diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-03-29 16:45:46 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-03-29 16:47:21 +0200 |
commit | 54d817c8a093b031d54b8ad92bd643e54802629d (patch) | |
tree | d645dd0ccc970802154a5038c96ff13be45d386b | |
parent | Merge pull request #3296 from 0x7969/master (diff) | |
download | firejail-54d817c8a093b031d54b8ad92bd643e54802629d.tar.gz firejail-54d817c8a093b031d54b8ad92bd643e54802629d.tar.zst firejail-54d817c8a093b031d54b8ad92bd643e54802629d.zip |
abiword and more gnome-games
- four-in-a-row
- gnome-mahjongg
- gnome-robots
- gnome-sudoku
- gnome-taquin
- gnome-tetravex
harden gnome-chess
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 4 | ||||
-rw-r--r-- | etc/abiword.profile | 46 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/four-in-a-row.profile | 17 | ||||
-rw-r--r-- | etc/gnome-chess.profile | 4 | ||||
-rw-r--r-- | etc/gnome-mahjongg.profile | 14 | ||||
-rw-r--r-- | etc/gnome-robots.profile | 17 | ||||
-rw-r--r-- | etc/gnome-sudoku.profile | 17 | ||||
-rw-r--r-- | etc/gnome-taquin.profile | 17 | ||||
-rw-r--r-- | etc/gnome-tetravex.profile | 12 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 12 |
13 files changed, 163 insertions, 2 deletions
diff --git a/.gitignore b/.gitignore index 661370b02..39380446b 100644 --- a/.gitignore +++ b/.gitignore | |||
@@ -41,6 +41,7 @@ seccomp.32 | |||
41 | seccomp.64 | 41 | seccomp.64 |
42 | seccomp.block_secondary | 42 | seccomp.block_secondary |
43 | seccomp.mdwx | 43 | seccomp.mdwx |
44 | seccomp.mdwx.32 | ||
44 | src/common.mk | 45 | src/common.mk |
45 | aclocal.m4 | 46 | aclocal.m4 |
46 | __pycache__ | 47 | __pycache__ |
@@ -176,4 +176,4 @@ Run ./profstats -h for help. | |||
176 | ### New profiles: | 176 | ### New profiles: |
177 | 177 | ||
178 | gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, | 178 | gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, |
179 | gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux | 179 | gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword, four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex |
@@ -14,7 +14,9 @@ firejail (0.9.63) baseline; urgency=low | |||
14 | * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro | 14 | * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro |
15 | * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command | 15 | * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command |
16 | * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux | 16 | * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux |
17 | * new profiles: ts3client_runscript.sh | 17 | * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row |
18 | * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin | ||
19 | * new profiles: gnome-tetravex | ||
18 | 20 | ||
19 | firejail (0.9.62) baseline; urgency=low | 21 | firejail (0.9.62) baseline; urgency=low |
20 | * added file-copy-limit in /etc/firejail/firejail.config | 22 | * added file-copy-limit in /etc/firejail/firejail.config |
diff --git a/etc/abiword.profile b/etc/abiword.profile new file mode 100644 index 000000000..748cda195 --- /dev/null +++ b/etc/abiword.profile | |||
@@ -0,0 +1,46 @@ | |||
1 | # Firejail profile for abiword | ||
2 | # Description: flexible cross-platform word processor | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include abiword.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/abiword | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | |||
18 | whitelist /usr/share/abiword-3.0 | ||
19 | include whitelist-usr-share-common.inc | ||
20 | include whitelist-runuser-common.inc | ||
21 | include whitelist-var-common.inc | ||
22 | |||
23 | apparmor | ||
24 | caps.drop all | ||
25 | machine-id | ||
26 | net none | ||
27 | no3d | ||
28 | #nodbus | ||
29 | nodvd | ||
30 | nogroups | ||
31 | nonewprivs | ||
32 | noroot | ||
33 | nosound | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix | ||
38 | seccomp | ||
39 | shell none | ||
40 | tracelog | ||
41 | |||
42 | private-bin abiword | ||
