diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-15 10:01:54 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-15 10:01:54 -0500 |
commit | 2509b0f8d740b9384d30aa95d3eaf64fbe27bf27 (patch) | |
tree | 5a87044129b4d827a9d39cd9f35e875c7beee52b | |
parent | fix thunderbird profile (diff) | |
download | firejail-2509b0f8d740b9384d30aa95d3eaf64fbe27bf27.tar.gz firejail-2509b0f8d740b9384d30aa95d3eaf64fbe27bf27.tar.zst firejail-2509b0f8d740b9384d30aa95d3eaf64fbe27bf27.zip |
added Guayadeque profile
-rw-r--r-- | README | 13 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 3 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/guayadeque.profile | 19 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 |
6 files changed, 31 insertions, 8 deletions
@@ -80,6 +80,13 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
80 | - evince profile enhancement | 80 | - evince profile enhancement |
81 | - tightened Spotify profile | 81 | - tightened Spotify profile |
82 | - added xiphos and Tor Browser Bundle profiles | 82 | - added xiphos and Tor Browser Bundle profiles |
83 | curiosity-seeker (https://github.com/curiosity-seeker) | ||
84 | - tightening unbound and dnscrypt-proxy profiles | ||
85 | - dnsmasq profile | ||
86 | - okular and gwenview profiles | ||
87 | - cherrytree profile fixes | ||
88 | - added quiterss profile | ||
89 | - added guayadeque profile | ||
83 | Simon Peter (https://github.com/probonopd) | 90 | Simon Peter (https://github.com/probonopd) |
84 | - set $APPIMAGE and $APPDIR environment variables | 91 | - set $APPIMAGE and $APPDIR environment variables |
85 | - AppImage version detection | 92 | - AppImage version detection |
@@ -194,12 +201,6 @@ Vasya Novikov (https://github.com/vn971) | |||
194 | - manpage fixes | 201 | - manpage fixes |
195 | - fixed firecfg clean/clear issue | 202 | - fixed firecfg clean/clear issue |
196 | - found the ugliest bug so far | 203 | - found the ugliest bug so far |
197 | curiosity-seeker (https://github.com/curiosity-seeker) | ||
198 | - tightening unbound and dnscrypt-proxy profiles | ||
199 | - dnsmasq profile | ||
200 | - okular and gwenview profiles | ||
201 | - cherrytree profile fixes | ||
202 | - added quiterss profile | ||
203 | Matthew Gyurgyik (https://github.com/pyther) | 204 | Matthew Gyurgyik (https://github.com/pyther) |
204 | - rpm spec and several fixes | 205 | - rpm spec and several fixes |
205 | Joan Figueras (https://github.com/figue) | 206 | Joan Figueras (https://github.com/figue) |
@@ -52,5 +52,5 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is | |||
52 | 52 | ||
53 | ````` | 53 | ````` |
54 | ## New Profiles | 54 | ## New Profiles |
55 | xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom | 55 | xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom,Guayadeque |
56 | 56 | ||
@@ -6,7 +6,8 @@ firejail (0.9.45) baseline; urgency=low | |||
6 | * security: split most of networking code in a separate executable | 6 | * security: split most of networking code in a separate executable |
7 | * security: split seccomp filter code configuration in a separate executable | 7 | * security: split seccomp filter code configuration in a separate executable |
8 | * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) | 8 | * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) |
9 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire | 9 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, |
10 | * new profiles: mumble, zoom, Guayadeque | ||
10 | * bugfixes | 11 | * bugfixes |
11 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 | 12 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 |
12 | 13 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0d9bd1bb4..f4e66dc66 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -53,6 +53,7 @@ blacklist ${HOME}/.config/mpv | |||
53 | blacklist ${HOME}/.config/totem | 53 | blacklist ${HOME}/.config/totem |
54 | blacklist ${HOME}/.config/xplayer | 54 | blacklist ${HOME}/.config/xplayer |
55 | blacklist ${HOME}/.audacity-data | 55 | blacklist ${HOME}/.audacity-data |
56 | blacklist ${HOME}/.guayadeque | ||
56 | 57 | ||
57 | # HTTP / FTP / Mail | 58 | # HTTP / FTP / Mail |
58 | blacklist ${HOME}/.icedove | 59 | blacklist ${HOME}/.icedove |
diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile new file mode 100644 index 000000000..0c6ad00be --- /dev/null +++ b/etc/guayadeque.profile | |||
@@ -0,0 +1,19 @@ | |||
1 | noblacklist ${HOME}/.guayadeque | ||
2 | |||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | |||
8 | caps.drop all | ||
9 | netfilter | ||
10 | nogroups | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | ||
15 | shell none | ||
16 | |||
17 | private-bin guayadeque | ||
18 | private-dev | ||
19 | private-tmp | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index ff3909c17..321a96f80 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -173,3 +173,4 @@ | |||
173 | /etc/firejail/wire.profile | 173 | /etc/firejail/wire.profile |
174 | /etc/firejail/mumble.profile | 174 | /etc/firejail/mumble.profile |
175 | /etc/firejail/zoom.profile | 175 | /etc/firejail/zoom.profile |
176 | /etc/firejail/guayadeque.profile | ||