diff options
| author |  Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2018-11-02 18:00:55 -0500 |
|---|---|---|
| committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2018-11-02 18:00:55 -0500 |
| commit | ed74dadd85faae9f74c05ae1caf50b3c642ea3b1 (patch) | |
| tree | ed8c6049f73fd319940d190b5f4cf69b2c9a38fa | |
| parent | Merge pull request #2227 from alexara/alexara-patch-1 (diff) | |
| download | firejail-ed74dadd85faae9f74c05ae1caf50b3c642ea3b1.tar.gz firejail-ed74dadd85faae9f74c05ae1caf50b3c642ea3b1.tar.zst firejail-ed74dadd85faae9f74c05ae1caf50b3c642ea3b1.zip | |
Add Mendeley profile
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | RELNOTES | 2 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 4 | ||||
| -rw-r--r-- | etc/mendeleydesktop.profile | 52 | ||||
| -rw-r--r-- | src/firecfg/firecfg.config | 1 |
5 files changed, 59 insertions, 2 deletions
| @@ -149,4 +149,4 @@ QMediathekView, aria2c, Authenticator, checkbashisms, devilspie, devilspie2, eas | |||
| 149 | bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep, | 149 | bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep, |
| 150 | lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore, | 150 | lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore, |
| 151 | lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui, mencoder, gnome-pie, | 151 | lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui, mencoder, gnome-pie, |
| 152 | masterpdfeditor, QOwnNotes,aisleriot | 152 | masterpdfeditor, QOwnNotes, aisleriot, Mendeley |
| @@ -10,7 +10,7 @@ firejail (0.9.56.1) baseline; urgency=low | |||
| 10 | * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore | 10 | * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore |
| 11 | * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh | 11 | * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh |
| 12 | * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie | 12 | * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie |
| 13 | * new profiles: masterpdfeditor, QOwnNotes, aisleriot | 13 | * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley |
| 14 | -- netblue30 <netblue30@yahoo.com> Thu, 11 Oct 2018 08:00:00 -0500 | 14 | -- netblue30 <netblue30@yahoo.com> Thu, 11 Oct 2018 08:00:00 -0500 |
| 15 | 15 | ||
| 16 | firejail (0.9.56) baseline; urgency=low | 16 | firejail (0.9.56) baseline; urgency=low |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index edf3c7be5..531edcc89 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -68,6 +68,7 @@ blacklist ${HOME}/.config/INRIA | |||
| 68 | blacklist ${HOME}/.config/InSilmaril | 68 | blacklist ${HOME}/.config/InSilmaril |
| 69 | blacklist ${HOME}/.config/Luminance | 69 | blacklist ${HOME}/.config/Luminance |
| 70 | blacklist ${HOME}/.config/Meltytech | 70 | blacklist ${HOME}/.config/Meltytech |
| 71 | blacklist ${HOME}/.config/Mendeley Ltd. | ||
| 71 | blacklist ${HOME}/.config/Min | 72 | blacklist ${HOME}/.config/Min |
| 72 | blacklist ${HOME}/.config/Mousepad | 73 | blacklist ${HOME}/.config/Mousepad |
| 73 | blacklist ${HOME}/.config/Mumble | 74 | blacklist ${HOME}/.config/Mumble |
| @@ -374,6 +375,7 @@ blacklist ${HOME}/.local/share/0ad | |||
| 374 | blacklist ${HOME}/.local/share/3909/PapersPlease | 375 | blacklist ${HOME}/.local/share/3909/PapersPlease |
| 375 | blacklist ${HOME}/.local/share/Empathy | 376 | blacklist ${HOME}/.local/share/Empathy |
| 376 | blacklist ${HOME}/.local/share/JetBrains | 377 | blacklist ${HOME}/.local/share/JetBrains |
| 378 | blacklist ${HOME}/.local/share/Mendeley Ltd. | ||
| 377 | blacklist ${HOME}/.local/share/Mumble | 379 | blacklist ${HOME}/.local/share/Mumble |
| 378 | blacklist ${HOME}/.local/share/PBE | 380 | blacklist ${HOME}/.local/share/PBE |
| 379 | blacklist ${HOME}/.local/share/QMediathekView | 381 | blacklist ${HOME}/.local/share/QMediathekView |
