||
20 | |||
21 | # | ||
22 | # depending on you usage, you can enable some of the commands below: | ||
23 | # | ||
24 | nogroups | ||
25 | shell none | ||
26 | # private-bin program | ||
27 | # private-etc none | ||
28 | private-dev | ||
29 | # private-tmp | ||
30 | |||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 011f52657..4169184df 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -268,3 +268,6 @@ | |||
268 | /etc/firejail/engrampa.profile | 268 | /etc/firejail/engrampa.profile |
269 | /etc/firejail/scribus.profile | 269 | /etc/firejail/scribus.profile |
270 | /etc/firejail/mediathekview.profile | 270 | /etc/firejail/mediathekview.profile |
271 | /etc/firejail/akregator.profile | ||
272 | /etc/firejail/kcalc.profile | ||
273 | /etc/firejail/ktorrent.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 21c9ceec1..2569c36ef 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -1,245 +1,223 @@ | |||
1 | # /usr/lib/firejail/firecfg.config - firecfg utility configuration file | 1 | # /usr/lib/firejail/firecfg.config - firecfg utility configuration file |
2 | # This is the list of programs handled by firecfg utility | 2 | # This is the list of programs in alfabetical order handled by firecfg utility |
3 | # | 3 | # |
4 | |||
5 | # astronomy | ||
6 | gpredict | ||
7 | stellarium | ||
8 | |||
9 | # bittorrent/ftp | ||
10 | deluge | ||
11 | dropbox | ||
12 | filezilla | ||
13 | qbittorrent | ||
14 | rtorrent | ||
15 | transmission-gtk | ||
16 | transmission-qt | ||
17 | transmission-cli | ||
18 | transmission-show | ||
19 | uget-gtk | ||
20 | youtube-dl | ||
21 | |||
22 | # browsers/email | ||
23 | abrowser | ||
24 | brave | ||
25 | chromium | ||
26 | chromium-browser | ||
27 | claws-mail | ||
28 | conkeror | ||
29 | cyberfox | ||
30 | firefox | ||
31 | firefox-esr | ||
32 | flashpeak-slimjet | ||
33 | epiphany | ||
34 | dillo | ||
35 | google-chrome | ||
36 | google-chrome-beta | ||
37 | google-chrome-stable | ||
38 | google-chrome-unstable | ||
39 | iceweasel | ||
40 | icecat | ||
41 | icedove | ||
42 | inox | ||
43 | iridium | ||
44 | iridium-browser | ||
45 | kmail | ||
46 | midori | ||
47 | mutt | ||
48 | netsurf | ||
49 | nylas | ||
50 | opera-beta | ||
51 | opera | ||
52 | palemoon | ||
53 | qutebrowser | ||
54 | start-tor-browser | ||
55 | seamonkey | ||
56 | seamonkey-bin | ||
57 | thunderbird | ||
58 | vivaldi | ||
59 | vivaldi-beta | ||
60 | vivaldi-stable | ||
61 | evolution | ||
62 | elinks | ||
63 | lynx | ||
64 | w3m | ||
65 | |||
66 | # chat/messaging | ||
67 | bitlbee | ||
68 | corebird | ||
69 | # Cryptocat is added but commented since isn't installed to a */bin... keep an eye on this | ||
70 | dino | ||
71 | empathy | ||
72 | gajim | ||
73 | gitter | ||
74 | hexchat | ||
75 | jitsi | ||
76 | konversation | ||
77 | mumble | ||
78 | pidgin | ||
79 | polari | ||
80 | psi-plus | ||
81 | qtox | ||
82 | quassel | ||
83 | skype | ||
84 | skypeforlinux | ||
85 | slack | ||
86 | telegram | ||
87 | weechat | ||
88 | weechat-curses | ||
89 | wire | ||
90 | xchat | ||
91 | |||
92 | # dns | ||
93 | dnscrypt-proxy | ||
94 | dnsmasq | ||
95 | unbound | ||
96 | |||
97 | # emulators/compatibility layers | ||
98 | mupen64plus | ||
99 | wine | ||
100 | dosbox | ||
101 | virtualbox | ||
102 | qemu-launcher | ||
103 | #qemu-system-x86_64 | ||
104 | |||
105 | # games | ||
106 | 0ad | 4 | 0ad |
