diff options
author | 2023-08-11 17:37:00 -0400 | |
---|---|---|
committer | 2023-08-11 17:37:00 -0400 | |
commit | 0e11f39bcb41e8df65b0ba38b276b4e5198ba32a (patch) | |
tree | 7f7d1d05fffc1a6a47035df244164dbd905626b9 | |
parent | nettrace stats (diff) | |
parent | profiles: improvements to profiles using private (#5946) (diff) | |
download | firejail-0e11f39bcb41e8df65b0ba38b276b4e5198ba32a.tar.gz firejail-0e11f39bcb41e8df65b0ba38b276b4e5198ba32a.tar.zst firejail-0e11f39bcb41e8df65b0ba38b276b4e5198ba32a.zip |
Merge branch 'master' of ssh://github.com/netblue30/firejail
43 files changed, 442 insertions, 125 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index 8754e7eff..0a9628d31 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -54,7 +54,7 @@ jobs: | |||
54 | runs-on: ubuntu-22.04 | 54 | runs-on: ubuntu-22.04 |
55 | steps: | 55 | steps: |
56 | - name: Harden Runner | 56 | - name: Harden Runner |
57 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 | 57 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 |
58 | with: | 58 | with: |
59 | egress-policy: block | 59 | egress-policy: block |
60 | allowed-endpoints: > | 60 | allowed-endpoints: > |
@@ -84,7 +84,7 @@ jobs: | |||
84 | runs-on: ubuntu-22.04 | 84 | runs-on: ubuntu-22.04 |
85 | steps: | 85 | steps: |
86 | - name: Harden Runner | 86 | - name: Harden Runner |
87 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 | 87 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 |
88 | with: | 88 | with: |
89 | egress-policy: block | 89 | egress-policy: block |
90 | allowed-endpoints: > | 90 | allowed-endpoints: > |
@@ -110,7 +110,7 @@ jobs: | |||
110 | runs-on: ubuntu-22.04 | 110 | runs-on: ubuntu-22.04 |
111 | steps: | 111 | steps: |
112 | - name: Harden Runner | 112 | - name: Harden Runner |
113 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 | 113 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 |
114 | with: | 114 | with: |
115 | egress-policy: block | 115 | egress-policy: block |
116 | allowed-endpoints: > | 116 | allowed-endpoints: > |
@@ -132,7 +132,7 @@ jobs: | |||
132 | runs-on: ubuntu-20.04 | 132 | runs-on: ubuntu-20.04 |
133 | steps: | 133 | steps: |
134 | - name: Harden Runner | 134 | - name: Harden Runner |
135 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 | 135 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 |
136 | with: | 136 | with: |
137 | egress-policy: block | 137 | egress-policy: block |
138 | allowed-endpoints: > | 138 | allowed-endpoints: > |
@@ -150,7 +150,7 @@ jobs: | |||
150 | runs-on: ubuntu-22.04 | 150 | runs-on: ubuntu-22.04 |
151 | steps: | 151 | steps: |
152 | - name: Harden Runner | 152 | - name: Harden Runner |
153 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 | 153 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 |
154 | with: | 154 | with: |
155 | egress-policy: block | 155 | egress-policy: block |
156 | allowed-endpoints: > | 156 | allowed-endpoints: > |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 32dbaf8cc..a53260e64 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -46,7 +46,7 @@ jobs: | |||
46 | SHELL: /bin/bash | 46 | SHELL: /bin/bash |
47 | steps: | 47 | steps: |
48 | - name: Harden Runner | 48 | - name: Harden Runner |
49 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 | 49 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 |
50 | with: | 50 | with: |
51 | egress-policy: block | 51 | egress-policy: block |
52 | allowed-endpoints: > | 52 | allowed-endpoints: > |
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 34d5bcc27..4b9aaa7d6 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -75,7 +75,7 @@ jobs: | |||
75 | 75 | ||
76 | steps: | 76 | steps: |
77 | - name: Harden Runner | 77 | - name: Harden Runner |
78 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 | 78 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 |
79 | with: | 79 | with: |
80 | disable-sudo: true | 80 | disable-sudo: true |
81 | egress-policy: block | 81 | egress-policy: block |
@@ -93,7 +93,7 @@ jobs: | |||
93 | 93 | ||
94 | # Initializes the CodeQL tools for scanning. | 94 | # Initializes the CodeQL tools for scanning. |
95 | - name: Initialize CodeQL | 95 | - name: Initialize CodeQL |
96 | uses: github/codeql-action/init@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 | 96 | uses: github/codeql-action/init@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 |
97 | with: | 97 | with: |
98 | languages: ${{ matrix.language }} | 98 | languages: ${{ matrix.language }} |
99 | # If you wish to specify custom queries, you can do so here or in a config file. | 99 | # If you wish to specify custom queries, you can do so here or in a config file. |
@@ -104,7 +104,7 @@ jobs: | |||
104 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 104 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
105 | # If this step fails, then you should remove it and run the build manually (see below) | 105 | # If this step fails, then you should remove it and run the build manually (see below) |
106 | - name: Autobuild | 106 | - name: Autobuild |
107 | uses: github/codeql-action/autobuild@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 | 107 | uses: github/codeql-action/autobuild@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 |
108 | 108 | ||
109 | # âšī¸ Command-line programs to run using the OS shell. | 109 | # âšī¸ Command-line programs to run using the OS shell. |
110 | # đ https://git.io/JvXDl | 110 | # đ https://git.io/JvXDl |
@@ -118,4 +118,4 @@ jobs: | |||
118 | # make release | 118 | # make release |
119 | 119 | ||
120 | - name: Perform CodeQL Analysis | 120 | - name: Perform CodeQL Analysis |
121 | uses: github/codeql-action/analyze@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 | 121 | uses: github/codeql-action/analyze@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 |
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index 0e7403508..8d4e5ba28 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
@@ -24,7 +24,7 @@ jobs: | |||
24 | runs-on: ubuntu-latest | 24 | runs-on: ubuntu-latest |
25 | steps: | 25 | steps: |
26 | - name: Harden Runner | 26 | - name: Harden Runner |
27 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 | 27 | uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 |
28 | with: | 28 | with: |
29 | disable-sudo: true | 29 | disable-sudo: true |
30 | egress-policy: block | 30 | egress-policy: block |
@@ -347,12 +347,12 @@ deb: dist config.sh | |||
347 | ./mkdeb.sh | 347 | ./mkdeb.sh |
348 | 348 | ||
349 | .PHONY: test-compile | 349 | .PHONY: test-compile |
350 | test-compile: dist config.mk | 350 | test-compile: dist config.sh |
351 | cd test/compile; ./compile.sh $(TARNAME)-$(VERSION) | 351 | cd test/compile; ./compile.sh |
352 | 352 | ||
353 | .PHONY: rpms | 353 | .PHONY: rpms |
354 | rpms: src/man config.mk | 354 | rpms: src/man config.sh |
355 | ./platform/rpm/mkrpm.sh $(TARNAME) $(VERSION) | 355 | ./platform/rpm/mkrpm.sh |
356 | 356 | ||
357 | .PHONY: extras | 357 | .PHONY: extras |
358 | extras: all | 358 | extras: all |
@@ -38,6 +38,8 @@ firejail (0.9.73) baseline; urgency=low | |||
38 | make | 38 | make |
39 | * build: simplify code related to man pages (#5898) | 39 | * build: simplify code related to man pages (#5898) |
40 | * build: fix hardcoded make & remove unnecessary distclean targets (#5911) | 40 | * build: fix hardcoded make & remove unnecessary distclean targets (#5911) |
41 | * build: dist and asc improvements (#5916) | ||
42 | * build: fix some shellcheck issues & use config.sh in more scripts (#5927) | ||
41 | * ci: always update the package db before installing packages (#5742) | 43 | * ci: always update the package db before installing packages (#5742) |
42 | * ci: fix codeql unable to download its own bundle (#5783) | 44 | * ci: fix codeql unable to download its own bundle (#5783) |
43 | * ci: split configure/build/install commands on gitlab (#5784) | 45 | * ci: split configure/build/install commands on gitlab (#5784) |
diff --git a/ci/check/profiles/sort-firecfg.config.sh b/ci/check/profiles/sort-firecfg.config.sh index 17a595350..dbfbf24f5 100755 --- a/ci/check/profiles/sort-firecfg.config.sh +++ b/ci/check/profiles/sort-firecfg.config.sh | |||
@@ -1,2 +1,5 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | tail -n +4 "$1" | sed 's/^# /#/' | LC_ALL=C sort -c -d | 2 | # See ../../../src/firecfg/firecfg.config |
3 | |||
4 | sed -E -e '/^#$/d' -e '/^# /d' -e 's/^#([^ ])/\1/' "$1" | | ||
5 | LC_ALL=C sort -c -u | ||
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index b0d1b7a66..38ab7221e 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -142,6 +142,7 @@ blacklist ${HOME}/.cache/inkscape | |||
142 | blacklist ${HOME}/.cache/inox | 142 | blacklist ${HOME}/.cache/inox |
143 | blacklist ${HOME}/.cache/io.github.lainsce.Notejot | 143 | blacklist ${HOME}/.cache/io.github.lainsce.Notejot |
144 | blacklist ${HOME}/.cache/iridium | 144 | blacklist ${HOME}/.cache/iridium |
145 | blacklist ${HOME}/.cache/journal-viewer | ||
145 | blacklist ${HOME}/.cache/kcmshell5 | 146 | blacklist ${HOME}/.cache/kcmshell5 |
146 | blacklist ${HOME}/.cache/kdenlive | 147 | blacklist ${HOME}/.cache/kdenlive |
147 | blacklist ${HOME}/.cache/keepassxc | 148 | blacklist ${HOME}/.cache/keepassxc |
@@ -171,6 +172,7 @@ blacklist ${HOME}/.cache/mirage | |||
171 | blacklist ${HOME}/.cache/moonchild productions/basilisk | 172 | blacklist ${HOME}/.cache/moonchild productions/basilisk |
172 | blacklist ${HOME}/.cache/moonchild productions/pale moon | 173 | blacklist ${HOME}/.cache/moonchild productions/pale moon |
