diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2020-01-25 11:39:48 +0100 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2020-01-25 11:39:48 +0100 |
commit | 0bccffc97e9f6c8d3502a0f1d3297613db1672ea (patch) | |
tree | cf2c90ce617d4694e55f951d43af46ebb26479e9 | |
parent | disable-interpreters: blacklist /usr/lib64/python3* (diff) | |
download | firejail-0bccffc97e9f6c8d3502a0f1d3297613db1672ea.tar.gz firejail-0bccffc97e9f6c8d3502a0f1d3297613db1672ea.tar.zst firejail-0bccffc97e9f6c8d3502a0f1d3297613db1672ea.zip |
Add a profile for clipgrab
Thanks @DurtyDev for testing (netblue30/firetools#47)
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/clipgrab.profile | 45 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/whitelist-usr-share-common.inc | 2 |
5 files changed, 49 insertions, 3 deletions
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
151 | 151 | ||
152 | ### New profiles: | 152 | ### New profiles: |
153 | 153 | ||
154 | firefox-x11, tvbrowser, rtv | 154 | gfeeds, firefox-x11, tvbrowser, rtv, clipgrab |
@@ -1,7 +1,7 @@ | |||
1 | firejail (0.9.63) baseline; urgency=low | 1 | firejail (0.9.63) baseline; urgency=low |
2 | * work in progress | 2 | * work in progress |
3 | * DHCP client support | 3 | * DHCP client support |
4 | * new profiles: firefox-x11, tvbrowser, rtv | 4 | * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab |
5 | 5 | ||
6 | firejail (0.9.62) baseline; urgency=low | 6 | firejail (0.9.62) baseline; urgency=low |
7 | * added file-copy-limit in /etc/firejail/firejail.config | 7 | * added file-copy-limit in /etc/firejail/firejail.config |
diff --git a/etc/clipgrab.profile b/etc/clipgrab.profile new file mode 100644 index 000000000..786d1c866 --- /dev/null +++ b/etc/clipgrab.profile | |||
@@ -0,0 +1,45 @@ | |||
1 | # Firejail profile for clipgrab | ||
2 | # Description: A free video downloader and converter | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include clipgrab.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/Philipp Schmieder | ||
10 | noblacklist ${HOME}/.pki | ||
11 | noblacklist ${VIDEOS} | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-xdg.inc | ||
20 | |||
21 | include whitelist-usr-share-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
24 | apparmor | ||
25 | caps.drop all | ||
26 | machine-id | ||
27 | netfilter | ||
28 | # Breaks tray-icon, uncommend or add to clipgrab.local if you don't need it. | ||
29 | #nodbus | ||
30 | nodvd | ||
31 | nogroups | ||
32 | nonewprivs | ||
33 | noroot | ||
34 | nosound | ||
35 | notv | ||
36 | nou2f | ||
37 | novideo | ||
38 | protocol unix,inet,inet6,netlink | ||
39 | seccomp !chroot | ||
40 | shell none | ||
41 | |||
42 | disable-mnt | ||
43 | private-cache | ||
44 | private-dev | ||
45 | private-tmp | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index f46294a25..2eac1338e 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -97,6 +97,7 @@ blacklist ${HOME}/.config/MusicBrainz | |||
97 | blacklist ${HOME}/.config/Nathan Osman | 97 | blacklist ${HOME}/.config/Nathan Osman |
98 | blacklist ${HOME}/.config/Nylas Mail | 98 | blacklist ${HOME}/.config/Nylas Mail |
99 | blacklist ${HOME}/.config/PBE | 99 | blacklist ${HOME}/.config/PBE |
100 | blacklist ${HOME}/.config/Philipp Schmieder | ||
100 | blacklist ${HOME}/.config/QGIS | 101 | blacklist ${HOME}/.config/QGIS |
101 | blacklist ${HOME}/.config/QMediathekView | 102 | blacklist ${HOME}/.config/QMediathekView |
102 | blacklist ${HOME}/.config/Qlipper | 103 | blacklist ${HOME}/.config/Qlipper |
diff --git a/etc/whitelist-usr-share-common.inc b/etc/whitelist-usr-share-common.inc index 78b947750..4115dbfeb 100644 --- a/etc/whitelist-usr-share-common.inc +++ b/etc/whitelist-usr-share-common.inc | |||
@@ -26,8 +26,8 @@ whitelist /usr/share/gtksourceview-4 | |||
26 | whitelist /usr/share/hunspell | 26 | whitelist /usr/share/hunspell |
27 | whitelist /usr/share/hwdata | 27 | whitelist /usr/share/hwdata |
28 | whitelist /usr/share/icons | 28 | whitelist /usr/share/icons |
29 | whitelist /usr/share/knotifications5 | ||
30 | whitelist /usr/share/icu | 29 | whitelist /usr/share/icu |
30 | whitelist /usr/share/knotifications5 | ||
31 | whitelist /usr/share/kservices5 | 31 | whitelist /usr/share/kservices5 |
32 | whitelist /usr/share/Kvantum | 32 | whitelist /usr/share/Kvantum |
33 | whitelist /usr/share/kxmlgui5 | 33 | whitelist /usr/share/kxmlgui5 |