diff options
author | netblue30 <netblue30@yahoo.com> | 2017-04-26 16:35:18 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-04-26 16:35:18 -0400 |
commit | 37ef5cfb9d31be49a071d27ff6f626cf65b2231f (patch) | |
tree | b5394750b4aec955690707704eb00db6b552ebb4 | |
parent | PCManFM profile (diff) | |
download | firejail-37ef5cfb9d31be49a071d27ff6f626cf65b2231f.tar.gz firejail-37ef5cfb9d31be49a071d27ff6f626cf65b2231f.tar.zst firejail-37ef5cfb9d31be49a071d27ff6f626cf65b2231f.zip |
Dia, FontForge, Geany, Hugin profiles
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/default.profile | 2 | ||||
-rw-r--r-- | etc/dia.profile | 26 | ||||
-rw-r--r-- | etc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/fontforge.profile | 26 | ||||
-rw-r--r-- | etc/geany.profile | 26 | ||||
-rw-r--r-- | etc/hugin.profile | 27 | ||||
-rw-r--r-- | platform/debian/conffiles | 4 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 4 |
10 files changed, 120 insertions, 3 deletions
@@ -217,4 +217,4 @@ xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-G | |||
217 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, | 217 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, |
218 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, | 218 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, |
219 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, | 219 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, |
220 | Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM | 220 | Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin |
@@ -39,7 +39,7 @@ firejail (0.9.46-rc1) baseline; urgency=low | |||
39 | * new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking, | 39 | * new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking, |
40 | * new profiles: youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, | 40 | * new profiles: youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, |
41 | * new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, | 41 | * new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, |
42 | * new profiles: Ristretto, PCManFM | 42 | * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin |
43 | * bugfixes | 43 | * bugfixes |
44 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 | 44 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 |
45 | 45 | ||
diff --git a/etc/default.profile b/etc/default.profile index 66b04896f..484c1cd8e 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -25,4 +25,4 @@ seccomp | |||
25 | # private-etc none | 25 | # private-etc none |
26 | # private-dev | 26 | # private-dev |
27 | # private-tmp | 27 | # private-tmp |
28 | 28 | # nosound | |
diff --git a/etc/dia.profile b/etc/dia.profile new file mode 100644 index 000000000..3c01e9a0b --- /dev/null +++ b/etc/dia.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/dia.local | ||
4 | |||
5 | noblacklist ~/.dia | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | private-tmp | ||
26 | |||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 18b644987..285a7f7e3 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -74,6 +74,7 @@ blacklist ${HOME}/.config/evolution | |||
74 | blacklist ${HOME}/.config/filezilla | 74 | blacklist ${HOME}/.config/filezilla |
75 | blacklist ${HOME}/.config/flowblade | 75 | blacklist ${HOME}/.config/flowblade |
76 | blacklist ${HOME}/.config/gajim | 76 | blacklist ${HOME}/.config/gajim |
77 | blacklist ${HOME}/.config/geany | ||
77 | blacklist ${HOME}/.config/geeqie | 78 | blacklist ${HOME}/.config/geeqie |
78 | blacklist ${HOME}/.config/gedit | 79 | blacklist ${HOME}/.config/gedit |
79 | blacklist ${HOME}/.config/globaltime | 80 | blacklist ${HOME}/.config/globaltime |
@@ -148,6 +149,7 @@ blacklist ${HOME}/.config/xviewer | |||
148 | blacklist ${HOME}/.config/zathura | 149 | blacklist ${HOME}/.config/zathura |
149 | blacklist ${HOME}/.config/zoomus.conf | 150 | blacklist ${HOME}/.config/zoomus.conf |