173 | blacklist ${HOME}/.cache/mozilla | 174 | blacklist ${HOME}/.cache/mozilla |
175 | blacklist ${HOME}/.cache/mpv | ||
174 | blacklist ${HOME}/.cache/ms-excel-online | 176 | blacklist ${HOME}/.cache/ms-excel-online |
175 | blacklist ${HOME}/.cache/ms-office-online | 177 | blacklist ${HOME}/.cache/ms-office-online |
176 | blacklist ${HOME}/.cache/ms-onenote-online | 178 | blacklist ${HOME}/.cache/ms-onenote-online |
@@ -472,6 +474,7 @@ blacklist ${HOME}/.config/google-chrome | |||
472 | blacklist ${HOME}/.config/google-chrome-beta | 474 | blacklist ${HOME}/.config/google-chrome-beta |
473 | blacklist ${HOME}/.config/google-chrome-unstable | 475 | blacklist ${HOME}/.config/google-chrome-unstable |
474 | blacklist ${HOME}/.config/gpicview | 476 | blacklist ${HOME}/.config/gpicview |
477 | blacklist ${HOME}/.config/gramps | ||
475 | blacklist ${HOME}/.config/gthumb | 478 | blacklist ${HOME}/.config/gthumb |
476 | blacklist ${HOME}/.config/gummi | 479 | blacklist ${HOME}/.config/gummi |
477 | blacklist ${HOME}/.config/guvcview2 | 480 | blacklist ${HOME}/.config/guvcview2 |
@@ -899,6 +902,7 @@ blacklist ${HOME}/.local/share/cdprojektred | |||
899 | blacklist ${HOME}/.local/share/chatterino | 902 | blacklist ${HOME}/.local/share/chatterino |
900 | blacklist ${HOME}/.local/share/clipit | 903 | blacklist ${HOME}/.local/share/clipit |
901 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 904 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate |
905 | blacklist ${HOME}/.local/share/com.vmingueza.journal-viewer | ||
902 | blacklist ${HOME}/.local/share/contacts | 906 | blacklist ${HOME}/.local/share/contacts |
903 | blacklist ${HOME}/.local/share/cor-games | 907 | blacklist ${HOME}/.local/share/cor-games |
904 | blacklist ${HOME}/.local/share/data/Mendeley Ltd. | 908 | blacklist ${HOME}/.local/share/data/Mendeley Ltd. |
@@ -1046,6 +1050,7 @@ blacklist ${HOME}/.local/share/xreader | |||
1046 | blacklist ${HOME}/.local/share/zathura | 1050 | blacklist ${HOME}/.local/share/zathura |
1047 | blacklist ${HOME}/.local/state/ani-cli | 1051 | blacklist ${HOME}/.local/state/ani-cli |
1048 | blacklist ${HOME}/.local/state/audacity | 1052 | blacklist ${HOME}/.local/state/audacity |
1053 | blacklist ${HOME}/.local/state/mpv | ||
1049 | blacklist ${HOME}/.local/state/pipewire | 1054 | blacklist ${HOME}/.local/state/pipewire |
1050 | blacklist ${HOME}/.lv2 | 1055 | blacklist ${HOME}/.lv2 |
1051 | blacklist ${HOME}/.lyx | 1056 | blacklist ${HOME}/.lyx |
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile index 48a2afdf2..9ec2f2ad1 100644 --- a/etc/profile-a-l/0ad.profile +++ b/etc/profile-a-l/0ad.profile | |||
@@ -10,6 +10,9 @@ noblacklist ${HOME}/.cache/0ad | |||
10 | noblacklist ${HOME}/.config/0ad | 10 | noblacklist ${HOME}/.config/0ad |
11 | noblacklist ${HOME}/.local/share/0ad | 11 | noblacklist ${HOME}/.local/share/0ad |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | ||
14 | include allow-gjs.inc | ||
15 | |||
13 | blacklist /usr/libexec | 16 | blacklist /usr/libexec |
14 | 17 | ||
15 | include disable-common.inc | 18 | include disable-common.inc |
diff --git a/etc/profile-a-l/chatterino.profile b/etc/profile-a-l/chatterino.profile index 2df03b10b..2a77b6fd6 100644 --- a/etc/profile-a-l/chatterino.profile +++ b/etc/profile-a-l/chatterino.profile | |||
@@ -12,11 +12,13 @@ include globals.local | |||
12 | #whitelist ${MUSIC} | 12 | #whitelist ${MUSIC} |
13 | 13 | ||
14 | # Also allow access to mpv/vlc, they're usable via streamlink. | 14 | # Also allow access to mpv/vlc, they're usable via streamlink. |
15 | noblacklist ${HOME}/.cache/mpv | ||
15 | noblacklist ${HOME}/.config/mpv | 16 | noblacklist ${HOME}/.config/mpv |
16 | noblacklist ${HOME}/.config/pulse | 17 | noblacklist ${HOME}/.config/pulse |
17 | noblacklist ${HOME}/.config/vlc | 18 | noblacklist ${HOME}/.config/vlc |
18 | noblacklist ${HOME}/.local/share/chatterino | 19 | noblacklist ${HOME}/.local/share/chatterino |
19 | noblacklist ${HOME}/.local/share/vlc | 20 | noblacklist ${HOME}/.local/share/vlc |
21 | noblacklist ${HOME}/.local/state/mpv | ||
20 | 22 | ||
21 | # Allow Lua for mpv (blacklisted by disable-interpreters.inc) | 23 | # Allow Lua for mpv (blacklisted by disable-interpreters.inc) |
22 | include allow-lua.inc | 24 | include allow-lua.inc |
diff --git a/etc/profile-a-l/clac.profile b/etc/profile-a-l/clac.profile new file mode 100644 index 000000000..b654b3890 --- /dev/null +++ b/etc/profile-a-l/clac.profile | |||
@@ -0,0 +1,63 @@ | |||
1 | # Firejail profile for clac | ||
2 | # Description: Simple command-line calculator | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include clac.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | blacklist ${RUNUSER} | ||
11 | |||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-proc.inc | ||
17 | include disable-programs.inc | ||
18 | include disable-shell.inc | ||
19 | #include disable-X11.inc - x11 none | ||
20 | include disable-xdg.inc | ||
21 | |||
22 | #include whitelist-common.inc - see #903 | ||
23 | include whitelist-run-common.inc | ||
24 | include whitelist-runuser-common.inc | ||
25 | include whitelist-usr-share-common.inc | ||
26 | include whitelist-var-common.inc | ||
27 | |||
28 | apparmor | ||
29 | caps.drop all | ||
30 | ipc-namespace | ||
31 | machine-id | ||
32 | net none | ||
33 | no3d | ||
34 | nodvd | ||
35 | nogroups | ||
36 | noinput | ||
37 | nonewprivs | ||
38 | noprinters | ||
39 | noroot | ||
40 | nosound | ||
41 | notv | ||
42 | nou2f | ||
43 | novideo | ||
44 | # block socket syscall to simulate empty protocol option (see #639) | ||
45 | seccomp socket | ||
46 | seccomp.block-secondary | ||
47 | tracelog | ||
48 | x11 none | ||
49 | |||
50 | disable-mnt | ||
51 | private | ||
52 | private-bin clac | ||
53 | #private-cache | ||
54 | private-dev | ||
55 | private-etc | ||
56 | private-tmp | ||
57 | |||
58 | dbus-user none | ||
59 | dbus-system none | ||
60 | |||
61 | memory-deny-write-execute | ||
62 | read-only ${HOME} | ||
63 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/daisy.profile b/etc/profile-a-l/daisy.profile new file mode 100644 index 000000000..40b29a1f5 --- /dev/null +++ b/etc/profile-a-l/daisy.profile | |||
@@ -0,0 +1,63 @@ | |||
1 | # Firejail profile for daisy | ||
2 | # Description: TUI scientific calculator with support for units | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include daisy.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | blacklist ${RUNUSER} | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-proc.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-shell.inc | ||
18 | #include disable-X11.inc # x11 none | ||
19 | include disable-xdg.inc | ||
20 | |||
21 | include whitelist-common.inc | ||
22 | include whitelist-run-common.inc | ||
23 | include whitelist-runuser-common.inc | ||
24 | include whitelist-usr-share-common.inc | ||
25 | include whitelist-var-common.inc | ||
26 | |||
27 | apparmor | ||
28 | caps.drop all | ||
29 | ipc-namespace | ||
30 | machine-id | ||
31 | net none | ||
32 | no3d | ||
33 | nodvd | ||
34 | nogroups | ||
35 | noinput | ||
36 | nonewprivs | ||
37 | noprinters | ||
38 | noroot | ||
39 | nosound | ||
40 | notv | ||
41 | nou2f | ||
42 | novideo | ||
43 | # block socket syscall to simulate empty protocol option (see #639) | ||
44 | seccomp socket | ||
45 | seccomp.block-secondary | ||
46 | tracelog | ||
47 | x11 none | ||
48 | |||
49 | disable-mnt | ||
50 | private-bin daisy | ||
51 | private-cache | ||
52 | private-dev | ||
53 | private-etc | ||
54 | private-lib | ||
55 | private-opt none | ||
56 | private-tmp | ||
57 | |||
58 | dbus-user none | ||
59 | dbus-system none | ||
60 | |||
61 | memory-deny-write-execute | ||
62 | read-only ${HOME} | ||
63 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 80790bb0c..70bd7370d 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile | |||
@@ -19,7 +19,7 @@ include disable-shell.inc | |||
19 | include disable-write-mnt.inc | 19 | include disable-write-mnt.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include whitelist-common.inc | 22 | #include whitelist-common.inc # see #903 |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
@@ -28,8 +28,7 @@ apparmor | |||
28 | caps.drop all | 28 | caps.drop all |
29 | ipc-namespace | 29 | ipc-namespace |
30 | machine-id | 30 | machine-id |
31 | # Breaks abstract sockets | 31 | #net none # breaks abstract sockets |
32 | #net none | ||
33 | netfilter | 32 | netfilter |
34 | no3d | 33 | no3d |
35 | nodvd | 34 | nodvd |
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile index bd6fb6dcc..bea114dd6 100644 --- a/etc/profile-a-l/drill.profile +++ b/etc/profile-a-l/drill.profile | |||
@@ -19,7 +19,7 @@ include disable-exec.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include whitelist-common.inc | 22 | #include whitelist-common.inc # see #903 |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile index f12750fda..566e88bf8 100644 --- a/etc/profile-a-l/firefox-common-addons.profile +++ b/etc/profile-a-l/firefox-common-addons.profile | |||
@@ -11,6 +11,7 @@ ignore include whitelist-runuser-common.inc | |||
11 | 11 | ||
12 | ignore private-cache | 12 | ignore private-cache |
13 | 13 | ||
14 | noblacklist ${HOME}/.cache/mpv | ||
14 | noblacklist ${HOME}/.cache/youtube-dl | 15 | noblacklist ${HOME}/.cache/youtube-dl |
15 | noblacklist ${HOME}/.config/kgetrc | 16 | noblacklist ${HOME}/.config/kgetrc |
16 | noblacklist ${HOME}/.config/mpv | 17 | noblacklist ${HOME}/.config/mpv |
@@ -32,9 +33,11 @@ noblacklist ${HOME}/.local/share/kget | |||