| @@ -393,6 +395,7 @@ blacklist ${HOME}/.local/share/caja-python | |||
| 393 | blacklist ${HOME}/.local/share/cdprojektred | 395 | blacklist ${HOME}/.local/share/cdprojektred |
| 394 | blacklist ${HOME}/.local/share/clipit | 396 | blacklist ${HOME}/.local/share/clipit |
| 395 | blacklist ${HOME}/.local/share/contacts | 397 | blacklist ${HOME}/.local/share/contacts |
| 398 | blacklist ${HOME}/.local/share/data/Mendeley Ltd. | ||
| 396 | blacklist ${HOME}/.local/share/data/Mumble | 399 | blacklist ${HOME}/.local/share/data/Mumble |
| 397 | blacklist ${HOME}/.local/share/data/MusE | 400 | blacklist ${HOME}/.local/share/data/MusE |
| 398 | blacklist ${HOME}/.local/share/data/MuseScore | 401 | blacklist ${HOME}/.local/share/data/MuseScore |
| @@ -588,6 +591,7 @@ blacklist ${HOME}/.cache/ksplashqml | |||
| 588 | blacklist ${HOME}/.cache/kwin | 591 | blacklist ${HOME}/.cache/kwin |
| 589 | blacklist ${HOME}/.cache/libgweather | 592 | blacklist ${HOME}/.cache/libgweather |
| 590 | blacklist ${HOME}/.cache/liferea | 593 | blacklist ${HOME}/.cache/liferea |
| 594 | blacklist ${HOME}/.cache/Mendeley Ltd. | ||
| 591 | blacklist ${HOME}/.cache/midori | 595 | blacklist ${HOME}/.cache/midori |
| 592 | blacklist ${HOME}/.cache/moonchild productions/basilisk | 596 | blacklist ${HOME}/.cache/moonchild productions/basilisk |
| 593 | blacklist ${HOME}/.cache/moonchild productions/pale moon | 597 | blacklist ${HOME}/.cache/moonchild productions/pale moon |
diff --git a/etc/mendeleydesktop.profile b/etc/mendeleydesktop.profile new file mode 100644 index 000000000..280baebdc --- /dev/null +++ b/etc/mendeleydesktop.profile | |||
| @@ -0,0 +1,52 @@ | |||
| 1 | # Firejail profile for Mendeley | ||
| 2 | # Description: Academic software for managing and sharing research papers. | ||
| 3 | # This file is overwritten after every install/update | ||
| 4 | # Persistent local customizations | ||
| 5 | include mendeleydesktop.local | ||
| 6 | # Persistent global definitions | ||
| 7 | include globals.local | ||
| 8 | |||
| 9 | noblacklist ${DOCUMENTS} | ||
| 10 | noblacklist ${DOWNLOADS} | ||
| 11 | noblacklist ${HOME}/.cache/Mendeley Ltd. | ||
| 12 | noblacklist ${HOME}/.config/Mendeley Ltd. | ||
| 13 | noblacklist ${HOME}/.local/share/Mendeley Ltd. | ||
| 14 | noblacklist ${HOME}/.local/share/data/Mendeley Ltd. | ||
| 15 | noblacklist ${HOME}/.pki/nssdb | ||
| 16 | |||
| 17 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 18 | noblacklist ${PATH}/python2* | ||
| 19 | noblacklist ${PATH}/python3* | ||
| 20 | noblacklist /usr/lib/python2* | ||
| 21 | noblacklist /usr/lib/python3* | ||
| 22 | |||
| 23 | include disable-common.inc | ||
| 24 | include disable-devel.inc | ||
| 25 | include disable-interpreters.inc | ||
| 26 | include disable-passwdmgr.inc | ||
| 27 | include disable-programs.inc | ||
| 28 | |||
| 29 | include whitelist-var-common.inc | ||
| 30 | |||
| 31 | caps.drop all | ||
| 32 | netfilter | ||
| 33 | nodbus | ||
| 34 | nodvd | ||
| 35 | nogroups | ||
| 36 | nonewprivs | ||
| 37 | noroot | ||
| 38 | notv | ||
| 39 | nou2f | ||
| 40 | novideo | ||
| 41 | protocol unix,inet,inet6,netlink | ||
| 42 | seccomp | ||
| 43 | shell none | ||
| 44 | tracelog | ||
| 45 | |||
| 46 | disable-mnt | ||
| 47 | private-bin mendeleydesktop,python*,env,gconftool-2,which,sh,ln,cat,update-desktop-database | ||
| 48 | private-dev | ||
| 49 | private-tmp | ||
| 50 | |||
| 51 | noexec ${HOME} | ||
| 52 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index a16eb910b..e7a24b354 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
| @@ -283,6 +283,7 @@ mcabber | |||
| 283 | mediainfo | 283 | mediainfo |
| 284 | mediathekview | 284 | mediathekview |
| 285 | meld | 285 | meld |
| 286 | mendeleydesktop | ||
| 286 | midori | 287 | midori |
| 287 | min | 288 | min |
| 288 | minetest | 289 | minetest |