diff options
author | smitsohu <smitsohu@gmail.com> | 2019-01-20 19:09:23 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-01-20 19:09:23 +0100 |
commit | 26584e22a338007bd3c770e296af163d7717298b (patch) | |
tree | 1c6dca42f67ae2ffb3119ac9e3b0caf576fc91f9 | |
parent | cleanup, minor improvements (diff) | |
parent | Merge pull request #2356 from glitsj16/gnome-calculator (diff) | |
download | firejail-26584e22a338007bd3c770e296af163d7717298b.tar.gz firejail-26584e22a338007bd3c770e296af163d7717298b.tar.zst firejail-26584e22a338007bd3c770e296af163d7717298b.zip |
Merge branch 'master' of https://github.com/netblue30/firejail
-rw-r--r-- | etc/clawsker.profile | 53 | ||||
-rw-r--r-- | etc/eog.profile | 1 | ||||
-rw-r--r-- | etc/gcalccmd.profile | 13 | ||||
-rw-r--r-- | etc/gnome-calculator.profile | 1 | ||||
-rw-r--r-- | etc/google-earth-pro.profile | 4 | ||||
-rw-r--r-- | etc/google-earth.profile | 2 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
7 files changed, 75 insertions, 0 deletions
diff --git a/etc/clawsker.profile b/etc/clawsker.profile new file mode 100644 index 000000000..e863a6a45 --- /dev/null +++ b/etc/clawsker.profile | |||
@@ -0,0 +1,53 @@ | |||
1 | # Firejail profile for clawsker | ||
2 | # Description: An applet to edit Claws Mail's hidden preferences | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include clawsker.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.claws-mail | ||
10 | whitelist ${HOME}/.claws-mail | ||
11 | |||
12 | # Allow perl (blacklisted by disable-interpreters.inc) | ||
13 | noblacklist ${PATH}/cpan* | ||
14 | noblacklist ${PATH}/core_perl | ||
15 | noblacklist ${PATH}/perl | ||
16 | noblacklist /usr/lib/perl* | ||
17 | noblacklist /usr/share/perl* | ||
18 | |||
19 | include disable-common.inc | ||
20 | include disable-devel.inc | ||
21 | include disable-interpreters.inc | ||
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | ||
24 | include whitelist-common.inc | ||
25 | |||
26 | caps.drop all | ||
27 | net none | ||
28 | no3d | ||
29 | nodbus | ||
30 | nodvd | ||
31 | nogroups | ||
32 | nonewprivs | ||
33 | noroot | ||
34 | nosound | ||
35 | notv | ||
36 | nou2f | ||
37 | novideo | ||
38 | protocol unix | ||
39 | seccomp | ||
40 | shell none | ||
41 | |||
42 | # disable-mnt | ||
43 | # private | ||
44 | private-bin clawsker,perl | ||
45 | private-cache | ||
46 | private-dev | ||
47 | private-etc fonts | ||
48 | private-lib girepository-1.*,libgirepository-1.*,perl* | ||
49 | private-tmp | ||
50 | |||
51 | # memory-deny-write-execute - breaks on Arch | ||
52 | noexec ${HOME} | ||
53 | noexec /tmp | ||
diff --git a/etc/eog.profile b/etc/eog.profile index 8cb64009c..75d343d4e 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -37,6 +37,7 @@ seccomp | |||
37 | shell none | 37 | shell none |
38 | 38 | ||
39 | private-bin eog | 39 | private-bin eog |
40 | private-cache | ||
40 | private-dev | 41 | private-dev |
41 | private-etc fonts | 42 | private-etc fonts |
42 | private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* | 43 | private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* |
diff --git a/etc/gcalccmd.profile b/etc/gcalccmd.profile new file mode 100644 index 000000000..691d6b0c4 --- /dev/null +++ b/etc/gcalccmd.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | # Firejail profile for gcalccmd | ||
2 | # Description: GNOME console calculator | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gcalccmd.local | ||
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include globals.local | ||
9 | |||
10 | private-bin gcalccmd | ||
11 | |||
12 | # Redirect | ||
13 | include gnome-calculator.profile | ||
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 7974211c7..be4b0c03f 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -37,6 +37,7 @@ shell none | |||
37 | 37 | ||
38 | disable-mnt | 38 | disable-mnt |
39 | private-bin gnome-calculator | 39 | private-bin gnome-calculator |
40 | private-cache | ||
40 | private-dev | 41 | private-dev |
41 | private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*,libgnutls.so.*,libproxy.so.*,librsvg-2.so.*,libxml2.so.* | 42 | private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*,libgnutls.so.*,libproxy.so.*,librsvg-2.so.*,libxml2.so.* |
42 | private-tmp | 43 | private-tmp |
diff --git a/etc/google-earth-pro.profile b/etc/google-earth-pro.profile new file mode 100644 index 000000000..d62319fa2 --- /dev/null +++ b/etc/google-earth-pro.profile | |||
@@ -0,0 +1,4 @@ | |||
1 | # Redirect | ||
2 | include google-earth.profile | ||
3 | |||
4 | private-bin google-earth-pro | ||
diff --git a/etc/google-earth.profile b/etc/google-earth.profile index 6e5f99745..e075bfe9a 100644 --- a/etc/google-earth.profile +++ b/etc/google-earth.profile | |||
@@ -43,8 +43,10 @@ protocol unix,inet,inet6 | |||
43 | seccomp | 43 | seccomp |
44 | shell none | 44 | shell none |
45 | 45 | ||
46 | disable-mnt | ||
46 | private-bin google-earth,sh,bash,grep,sed,ls,dirname | 47 | private-bin google-earth,sh,bash,grep,sed,ls,dirname |
47 | private-dev | 48 | private-dev |
49 | private-opt google | ||
48 | 50 | ||
49 | noexec ${HOME} | 51 | noexec ${HOME} |
50 | noexec /tmp | 52 | noexec /tmp |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 0dd5f7ec5..ac94d16d6 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -86,6 +86,7 @@ clamdtop | |||
86 | clamscan | 86 | clamscan |
87 | clamtk | 87 | clamtk |
88 | claws-mail | 88 | claws-mail |
89 | clawsker | ||
89 | clementine | 90 | clementine |
90 | clipit | 91 | clipit |
91 | cliqz | 92 | cliqz |