diff options
author | netblue30 <netblue30@yahoo.com> | 2016-03-16 13:08:05 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-03-16 13:08:05 -0400 |
commit | 14e53086709d4f145b84b40ec72bc48220f8faa1 (patch) | |
tree | 69143fc1f7df35598389086699b5325d0d608252 | |
parent | added qutebrowser profile (diff) | |
download | firejail-14e53086709d4f145b84b40ec72bc48220f8faa1.tar.gz firejail-14e53086709d4f145b84b40ec72bc48220f8faa1.tar.zst firejail-14e53086709d4f145b84b40ec72bc48220f8faa1.zip |
added SlimJet profile
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 3 | ||||
-rw-r--r-- | etc/flashpeak-slimjet.profile | 43 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 |
5 files changed, 48 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in index 8dc052352..20df3acf9 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -147,6 +147,7 @@ realinstall: | |||
147 | install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 147 | install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
148 | install -c -m 0644 .etc/atril.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 148 | install -c -m 0644 .etc/atril.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
149 | install -c -m 0644 .etc/qutebrowser.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 149 | install -c -m 0644 .etc/qutebrowser.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
150 | install -c -m 0644 .etc/flashpeak-slimjet.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
150 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 151 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
151 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 152 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
152 | rm -fr .etc | 153 | rm -fr .etc |
@@ -154,5 +154,5 @@ $ man firejail-profile | |||
154 | 154 | ||
155 | ## New security profiles | 155 | ## New security profiles |
156 | 156 | ||
157 | lxterminal, Epiphany, cherrytree, Battle for Wesnoth, Hedgewars, qutebrowser | 157 | lxterminal, Epiphany, cherrytree, Battle for Wesnoth, Hedgewars, qutebrowser, SlimJet |
158 | 158 | ||
@@ -9,8 +9,9 @@ firejail (0.9.39) baseline; urgency=low | |||
9 | * added compile-time option to restrict --net= to root only | 9 | * added compile-time option to restrict --net= to root only |
10 | * build rpm packages using "make rpms" | 10 | * build rpm packages using "make rpms" |
11 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril | 11 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril |
12 | * new profiles: qutebrowser, SlimJet | ||
12 | * bugfixes | 13 | * bugfixes |
13 | -- netblue30 <netblue30@yahoo.com> Wed, 3 Mar 2016 08:00:00 -0500 | 14 | -- netblue30 <netblue30@yahoo.com> Wed, 16 Mar 2016 08:00:00 -0500 |
14 | 15 | ||
15 | firejail (0.9.38) baseline; urgency=low | 16 | firejail (0.9.38) baseline; urgency=low |
16 | * IPv6 support (--ip6 and --netfilter6) | 17 | * IPv6 support (--ip6 and --netfilter6) |
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile new file mode 100644 index 000000000..2f5d7148c --- /dev/null +++ b/etc/flashpeak-slimjet.profile | |||
@@ -0,0 +1,43 @@ | |||
1 | # SlimJet browser profile | ||
2 | # This is a whitelisted profile, the internal browser sandbox | ||
3 | # is disabled because it requires sudo password. The command | ||
4 | # to run it is as follows: | ||
5 | # | ||
6 | # firejail flashpeak-slimjet --no-sandbox | ||
7 | # | ||
8 | noblacklist ~/.config/silmjet | ||
9 | noblacklist ~/.cache/slimjet | ||
10 | noblacklist ~/keepassx.kdbx | ||
11 | include /etc/firejail/disable-mgmt.inc | ||
12 | include /etc/firejail/disable-secret.inc | ||
13 | include /etc/firejail/disable-common.inc | ||
14 | include /etc/firejail/disable-terminals.inc | ||
15 | |||
16 | # chromium is distributed with a perl script on Arch | ||
17 | # include /etc/firejail/disable-devel.inc | ||
18 | # | ||
19 | |||
20 | caps.drop all | ||
21 | seccomp | ||
22 | protocol unix,inet,inet6,netlink | ||
23 | netfilter | ||
24 | noroot | ||
25 | |||
26 | whitelist ${DOWNLOADS} | ||
27 | mkdir ~/.config | ||
28 | mkdir ~/.config/slimjet | ||
29 | whitelist ~/.config/slimjet | ||
30 | mkdir ~/.cache | ||
31 | mkdir ~/.cache/slimjet | ||
32 | whitelist ~/.cache/simjet | ||
33 | mkdir ~/.pki | ||
34 | whitelist ~/.pki | ||
35 | |||
36 | # lastpass, keepassx | ||
37 | whitelist ~/.keepassx | ||
38 | whitelist ~/.config/keepassx | ||
39 | whitelist ~/keepassx.kdbx | ||
40 | whitelist ~/.lastpass | ||
41 | whitelist ~/.config/lastpass | ||
42 | |||
43 | include /etc/firejail/whitelist-common.inc | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 5f552414f..9f324c59f 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -74,3 +74,4 @@ | |||
74 | /etc/firejail/atril.profile | 74 | /etc/firejail/atril.profile |
75 | /etc/firejail/firejail.config | 75 | /etc/firejail/firejail.config |
76 | /etc/firejail/qutebrowser.profile | 76 | /etc/firejail/qutebrowser.profile |
77 | /etc/firejail/flashpeak-slimjet.profile | ||