32 | noblacklist ${HOME}/.local/share/kxmlgui5/okular | 33 | noblacklist ${HOME}/.local/share/kxmlgui5/okular |
33 | noblacklist ${HOME}/.local/share/okular | 34 | noblacklist ${HOME}/.local/share/okular |
34 | noblacklist ${HOME}/.local/share/qpdfview | 35 | noblacklist ${HOME}/.local/share/qpdfview |
36 | noblacklist ${HOME}/.local/state/mpv | ||
35 | noblacklist ${HOME}/.netrc | 37 | noblacklist ${HOME}/.netrc |
36 | 38 | ||
37 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | 39 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
40 | whitelist ${HOME}/.cache/mpv | ||
38 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 41 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
39 | whitelist ${HOME}/.config/gnome-mplayer | 42 | whitelist ${HOME}/.config/gnome-mplayer |
40 | whitelist ${HOME}/.config/kgetrc | 43 | whitelist ${HOME}/.config/kgetrc |
@@ -62,6 +65,7 @@ whitelist ${HOME}/.local/share/kxmlgui5/okular | |||
62 | whitelist ${HOME}/.local/share/okular | 65 | whitelist ${HOME}/.local/share/okular |
63 | whitelist ${HOME}/.local/share/qpdfview | 66 | whitelist ${HOME}/.local/share/qpdfview |
64 | whitelist ${HOME}/.local/share/tridactyl | 67 | whitelist ${HOME}/.local/share/tridactyl |
68 | whitelist ${HOME}/.local/state/mpv | ||
65 | whitelist ${HOME}/.netrc | 69 | whitelist ${HOME}/.netrc |
66 | whitelist ${HOME}/.pentadactyl | 70 | whitelist ${HOME}/.pentadactyl |
67 | whitelist ${HOME}/.pentadactylrc | 71 | whitelist ${HOME}/.pentadactylrc |
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index baf8f614e..2d0511cf6 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile | |||
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include whitelist-common.inc | 20 | #include whitelist-common.inc # see #903 |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index ddfe57879..e6fe27774 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile | |||
@@ -15,7 +15,7 @@ include disable-shell.inc | |||
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | whitelist /usr/share/libgweather | 17 | whitelist /usr/share/libgweather |
18 | include whitelist-common.inc | 18 | #include whitelist-common.inc # see #903 |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index 025cb74b6..0c4ca35ac 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile | |||
@@ -15,7 +15,7 @@ include disable-shell.inc | |||
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | whitelist /usr/share/gnubik | 17 | whitelist /usr/share/gnubik |
18 | include whitelist-common.inc | 18 | #include whitelist-common.inc # see #903 |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile index 5073e79c9..4b142e404 100644 --- a/etc/profile-a-l/gramps.profile +++ b/etc/profile-a-l/gramps.profile | |||
@@ -6,6 +6,7 @@ include gramps.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gramps | ||
9 | noblacklist ${HOME}/.gramps | 10 | noblacklist ${HOME}/.gramps |
10 | 11 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
@@ -19,7 +20,9 @@ include disable-interpreters.inc | |||
19 | include disable-programs.inc | 20 | include disable-programs.inc |
20 | include disable-xdg.inc | 21 | include disable-xdg.inc |
21 | 22 | ||
23 | mkdir ${HOME}/.config/gramps | ||
22 | mkdir ${HOME}/.gramps | 24 | mkdir ${HOME}/.gramps |
25 | whitelist ${HOME}/.config/gramps | ||
23 | whitelist ${HOME}/.gramps | 26 | whitelist ${HOME}/.gramps |
24 | include whitelist-common.inc | 27 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index 19af7c0b9..5ccce8447 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile | |||
@@ -15,7 +15,7 @@ include disable-shell.inc | |||
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | whitelist /usr/share/gravity-beams-and-evaporating-stars | 17 | whitelist /usr/share/gravity-beams-and-evaporating-stars |
18 | include whitelist-common.inc | 18 | #include whitelist-common.inc # see #903 |
19 | include whitelist-usr-share-common.inc | 19 | include whitelist-usr-share-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
diff --git a/etc/profile-a-l/ipcalc.profile b/etc/profile-a-l/ipcalc.profile index 7eabbca84..e73ca44a8 100644 --- a/etc/profile-a-l/ipcalc.profile +++ b/etc/profile-a-l/ipcalc.profile | |||
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-write-mnt.inc | 18 | include disable-write-mnt.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | # include whitelist-common.inc | 21 | #include whitelist-common.inc # see #903 |
22 | include whitelist-runuser-common.inc | 22 | include whitelist-runuser-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/journal-viewer.profile b/etc/profile-a-l/journal-viewer.profile new file mode 100644 index 000000000..f73595fb1 --- /dev/null +++ b/etc/profile-a-l/journal-viewer.profile | |||
@@ -0,0 +1,68 @@ | |||
1 | # Firejail profile for journal-viewer | ||
2 | # Description: Visualize systemd logs | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include journal-viewer.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.cache/journal-viewer | ||
10 | noblacklist ${HOME}/.local/share/com.vmingueza.journal-viewer | ||
11 | |||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-proc.inc | ||
17 | include disable-programs.inc | ||
18 | include disable-shell.inc | ||
19 | include disable-xdg.inc | ||
20 | |||
21 | mkdir ${HOME}/.cache/journal-viewer | ||
22 | mkdir ${HOME}/.local/share/com.vmingueza.journal-viewer | ||
23 | whitelist ${HOME}/.cache/journal-viewer | ||
24 | whitelist ${HOME}/.local/share/com.vmingueza.journal-viewer | ||
25 | whitelist /run/log/journal | ||
26 | whitelist /var/log/journal | ||
27 | include whitelist-common.inc | ||
28 | include whitelist-run-common.inc | ||
29 | include whitelist-runuser-common.inc | ||
30 | include whitelist-usr-share-common.inc | ||
31 | include whitelist-var-common.inc | ||
32 | |||
33 | apparmor | ||
34 | caps.drop all | ||
35 | ipc-namespace | ||
36 | net none | ||
37 | no3d | ||
38 | nodvd | ||
39 | nogroups | ||
40 | noinput | ||
41 | nonewprivs | ||
42 | noprinters | ||
43 | noroot | ||
44 | nosound | ||
45 | notv | ||
46 | nou2f | ||
47 | novideo | ||
48 | protocol unix | ||
49 | seccomp | ||
50 | seccomp.block-secondary | ||
51 | tracelog | ||
52 | |||
53 | disable-mnt | ||
54 | private-bin journal-viewer | ||
55 | private-cache | ||
56 | private-dev | ||
57 | private-etc machine-id | ||
58 | private-lib webkit2gtk-* | ||
59 | private-tmp | ||
60 | |||
61 | dbus-user none | ||
62 | dbus-system none | ||
63 | |||
64 | restrict-namespaces | ||
65 | read-only ${HOME} | ||
66 | read-write ${HOME}/.cache/journal-viewer | ||
67 | read-write ${HOME}/.local/share/com.vmingueza.journal-viewer | ||
68 | writable-var-log | ||
diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile index f8b5cec13..0e18b3cdf 100644 --- a/etc/profile-m-z/QMediathekView.profile +++ b/etc/profile-m-z/QMediathekView.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | noblacklist ${HOME}/.config/QMediathekView | 9 | noblacklist ${HOME}/.config/QMediathekView |
10 | noblacklist ${HOME}/.local/share/QMediathekView | 10 | noblacklist ${HOME}/.local/share/QMediathekView |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/mpv | ||
12 | noblacklist ${HOME}/.config/mpv | 13 | noblacklist ${HOME}/.config/mpv |
13 | noblacklist ${HOME}/.config/smplayer | 14 | noblacklist ${HOME}/.config/smplayer |
14 | noblacklist ${HOME}/.config/totem | 15 | noblacklist ${HOME}/.config/totem |
@@ -16,6 +17,7 @@ noblacklist ${HOME}/.config/vlc | |||
16 | noblacklist ${HOME}/.config/xplayer | 17 | noblacklist ${HOME}/.config/xplayer |
17 | noblacklist ${HOME}/.local/share/totem | 18 | noblacklist ${HOME}/.local/share/totem |
18 | noblacklist ${HOME}/.local/share/xplayer | 19 | noblacklist ${HOME}/.local/share/xplayer |
20 | noblacklist ${HOME}/.local/state/mpv | ||
19 | noblacklist ${HOME}/.mplayer | 21 | noblacklist ${HOME}/.mplayer |
20 | noblacklist ${VIDEOS} | 22 | noblacklist ${VIDEOS} |
21 | 23 | ||
@@ -35,6 +37,7 @@ whitelist ${HOME}/.local/share/QMediathekView | |||
35 | whitelist ${DOWNLOADS} | 37 | whitelist ${DOWNLOADS} |
36 | whitelist ${VIDEOS} | 38 | whitelist ${VIDEOS} |
37 | 39 | ||
40 | whitelist ${HOME}/.cache/mpv | ||
38 | whitelist ${HOME}/.config/mpv | 41 | whitelist ${HOME}/.config/mpv |
39 | whitelist ${HOME}/.config/smplayer | 42 | whitelist ${HOME}/.config/smplayer |
40 | whitelist ${HOME}/.config/totem | 43 | whitelist ${HOME}/.config/totem |
@@ -42,6 +45,7 @@ whitelist ${HOME}/.config/vlc | |||
42 | whitelist ${HOME}/.config/xplayer | 45 | whitelist ${HOME}/.config/xplayer |
43 | whitelist ${HOME}/.local/share/totem | 46 | whitelist ${HOME}/.local/share/totem |
44 | whitelist ${HOME}/.local/share/xplayer | 47 | whitelist ${HOME}/.local/share/xplayer |
48 | whitelist ${HOME}/.local/state/mpv | ||
45 | whitelist ${HOME}/.mplayer | 49 | whitelist ${HOME}/.mplayer |
46 | whitelist /usr/share/qtchooser | 50 | whitelist /usr/share/qtchooser |
47 | include whitelist-common.inc | 51 | include whitelist-common.inc |
diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile index 2fc1d1b8a..0c3d4c1da 100644 --- a/etc/profile-m-z/Xephyr.profile +++ b/etc/profile-m-z/Xephyr.profile | |||
@@ -16,7 +16,7 @@ include globals.local | |||
16 | # | 16 | # |
17 | 17 | ||
18 | whitelist /var/lib/xkb | 18 | whitelist /var/lib/xkb |
19 | include whitelist-common.inc | 19 | #include whitelist-common.inc # see #903 |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | # Xephyr needs to be allowed access to the abstract Unix socket namespace. | 22 | # Xephyr needs to be allowed access to the abstract Unix socket namespace. |
diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile index ee19fa3b0..2bb9f171a 100644 --- a/etc/profile-m-z/Xvfb.profile +++ b/etc/profile-m-z/Xvfb.profile | |||
@@ -19,7 +19,7 @@ include globals.local | |||
19 | # | 19 | # |
20 | 20 | ||
21 | whitelist /var/lib/xkb | 21 | whitelist /var/lib/xkb |
22 | include whitelist-common.inc | 22 | #include whitelist-common.inc # see #903 |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | # Xvfb needs to be allowed access to the abstract Unix socket namespace. | 25 | # Xvfb needs to be allowed access to the abstract Unix socket namespace. |
diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile index 19ce6fcd1..ef0c8bcc9 100644 --- a/etc/profile-m-z/mediathekview.profile +++ b/etc/profile-m-z/mediathekview.profile | |||
@@ -6,6 +6,7 @@ include mediathekview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/mpv | ||
9 | noblacklist ${HOME}/.config/mpv | 10 | noblacklist ${HOME}/.config/mpv |
10 | noblacklist ${HOME}/.config/smplayer | 11 | noblacklist ${HOME}/.config/smplayer |
11 | noblacklist ${HOME}/.config/totem | 12 | noblacklist ${HOME}/.config/totem |
@@ -13,6 +14,7 @@ noblacklist ${HOME}/.config/vlc | |||
13 | noblacklist ${HOME}/.config/xplayer | 14 | noblacklist ${HOME}/.config/xplayer |
14 | noblacklist ${HOME}/.local/share/totem | 15 | noblacklist ${HOME}/.local/share/totem |
15 | noblacklist ${HOME}/.local/share/xplayer | 16 | noblacklist ${HOME}/.local/share/xplayer |
17 | noblacklist ${HOME}/.local/state/mpv | ||
16 | noblacklist ${HOME}/.mediathek3 | 18 | noblacklist ${HOME}/.mediathek3 |
17 | noblacklist ${HOME}/.mplayer | 19 | noblacklist ${HOME}/.mplayer |
18 | noblacklist ${VIDEOS} | 20 | noblacklist ${VIDEOS} |
diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile index 4943a80af..a8c6e3533 100644 --- a/etc/profile-m-z/mirrormagic.profile +++ b/etc/profile-m-z/mirrormagic.profile | |||
@@ -39,7 +39,6 @@ seccomp | |||
39 | tracelog | 39 | tracelog |
40 | 40 | ||
41 | disable-mnt | 41 | disable-mnt |
42 | private | ||
43 | private-bin mirrormagic | 42 | private-bin mirrormagic |
44 | private-cache | 43 | private-cache |
45 | private-dev | 44 | private-dev |
diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile index e73e3142c..e4f76855e 100644 --- a/etc/profile-m-z/mpsyt.profile +++ b/etc/profile-m-z/mpsyt.profile | |||
@@ -6,9 +6,11 @@ include mpsyt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/mpv | ||
9 | noblacklist ${HOME}/.config/mps-youtube | 10 | noblacklist ${HOME}/.config/mps-youtube |
10 | noblacklist ${HOME}/.config/mpv | 11 | noblacklist ${HOME}/.config/mpv |
11 | noblacklist ${HOME}/.config/youtube-dl | 12 | noblacklist ${HOME}/.config/youtube-dl |
13 | noblacklist ${HOME}/.local/state/mpv | ||
12 | noblacklist ${HOME}/.mplayer | 14 | noblacklist ${HOME}/.mplayer |
13 | noblacklist ${HOME}/.netrc | 15 | noblacklist ${HOME}/.netrc |
14 | noblacklist ${HOME}/mps | 16 | noblacklist ${HOME}/mps |
@@ -32,13 +34,13 @@ include disable-shell.inc | |||
32 | include disable-xdg.inc | 34 | include disable-xdg.inc |
33 | 35 | ||
34 | mkdir ${HOME}/.config/mps-youtube | 36 | mkdir ${HOME}/.config/mps-youtube |
35 | mkdir ${HOME}/.config/mpv | ||
36 | mkdir ${HOME}/.config/youtube-dl | ||
37 | mkdir ${HOME}/.mplayer | 37 | mkdir ${HOME}/.mplayer |
38 | mkdir ${HOME}/mps | 38 | mkdir ${HOME}/mps |
39 | whitelist ${HOME}/.cache/mpv | ||
39 | whitelist ${HOME}/.config/mps-youtube | 40 | whitelist ${HOME}/.config/mps-youtube |
40 | whitelist ${HOME}/.config/mpv | 41 | whitelist ${HOME}/.config/mpv |
41 | whitelist ${HOME}/.config/youtube-dl | 42 | whitelist ${HOME}/.config/youtube-dl |
43 | whitelist ${HOME}/.local/state/mpv | ||
42 | whitelist ${HOME}/.mplayer | 44 | whitelist ${HOME}/.mplayer |
43 | whitelist ${HOME}/.netrc | 45 | whitelist ${HOME}/.netrc |
44 | whitelist ${HOME}/mps | 46 | whitelist ${HOME}/mps |
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile index fd35483be..af8f00c0c 100644 --- a/etc/profile-m-z/mpv.profile +++ b/etc/profile-m-z/mpv.profile | |||
@@ -24,10 +24,12 @@ include globals.local | |||
24 | #include allow-bin-sh.inc | 24 | #include allow-bin-sh.inc |
25 | #private-bin sh | 25 | #private-bin sh |
26 | 26 | ||
27 | noblacklist ${HOME}/.cache/mpv | ||
27 | noblacklist ${HOME}/.config/mpv | 28 | noblacklist ${HOME}/.config/mpv |
28 | noblacklist ${HOME}/.config/youtube-dl | 29 | noblacklist ${HOME}/.config/youtube-dl |
29 | noblacklist ${HOME}/.config/yt-dlp | 30 | noblacklist ${HOME}/.config/yt-dlp |
30 | noblacklist ${HOME}/.config/yt-dlp.conf | 31 | noblacklist ${HOME}/.config/yt-dlp.conf |
32 | noblacklist ${HOME}/.local/state/mpv | ||
31 | noblacklist ${HOME}/.netrc | 33 | noblacklist ${HOME}/.netrc |
32 | noblacklist ${HOME}/yt-dlp.conf | 34 | noblacklist ${HOME}/yt-dlp.conf |
33 | noblacklist ${HOME}/yt-dlp.conf.txt | 35 | noblacklist ${HOME}/yt-dlp.conf.txt |
@@ -49,12 +51,16 @@ include disable-programs.inc | |||
49 | include disable-shell.inc | 51 | include disable-shell.inc |
50 | 52 | ||
51 | read-only ${DESKTOP} | 53 | read-only ${DESKTOP} |
54 | mkdir ${HOME}/.cache/mpv | ||
52 | mkdir ${HOME}/.config/mpv | 55 | mkdir ${HOME}/.config/mpv |
56 | mkdir ${HOME}/.local/state/mpv | ||
53 | mkfile ${HOME}/.netrc | 57 | mkfile ${HOME}/.netrc |
58 | whitelist ${HOME}/.cache/mpv | ||
54 | whitelist ${HOME}/.config/mpv | 59 | whitelist ${HOME}/.config/mpv |
55 | whitelist ${HOME}/.config/youtube-dl | 60 | whitelist ${HOME}/.config/youtube-dl |
56 | whitelist ${HOME}/.config/yt-dlp | 61 | whitelist ${HOME}/.config/yt-dlp |
57 | whitelist ${HOME}/.config/yt-dlp.conf | 62 | whitelist ${HOME}/.config/yt-dlp.conf |
63 | whitelist ${HOME}/.local/state/mpv | ||
58 | whitelist ${HOME}/.netrc | 64 | whitelist ${HOME}/.netrc |
59 | whitelist ${HOME}/yt-dlp.conf | 65 | whitelist ${HOME}/yt-dlp.conf |
60 | whitelist ${HOME}/yt-dlp.conf.txt | 66 | whitelist ${HOME}/yt-dlp.conf.txt |
diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile index f0f2cca2e..5ec81c2ac 100644 --- a/etc/profile-m-z/notify-send.profile +++ b/etc/profile-m-z/notify-send.profile | |||
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-write-mnt.inc | 18 | include disable-write-mnt.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | include whitelist-common.inc | 21 | #include whitelist-common.inc # see #903 |
22 | include whitelist-runuser-common.inc | 22 | include whitelist-runuser-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile index 4520ac2fa..d563064e1 100644 --- a/etc/profile-m-z/ping.profile +++ b/etc/profile-m-z/ping.profile | |||
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-X11.inc | 18 | include disable-X11.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | include whitelist-common.inc | 21 | #include whitelist-common.inc # see #903 |
22 | include whitelist-run-common.inc | 22 | include whitelist-run-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/reader.profile b/etc/profile-m-z/reader.profile new file mode 100644 index 000000000..31c45fe84 --- /dev/null +++ b/etc/profile-m-z/reader.profile | |||
@@ -0,0 +1,63 @@ | |||
1 | # Firejail profile for reader | ||
2 | # Description: Better readability of web pages on the CLI | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include reader.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | blacklist ${RUNUSER} | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-proc.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-shell.inc | ||
18 | include disable-xdg.inc | ||
19 | |||
20 | #include whitelist-common.inc # see #903 | ||
21 | include whitelist-run-common.inc | ||
22 | include whitelist-runuser-common.inc | ||
23 | include whitelist-usr-share-common.inc | ||
24 | include whitelist-var-common.inc | ||
25 | |||
26 | apparmor | ||
27 | caps.drop all | ||
28 | ipc-namespace | ||
29 | machine-id | ||
30 | netfilter | ||
31 | no3d | ||
32 | nodvd | ||
33 | nogroups | ||
34 | noinput | ||
35 | nonewprivs | ||
36 | noprinters | ||
37 | noroot | ||
38 | nosound | ||
39 | notv | ||
40 | nou2f | ||
41 | novideo | ||
42 | protocol inet | ||
43 | seccomp | ||
44 | seccomp.block-secondary | ||
45 | tracelog | ||
46 | x11 none | ||
47 | |||
48 | disable-mnt | ||
49 | private | ||
50 | private-bin reader | ||
51 | private-cache | ||
52 | private-dev | ||
53 | private-etc @network,@tls-ca | ||
54 | private-lib | ||
55 | private-opt none | ||
56 | private-tmp | ||
57 | |||
58 | dbus-user none | ||
59 | dbus-system none | ||
60 | |||
61 | memory-deny-write-execute | ||
62 | read-only ${HOME} | ||
63 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/rtv-addons.profile b/etc/profile-m-z/rtv-addons.profile index cc6db5043..3098cf0a0 100644 --- a/etc/profile-m-z/rtv-addons.profile +++ b/etc/profile-m-z/rtv-addons.profile | |||
@@ -11,13 +11,17 @@ ignore nosound | |||
11 | ignore private-bin | 11 | ignore private-bin |
12 | ignore dbus-user none | 12 | ignore dbus-user none |
13 | 13 | ||
14 | noblacklist ${HOME}/.cache/mpv | ||
14 | noblacklist ${HOME}/.config/mpv | 15 | noblacklist ${HOME}/.config/mpv |
16 | noblacklist ${HOME}/.local/state/mpv | ||
15 | noblacklist ${HOME}/.mailcap | 17 | noblacklist ${HOME}/.mailcap |
16 | noblacklist ${HOME}/.netrc | 18 | noblacklist ${HOME}/.netrc |
17 | noblacklist ${HOME}/.w3m | 19 | noblacklist ${HOME}/.w3m |
18 | 20 | ||
21 | whitelist ${HOME}/.cache/mpv | ||
19 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 22 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
20 | whitelist ${HOME}/.config/mpv | 23 | whitelist ${HOME}/.config/mpv |
24 | whitelist ${HOME}/.local/state/mpv | ||
