diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-19 11:16:10 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-11-19 11:16:10 -0500 |
commit | 9bb7a3523e4db6edceb4653e423828539634cc30 (patch) | |
tree | 6845a0ac6fdc3e9a36936ceb05f548f8d90ec388 | |
parent | fix vivaldi profile, more testing (diff) | |
parent | various fixes (diff) | |
download | firejail-9bb7a3523e4db6edceb4653e423828539634cc30.tar.gz firejail-9bb7a3523e4db6edceb4653e423828539634cc30.tar.zst firejail-9bb7a3523e4db6edceb4653e423828539634cc30.zip |
Merge pull request #920 from valoq/master
various fixes
-rw-r--r-- | etc/empathy.profile | 2 | ||||
-rw-r--r-- | etc/keepass2.profile | 6 | ||||
-rw-r--r-- | etc/kmail.profile | 2 | ||||
-rw-r--r-- | etc/mupdf.profile | 2 | ||||
-rw-r--r-- | etc/qemu-launcher.profile | 20 | ||||
-rw-r--r-- | etc/qemu-system-x86_64.profile | 18 | ||||
-rw-r--r-- | platform/debian/conffiles | 3 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 3 |
8 files changed, 54 insertions, 2 deletions
diff --git a/etc/empathy.profile b/etc/empathy.profile index 371100814..2a0a6389c 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -6,5 +6,7 @@ include /etc/firejail/disable-devel.inc | |||
6 | caps.drop all | 6 | caps.drop all |
7 | netfilter | 7 | netfilter |
8 | nonewprivs | 8 | nonewprivs |
9 | nogroups | ||
10 | noroot | ||
9 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
10 | seccomp | 12 | seccomp |
diff --git a/etc/keepass2.profile b/etc/keepass2.profile new file mode 100644 index 000000000..fd390f7ed --- /dev/null +++ b/etc/keepass2.profile | |||
@@ -0,0 +1,6 @@ | |||
1 | # keepass password manager profile | ||
2 | |||
3 | #noblacklist ${HOME}/.config/KeePass | ||
4 | #noblacklist ${HOME}/.keepass | ||
5 | |||
6 | include /etc/firejail/keepass.profile | ||
diff --git a/etc/kmail.profile b/etc/kmail.profile index bc21ba604..410ff36c6 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -16,4 +16,4 @@ seccomp | |||
16 | tracelog | 16 | tracelog |
17 | 17 | ||
18 | private-dev | 18 | private-dev |
19 | private-tmp | 19 | # private-tmp |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index e022866e8..dc23d5840 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -16,7 +16,7 @@ net none | |||
16 | shell none | 16 | shell none |
17 | tracelog | 17 | tracelog |
18 | 18 | ||
19 | #seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev | 19 | #seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev |
20 | 20 | ||
21 | private-bin mupdf | 21 | private-bin mupdf |
22 | private-tmp | 22 | private-tmp |
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile new file mode 100644 index 000000000..9fa8a91d4 --- /dev/null +++ b/etc/qemu-launcher.profile | |||
@@ -0,0 +1,20 @@ | |||
1 | # qemu-launcher profile | ||
2 | |||
3 | noblacklist ~/.qemu-launcher | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | nogroups | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | shell none | ||
17 | tracelog | ||
18 | |||
19 | private-tmp | ||
20 | |||
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile new file mode 100644 index 000000000..3d4587fb1 --- /dev/null +++ b/etc/qemu-system-x86_64.profile | |||
@@ -0,0 +1,18 @@ | |||
1 | # qemu profile | ||
2 | |||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | netfilter | ||
9 | nogroups | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | protocol unix,inet,inet6 | ||
13 | seccomp | ||
14 | shell none | ||
15 | tracelog | ||
16 | |||
17 | private-tmp | ||
18 | |||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index c6187628c..6377c7426 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -79,6 +79,7 @@ | |||
79 | /etc/firejail/inox.profile | 79 | /etc/firejail/inox.profile |
80 | /etc/firejail/jitsi.profile | 80 | /etc/firejail/jitsi.profile |
81 | /etc/firejail/keepass.profile | 81 | /etc/firejail/keepass.profile |
82 | /etc/firejail/keepass2.profile | ||
82 | /etc/firejail/keepassx.profile | 83 | /etc/firejail/keepassx.profile |
83 | /etc/firejail/kmail.profile | 84 | /etc/firejail/kmail.profile |
84 | /etc/firejail/konversation.profile | 85 | /etc/firejail/konversation.profile |
@@ -117,6 +118,8 @@ | |||
117 | /etc/firejail/polari.profile | 118 | /etc/firejail/polari.profile |
118 | /etc/firejail/psi-plus.profile | 119 | /etc/firejail/psi-plus.profile |
119 | /etc/firejail/qbittorrent.profile | 120 | /etc/firejail/qbittorrent.profile |
121 | /etc/firejail/qemu-launcher.profile | ||
122 | /etc/firejail/qemu-system-x86_64.profile | ||
120 | /etc/firejail/qpdfview.profile | 123 | /etc/firejail/qpdfview.profile |
121 | /etc/firejail/qtox.profile | 124 | /etc/firejail/qtox.profile |
122 | /etc/firejail/quassel.profile | 125 | /etc/firejail/quassel.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index f18bf8c86..d10d59657 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -82,6 +82,8 @@ mupen64plus | |||
82 | wine | 82 | wine |
83 | dosbox | 83 | dosbox |
84 | virtualbox | 84 | virtualbox |
85 | qemu-launcher | ||
86 | qemu-system-x86_64 | ||
85 | 87 | ||
86 | # games | 88 | # games |
87 | 0ad | 89 | 0ad |
@@ -154,6 +156,7 @@ atom-beta | |||
154 | atom | 156 | atom |
155 | ranger | 157 | ranger |
156 | keepass | 158 | keepass |
159 | keepass2 | ||
157 | keepassx | 160 | keepassx |
158 | xiphos | 161 | xiphos |
159 | 162 | ||