diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2018-03-05 13:04:03 -0600 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2018-03-05 13:04:03 -0600 |
commit | 45e044c275aab65c3f9c97a479733ab1db8f4ed2 (patch) | |
tree | 8cd354b714292636c84c15efd323d8d2bf7a266c | |
parent | Fix #1797 - Brave doesn't open with noexec /tmp (diff) | |
download | firejail-45e044c275aab65c3f9c97a479733ab1db8f4ed2.tar.gz firejail-45e044c275aab65c3f9c97a479733ab1db8f4ed2.tar.zst firejail-45e044c275aab65c3f9c97a479733ab1db8f4ed2.zip |
Add falkon profile - see #1794
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 3 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/falkon.profile | 37 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
6 files changed, 45 insertions, 2 deletions
@@ -317,6 +317,8 @@ KellerFuchs (https://github.com/KellerFuchs) | |||
317 | - added support for .local profile files in /etc/firejail | 317 | - added support for .local profile files in /etc/firejail |
318 | - fixed Cryptocat profile | 318 | - fixed Cryptocat profile |
319 | - make ~/.local read-only | 319 | - make ~/.local read-only |
320 | Kishore96in (https://github.com/Kishore96in) | ||
321 | - added falkon profile | ||
320 | KOLANICH (https://github.com/KOLANICH) | 322 | KOLANICH (https://github.com/KOLANICH) |
321 | - added symlink fixer fix_private-bin.py in contrib section | 323 | - added symlink fixer fix_private-bin.py in contrib section |
322 | Kunal Mehta (https://github.com/legoktm) | 324 | Kunal Mehta (https://github.com/legoktm) |
@@ -244,4 +244,4 @@ firefox-common-addons.inc in firefox-common.profile. | |||
244 | 244 | ||
245 | Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary, | 245 | Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary, |
246 | pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain, | 246 | pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain, |
247 | tilp, vivaldi-snapshot, bitcoin-qt, VS Code | 247 | tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon |
@@ -25,7 +25,8 @@ firejail (0.9.53) baseline; urgency=low | |||
25 | * private-tmp support for overlay and chroot sandboxes | 25 | * private-tmp support for overlay and chroot sandboxes |
26 | * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, | 26 | * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, |
27 | * new profiles: discord-canary, pycharm-community, pycharm-professional, | 27 | * new profiles: discord-canary, pycharm-community, pycharm-professional, |
28 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code | 28 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code, |
29 | * new profiles: falkon | ||
29 | -- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500 | 30 | -- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500 |
30 | 31 | ||
31 | firejail (0.9.52) baseline; urgency=low | 32 | firejail (0.9.52) baseline; urgency=low |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a78355031..8f2a4ab64 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -107,6 +107,7 @@ blacklist ${HOME}/.config/eog | |||
107 | blacklist ${HOME}/.config/epiphany | 107 | blacklist ${HOME}/.config/epiphany |
108 | blacklist ${HOME}/.config/evince | 108 | blacklist ${HOME}/.config/evince |
109 | blacklist ${HOME}/.config/evolution | 109 | blacklist ${HOME}/.config/evolution |
110 | blacklist ${HOME}/.config/falkon | ||
110 | blacklist ${HOME}/.config/filezilla | 111 | blacklist ${HOME}/.config/filezilla |
111 | blacklist ${HOME}/.config/flowblade | 112 | blacklist ${HOME}/.config/flowblade |
112 | blacklist ${HOME}/.config/gajim | 113 | blacklist ${HOME}/.config/gajim |
@@ -502,6 +503,7 @@ blacklist ${HOME}/.cache/discover | |||
502 | blacklist ${HOME}/.cache/dolphin | 503 | blacklist ${HOME}/.cache/dolphin |
503 | blacklist ${HOME}/.cache/epiphany | 504 | blacklist ${HOME}/.cache/epiphany |
504 | blacklist ${HOME}/.cache/evolution | 505 | blacklist ${HOME}/.cache/evolution |
506 | blacklist ${HOME}/.cache/falkon | ||
505 | blacklist ${HOME}/.cache/fossamail | 507 | blacklist ${HOME}/.cache/fossamail |
506 | blacklist ${HOME}/.cache/gajim | 508 | blacklist ${HOME}/.cache/gajim |
507 | blacklist ${HOME}/.cache/geeqie | 509 | blacklist ${HOME}/.cache/geeqie |
diff --git a/etc/falkon.profile b/etc/falkon.profile new file mode 100644 index 000000000..03484382a --- /dev/null +++ b/etc/falkon.profile | |||
@@ -0,0 +1,37 @@ | |||
1 | # Firejail profile for falkon | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/falkon.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ${HOME}/.cache/falkon | ||
9 | noblacklist ${HOME}/.config/falkon | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-devel.inc | ||
13 | include /etc/firejail/disable-passwdmgr.inc | ||
14 | include /etc/firejail/disable-programs.inc | ||
15 | |||
16 | whitelist ${DOWNLOADS} | ||
17 | whitelist ~/.cache/falkon | ||
18 | whitelist ~/.config/falkon | ||
19 | include /etc/firejail/whitelist-common.inc | ||
20 | include /etc/firejail/whitelist-var-common.inc | ||
21 | |||
22 | caps.drop all | ||
23 | netfilter | ||
24 | nodvd | ||
25 | nogroups | ||
26 | nonewprivs | ||
27 | noroot | ||
28 | notv | ||
29 | protocol unix,inet,inet6,netlink | ||
30 | seccomp | ||
31 | tracelog | ||
32 | |||
33 | private-dev | ||
34 | private-tmp | ||
35 | |||
36 | noexec ${HOME} | ||
37 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 8d5f2066f..ef4b47818 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -109,6 +109,7 @@ etr | |||
109 | evince | 109 | evince |
110 | evolution | 110 | evolution |
111 | exiftool | 111 | exiftool |
112 | falkon | ||
112 | fbreader | 113 | fbreader |
113 | feh | 114 | feh |
114 | ffmpeg | 115 | ffmpeg |