21 | whitelist ${HOME}/.mailcap | 25 | whitelist ${HOME}/.mailcap |
22 | whitelist ${HOME}/.netrc | 26 | whitelist ${HOME}/.netrc |
23 | whitelist ${HOME}/.w3m | 27 | whitelist ${HOME}/.w3m |
diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile index 5985e0da3..49d98d9f5 100644 --- a/etc/profile-m-z/seahorse-adventures.profile +++ b/etc/profile-m-z/seahorse-adventures.profile | |||
@@ -23,7 +23,7 @@ include disable-xdg.inc | |||
23 | 23 | ||
24 | whitelist /usr/share/seahorse-adventures | 24 | whitelist /usr/share/seahorse-adventures |
25 | whitelist /usr/share/games/seahorse-adventures | 25 | whitelist /usr/share/games/seahorse-adventures |
26 | include whitelist-common.inc | 26 | #include whitelist-common.inc # see #903 |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-m-z/smtube.profile b/etc/profile-m-z/smtube.profile index b617444af..7debd4057 100644 --- a/etc/profile-m-z/smtube.profile +++ b/etc/profile-m-z/smtube.profile | |||
@@ -6,12 +6,14 @@ include smtube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/mpv | ||
10 | noblacklist ${HOME}/.config/mpv | ||
9 | noblacklist ${HOME}/.config/smplayer | 11 | noblacklist ${HOME}/.config/smplayer |
10 | noblacklist ${HOME}/.config/smtube | 12 | noblacklist ${HOME}/.config/smtube |
11 | noblacklist ${HOME}/.config/mpv | ||
12 | noblacklist ${HOME}/.mplayer | ||
13 | noblacklist ${HOME}/.config/vlc | 13 | noblacklist ${HOME}/.config/vlc |
14 | noblacklist ${HOME}/.local/share/vlc | 14 | noblacklist ${HOME}/.local/share/vlc |
15 | noblacklist ${HOME}/.local/state/mpv | ||
16 | noblacklist ${HOME}/.mplayer | ||
15 | noblacklist ${MUSIC} | 17 | noblacklist ${MUSIC} |
16 | noblacklist ${VIDEOS} | 18 | noblacklist ${VIDEOS} |
17 | 19 | ||
diff --git a/etc/profile-m-z/thunderbird.profile b/etc/profile-m-z/thunderbird.profile index f2405a7d3..17e2f0856 100644 --- a/etc/profile-m-z/thunderbird.profile +++ b/etc/profile-m-z/thunderbird.profile | |||
@@ -8,9 +8,17 @@ include globals.local | |||
8 | 8 | ||
9 | ignore include whitelist-runuser-common.inc | 9 | ignore include whitelist-runuser-common.inc |
10 | 10 | ||
11 | # writable-run-user and dbus are needed by enigmail | 11 | # TB stopped supporting enigmail in 2020 (v78) - let's harden D-Bus |
12 | # https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq | ||
12 | ignore dbus-user none | 13 | ignore dbus-user none |
13 | ignore dbus-system none | 14 | dbus-user filter |
15 | dbus-user.own org.mozilla.thunderbird.* | ||
16 | dbus-user.talk ca.desrt.dconf | ||
17 | dbus-user.talk org.freedesktop.Notifications | ||
18 | # allow D-Bus communication with firefox for opening links | ||
19 | dbus-user.talk org.mozilla.* | ||
20 | # e2ee email needs writable-run-user | ||
21 | # https://support.mozilla.org/en-US/kb/introduction-to-e2e-encryption | ||
14 | writable-run-user | 22 | writable-run-user |
15 | 23 | ||
16 | # If you want to read local mail stored in /var/mail edit /etc/apparmor.d/firejail-default accordingly | 24 | # If you want to read local mail stored in /var/mail edit /etc/apparmor.d/firejail-default accordingly |
diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile index 310e8b470..970063f93 100644 --- a/etc/profile-m-z/wordwarvi.profile +++ b/etc/profile-m-z/wordwarvi.profile | |||
@@ -40,7 +40,6 @@ seccomp | |||
40 | tracelog | 40 | tracelog |
41 | 41 | ||
42 | disable-mnt | 42 | disable-mnt |
43 | private | ||
44 | private-bin wordwarvi | 43 | private-bin wordwarvi |
45 | private-cache | 44 | private-cache |
46 | private-dev | 45 | private-dev |
diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile index e85bb9f18..46e3e81bc 100644 --- a/etc/profile-m-z/xbill.profile +++ b/etc/profile-m-z/xbill.profile | |||
@@ -16,7 +16,7 @@ include disable-xdg.inc | |||
16 | 16 | ||
17 | whitelist /usr/share/xbill | 17 | whitelist /usr/share/xbill |
18 | whitelist /var/games/xbill/scores | 18 | whitelist /var/games/xbill/scores |
19 | include whitelist-common.inc | 19 | #include whitelist-common.inc # see #903 |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile index c9d2ea53b..5950c3639 100644 --- a/etc/profile-m-z/youtube-viewers-common.profile +++ b/etc/profile-m-z/youtube-viewers-common.profile | |||
@@ -7,8 +7,10 @@ include youtube-viewers-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/mpv | ||
10 | noblacklist ${HOME}/.cache/youtube-dl | 11 | noblacklist ${HOME}/.cache/youtube-dl |
11 | noblacklist ${HOME}/.config/mpv | 12 | noblacklist ${HOME}/.config/mpv |
13 | noblacklist ${HOME}/.local/state/mpv | ||
12 | 14 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 15 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 16 | include allow-lua.inc |
@@ -3,7 +3,7 @@ | |||
3 | # Copyright (C) 2014-2023 Firejail Authors | 3 | # Copyright (C) 2014-2023 Firejail Authors |
4 | # License GPL v2 | 4 | # License GPL v2 |
5 | 5 | ||
6 | . "$(dirname "$0")/config.sh" | 6 | . "$(dirname "$0")/config.sh" || exit 1 |
7 | 7 | ||
8 | printf 'Calculating SHA256 for all files in /transfer - %s version %s' "$TARNAME" "$VERSION" | 8 | printf 'Calculating SHA256 for all files in /transfer - %s version %s' "$TARNAME" "$VERSION" |
9 | 9 | ||
diff --git a/platform/rpm/mkrpm.sh b/platform/rpm/mkrpm.sh index d32ccd360..0572480c6 100755 --- a/platform/rpm/mkrpm.sh +++ b/platform/rpm/mkrpm.sh | |||
@@ -3,23 +3,26 @@ | |||
3 | # Copyright (C) 2014-2023 Firejail Authors | 3 | # Copyright (C) 2014-2023 Firejail Authors |
4 | # License GPL v2 | 4 | # License GPL v2 |
5 | # | 5 | # |
6 | # Usage: ./platform/rpm/mkrpm.sh firejail <version> "<config options>" | 6 | # Usage: ./platform/rpm/mkrpm.sh <config options> |
7 | # | 7 | # |
8 | # Builds rpms in a temporary directory then places the result in the | 8 | # Builds rpms in a temporary directory then places the result in the |
9 | # current working directory. | 9 | # current working directory. |
10 | 10 | ||
11 | name=$1 | 11 | # shellcheck source=config.sh |
12 | . "$(dirname "$0")/../../config.sh" || exit 1 | ||
13 | |||
14 | name="$TARNAME" | ||
12 | # Strip any trailing prefix from the version like -rc1 etc | 15 | # Strip any trailing prefix from the version like -rc1 etc |
13 | version=$(echo "$2" | sed 's/\-.*//g') | 16 | version="$(printf '%s\n' "$VERSION" | sed 's/\-.*//g')" |
14 | config_opt=$3 | 17 | config_opt="$*" |
15 | 18 | ||
16 | if [[ ! -f platform/rpm/${name}.spec ]]; then | 19 | if [[ ! -f "platform/rpm/${name}.spec" ]]; then |
17 | echo error: spec file not found for name \"${name}\" | 20 | printf 'error: spec file not found for name %s\n' "${name}" >&2 |
18 | exit 1 | 21 | exit 1 |
19 | fi | 22 | fi |
20 | 23 | ||
21 | if [[ -z "${version}" ]]; then | 24 | if [[ -z "${version}" ]]; then |
22 | echo error: version must be given | 25 | printf 'error: version must be given\n' >&2 |
23 | exit 1 | 26 | exit 1 |
24 | fi | 27 | fi |
25 | 28 | ||
@@ -28,26 +31,27 @@ if [[ -z "${config_opt}" ]]; then | |||
28 | fi | 31 | fi |
29 | 32 | ||
30 | # Make a temporary directory and arrange to clean up on exit | 33 | # Make a temporary directory and arrange to clean up on exit |
31 | tmpdir=$(mktemp -d) | 34 | tmpdir="$(mktemp -d)" |
32 | mkdir -p ${tmpdir}/{BUILD,RPMS,SOURCES,SPECS,SRPMS} | 35 | mkdir -p "${tmpdir}"/{BUILD,RPMS,SOURCES,SPECS,SRPMS} |
33 | function cleanup { | 36 | function cleanup { |
34 | rm -rf ${tmpdir} | 37 | rm -rf "${tmpdir}" |
35 | } | 38 | } |
36 | trap cleanup EXIT | 39 | trap cleanup EXIT |
37 | 40 | ||
38 | # Create the spec file | 41 | # Create the spec file |
39 | tmp_spec_file=${tmpdir}/SPECS/${name}.spec | 42 | tmp_spec_file="${tmpdir}/SPECS/${name}.spec" |
40 | sed -e "s/__NAME__/${name}/g" \ | 43 | sed -e "s/__NAME__/${name}/g" \ |
41 | -e "s/__VERSION__/${version}/g" \ | 44 | -e "s/__VERSION__/${version}/g" \ |
42 | -e "s/__CONFIG_OPT__/${config_opt}/g" \ | 45 | -e "s/__CONFIG_OPT__/${config_opt}/g" \ |
43 | platform/rpm/${name}.spec >${tmp_spec_file} | 46 | "platform/rpm/${name}.spec" >"${tmp_spec_file}" |
44 | # FIXME: We could parse RELNOTES and create a %changelog section here | 47 | # FIXME: We could parse RELNOTES and create a %changelog section here |
45 | 48 | ||
46 | # Copy the source to build into a tarball | 49 | # Copy the source to build into a tarball |
47 | tar --exclude='./.git*' --transform "s/^./${name}-${version}/" -czf ${tmpdir}/SOURCES/${name}-${version}.tar.gz . | 50 | tar --exclude='./.git*' --transform "s/^./${name}-${version}/" \ |
51 | -czf "${tmpdir}/SOURCES/${name}-${version}.tar.gz" . | ||
48 | 52 | ||
49 | # Build the files (rpm, debug rpm and source rpm) | 53 | # Build the files (rpm, debug rpm and source rpm) |
50 | rpmbuild --quiet --define "_topdir ${tmpdir}" -ba ${tmp_spec_file} | 54 | rpmbuild --quiet --define "_topdir ${tmpdir}" -ba "${tmp_spec_file}" |
51 | 55 | ||
52 | # Copy the results to cwd | 56 | # Copy the results to cwd |
53 | mv ${tmpdir}/SRPMS/*.rpm ${tmpdir}/RPMS/*/*rpm . | 57 | mv "${tmpdir}/SRPMS"/*.rpm "${tmpdir}/RPMS"/*/*rpm . |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index ce69738eb..7db4480b6 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -1,6 +1,8 @@ | |||
1 | # /etc/firejail/firecfg.config - firecfg utility configuration file | 1 | # /etc/firejail/firecfg.config - firecfg utility configuration file |
2 | # This is the list of programs in alphabetical order handled by firecfg utility | 2 | # This is the list of programs in alphabetical order handled by firecfg utility |
3 | # | 3 | # |
4 | # Note: Normal comment lines should start with `# ` and commented code lines | ||
5 | # should start with just `#` (no spaces). | ||
