Merge pull request #3997 from nidamanx/patch-2

Create nextcloud-desktop.profile
author: netblue30 <netblue30@protonmail.com> 2021-03-05 10:51:10 -0500
committer: GitHub <noreply@github.com> 2021-03-05 10:51:10 -0500
commit: 2e3d2f80ca8580572214725346da882385ea0914 (patch)
tree: bdcf6d93ed4f249795132346bd62e43289aacfb8
parent: Fix #4044 -- skypeforlinux fails to start… (diff)
parent: Update etc/profile-m-z/nextcloud.profile (diff)
download: firejail-2e3d2f80ca8580572214725346da882385ea0914.tar.gz
firejail-2e3d2f80ca8580572214725346da882385ea0914.tar.zst
firejail-2e3d2f80ca8580572214725346da882385ea0914.zip
4 files changed, 86 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 05f82170d..729a25233 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -5,6 +5,7 @@ include disable-programs.local
 blacklist ${HOME}/Arduino
 blacklist ${HOME}/i2p
 blacklist ${HOME}/Monero/wallets
+blacklist ${HOME}/Nextcloud
 blacklist ${HOME}/Nextcloud/Notes
 blacklist ${HOME}/SoftMaker
 blacklist ${HOME}/Standard Notes Backups
@@ -117,6 +118,7 @@ blacklist ${HOME}/.config/MusE
 blacklist ${HOME}/.config/MuseScore
 blacklist ${HOME}/.config/MusicBrainz
 blacklist ${HOME}/.config/Nathan Osman
+blacklist ${HOME}/.config/Nextcloud
 blacklist ${HOME}/.config/Nylas Mail
 blacklist ${HOME}/.config/PacmanLogViewer
 blacklist ${HOME}/.config/PBE
@@ -582,6 +584,7 @@ blacklist ${HOME}/.local/share/JetBrains
 blacklist ${HOME}/.local/share/Kingsoft
 blacklist ${HOME}/.local/share/Mendeley Ltd.
 blacklist ${HOME}/.local/share/Mumble
+blacklist ${HOME}/.local/share/Nextcloud
 blacklist ${HOME}/.local/share/PBE
 blacklist ${HOME}/.local/share/Psi
 blacklist ${HOME}/.local/share/QGIS
diff --git a/etc/profile-m-z/nextcloud-desktop.profile b/etc/profile-m-z/nextcloud-desktop.profile
new file mode 100644
index 000000000..e74f9c03f
--- /dev/null
+++ b/etc/profile-m-z/nextcloud-desktop.profile
@@ -0,0 +1,10 @@
+# Firejail profile alias for nextcloud
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nextcloud-desktop.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+# Redirect
+include nextcloud.profile
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile
new file mode 100644
index 000000000..24768aee8
--- /dev/null
+++ b/etc/profile-m-z/nextcloud.profile
@@ -0,0 +1,71 @@
+# Firejail profile for nextcloud
+# Description: Nextcloud desktop synchronization client
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nextcloud.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/Nextcloud
+noblacklist ${HOME}/.config/Nextcloud
+noblacklist ${HOME}/.local/share/Nextcloud
+# Uncomment or put in your nextcloud.local to allow sync with more directories.
+#noblacklist ${DOCUMENTS}
+#noblacklist ${MUSIC}
+#noblacklist ${PICTURES}
+#noblacklist ${VIDEOS}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/Nextcloud
+mkdir ${HOME}/.config/Nextcloud
+mkdir ${HOME}/.local/share/Nextcloud
+whitelist ${HOME}/Nextcloud
+whitelist ${HOME}/.config/Nextcloud
+whitelist ${HOME}/.local/share/Nextcloud
+# Uncomment or put in your nextcloud.local to allow sync with more directories.
+#whitelist ${DOCUMENTS}
+#whitelist ${MUSIC}
+#whitelist ${PICTURES}
+#whitelist ${VIDEOS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin nextcloud,nextcloud-desktop
+private-cache
+private-etc alternatives,ca-certificates,crypto-policies,drirc,fonts,gcrypt,host.conf,hosts,ld.so.cache,machine-id,Nextcloud,nsswitch.conf,os-release,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
+private-dev
+private-tmp
+dbus-user filter
+dbus-user.talk org.freedesktop.secrets
+dbus-system none
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index b44a1bc85..16cd59aa5 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -553,6 +553,8 @@ neverputt
 newsbeuter
 newsboat
 newsflash
+nextcloud
+nextcloud-desktop
 nheko
 nicotine
 nitroshare
author	netblue30 <netblue30@protonmail.com>	2021-03-05 10:51:10 -0500
committer	GitHub <noreply@github.com>	2021-03-05 10:51:10 -0500
commit	2e3d2f80ca8580572214725346da882385ea0914 (patch)
tree	bdcf6d93ed4f249795132346bd62e43289aacfb8
parent	Fix #4044 -- skypeforlinux fails to start… (diff)
parent	Update etc/profile-m-z/nextcloud.profile (diff)
download	firejail-2e3d2f80ca8580572214725346da882385ea0914.tar.gz firejail-2e3d2f80ca8580572214725346da882385ea0914.tar.zst firejail-2e3d2f80ca8580572214725346da882385ea0914.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 05f82170d..729a25233 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -5,6 +5,7 @@ include disable-programs.local
5	blacklist ${HOME}/Arduino	5	blacklist ${HOME}/Arduino
6	blacklist ${HOME}/i2p	6	blacklist ${HOME}/i2p
7	blacklist ${HOME}/Monero/wallets	7	blacklist ${HOME}/Monero/wallets
		8	blacklist ${HOME}/Nextcloud
8	blacklist ${HOME}/Nextcloud/Notes	9	blacklist ${HOME}/Nextcloud/Notes
9	blacklist ${HOME}/SoftMaker	10	blacklist ${HOME}/SoftMaker
10	blacklist ${HOME}/Standard Notes Backups	11	blacklist ${HOME}/Standard Notes Backups
@@ -117,6 +118,7 @@ blacklist ${HOME}/.config/MusE
117	blacklist ${HOME}/.config/MuseScore	118	blacklist ${HOME}/.config/MuseScore
118	blacklist ${HOME}/.config/MusicBrainz	119	blacklist ${HOME}/.config/MusicBrainz
119	blacklist ${HOME}/.config/Nathan Osman	120	blacklist ${HOME}/.config/Nathan Osman
		121	blacklist ${HOME}/.config/Nextcloud
120	blacklist ${HOME}/.config/Nylas Mail	122	blacklist ${HOME}/.config/Nylas Mail
121	blacklist ${HOME}/.config/PacmanLogViewer	123	blacklist ${HOME}/.config/PacmanLogViewer
122	blacklist ${HOME}/.config/PBE	124	blacklist ${HOME}/.config/PBE
@@ -582,6 +584,7 @@ blacklist ${HOME}/.local/share/JetBrains
582	blacklist ${HOME}/.local/share/Kingsoft	584	blacklist ${HOME}/.local/share/Kingsoft
583	blacklist ${HOME}/.local/share/Mendeley Ltd.	585	blacklist ${HOME}/.local/share/Mendeley Ltd.
584	blacklist ${HOME}/.local/share/Mumble	586	blacklist ${HOME}/.local/share/Mumble
		587	blacklist ${HOME}/.local/share/Nextcloud
585	blacklist ${HOME}/.local/share/PBE	588	blacklist ${HOME}/.local/share/PBE
586	blacklist ${HOME}/.local/share/Psi	589	blacklist ${HOME}/.local/share/Psi
587	blacklist ${HOME}/.local/share/QGIS	590	blacklist ${HOME}/.local/share/QGIS


