diff options
author | SYN-cook <syncookongit@gmail.com> | 2017-04-08 02:43:07 +0200 |
---|---|---|
committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-04-08 00:43:07 +0000 |
commit | efb1b5e8065e5bc488006c6f897b6475cac89465 (patch) | |
tree | 44178ca2ea253385b56908fd10a23d36717559ef | |
parent | 0.9.44~rc1 testing (diff) | |
download | firejail-efb1b5e8065e5bc488006c6f897b6475cac89465.tar.gz firejail-efb1b5e8065e5bc488006c6f897b6475cac89465.tar.zst firejail-efb1b5e8065e5bc488006c6f897b6475cac89465.zip |
Okular and Gwenview profiles, Baloo blacklist (#1198)
* okular private-bin update
confirmed that lpr is required for printing, as suggested in #421
* update gwenview private-bin
only for KDE4 builds, patch is not necessary for recent gwenview versions
* blacklist baloo
* update blacklist (okular)
* update noblacklist
* update noblacklist (okular)
* tidy up
* update noblacklist/whitelist (okular)
* update blacklist (k3b)
* uncomment private-bin, shell none
-rw-r--r-- | etc/disable-programs.inc | 9 | ||||
-rw-r--r-- | etc/firefox.profile | 2 | ||||
-rw-r--r-- | etc/gwenview.profile | 4 | ||||
-rw-r--r-- | etc/okular.profile | 5 | ||||
-rw-r--r-- | etc/scribus.profile | 3 |
5 files changed, 20 insertions, 3 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index bd2feed90..0ccae0787 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -45,6 +45,8 @@ blacklist ${HOME}/.config/arkrc | |||
45 | blacklist ${HOME}/.config/atril | 45 | blacklist ${HOME}/.config/atril |
46 | blacklist ${HOME}/.config/audacious | 46 | blacklist ${HOME}/.config/audacious |
47 | blacklist ${HOME}/.config/aweather | 47 | blacklist ${HOME}/.config/aweather |
48 | blacklist ${HOME}/.config/baloofilerc | ||
49 | blacklist ${HOME}/.config/baloorc | ||
48 | blacklist ${HOME}/.config/blender | 50 | blacklist ${HOME}/.config/blender |
49 | blacklist ${HOME}/.config/bless | 51 | blacklist ${HOME}/.config/bless |
50 | blacklist ${HOME}/.config/borg | 52 | blacklist ${HOME}/.config/borg |
@@ -80,6 +82,7 @@ blacklist ${HOME}/.config/gwenviewrc | |||
80 | blacklist ${HOME}/.config/hexchat | 82 | blacklist ${HOME}/.config/hexchat |
81 | blacklist ${HOME}/.config/inox | 83 | blacklist ${HOME}/.config/inox |
82 | blacklist ${HOME}/.config/jd-gui.cfg | 84 | blacklist ${HOME}/.config/jd-gui.cfg |
85 | blacklist ${HOME}/.config/k3brc | ||
83 | blacklist ${HOME}/.config/katepartrc | 86 | blacklist ${HOME}/.config/katepartrc |
84 | blacklist ${HOME}/.config/katerc | 87 | blacklist ${HOME}/.config/katerc |
85 | blacklist ${HOME}/.config/kateschemarc | 88 | blacklist ${HOME}/.config/kateschemarc |
@@ -94,6 +97,8 @@ blacklist ${HOME}/.config/mupen64plus | |||
94 | blacklist ${HOME}/.config/nautilus | 97 | blacklist ${HOME}/.config/nautilus |
95 | blacklist ${HOME}/.config/nemo | 98 | blacklist ${HOME}/.config/nemo |
96 | blacklist ${HOME}/.config/netsurf | 99 | blacklist ${HOME}/.config/netsurf |
100 | blacklist ${HOME}/.config/okularpartrc | ||
101 | blacklist ${HOME}/.config/okularrc | ||
97 | blacklist ${HOME}/.config/opera | 102 | blacklist ${HOME}/.config/opera |
98 | blacklist ${HOME}/.config/opera-beta | 103 | blacklist ${HOME}/.config/opera-beta |
99 | blacklist ${HOME}/.config/org.kde.gwenviewrc | 104 | blacklist ${HOME}/.config/org.kde.gwenviewrc |