4 | 0ad | 6 | 0ad |
5 | 1password | 7 | 1password |
6 | 2048-qt | 8 | 2048-qt |
@@ -51,7 +53,7 @@ ani-cli | |||
51 | anydesk | 53 | anydesk |
52 | apktool | 54 | apktool |
53 | apostrophe | 55 | apostrophe |
54 | # ar - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 56 | #ar # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
55 | arch-audit | 57 | arch-audit |
56 | archaudit-report | 58 | archaudit-report |
57 | ardour4 | 59 | ardour4 |
@@ -63,9 +65,9 @@ arm | |||
63 | artha | 65 | artha |
64 | assogiate | 66 | assogiate |
65 | asunder | 67 | asunder |
66 | # atom | 68 | #atom |
67 | # atom-beta | 69 | #atom-beta |
68 | # atool - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 70 | #atool # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
69 | atril | 71 | atril |
70 | atril-previewer | 72 | atril-previewer |
71 | atril-thumbnailer | 73 | atril-thumbnailer |
@@ -112,10 +114,10 @@ brave-browser-beta | |||
112 | brave-browser-dev | 114 | brave-browser-dev |
113 | brave-browser-nightly | 115 | brave-browser-nightly |
114 | brave-browser-stable | 116 | brave-browser-stable |
115 | # bunzip2 - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 117 | #bunzip2 # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
116 | # bzcat - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 118 | #bzcat # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
117 | bzflag | 119 | bzflag |
118 | # bzip2 - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 120 | #bzip2 # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
119 | cachy-browser | 121 | cachy-browser |
120 | calibre | 122 | calibre |
121 | calligra | 123 | calligra |
@@ -145,12 +147,13 @@ chromium-freeworld | |||
145 | cin | 147 | cin |
146 | cinelerra | 148 | cinelerra |
147 | cinelerra-gg | 149 | cinelerra-gg |
150 | clac | ||
148 | clamdscan | 151 | clamdscan |
149 | clamdtop | 152 | clamdtop |
150 | clamscan | 153 | clamscan |
151 | clamtk | 154 | clamtk |
152 | clawsker | ||
153 | claws-mail | 155 | claws-mail |
156 | clawsker | ||
154 | clementine | 157 | clementine |
155 | clion | 158 | clion |
156 | clion-eap | 159 | clion-eap |
@@ -182,6 +185,8 @@ crow | |||
182 | cryptocat | 185 | cryptocat |
183 | cvlc | 186 | cvlc |
184 | cyberfox | 187 | cyberfox |
188 | d-feet | ||
189 | daisy | ||
185 | darktable | 190 | darktable |
186 | dconf-editor | 191 | dconf-editor |
187 | ddgr | 192 | ddgr |
@@ -191,7 +196,6 @@ deluge | |||
191 | desktopeditors | 196 | desktopeditors |
192 | devhelp | 197 | devhelp |
193 | dex2jar | 198 | dex2jar |
194 | d-feet | ||
195 | dia | 199 | dia |
196 | dig | 200 | dig |
197 | digikam | 201 | digikam |
@@ -235,14 +239,14 @@ enpass | |||
235 | eog | 239 | eog |
236 | eom | 240 | eom |
237 | ephemeral | 241 | ephemeral |
238 | #epiphany - see #2995 | 242 | #epiphany # see #2995 |
239 | equalx | 243 | equalx |
240 | et | 244 | et |
241 | etr | 245 | etr |
242 | evince | 246 | evince |
243 | evince-previewer | 247 | evince-previewer |
244 | evince-thumbnailer | 248 | evince-thumbnailer |
245 | #evolution - see #3647 | 249 | #evolution # see #3647 |
246 | exfalso | 250 | exfalso |
247 | exiftool | 251 | exiftool |
248 | falkon | 252 | falkon |
@@ -270,8 +274,8 @@ flacsplt | |||
270 | flameshot | 274 | flameshot |
271 | flashpeak-slimjet | 275 | flashpeak-slimjet |
272 | flowblade | 276 | flowblade |
273 | fontforge | ||
274 | font-manager | 277 | font-manager |
278 | fontforge | ||
275 | fossamail | 279 | fossamail |
276 | four-in-a-row | 280 | four-in-a-row |
277 | fractal | 281 | fractal |
@@ -318,7 +322,7 @@ git-cola | |||
318 | gitg | 322 | gitg |
319 | github-desktop | 323 | github-desktop |
320 | gitter | 324 | gitter |
321 | # gjs -- https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102 | 325 | #gjs # https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102 |
322 | gl-117 | 326 | gl-117 |
323 | glaxium | 327 | glaxium |
324 | globaltime | 328 | globaltime |
@@ -383,12 +387,12 @@ gradio | |||
383 | gramps | 387 | gramps |
384 | gravity-beams-and-evaporating-stars | 388 | gravity-beams-and-evaporating-stars |
385 | gthumb | 389 | gthumb |
386 | gtk2-youtube-viewer | ||
387 | gtk3-youtube-viewer | ||
388 | gtk-lbry-viewer | 390 | gtk-lbry-viewer |
389 | gtk-pipe-viewer | 391 | gtk-pipe-viewer |
390 | gtk-straw-viewer | 392 | gtk-straw-viewer |
391 | gtk-youtube-viewer | 393 | gtk-youtube-viewer |
394 | gtk2-youtube-viewer | ||
395 | gtk3-youtube-viewer | ||
392 | guayadeque | 396 | guayadeque |
393 | gucharmap | 397 | gucharmap |
394 | gummi | 398 | gummi |
@@ -409,8 +413,8 @@ icecat | |||
409 | icedove | 413 | icedove |
410 | iceweasel | 414 | iceweasel |
411 | idea | 415 | idea |
412 | ideaIC | ||
413 | idea.sh | 416 | idea.sh |
417 | ideaIC | ||
414 | imagej | 418 | imagej |
415 | img2txt | 419 | img2txt |
416 | impressive | 420 | impressive |
@@ -429,6 +433,7 @@ jdownloader | |||
429 | jerry | 433 | jerry |
430 | jitsi | 434 | jitsi |
431 | jitsi-meet-desktop | 435 | jitsi-meet-desktop |
436 | journal-viewer | ||
432 | jumpnbump | 437 | jumpnbump |
433 | jumpnbump-menu | 438 | jumpnbump-menu |
434 | k3b | 439 | k3b |
@@ -439,7 +444,7 @@ karbon | |||
439 | kate | 444 | kate |
440 | kazam | 445 | kazam |
441 | kcalc | 446 | kcalc |
442 | # kdeinit4 | 447 | #kdeinit4 |
443 | kdenlive | 448 | kdenlive |
444 | kdiff3 | 449 | kdiff3 |
445 | keepass | 450 | keepass |
@@ -449,7 +454,7 @@ keepassx2 | |||
449 | keepassxc | 454 | keepassxc |
450 | keepassxc-cli | 455 | keepassxc-cli |
451 | keepassxc-proxy | 456 | keepassxc-proxy |
452 | # kfind | 457 | #kfind |
453 | kget | 458 | kget |
454 | kid3 | 459 | kid3 |
455 | kid3-cli | 460 | kid3-cli |
@@ -466,15 +471,15 @@ kodi | |||
466 | konversation | 471 | konversation |
467 | kopete | 472 | kopete |
468 | krita | 473 | krita |
469 | # krunner | 474 | #krunner |
470 | ktorrent | 475 | ktorrent |
471 | ktouch | 476 | ktouch |
472 | kube | 477 | kube |
473 | # kwin_x11 | 478 | #kwin_x11 |
474 | kwrite | 479 | kwrite |
475 | lbry-viewer | 480 | lbry-viewer |
476 | leafpad | 481 | leafpad |
477 | # less - breaks man | 482 | #less # breaks man |
478 | librecad | 483 | librecad |
479 | libreoffice | 484 | libreoffice |
480 | librewolf | 485 | librewolf |
@@ -499,12 +504,12 @@ lollypop | |||
499 | lomath | 504 | lomath |
500 | loweb | 505 | loweb |
501 | lowriter | 506 | lowriter |
502 | # lrunzip - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 507 | #lrunzip # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
503 | # lrz - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 508 | #lrz # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
504 | # lrzcat - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 509 | #lrzcat # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
505 | # lrzip - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 510 | #lrzip # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
506 | # lrztar - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 511 | #lrztar # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
507 | # lrzuntar - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 512 | #lrzuntar # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
508 | luminance-hdr | 513 | luminance-hdr |
509 | lximage-qt | 514 | lximage-qt |
510 | lxmusic | 515 | lxmusic |
@@ -558,7 +563,6 @@ mp3wrap | |||
558 | mpDris2 | 563 | mpDris2 |
559 | mpg123 | 564 | mpg123 |
560 | mpg123-alsa | 565 | mpg123-alsa |
561 | mpg123.bin | ||
562 | mpg123-id3dump | 566 | mpg123-id3dump |
563 | mpg123-jack | 567 | mpg123-jack |
564 | mpg123-nas | 568 | mpg123-nas |
@@ -567,6 +571,7 @@ mpg123-oss | |||
567 | mpg123-portaudio | 571 | mpg123-portaudio |
568 | mpg123-pulse | 572 | mpg123-pulse |
569 | mpg123-strip | 573 | mpg123-strip |
574 | mpg123.bin | ||
570 | mplayer | 575 | mplayer |
571 | mpsyt | 576 | mpsyt |
572 | mpv | 577 | mpv |
@@ -635,11 +640,11 @@ onionshare-cli | |||
635 | onionshare-gui | 640 | onionshare-gui |
636 | ooffice | 641 | ooffice |
637 | ooviewdoc | 642 | ooviewdoc |
643 | open-invaders | ||
638 | openarena | 644 | openarena |
639 | openarena_ded | 645 | openarena_ded |
640 | opencity | 646 | opencity |
641 | openclonk | 647 | openclonk |
642 | open-invaders | ||
643 | openmw | 648 | openmw |
644 | openmw-launcher | 649 | openmw-launcher |
645 | openoffice.org | 650 | openoffice.org |
@@ -696,9 +701,9 @@ profanity | |||
696 | psi | 701 | psi |
697 | psi-plus | 702 | psi-plus |
698 | pybitmessage | 703 | pybitmessage |
699 | # pycharm-community - FB note: may enable later | 704 | #pycharm-community # FB note: may enable later |
700 | # pycharm-professional | 705 | #pycharm-professional |
701 | # pzstd - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 706 | #pzstd # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
702 | qbittorrent | 707 | qbittorrent |
703 | qcomicbook | 708 | qcomicbook |
704 | qemu-launcher | 709 | qemu-launcher |
@@ -720,6 +725,7 @@ qupzilla | |||
720 | qutebrowser | 725 | qutebrowser |
721 | raincat | 726 | raincat |
722 | rambox | 727 | rambox |
728 | reader | ||
723 | redeclipse | 729 | redeclipse |
724 | rednotebook | 730 | rednotebook |
725 | redshift | 731 | redshift |
@@ -778,22 +784,22 @@ sniffnet | |||
778 | snox | 784 | snox |
779 | soffice | 785 | soffice |
780 | sol | 786 | sol |
781 | soundconverter | ||
782 | sound-juicer | 787 | sound-juicer |
788 | soundconverter | ||
783 | spectacle | 789 | spectacle |
784 | spectral | 790 | spectral |
785 | spotify | 791 | spotify |
786 | sqlitebrowser | 792 | sqlitebrowser |
787 | ssh | 793 | ssh |