diff --git a/etc/profile-m-z/nextcloud-desktop.profile b/etc/profile-m-z/nextcloud-desktop.profile new file mode 100644 index 000000000..e74f9c03f --- /dev/null +++ b/etc/profile-m-z/nextcloud-desktop.profile
@@ -0,0 +1,10 @@
		1	# Firejail profile alias for nextcloud
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include nextcloud-desktop.local
		5	# Persistent global definitions
		6	# added by included profile
		7	#include globals.local
		8
		9	# Redirect
		10	include nextcloud.profile


diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile new file mode 100644 index 000000000..24768aee8 --- /dev/null +++ b/etc/profile-m-z/nextcloud.profile
@@ -0,0 +1,71 @@
		1	# Firejail profile for nextcloud
		2	# Description: Nextcloud desktop synchronization client
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include nextcloud.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/Nextcloud
		10	noblacklist ${HOME}/.config/Nextcloud
		11	noblacklist ${HOME}/.local/share/Nextcloud
		12	# Uncomment or put in your nextcloud.local to allow sync with more directories.
		13	#noblacklist ${DOCUMENTS}
		14	#noblacklist ${MUSIC}
		15	#noblacklist ${PICTURES}
		16	#noblacklist ${VIDEOS}
		17
		18	include disable-common.inc
		19	include disable-devel.inc
		20	include disable-exec.inc
		21	include disable-interpreters.inc
		22	include disable-passwdmgr.inc
		23	include disable-programs.inc
		24	include disable-shell.inc
		25	include disable-xdg.inc
		26
		27	mkdir ${HOME}/Nextcloud
		28	mkdir ${HOME}/.config/Nextcloud
		29	mkdir ${HOME}/.local/share/Nextcloud
		30	whitelist ${HOME}/Nextcloud
		31	whitelist ${HOME}/.config/Nextcloud
		32	whitelist ${HOME}/.local/share/Nextcloud
		33	# Uncomment or put in your nextcloud.local to allow sync with more directories.
		34	#whitelist ${DOCUMENTS}
		35	#whitelist ${MUSIC}
		36	#whitelist ${PICTURES}
		37	#whitelist ${VIDEOS}
		38	include whitelist-common.inc
		39	include whitelist-runuser-common.inc
		40	include whitelist-usr-share-common.inc
		41	include whitelist-var-common.inc
		42
		43	apparmor
		44	caps.drop all
		45	machine-id
		46	netfilter
		47	no3d
		48	nodvd
		49	nogroups
		50	nonewprivs
		51	noroot
		52	nosound
		53	notv
		54	nou2f
		55	novideo
		56	protocol unix,inet,inet6
		57	seccomp
		58	seccomp.block-secondary
		59	shell none
		60	tracelog
		61
		62	disable-mnt
		63	private-bin nextcloud,nextcloud-desktop
		64	private-cache
		65	private-etc alternatives,ca-certificates,crypto-policies,drirc,fonts,gcrypt,host.conf,hosts,ld.so.cache,machine-id,Nextcloud,nsswitch.conf,os-release,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
		66	private-dev
		67	private-tmp
		68
		69	dbus-user filter
		70	dbus-user.talk org.freedesktop.secrets
		71	dbus-system none


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index b44a1bc85..16cd59aa5 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -553,6 +553,8 @@ neverputt
553	newsbeuter	553	newsbeuter
554	newsboat	554	newsboat
555	newsflash	555	newsflash
		556	nextcloud
		557	nextcloud-desktop
556	nheko	558	nheko
557	nicotine	559	nicotine
558	nitroshare	560	nitroshare