107 | gnome-2048 | 5 | abrowser |
108 | gnome-chess | 6 | akregator |
109 | hedgewars | ||
110 | multimc5 | ||
111 | steam | ||
112 | wesnot | ||
113 | warzone2100 | ||
114 | xonotic-glx | ||
115 | xonotic-sdl | ||
116 | |||
117 | # Media | ||
118 | amarok | 7 | amarok |
8 | arduino | ||
9 | ark | ||
10 | atom | ||
11 | atom-beta | ||
12 | atool | ||
13 | atril | ||
119 | audacious | 14 | audacious |
120 | audacity | 15 | audacity |
16 | aweather | ||
17 | baloo_file | ||
18 | bibletime | ||
19 | bitlbee | ||
121 | bleachbit | 20 | bleachbit |
21 | bless | ||
122 | brasero | 22 | brasero |
23 | brave | ||
24 | cherrytree | ||
25 | chromium | ||
26 | chromium-browser | ||
27 | claws-mail | ||
123 | clementine | 28 | clementine |
124 | cmus | 29 | cmus |
30 | conkeror | ||
31 | corebird | ||
32 | # Cryptocat is added but commented since isn't installed to a */bin... keep an eye on this | ||
125 | cvlc | 33 | cvlc |
34 | cyberfox | ||
126 | deadbeef | 35 | deadbeef |
36 | deluge | ||
37 | dillo | ||
38 | dino | ||
127 | display | 39 | display |
40 | dnscrypt-proxy | ||
41 | dnsmasq | ||
128 | dolphin | 42 | dolphin |
43 | dosbox | ||
129 | dragon | 44 | dragon |
45 | dropbox | ||
46 | elinks | ||
47 | empathy | ||
48 | eog | ||
49 | eom | ||
50 | epiphany | ||
51 | evince | ||
52 | evolution | ||
130 | exiftool | 53 | exiftool |
54 | fbreader | ||
131 | feh | 55 | feh |
56 | file-roller | ||
57 | filezilla | ||
58 | firefox | ||
59 | firefox-esr | ||
60 | flashpeak-slimjet | ||
61 | flowblade | ||
62 | gajim | ||
63 | gedit | ||
132 | geeqie | 64 | geeqie |
65 | gimp | ||
66 | gitter | ||
133 | gjs | 67 | gjs |
68 | gnome-2048 | ||
134 | gnome-books | 69 | gnome-books |
70 | gnome-calculator | ||
71 | gnome-chess | ||
135 | gnome-clocks | 72 | gnome-clocks |
136 | gnome-photos | ||
137 | gnome-documents | 73 | gnome-documents |
138 | gnome-maps | 74 | gnome-maps |
139 | gnome-mplayer | 75 | gnome-mplayer |
140 | gnome-music | 76 | gnome-music |
77 | gnome-photos | ||
78 | gnome-weather | ||
141 | goobox | 79 | goobox |
80 | google-chrome | ||
81 | google-chrome-beta | ||
82 | google-chrome-stable | ||
83 | google-chrome-unstable | ||
142 | google-play-music-desktop-player | 84 | google-play-music-desktop-player |
143 | gpicview | 85 | gpicview |
144 | img2txt | 86 | gpredict |
145 | k3b | ||
146 | kodi | ||
147 | lollypop | ||
148 | mediainfo | ||
149 | mediathekview | ||
150 | mpv | ||
151 | nautilus | ||
152 | parole | ||
153 | pithos | ||
154 | rhythmbox | ||
155 | simple-scan | ||
156 | skanlite | ||
157 | spotify | ||
158 | totem | ||
159 | viewnior | ||
160 | vlc | ||
161 | xfburn | ||
162 | xmms | ||
163 | xplayer | ||
164 | xviewer | ||
165 | eom | ||
166 | |||
167 | # news readers | ||
168 | quiterss | ||
169 | |||
170 | # office | ||
171 | atril | ||
172 | cherrytree | ||
173 | evince | ||
174 | fbreader | ||
175 | gedit | ||
176 | gimp | ||
177 | gthumb | 87 | gthumb |
178 | gwenview | 88 | gwenview |
89 | hedgewars | ||
90 | hexchat | ||
179 | highlight | 91 | highlight |
92 | icecat | ||
93 | icedove | ||
94 | iceweasel | ||
95 | img2txt | ||
180 | inkscape | 96 | inkscape |
97 | inox | ||
98 | iridium | ||
99 | iridium-browser | ||
100 | jd-gui | ||
101 | jitsi | ||
102 | k3b | ||
181 | kate | 103 | kate |
104 | kcalc | ||
105 | keepass | ||
106 | keepass2 | ||
107 | keepassx | ||
