diff options
author | Tad <tad@spotco.us> | 2018-03-25 10:25:31 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-03-25 10:25:31 -0400 |
commit | 49256c107f512437eb3ecbf614a8822ac38163a8 (patch) | |
tree | 8cb445e6828d68f452af1d6fea52609072dc531a | |
parent | fix (diff) | |
download | firejail-49256c107f512437eb3ecbf614a8822ac38163a8.tar.gz firejail-49256c107f512437eb3ecbf614a8822ac38163a8.tar.zst firejail-49256c107f512437eb3ecbf614a8822ac38163a8.zip |
Fixup blender-2.8 and thunderbird-beta
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/blender-2.8.profile | 30 | ||||
-rw-r--r-- | etc/thunderbird-beta.profile | 33 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 |
5 files changed, 10 insertions, 59 deletions
@@ -293,4 +293,4 @@ firefox-common-addons.inc in firefox-common.profile. | |||
293 | Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary, | 293 | Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary, |
294 | pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain, | 294 | pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain, |
295 | tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder, | 295 | tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder, |
296 | gnome-recipes, akonadi_control | 296 | gnome-recipes, akonadi_control, blender-2.8, thunderbird-beta |
@@ -29,7 +29,7 @@ firejail (0.9.53) baseline; urgency=low | |||
29 | * new profiles: discord-canary, pycharm-community, pycharm-professional, | 29 | * new profiles: discord-canary, pycharm-community, pycharm-professional, |
30 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, | 30 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, |
31 | * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes | 31 | * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes |
32 | * new profiles: akonadi_control | 32 | * new profiles: akonadi_control, blender-2.8, thunderbird-beta |
33 | -- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500 | 33 | -- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500 |
34 | 34 | ||
35 | firejail (0.9.52) baseline; urgency=low | 35 | firejail (0.9.52) baseline; urgency=low |
diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile index 29df27759..4b907018e 100644 --- a/etc/blender-2.8.profile +++ b/etc/blender-2.8.profile | |||
@@ -1,30 +1,6 @@ | |||
1 | # Firejail profile for blender | 1 | # Firejail profile alias for blender |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | ||
4 | include /etc/firejail/blender.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | 3 | ||
8 | noblacklist ${HOME}/.config/blender | ||
9 | 4 | ||
10 | include /etc/firejail/disable-common.inc | 5 | # Redirect |
11 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/blender.profile |
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | include /etc/firejail/disable-programs.inc | ||
14 | |||
15 | caps.drop all | ||
16 | netfilter | ||
17 | nodvd | ||
18 | nogroups | ||
19 | nonewprivs | ||
20 | noroot | ||
21 | notv | ||
22 | protocol unix,inet,inet6,netlink | ||
23 | seccomp | ||
24 | shell none | ||
25 | |||
26 | private-dev | ||
27 | private-tmp | ||
28 | |||
29 | noexec ${HOME} | ||
30 | noexec /tmp | ||
diff --git a/etc/thunderbird-beta.profile b/etc/thunderbird-beta.profile index fb1ee46e2..73d2419da 100644 --- a/etc/thunderbird-beta.profile +++ b/etc/thunderbird-beta.profile | |||
@@ -1,35 +1,8 @@ | |||
1 | # Firejail profile for thunderbird | 1 | # Firejail profile alias for thunderbird-beta |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | ||
4 | include /etc/firejail/thunderbird.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | 3 | ||
8 | # Users have thunderbird set to open a browser by clicking a link in an email | ||
9 | # We are not allowed to blacklist browser-specific directories | ||
10 | whitelist /opt/thunderbird-beta | ||
11 | noblacklist ${HOME}/.cache/thunderbird | ||
12 | noblacklist ${HOME}/.gnupg | ||
13 | # noblacklist ${HOME}/.icedove | ||
14 | noblacklist ${HOME}/.thunderbird | ||
15 | |||
16 | mkdir ${HOME}/.cache/thunderbird | ||
17 | mkdir ${HOME}/.gnupg | ||
18 | # mkdir ${HOME}/.icedove | ||
19 | mkdir ${HOME}/.thunderbird | ||
20 | whitelist ${HOME}/.cache/thunderbird | ||
21 | whitelist ${HOME}/.gnupg | ||
22 | # whitelist ${HOME}/.icedove | ||
23 | whitelist ${HOME}/.thunderbird | ||
24 | 4 | ||
25 | # We need the real /tmp for data exchange when xdg-open handles email attachments on KDE | 5 | whitelist /opt/thunderbird-beta |
26 | ignore private-tmp | ||
27 | # machine-id breaks audio in browsers; enable it when sound is not required | ||
28 | # machine-id | ||
29 | read-only ${HOME}/.config/mimeapps.list | ||
30 | # writable-run-user is needed for signing and encrypting emails | ||
31 | writable-run-user | ||
32 | 6 | ||
33 | # allow browsers | ||
34 | # Redirect | 7 | # Redirect |
35 | include /etc/firejail/firefox.profile | 8 | include /etc/firejail/thunderbird.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2ffaa8b98..fafbc83d9 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -44,6 +44,7 @@ bibletime | |||
44 | bitlbee | 44 | bitlbee |
45 | bleachbit | 45 | bleachbit |
46 | blender | 46 | blender |
47 | blender-2.8 | ||
47 | bless | 48 | bless |
48 | bluefish | 49 | bluefish |
49 | bnox | 50 | bnox |
@@ -350,6 +351,7 @@ telegram | |||
350 | telegram-desktop | 351 | telegram-desktop |
351 | terasology | 352 | terasology |
352 | thunderbird | 353 | thunderbird |
354 | thunderbird-beta | ||
353 | tilp | 355 | tilp |
354 | tor-browser-ar | 356 | tor-browser-ar |
355 | tor-browser-en | 357 | tor-browser-en |