788 | # ssh-agent - problems on Arch with Fish shell (#1568) | 794 | #ssh-agent # problems on Arch with Fish shell (#1568) |
789 | standardnotes-desktop | 795 | standardnotes-desktop |
790 | start-tor-browser | 796 | start-tor-browser |
791 | steam | 797 | steam |
792 | steam-native | 798 | steam-native |
793 | steam-runtime | 799 | steam-runtime |
794 | stellarium | 800 | stellarium |
795 | strawberry | ||
796 | straw-viewer | 801 | straw-viewer |
802 | strawberry | ||
797 | strings | 803 | strings |
798 | studio.sh | 804 | studio.sh |
799 | subdownloader | 805 | subdownloader |
@@ -824,7 +830,6 @@ thunderbird-beta | |||
824 | thunderbird-wayland | 830 | thunderbird-wayland |
825 | tilp | 831 | tilp |
826 | tor-browser | 832 | tor-browser |
827 | torbrowser | ||
828 | tor-browser-ar | 833 | tor-browser-ar |
829 | tor-browser-ca | 834 | tor-browser-ca |
830 | tor-browser-cs | 835 | tor-browser-cs |
@@ -846,7 +851,6 @@ tor-browser-it | |||
846 | tor-browser-ja | 851 | tor-browser-ja |
847 | tor-browser-ka | 852 | tor-browser-ka |
848 | tor-browser-ko | 853 | tor-browser-ko |
849 | torbrowser-launcher | ||
850 | tor-browser-nb | 854 | tor-browser-nb |
851 | tor-browser-nl | 855 | tor-browser-nl |
852 | tor-browser-pl | 856 | tor-browser-pl |
@@ -857,6 +861,8 @@ tor-browser-tr | |||
857 | tor-browser-vi | 861 | tor-browser-vi |
858 | tor-browser-zh-cn | 862 | tor-browser-zh-cn |
859 | tor-browser-zh-tw | 863 | tor-browser-zh-tw |
864 | torbrowser | ||
865 | torbrowser-launcher | ||
860 | torcs | 866 | torcs |
861 | totem | 867 | totem |
862 | tracker | 868 | tracker |
@@ -886,7 +892,7 @@ uget-gtk | |||
886 | unbound | 892 | unbound |
887 | unf | 893 | unf |
888 | unknown-horizons | 894 | unknown-horizons |
889 | # unzstd - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 895 | #unzstd # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
890 | url-eater | 896 | url-eater |
891 | utox | 897 | utox |
892 | uudeview | 898 | uudeview |
@@ -899,10 +905,10 @@ vivaldi-beta | |||
899 | vivaldi-snapshot | 905 | vivaldi-snapshot |
900 | vivaldi-stable | 906 | vivaldi-stable |
901 | vlc | 907 | vlc |
902 | #vmplayer - unable to install kernel modules (see #5861) | 908 | #vmplayer # unable to install kernel modules (see #5861) |
903 | #vmware - unable to install kernel modules (see #5861) | 909 | #vmware # unable to install kernel modules (see #5861) |
904 | #vmware-player - unable to install kernel modules (see #5861) | 910 | #vmware-player # unable to install kernel modules (see #5861) |
905 | #vmware-workstation - unable to install kernel modules (see #5861) | 911 | #vmware-workstation # unable to install kernel modules (see #5861) |
906 | vscodium | 912 | vscodium |
907 | vulturesclaw | 913 | vulturesclaw |
908 | vultureseye | 914 | vultureseye |
@@ -966,8 +972,8 @@ yelp | |||
966 | youtube | 972 | youtube |
967 | youtube-dl | 973 | youtube-dl |
968 | youtube-dl-gui | 974 | youtube-dl-gui |
969 | youtubemusic-nativefier | ||
970 | youtube-viewer | 975 | youtube-viewer |
976 | youtubemusic-nativefier | ||
971 | yt-dlp | 977 | yt-dlp |
972 | ytmdesktop | 978 | ytmdesktop |
973 | zaproxy | 979 | zaproxy |
@@ -977,10 +983,10 @@ zeal | |||
977 | zim | 983 | zim |
978 | zlib-flate | 984 | zlib-flate |
979 | zoom | 985 | zoom |
980 | # zpaq - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 986 | #zpaq # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
981 | # zstd - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 987 | #zstd # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
982 | # zstdcat - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 988 | #zstdcat # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
983 | # zstdgrep - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 989 | #zstdgrep # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
984 | # zstdless - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 990 | #zstdless # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
985 | # zstdmt - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 991 | #zstdmt # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
986 | zulip | 992 | zulip |
diff --git a/test/compile/compile.sh b/test/compile/compile.sh index da6e43a5a..0e3425f8d 100755 --- a/test/compile/compile.sh +++ b/test/compile/compile.sh | |||
@@ -11,7 +11,8 @@ | |||
11 | # install contrib scripts | 11 | # install contrib scripts |
12 | # --enable-analyzer enable GCC 10 static analyzer | 12 | # --enable-analyzer enable GCC 10 static analyzer |
13 | 13 | ||
14 | 14 | # shellcheck source=config.sh | |
15 | . "$(dirname "$0")/../../config.sh" || exit 1 | ||
15 | 16 | ||
16 | arr[1]="TEST 1: standard compilation" | 17 | arr[1]="TEST 1: standard compilation" |
17 | arr[2]="TEST 2: compile dbus proxy disabled" | 18 | arr[2]="TEST 2: compile dbus proxy disabled" |
@@ -51,7 +52,7 @@ print_title() { | |||
51 | echo "**************************************************" | 52 | echo "**************************************************" |
52 | } | 53 | } |
53 | 54 | ||
54 | DIST="$1" | 55 | DIST="$(TARNAME)-$(VERSION)" |
55 | while [[ $# -gt 0 ]]; do # Until you run out of parameters . . . | 56 | while [[ $# -gt 0 ]]; do # Until you run out of parameters . . . |
56 | case "$1" in | 57 | case "$1" in |
57 | --clean) | 58 | --clean) |
@@ -79,7 +80,7 @@ echo "$DIST" | |||
79 | tar -xJvf ../../"$DIST.tar.xz" | 80 | tar -xJvf ../../"$DIST.tar.xz" |
80 | mv "$DIST" firejail | 81 | mv "$DIST" firejail |
81 | 82 | ||
82 | cd firejail | 83 | cd firejail || exit 1 |
83 | ./configure --prefix=/usr --enable-fatal-warnings 2>&1 | tee ../output-configure | 84 | ./configure --prefix=/usr --enable-fatal-warnings 2>&1 | tee ../output-configure |
84 | make -j4 2>&1 | tee ../output-make | 85 | make -j4 2>&1 | tee ../output-make |
85 | cd .. | 86 | cd .. |
@@ -95,7 +96,7 @@ rm output-configure output-make | |||
95 | # - disable dbus proxy configuration | 96 | # - disable dbus proxy configuration |
96 | #***************************************************************** | 97 | #***************************************************************** |
97 | print_title "${arr[2]}" | 98 | print_title "${arr[2]}" |
98 | cd firejail | 99 | cd firejail || exit 1 |
99 | make distclean | 100 | make distclean |
100 | ./configure --prefix=/usr --disable-dbusproxy --enable-fatal-warnings 2>&1 | tee ../output-configure | 101 | ./configure --prefix=/usr --disable-dbusproxy --enable-fatal-warnings 2>&1 | tee ../output-configure |
101 | make -j4 2>&1 | tee ../output-make | 102 | make -j4 2>&1 | tee ../output-make |
@@ -112,7 +113,7 @@ rm output-configure output-make | |||
112 | # - disable chroot configuration | 113 | # - disable chroot configuration |
113 | #***************************************************************** | 114 | #***************************************************************** |
114 | print_title "${arr[3]}" | 115 | print_title "${arr[3]}" |
115 | cd firejail | 116 | cd firejail || exit 1 |
116 | make distclean | 117 | make distclean |
117 | ./configure --prefix=/usr --disable-chroot --enable-fatal-warnings 2>&1 | tee ../output-configure | 118 | ./configure --prefix=/usr --disable-chroot --enable-fatal-warnings 2>&1 | tee ../output-configure |
118 | make -j4 2>&1 | tee ../output-make | 119 | make -j4 2>&1 | tee ../output-make |
@@ -129,7 +130,7 @@ rm output-configure output-make | |||
129 | # - disable firetunnel configuration | 130 | # - disable firetunnel configuration |
130 | #***************************************************************** | 131 | #***************************************************************** |
131 | print_title "${arr[4]}" | 132 | print_title "${arr[4]}" |
132 | cd firejail | 133 | cd firejail || exit 1 |
133 | make distclean | 134 | make distclean |
134 | ./configure --prefix=/usr --disable-firetunnel --enable-fatal-warnings 2>&1 | tee ../output-configure | 135 | ./configure --prefix=/usr --disable-firetunnel --enable-fatal-warnings 2>&1 | tee ../output-configure |
135 | make -j4 2>&1 | tee ../output-make | 136 | make -j4 2>&1 | tee ../output-make |
@@ -146,7 +147,7 @@ rm output-configure output-make | |||
146 | # - disable user namespace configuration | 147 | # - disable user namespace configuration |
147 | #***************************************************************** | 148 | #***************************************************************** |
148 | print_title "${arr[5]}" | 149 | print_title "${arr[5]}" |
149 | cd firejail | 150 | cd firejail || exit 1 |
150 | make distclean | 151 | make distclean |
151 | ./configure --prefix=/usr --disable-userns --enable-fatal-warnings 2>&1 | tee ../output-configure | 152 | ./configure --prefix=/usr --disable-userns --enable-fatal-warnings 2>&1 | tee ../output-configure |
152 | make -j4 2>&1 | tee ../output-make | 153 | make -j4 2>&1 | tee ../output-make |
@@ -164,7 +165,7 @@ rm output-configure output-make | |||
164 | # - check compilation | 165 | # - check compilation |
165 | #***************************************************************** | 166 | #***************************************************************** |
166 | print_title "${arr[6]}" | 167 | print_title "${arr[6]}" |
167 | cd firejail | 168 | cd firejail || exit 1 |
168 | make distclean | 169 | make distclean |
169 | ./configure --prefix=/usr --disable-network --enable-fatal-warnings 2>&1 | tee ../output-configure | 170 | ./configure --prefix=/usr --disable-network --enable-fatal-warnings 2>&1 | tee ../output-configure |
170 | make -j4 2>&1 | tee ../output-make | 171 | make -j4 2>&1 | tee ../output-make |