@@ -159,6 +164,7 @@ blacklist ${HOME}/.kde4/share/apps/khtml | |||
159 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng | 164 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng |
160 | blacklist ${HOME}/.kde4/share/apps/konqueror | 165 | blacklist ${HOME}/.kde4/share/apps/konqueror |
161 | blacklist ${HOME}/.kde4/share/apps/okular | 166 | blacklist ${HOME}/.kde4/share/apps/okular |
167 | blacklist ${HOME}/.kde4/share/config/baloofilerc | ||
162 | blacklist ${HOME}/.kde4/share/config/gwenviewrc | 168 | blacklist ${HOME}/.kde4/share/config/gwenviewrc |
163 | blacklist ${HOME}/.kde4/share/config/k3brc | 169 | blacklist ${HOME}/.kde4/share/config/k3brc |
164 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc | 170 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc |
@@ -174,6 +180,7 @@ blacklist ${HOME}/.kde/share/apps/khtml | |||
174 | blacklist ${HOME}/.kde/share/apps/konqsidebartng | 180 | blacklist ${HOME}/.kde/share/apps/konqsidebartng |
175 | blacklist ${HOME}/.kde/share/apps/konqueror | 181 | blacklist ${HOME}/.kde/share/apps/konqueror |
176 | blacklist ${HOME}/.kde/share/apps/okular | 182 | blacklist ${HOME}/.kde/share/apps/okular |
183 | blacklist ${HOME}/.kde/share/config/baloofilerc | ||
177 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 184 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
178 | blacklist ${HOME}/.kde/share/config/k3brc | 185 | blacklist ${HOME}/.kde/share/config/k3brc |
179 | blacklist ${HOME}/.kde/share/config/kcookiejarrc | 186 | blacklist ${HOME}/.kde/share/config/kcookiejarrc |
@@ -202,6 +209,7 @@ blacklist ${HOME}/.local/share/SuperHexagon | |||
202 | blacklist ${HOME}/.local/share/Terraria | 209 | blacklist ${HOME}/.local/share/Terraria |
203 | blacklist ${HOME}/.local/share/TpLogger | 210 | blacklist ${HOME}/.local/share/TpLogger |
204 | blacklist ${HOME}/.local/share/aspyr-media | 211 | blacklist ${HOME}/.local/share/aspyr-media |
212 | blacklist ${HOME}/.local/share/baloo | ||
205 | blacklist ${HOME}/.local/share/cdprojektred | 213 | blacklist ${HOME}/.local/share/cdprojektred |
206 | blacklist ${HOME}/.local/share/data/Mumble | 214 | blacklist ${HOME}/.local/share/data/Mumble |
207 | blacklist ${HOME}/.local/share/dolphin | 215 | blacklist ${HOME}/.local/share/dolphin |
@@ -220,6 +228,7 @@ blacklist ${HOME}/.local/share/multimc5 | |||
220 | blacklist ${HOME}/.local/share/mupen64plus | 228 | blacklist ${HOME}/.local/share/mupen64plus |
221 | blacklist ${HOME}/.local/share/nautilus | 229 | blacklist ${HOME}/.local/share/nautilus |
222 | blacklist ${HOME}/.local/share/nemo | 230 | blacklist ${HOME}/.local/share/nemo |
231 | blacklist ${HOME}/.local/share/okular | ||
223 | blacklist ${HOME}/.local/share/org.kde.gwenview | 232 | blacklist ${HOME}/.local/share/org.kde.gwenview |
224 | blacklist ${HOME}/.local/share/pix | 233 | blacklist ${HOME}/.local/share/pix |
225 | blacklist ${HOME}/.local/share/psi+ | 234 | blacklist ${HOME}/.local/share/psi+ |
diff --git a/etc/firefox.profile b/etc/firefox.profile index bd9d37560..1bc3eb769 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -9,6 +9,7 @@ noblacklist ~/.config/qpdfview | |||
9 | noblacklist ~/.local/share/qpdfview | 9 | noblacklist ~/.local/share/qpdfview |