43 | private-cache | ||
44 | private-dev | ||
45 | private-etc fonts,gtk-3.0,passwd | ||
46 | private-tmp | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 15a62d4e2..5bb2f851a 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -119,6 +119,7 @@ blacklist ${HOME}/.config/Thunar | |||
119 | blacklist ${HOME}/.config/VirtualBox | 119 | blacklist ${HOME}/.config/VirtualBox |
120 | blacklist ${HOME}/.config/Wire | 120 | blacklist ${HOME}/.config/Wire |
121 | blacklist ${HOME}/.config/Zeal | 121 | blacklist ${HOME}/.config/Zeal |
122 | blacklist ${HOME}/.config/abiword | ||
122 | blacklist ${HOME}/.config/agenda | 123 | blacklist ${HOME}/.config/agenda |
123 | blacklist ${HOME}/.config/akonadi* | 124 | blacklist ${HOME}/.config/akonadi* |
124 | blacklist ${HOME}/.config/akregatorrc | 125 | blacklist ${HOME}/.config/akregatorrc |
@@ -548,6 +549,7 @@ blacklist ${HOME}/.local/share/gnome-photos | |||
548 | blacklist ${HOME}/.local/share/gnome-pomodoro | 549 | blacklist ${HOME}/.local/share/gnome-pomodoro |
549 | blacklist ${HOME}/.local/share/gnome-recipes | 550 | blacklist ${HOME}/.local/share/gnome-recipes |
550 | blacklist ${HOME}/.local/share/gnome-ring | 551 | blacklist ${HOME}/.local/share/gnome-ring |
552 | blacklist ${HOME}/.local/share/gnome-sudoku | ||
551 | blacklist ${HOME}/.local/share/gnome-twitch | 553 | blacklist ${HOME}/.local/share/gnome-twitch |
552 | blacklist ${HOME}/.local/share/godot | 554 | blacklist ${HOME}/.local/share/godot |
553 | blacklist ${HOME}/.local/share/gradio | 555 | blacklist ${HOME}/.local/share/gradio |
diff --git a/etc/four-in-a-row.profile b/etc/four-in-a-row.profile new file mode 100644 index 000000000..b468c3435 --- /dev/null +++ b/etc/four-in-a-row.profile | |||
@@ -0,0 +1,17 @@ | |||
1 | # Firejail profile for four-in-a-row | ||
2 | # Description: Sliding tile puzzle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include four-in-a-row.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | ignore machine-id | ||
10 | ignore nosound | ||
11 | |||
12 | whitelist /usr/share/four-in-a-row | ||
13 | |||
14 | private-bin four-in-a-row | ||
15 | |||
16 | # Redirect | ||
17 | include gnome_games-common.profile | ||
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index e657293ac..a80e1ca6d 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile | |||
@@ -16,6 +16,10 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/gnuchess | ||
20 | whitelist /usr/share/gnome-chess | ||
21 | include whitelist-runuser-common.inc | ||
22 | include whitelist-usr-share-common.inc | ||
19 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
20 | 24 | ||
21 | apparmor | 25 | apparmor |
diff --git a/etc/gnome-mahjongg.profile b/etc/gnome-mahjongg.profile new file mode 100644 index 000000000..653c5f949 --- /dev/null +++ b/etc/gnome-mahjongg.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for gnome-mahjongg | ||
2 | # Description: Sliding tile puzzle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gnome-mahjongg.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | whitelist /usr/share/gnome-mahjongg | ||
10 | |||
11 | private-bin gnome-mahjongg | ||
12 | |||
13 | # Redirect | ||
14 | include gnome_games-common.profile | ||
diff --git a/etc/gnome-robots.profile b/etc/gnome-robots.profile new file mode 100644 index 000000000..888324a5c --- /dev/null +++ b/etc/gnome-robots.profile | |||
@@ -0,0 +1,17 @@ | |||
1 | # Firejail profile for gnome-robots | ||
2 | # Description: Sliding tile puzzle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gnome-robots.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | ignore machine-id | ||
10 | ignore nosound | ||
11 | |||
12 | whitelist /usr/share/gnome-robots | ||
13 | |||
14 | private-bin gnome-robots | ||
15 | |||
16 | # Redirect | ||
17 | include gnome_games-common.profile | ||
diff --git a/etc/gnome-sudoku.profile b/etc/gnome-sudoku.profile new file mode 100644 index 000000000..b41bccd1e --- /dev/null +++ b/etc/gnome-sudoku.profile | |||
@@ -0,0 +1,17 @@ | |||
1 | # Firejail profile for gnome-sudoku | ||
