diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-16 10:06:26 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-16 10:06:26 -0400 |
commit | 926f21a51c2c9f1cd97b815323a8c2c8f5e9b927 (patch) | |
tree | 8afd9548efd4c0d33434eaf0b350fddd8179a411 | |
parent | fix: firejail config in /etc/firejail is not blacklisted if the sandbox is st... (diff) | |
download | firejail-926f21a51c2c9f1cd97b815323a8c2c8f5e9b927.tar.gz firejail-926f21a51c2c9f1cd97b815323a8c2c8f5e9b927.tar.zst firejail-926f21a51c2c9f1cd97b815323a8c2c8f5e9b927.zip |
added netsurf profile
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/netsurf.profile | 34 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
6 files changed, 39 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in index 16f8e8717..64a6fbd76 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -164,6 +164,7 @@ realinstall: | |||
164 | install -c -m 0644 .etc/icedove.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 164 | install -c -m 0644 .etc/icedove.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
165 | install -c -m 0644 .etc/abrowser.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 165 | install -c -m 0644 .etc/abrowser.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
166 | install -c -m 0644 .etc/0ad.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 166 | install -c -m 0644 .etc/0ad.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
167 | install -c -m 0644 .etc/netsurf.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
167 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 168 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
168 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 169 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
169 | rm -fr .etc | 170 | rm -fr .etc |
@@ -281,5 +281,5 @@ $ man firejail-profile | |||
281 | 281 | ||
282 | ## New security profiles | 282 | ## New security profiles |
283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, | 283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, |
284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad | 284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf |
285 | 285 | ||
@@ -18,7 +18,7 @@ firejail (0.9.40-rc1) baseline; urgency=low | |||
18 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril | 18 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril |
19 | * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars | 19 | * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars |
20 | * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq | 20 | * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq |
21 | * new profiles: PaleMoon, Icedove, abrowser, 0ad | 21 | * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf |
22 | * build rpm packages using "make rpms" | 22 | * build rpm packages using "make rpms" |
23 | * bugfixes | 23 | * bugfixes |
24 | -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 | 24 | -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 |
diff --git a/etc/netsurf.profile b/etc/netsurf.profile new file mode 100644 index 000000000..26b621126 --- /dev/null +++ b/etc/netsurf.profile | |||
@@ -0,0 +1,34 @@ | |||
1 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) | ||
2 | |||
3 | noblacklist ~/.config/netsurf | ||
4 | noblacklist ~/.cache/netsurf | ||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | |||
9 | caps.drop all | ||
10 | seccomp | ||
11 | protocol unix,inet,inet6,netlink | ||
12 | netfilter | ||
13 | tracelog | ||
14 | noroot | ||
15 | |||
16 | whitelist ${DOWNLOADS} | ||
17 | mkdir ~/.config | ||
18 | mkdir ~/.config/netsurf | ||
19 | whitelist ~/.config/netsurf | ||
20 | mkdir ~/.cache | ||
21 | mkdir ~/.cache/netsurf | ||
22 | whitelist ~/.cache/netsurf | ||
23 | |||
24 | # lastpass, keepassx | ||
25 | whitelist ~/.keepassx | ||
26 | whitelist ~/.config/keepassx | ||
27 | whitelist ~/keepassx.kdbx | ||
28 | whitelist ~/.lastpass | ||
29 | whitelist ~/.config/lastpass | ||
30 | |||
31 | include /etc/firejail/whitelist-common.inc | ||
32 | |||
33 | |||
34 | |||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index dc8640147..5f1546a4f 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -83,3 +83,4 @@ | |||
83 | /etc/firejail/palemoon.profile | 83 | /etc/firejail/palemoon.profile |
84 | /etc/firejail/abrowser.profile | 84 | /etc/firejail/abrowser.profile |
85 | /etc/firejail/0ad.profile | 85 | /etc/firejail/0ad.profile |
86 | /etc/firejail/netsurf.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index c28f8e352..fed477f44 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -27,6 +27,7 @@ seamonkey-bin | |||
27 | vivaldi-beta | 27 | vivaldi-beta |
28 | vivaldi | 28 | vivaldi |
29 | dillo | 29 | dillo |
30 | netsurf | ||
30 | 31 | ||
31 | # bittorrent/ftp | 32 | # bittorrent/ftp |
32 | deluge | 33 | deluge |