diff options
author | Thomas Jarosch <thomas.jarosch@intra2net.com> | 2016-07-28 16:24:29 +0200 |
---|---|---|
committer | Thomas Jarosch <thomas.jarosch@intra2net.com> | 2016-07-28 16:30:40 +0200 |
commit | 3da7ed2d8b6a6cb85b9fd07906b0ad518d5ccc32 (patch) | |
tree | b1b997f7b81c43d042c404217ae215d55b588063 | |
parent | whitelist fix (diff) | |
download | firejail-3da7ed2d8b6a6cb85b9fd07906b0ad518d5ccc32.tar.gz firejail-3da7ed2d8b6a6cb85b9fd07906b0ad518d5ccc32.tar.zst firejail-3da7ed2d8b6a6cb85b9fd07906b0ad518d5ccc32.zip |
Add profile for uudeview
uudeview might access unsafe email content,
therefore restrict it as much as possible.
In fact it's best to call firejail with a private home dir, too.
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/uudeview.profile | 13 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 |
6 files changed, 18 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in index 3083ba19e..6c0e464e4 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -225,6 +225,7 @@ realinstall: | |||
225 | install -c -m 0644 .etc/jitsi.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 225 | install -c -m 0644 .etc/jitsi.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
226 | install -c -m 0644 .etc/eom.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 226 | install -c -m 0644 .etc/eom.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
227 | install -c -m 0644 .etc/Cyberfox.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 227 | install -c -m 0644 .etc/Cyberfox.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
228 | install -c -m 0644 .etc/uudeview.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
228 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 229 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
229 | install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/. | 230 | install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/. |
230 | rm -fr .etc | 231 | rm -fr .etc |
@@ -27,6 +27,7 @@ Reiner Herrmann (https://github.com/reinerh) | |||
27 | - unit testing framework | 27 | - unit testing framework |
28 | Thomas Jarosch (https://github.com/thomasjfox) | 28 | Thomas Jarosch (https://github.com/thomasjfox) |
29 | - disable keepassx in disable-passwdmgr.inc | 29 | - disable keepassx in disable-passwdmgr.inc |
30 | - added uudeview profile | ||
30 | Niklas Haas (https://github.com/haasn) | 31 | Niklas Haas (https://github.com/haasn) |
31 | - blacklisting for keybase.io's client | 32 | - blacklisting for keybase.io's client |
32 | Aleksey Manevich (https://github.com/manevich) | 33 | Aleksey Manevich (https://github.com/manevich) |
@@ -155,5 +155,5 @@ Browsers: Palemoon | |||
155 | 155 | ||
156 | ## New security profiles | 156 | ## New security profiles |
157 | 157 | ||
158 | Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix, audacity, strings, xz, xzdec, gzip, cpio, less, Atom Beta, Atom, jitsi, eom | 158 | Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix, audacity, strings, xz, xzdec, gzip, cpio, less, Atom Beta, Atom, jitsi, eom, uudeview |
159 | 159 | ||
@@ -14,7 +14,7 @@ firejail (0.9.42~rc1) baseline; urgency=low | |||
14 | * compile time support to disable global configuration file | 14 | * compile time support to disable global configuration file |
15 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice | 15 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice |
16 | * new profiles: pix, audacity, strings, xz, xzdec, gzip, cpio, less | 16 | * new profiles: pix, audacity, strings, xz, xzdec, gzip, cpio, less |
17 | * new profiles: Atom Beta, Atom, jitsi, eom | 17 | * new profiles: Atom Beta, Atom, jitsi, eom, uudeview |
18 | -- netblue30 <netblue30@yahoo.com> Thu, 21 Jul 2016 08:00:00 -0500 | 18 | -- netblue30 <netblue30@yahoo.com> Thu, 21 Jul 2016 08:00:00 -0500 |
19 | 19 | ||
20 | firejail (0.9.40) baseline; urgency=low | 20 | firejail (0.9.40) baseline; urgency=low |
diff --git a/etc/uudeview.profile b/etc/uudeview.profile new file mode 100644 index 000000000..8218ac959 --- /dev/null +++ b/etc/uudeview.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | # uudeview profile | ||
2 | # the default profile will disable root user, enable seccomp filter etc. | ||
3 | include /etc/firejail/default.profile | ||
4 | |||
5 | tracelog | ||
6 | net none | ||
7 | shell none | ||
8 | private-bin uudeview | ||
9 | private-dev | ||
10 | private-tmp | ||
11 | private-etc nonexisting_fakefile_for_empty_etc | ||
12 | hostname uudeview | ||
13 | nosound | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index be302f833..6e0f86473 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -131,3 +131,4 @@ | |||
131 | /etc/firejail/atom.profile | 131 | /etc/firejail/atom.profile |
132 | /etc/firejail/jitsi.profile | 132 | /etc/firejail/jitsi.profile |
133 | /etc/firejail/eom.profile | 133 | /etc/firejail/eom.profile |
134 | /etc/firejail/uudeview.profile | ||