108 | keepassx2 | ||
109 | keepassxc | ||
110 | kmail | ||
111 | kodi | ||
112 | konversation | ||
113 | ktorrent | ||
182 | libreoffice | 114 | libreoffice |
183 | localc | 115 | localc |
184 | lodraw | 116 | lodraw |
185 | loffice | 117 | loffice |
186 | lofromtemplate | 118 | lofromtemplate |
187 | loimpress | 119 | loimpress |
120 | lollypop | ||
188 | lomath | 121 | lomath |
189 | loweb | 122 | loweb |
190 | lowriter | 123 | lowriter |
191 | luminance-hdr | 124 | luminance-hdr |
192 | mupdf | 125 | lynx |
193 | pdfsam | ||
194 | qpdfview | ||
195 | scribus | ||
196 | soffice | ||
197 | synfigstudio | ||
198 | Mathematica | ||
199 | mathematica | 126 | mathematica |
127 | Mathematica | ||
128 | mediainfo | ||
129 | mediathekview | ||
130 | meld | ||
131 | midori | ||
132 | mousepad | ||
133 | mpv | ||
134 | multimc5 | ||
135 | mumble | ||
136 | mupdf | ||
137 | mupen64plus | ||
138 | mutt | ||
139 | nautilus | ||
140 | netsurf | ||
141 | nylas | ||
200 | odt2txt | 142 | odt2txt |
201 | okular | 143 | okular |
144 | openshot | ||
145 | opera | ||
146 | opera-beta | ||
147 | palemoon | ||
148 | parole | ||
149 | pdfsam | ||
202 | pdftotext | 150 | pdftotext |
151 | pidgin | ||
152 | pithos | ||
203 | pix | 153 | pix |
204 | xpdf | ||
205 | xreader | ||
206 | zathura | ||
207 | openshot | ||
208 | flowblade | ||
209 | eog | ||
210 | |||
211 | # other | ||
212 | arduino | ||
213 | atom | ||
214 | atom-beta | ||
215 | baloo_file | ||
216 | bless | ||
217 | bibletime | ||
218 | gnome-calculator | ||
219 | jd-gui | ||
220 | keepass | ||
221 | keepass2 | ||
222 | keepassx | ||
223 | keepassx2 | ||
224 | keepassxc | ||
225 | meld | ||
226 | mousepad | ||
227 | pluma | 154 | pluma |
155 | polari | ||
156 | psi-plus | ||
157 | qbittorrent | ||
158 | qemu-launcher | ||
159 | #qemu-system-x86_64 | ||
160 | qpdfview | ||
161 | qtox | ||
162 | quassel | ||
163 | quiterss | ||
164 | qutebrowser | ||
228 | ranger | 165 | ranger |
166 | rhythmbox | ||
167 | rtorrent | ||
168 | scribus | ||
169 | seamonkey | ||
170 | seamonkey-bin | ||
171 | simple-scan | ||
172 | skanlite | ||
173 | skype | ||
174 | skypeforlinux | ||
175 | slack | ||
176 | soffice | ||
177 | spectacle | ||
178 | spotify | ||
229 | ssh | 179 | ssh |
230 | Thunar | 180 | start-tor-browser |
181 | steam | ||
182 | stellarium | ||
183 | synfigstudio | ||
184 | telegram | ||
231 | thunar | 185 | thunar |
186 | Thunar | ||
187 | thunderbird | ||
188 | totem | ||
232 | tracker | 189 | tracker |
190 | transmission-cli | ||
191 | transmission-gtk | ||
192 | transmission-qt | ||
193 | transmission-show | ||
194 | uget-gtk | ||
195 | unbound | ||
196 | viewnior | ||
233 | viking | 197 | viking |
198 | virtualbox | ||
199 | vivaldi | ||
200 | vivaldi-beta | ||
201 | vivaldi-stable | ||
202 | vlc | ||
203 | w3m | ||
204 | warzone2100 | ||
205 | weechat | ||
206 | weechat-curses | ||
207 | wesnot | ||
208 | wine | ||
209 | wire | ||
234 | wireshark | 210 | wireshark |
235 | xiphos | 211 | xchat |
236 | xed | 212 | xed |
237 | 213 | xfburn | |
238 | # weather/climate | 214 | xiphos |
239 | aweather | 215 | xmms |
240 | gnome-weather | 216 | xonotic-glx |
241 | 217 | xonotic-sdl | |
242 | # compressing tools | 218 | xpdf |
243 | ark | 219 | xplayer |
244 | atool | 220 | xreader |
245 | file-roller | 221 | xviewer |
222 | youtube-dl | ||
223 | zathura | ||