2 | # Description: Sliding tile puzzle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gnome-sudoku.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.local/share/gnome-sudoku | ||
10 | |||
11 | mkdir ${HOME}/.local/share/gnome-sudoku | ||
12 | whitelist ${HOME}/.local/share/gnome-sudoku | ||
13 | |||
14 | private-bin gnome-sudoku | ||
15 | |||
16 | # Redirect | ||
17 | include gnome_games-common.profile | ||
diff --git a/etc/gnome-taquin.profile b/etc/gnome-taquin.profile new file mode 100644 index 000000000..efd64d455 --- /dev/null +++ b/etc/gnome-taquin.profile | |||
@@ -0,0 +1,17 @@ | |||
1 | # Firejail profile for gnome-taquin | ||
2 | # Description: Sliding tile puzzle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gnome-taquin.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | ignore machine-id | ||
10 | ignore nosound | ||
11 | |||
12 | whitelist /usr/share/gnome-taquin | ||
13 | |||
14 | private-bin gnome-taquin | ||
15 | |||
16 | # Redirect | ||
17 | include gnome_games-common.profile | ||
diff --git a/etc/gnome-tetravex.profile b/etc/gnome-tetravex.profile new file mode 100644 index 000000000..e9622539c --- /dev/null +++ b/etc/gnome-tetravex.profile | |||
@@ -0,0 +1,12 @@ | |||
1 | # Firejail profile for gnome-tetravex | ||
2 | # Description: Sliding tile puzzle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gnome-tetravex.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | private-bin gnome-tetravex | ||
10 | |||
11 | # Redirect | ||
12 | include gnome_games-common.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 75dba9486..e79fd4b14 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -29,6 +29,7 @@ Viber | |||
29 | VirtualBox | 29 | VirtualBox |
30 | XMind | 30 | XMind |
31 | Xephyr | 31 | Xephyr |
32 | abiword | ||
32 | abrowser | 33 | abrowser |
33 | akonadi_control | 34 | akonadi_control |
34 | akregator | 35 | akregator |
@@ -218,6 +219,7 @@ flowblade | |||
218 | font-manager | 219 | font-manager |
219 | fontforge | 220 | fontforge |
220 | fossamail | 221 | fossamail |
222 | four-in-a-row | ||
221 | franz | 223 | franz |
222 | freecad | 224 | freecad |
223 | freecadcmd | 225 | freecadcmd |
@@ -230,6 +232,7 @@ freeoffice-planmaker | |||
230 | freeoffice-presentations | 232 | freeoffice-presentations |
231 | freeoffice-textmaker | 233 | freeoffice-textmaker |
232 | freshclam | 234 | freshclam |
235 | frogatto | ||
233 | frozen-bubble | 236 | frozen-bubble |
234 | gajim | 237 | gajim |
235 | gajim-history-manager | 238 | gajim-history-manager |
@@ -270,18 +273,25 @@ gnome-font-viewer | |||
270 | gnome-hexgl | 273 | gnome-hexgl |
271 | gnome-latex | 274 | gnome-latex |
272 | gnome-logs | 275 | gnome-logs |
276 | gnome-mahjongg | ||
273 | gnome-maps | 277 | gnome-maps |
278 | gnome-mines | ||
274 | gnome-mplayer | 279 | gnome-mplayer |
275 | gnome-mpv | 280 | gnome-mpv |
276 | gnome-music | 281 | gnome-music |
277 | gnome-nettool | 282 | gnome-nettool |
283 | gnome-nibbles | ||
278 | gnome-passwordsafe | 284 | gnome-passwordsafe |
279 | gnome-photos | 285 | gnome-photos |
280 | gnome-pomodoro | 286 | gnome-pomodoro |
281 | gnome-recipes | 287 | gnome-recipes |
288 | gnome-robots | ||
282 | gnome-schedule | 289 | gnome-schedule |
283 | gnome-screenshot | 290 | gnome-screenshot |
291 | gnome-sudoku | ||
284 | gnome-system-log | 292 | gnome-system-log |
293 | gnome-taquin | ||
294 | gnome-tetravex | ||
285 | gnome-todo | 295 | gnome-todo |
286 | gnome-twitch | 296 | gnome-twitch |
287 | gnome-weather | 297 | gnome-weather |
@@ -373,6 +383,7 @@ leafpad | |||
373 | less | 383 | less |
374 | libreoffice | 384 | libreoffice |
375 | liferea | 385 | liferea |
386 | lightsoff | ||
376 | lincity-ng | 387 | lincity-ng |
377 | links | 388 | links |
378 | linphone | 389 | linphone |
@@ -702,6 +713,7 @@ vulturesclaw | |||
702 | vultureseye | 713 | vultureseye |
703 | vym | 714 | vym |
704 | w3m | 715 | w3m |
716 | warmux | ||
705 | warsow | 717 | warsow |
706 | warzone2100 | 718 | warzone2100 |
707 | waterfox | 719 | waterfox |