10 | noblacklist ~/.kde4/share/apps/okular | 10 | noblacklist ~/.kde4/share/apps/okular |
11 | noblacklist ~/.kde/share/apps/okular | 11 | noblacklist ~/.kde/share/apps/okular |
12 | noblacklist ~/.local/share/okular | ||
12 | noblacklist ~/.pki | 13 | noblacklist ~/.pki |
13 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
@@ -43,6 +44,7 @@ whitelist ~/.config/qpdfview | |||
43 | whitelist ~/.local/share/qpdfview | 44 | whitelist ~/.local/share/qpdfview |
44 | whitelist ~/.kde4/share/apps/okular | 45 | whitelist ~/.kde4/share/apps/okular |
45 | whitelist ~/.kde/share/apps/okular | 46 | whitelist ~/.kde/share/apps/okular |
47 | whitelist ~/.local/share/okular | ||
46 | 48 | ||
47 | # silverlight | 49 | # silverlight |
48 | whitelist ~/.wine-pipelight | 50 | whitelist ~/.wine-pipelight |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index fb844a166..62a737aca 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -21,11 +21,11 @@ nonewprivs | |||
21 | noroot | 21 | noroot |
22 | protocol unix | 22 | protocol unix |
23 | seccomp | 23 | seccomp |
24 | shell none | ||
24 | tracelog | 25 | tracelog |
25 | 26 | ||
27 | private-bin gwenview,kbuildsycoca4,gimp,gimp-2.8 | ||
26 | private-dev | 28 | private-dev |
27 | 29 | ||
28 | # Experimental: | 30 | # Experimental: |
29 | #shell none | ||
30 | #private-bin gwenview | ||
31 | #private-etc X11 | 31 | #private-etc X11 |
diff --git a/etc/okular.profile b/etc/okular.profile index b4ee3ad32..8b02e17e3 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -9,6 +9,9 @@ noblacklist ~/.kde4/share/config/okularpartrc | |||
9 | noblacklist ~/.kde/share/apps/okular | 9 | noblacklist ~/.kde/share/apps/okular |
10 | noblacklist ~/.kde/share/config/okularrc | 10 | noblacklist ~/.kde/share/config/okularrc |
11 | noblacklist ~/.kde/share/config/okularpartrc | 11 | noblacklist ~/.kde/share/config/okularpartrc |
12 | noblacklist ~/.local/share/okular | ||
13 | noblacklist ~/.config/okularrc | ||
14 | noblacklist ~/.config/okularpartrc | ||
12 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
14 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
@@ -25,7 +28,7 @@ seccomp | |||
25 | shell none | 28 | shell none |
26 | tracelog | 29 | tracelog |
27 | 30 | ||
28 | # private-bin okular,kbuildsycoca4,kbuildsycoca5 | 31 | # private-bin okular,kbuildsycoca4,lpr |
29 | # private-etc fonts,X11 | 32 | # private-etc fonts,X11 |
30 | private-dev | 33 | private-dev |
31 | private-tmp | 34 | private-tmp |
diff --git a/etc/scribus.profile b/etc/scribus.profile index d3a0dbf48..a8ecbcc20 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -16,6 +16,9 @@ noblacklist ~/.kde4/share/config/okularpartrc | |||
16 | noblacklist ~/.kde/share/apps/okular | 16 | noblacklist ~/.kde/share/apps/okular |
17 | noblacklist ~/.kde/share/config/okularrc | 17 | noblacklist ~/.kde/share/config/okularrc |
18 | noblacklist ~/.kde/share/config/okularpartrc | 18 | noblacklist ~/.kde/share/config/okularpartrc |
19 | noblacklist ~/.local/share/okular | ||
20 | noblacklist ~/.config/okularrc | ||
21 | noblacklist ~/.config/okularpartrc | ||
19 | 22 | ||
20 | include /etc/firejail/disable-common.inc | 23 | include /etc/firejail/disable-common.inc |
21 | include /etc/firejail/disable-programs.inc | 24 | include /etc/firejail/disable-programs.inc |