150 | blacklist ${HOME}/.conkeror.mozdev.org | 151 | blacklist ${HOME}/.conkeror.mozdev.org |
152 | blacklist ${HOME}/.dia | ||
151 | blacklist ${HOME}/.dillo | 153 | blacklist ${HOME}/.dillo |
152 | blacklist ${HOME}/.dosbox | 154 | blacklist ${HOME}/.dosbox |
153 | blacklist ${HOME}/.dropbox-dist | 155 | blacklist ${HOME}/.dropbox-dist |
@@ -158,6 +160,7 @@ blacklist ${HOME}/.emacs.d | |||
158 | blacklist ${HOME}/.filezilla | 160 | blacklist ${HOME}/.filezilla |
159 | blacklist ${HOME}/.flowblade | 161 | blacklist ${HOME}/.flowblade |
160 | blacklist ${HOME}/.fltk | 162 | blacklist ${HOME}/.fltk |
163 | blacklist ${HOME}/.FontForge | ||
161 | blacklist ${HOME}/.gimp* | 164 | blacklist ${HOME}/.gimp* |
162 | blacklist ${HOME}/.git-credential-cache | 165 | blacklist ${HOME}/.git-credential-cache |
163 | blacklist ${HOME}/.gitconfig | 166 | blacklist ${HOME}/.gitconfig |
@@ -167,6 +170,7 @@ blacklist ${HOME}/.googleearth/myplaces.backup.kml | |||
167 | blacklist ${HOME}/.googleearth/myplaces.kml | 170 | blacklist ${HOME}/.googleearth/myplaces.kml |
168 | blacklist ${HOME}/.guayadeque | 171 | blacklist ${HOME}/.guayadeque |
169 | blacklist ${HOME}/.hedgewars | 172 | blacklist ${HOME}/.hedgewars |
173 | blacklist ${HOME}/.hugin | ||
170 | blacklist ${HOME}/.icedove | 174 | blacklist ${HOME}/.icedove |
171 | blacklist ${HOME}/.inkscape | 175 | blacklist ${HOME}/.inkscape |
172 | blacklist ${HOME}/.jitsi | 176 | blacklist ${HOME}/.jitsi |
diff --git a/etc/fontforge.profile b/etc/fontforge.profile new file mode 100644 index 000000000..014d15650 --- /dev/null +++ b/etc/fontforge.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/fontforge.local | ||
4 | |||
5 | noblacklist ${HOME}/.FontForge | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | private-tmp | ||
26 | |||
diff --git a/etc/geany.profile b/etc/geany.profile new file mode 100644 index 000000000..8ccc44dc1 --- /dev/null +++ b/etc/geany.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/geany.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/geany | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | private-tmp | ||
26 | |||
diff --git a/etc/hugin.profile b/etc/hugin.profile new file mode 100644 index 000000000..d2ad16c0e --- /dev/null +++ b/etc/hugin.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/hugin.local | ||
4 | |||
5 | noblacklist ${HOME}/.hugin | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | private-tmp | ||
26 | nosound | ||
27 | |||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 2f0da51ce..fa910f957 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -277,3 +277,7 @@ | |||
277 | /etc/firejail/xfce4-dict.profile | 277 | /etc/firejail/xfce4-dict.profile |
278 | /etc/firejail/xfce4-notes.profile | 278 | /etc/firejail/xfce4-notes.profile |
279 | /etc/firejail/pcmanfm.profile | 279 | /etc/firejail/pcmanfm.profile |
280 | /etc/firejail/dia.profile | ||
281 | /etc/firejail/fontforge.profile | ||
282 | /etc/firejail/geany.profile | ||
283 | /etc/firejail/hugin.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 93744f671..db3b525ff 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -34,6 +34,7 @@ cvlc | |||
34 | cyberfox | 34 | cyberfox |
35 | deadbeef | 35 | deadbeef |
36 | deluge | 36 | deluge |
37 | dia | ||
37 | dillo | 38 | dillo |
38 | dino | 39 | dino |
39 | display | 40 | display |
@@ -59,7 +60,9 @@ firefox | |||
59 | firefox-esr | 60 | firefox-esr |
60 | flashpeak-slimjet | 61 | flashpeak-slimjet |
61 | flowblade | 62 | flowblade |
63 | fontforge | ||
62 | gajim | 64 | gajim |
65 | geany | ||
63 | gedit | 66 | gedit |
64 | geeqie | 67 | geeqie |
65 | gimp | 68 | gimp |
@@ -90,6 +93,7 @@ gwenview | |||
90 | hedgewars | 93 | hedgewars |
91 | hexchat | 94 | hexchat |
92 | highlight | 95 | highlight |
96 | hugin | ||
93 | icecat | 97 | icecat |
94 | icedove | 98 | icedove |
95 | iceweasel | 99 | iceweasel |