@@ -181,7 +182,7 @@ rm output-configure output-make | |||
181 | # - disable X11 support | 182 | # - disable X11 support |
182 | #***************************************************************** | 183 | #***************************************************************** |
183 | print_title "${arr[7]}" | 184 | print_title "${arr[7]}" |
184 | cd firejail | 185 | cd firejail || exit 1 |
185 | make distclean | 186 | make distclean |
186 | ./configure --prefix=/usr --disable-x11 --enable-fatal-warnings 2>&1 | tee ../output-configure | 187 | ./configure --prefix=/usr --disable-x11 --enable-fatal-warnings 2>&1 | tee ../output-configure |
187 | make -j4 2>&1 | tee ../output-make | 188 | make -j4 2>&1 | tee ../output-make |
@@ -198,7 +199,7 @@ rm output-configure output-make | |||
198 | # - enable selinux | 199 | # - enable selinux |
199 | #***************************************************************** | 200 | #***************************************************************** |
200 | print_title "${arr[8]}" | 201 | print_title "${arr[8]}" |
201 | cd firejail | 202 | cd firejail || exit 1 |
202 | make distclean | 203 | make distclean |
203 | ./configure --prefix=/usr --enable-selinux --enable-fatal-warnings 2>&1 | tee ../output-configure | 204 | ./configure --prefix=/usr --enable-selinux --enable-fatal-warnings 2>&1 | tee ../output-configure |
204 | make -j4 2>&1 | tee ../output-make | 205 | make -j4 2>&1 | tee ../output-make |
@@ -215,7 +216,7 @@ rm output-configure output-make | |||
215 | # - disable file transfer | 216 | # - disable file transfer |
216 | #***************************************************************** | 217 | #***************************************************************** |
217 | print_title "${arr[9]}" | 218 | print_title "${arr[9]}" |
218 | cd firejail | 219 | cd firejail || exit 1 |
219 | make distclean | 220 | make distclean |
220 | ./configure --prefix=/usr --disable-file-transfer --enable-fatal-warnings 2>&1 | tee ../output-configure | 221 | ./configure --prefix=/usr --disable-file-transfer --enable-fatal-warnings 2>&1 | tee ../output-configure |
221 | make -j4 2>&1 | tee ../output-make | 222 | make -j4 2>&1 | tee ../output-make |
@@ -232,7 +233,7 @@ rm output-configure output-make | |||
232 | # - disable whitelist | 233 | # - disable whitelist |
233 | #***************************************************************** | 234 | #***************************************************************** |
234 | print_title "${arr[10]}" | 235 | print_title "${arr[10]}" |
235 | cd firejail | 236 | cd firejail || exit 1 |
236 | make distclean | 237 | make distclean |
237 | ./configure --prefix=/usr --disable-whitelist --enable-fatal-warnings 2>&1 | tee ../output-configure | 238 | ./configure --prefix=/usr --disable-whitelist --enable-fatal-warnings 2>&1 | tee ../output-configure |
238 | make -j4 2>&1 | tee ../output-make | 239 | make -j4 2>&1 | tee ../output-make |
@@ -249,7 +250,7 @@ rm output-configure output-make | |||
249 | # - disable global config | 250 | # - disable global config |
250 | #***************************************************************** | 251 | #***************************************************************** |
251 | print_title "${arr[11]}" | 252 | print_title "${arr[11]}" |
252 | cd firejail | 253 | cd firejail || exit 1 |
253 | make distclean | 254 | make distclean |
254 | ./configure --prefix=/usr --disable-globalcfg --enable-fatal-warnings 2>&1 | tee ../output-configure | 255 | ./configure --prefix=/usr --disable-globalcfg --enable-fatal-warnings 2>&1 | tee ../output-configure |
255 | make -j4 2>&1 | tee ../output-make | 256 | make -j4 2>&1 | tee ../output-make |
@@ -266,7 +267,7 @@ rm output-configure output-make | |||
266 | # - enable apparmor | 267 | # - enable apparmor |
267 | #***************************************************************** | 268 | #***************************************************************** |
268 | print_title "${arr[12]}" | 269 | print_title "${arr[12]}" |
269 | cd firejail | 270 | cd firejail || exit 1 |
270 | make distclean | 271 | make distclean |
271 | ./configure --prefix=/usr --enable-apparmor --enable-fatal-warnings 2>&1 | tee ../output-configure | 272 | ./configure --prefix=/usr --enable-apparmor --enable-fatal-warnings 2>&1 | tee ../output-configure |
272 | make -j4 2>&1 | tee ../output-make | 273 | make -j4 2>&1 | tee ../output-make |
@@ -283,7 +284,7 @@ rm output-configure output-make | |||
283 | # - enable busybox workaround | 284 | # - enable busybox workaround |
284 | #***************************************************************** | 285 | #***************************************************************** |
285 | print_title "${arr[13]}" | 286 | print_title "${arr[13]}" |
286 | cd firejail | 287 | cd firejail || exit 1 |
287 | make distclean | 288 | make distclean |
288 | ./configure --prefix=/usr --enable-busybox-workaround --enable-fatal-warnings 2>&1 | tee ../output-configure | 289 | ./configure --prefix=/usr --enable-busybox-workaround --enable-fatal-warnings 2>&1 | tee ../output-configure |
289 | make -j4 2>&1 | tee ../output-make | 290 | make -j4 2>&1 | tee ../output-make |
@@ -300,7 +301,7 @@ rm output-configure output-make | |||
300 | # - disable overlayfs | 301 | # - disable overlayfs |
301 | #***************************************************************** | 302 | #***************************************************************** |
302 | print_title "${arr[14]}" | 303 | print_title "${arr[14]}" |
303 | cd firejail | 304 | cd firejail || exit 1 |
304 | make distclean | 305 | make distclean |
305 | ./configure --prefix=/usr --disable-overlayfs --enable-fatal-warnings 2>&1 | tee ../output-configure | 306 | ./configure --prefix=/usr --disable-overlayfs --enable-fatal-warnings 2>&1 | tee ../output-configure |
306 | make -j4 2>&1 | tee ../output-make | 307 | make -j4 2>&1 | tee ../output-make |
@@ -317,7 +318,7 @@ rm output-configure output-make | |||
317 | # - disable private home | 318 | # - disable private home |
318 | #***************************************************************** | 319 | #***************************************************************** |
319 | print_title "${arr[15]}" | 320 | print_title "${arr[15]}" |
320 | cd firejail | 321 | cd firejail || exit 1 |
321 | make distclean | 322 | make distclean |
322 | ./configure --prefix=/usr --disable-private-home --enable-fatal-warnings 2>&1 | tee ../output-configure | 323 | ./configure --prefix=/usr --disable-private-home --enable-fatal-warnings 2>&1 | tee ../output-configure |
323 | make -j4 2>&1 | tee ../output-make | 324 | make -j4 2>&1 | tee ../output-make |
@@ -334,7 +335,7 @@ rm output-configure output-make | |||
334 | # - disable manpages | 335 | # - disable manpages |
335 | #***************************************************************** | 336 | #***************************************************************** |
336 | print_title "${arr[16]}" | 337 | print_title "${arr[16]}" |
337 | cd firejail | 338 | cd firejail || exit 1 |
338 | make distclean | 339 | make distclean |
339 | ./configure --prefix=/usr --disable-man --enable-fatal-warnings 2>&1 | tee ../output-configure | 340 | ./configure --prefix=/usr --disable-man --enable-fatal-warnings 2>&1 | tee ../output-configure |
340 | make -j4 2>&1 | tee ../output-make | 341 | make -j4 2>&1 | tee ../output-make |
@@ -351,7 +352,7 @@ rm output-configure output-make | |||
351 | # - disable tmpfs as regular user" | 352 | # - disable tmpfs as regular user" |
352 | #***************************************************************** | 353 | #***************************************************************** |
353 | print_title "${arr[17]}" | 354 | print_title "${arr[17]}" |
354 | cd firejail | 355 | cd firejail || exit 1 |
355 | make distclean | 356 | make distclean |
356 | ./configure --prefix=/usr --disable-usertmpfs --enable-fatal-warnings 2>&1 | tee ../output-configure | 357 | ./configure --prefix=/usr --disable-usertmpfs --enable-fatal-warnings 2>&1 | tee ../output-configure |
357 | make -j4 2>&1 | tee ../output-make | 358 | make -j4 2>&1 | tee ../output-make |
@@ -368,7 +369,7 @@ rm output-configure output-make | |||
368 | # - disable private home feature | 369 | # - disable private home feature |
369 | #***************************************************************** | 370 | #***************************************************************** |
370 | print_title "${arr[18]}" | 371 | print_title "${arr[18]}" |
371 | cd firejail | 372 | cd firejail || exit 1 |
372 | make distclean | 373 | make distclean |
373 | ./configure --prefix=/usr --disable-private-home --enable-fatal-warnings 2>&1 | tee ../output-configure | 374 | ./configure --prefix=/usr --disable-private-home --enable-fatal-warnings 2>&1 | tee ../output-configure |
374 | make -j4 2>&1 | tee ../output-make | 375 | make -j4 2>&1 | tee ../output-make |
@@ -385,7 +386,7 @@ rm output-configure output-make | |||
385 | # - enable ids | 386 | # - enable ids |
386 | #***************************************************************** | 387 | #***************************************************************** |
387 | print_title "${arr[19]}" | 388 | print_title "${arr[19]}" |
388 | cd firejail | 389 | cd firejail || exit 1 |
389 | make distclean | 390 | make distclean |
390 | ./configure --prefix=/usr --enable-ids --enable-fatal-warnings 2>&1 | tee ../output-configure | 391 | ./configure --prefix=/usr --enable-ids --enable-fatal-warnings 2>&1 | tee ../output-configure |
391 | make -j4 2>&1 | tee ../output-make | 392 | make -j4 2>&1 | tee ../output-make |