New profile: url-eater (#5780)

* Create url-eater.profile * RELNOTES: add url-eater to 'new profiles'
author: glitsj16 <glitsj16@users.noreply.github.com> 2023-04-18 02:36:55 +0000
committer: GitHub <noreply@github.com> 2023-04-18 02:36:55 +0000
commit: 7140573b9269b04cc36f5a9bd34a861ed2feb380 (patch)
tree: adaf50c9d1d61a5c28570e09b93f4ed37168eae3
parent: build(deps): bump actions/checkout from 3.5.0 to 3.5.2 (diff)
download: firejail-7140573b9269b04cc36f5a9bd34a861ed2feb380.tar.gz
firejail-7140573b9269b04cc36f5a9bd34a861ed2feb380.tar.zst
firejail-7140573b9269b04cc36f5a9bd34a861ed2feb380.zip
3 files changed, 60 insertions, 1 deletions
diff --git a/RELNOTES b/RELNOTES
index 72cfa336e..6452e11ff 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -30,7 +30,7 @@ firejail (0.9.73) baseline; urgency=low
  * docs: markdown formatting and misc improvements (#5757)
  * legal: selinux.c: Split Copyright notice & use same license as upstream
    (#5667)
-  * new profiles: fix-qdf, qpdf, zlib-flate, standard-notes
+  * new profiles: fix-qdf, qpdf, zlib-flate, standard-notes, url-eater
 -- netblue30 <netblue30@yahoo.com>  Mon, 17 Jan 2023 09:00:00 -0500
 firejail (0.9.72) baseline; urgency=low
diff --git a/etc/profile-m-z/url-eater.profile b/etc/profile-m-z/url-eater.profile
new file mode 100644
index 000000000..a894ff0f6
--- /dev/null
+++ b/etc/profile-m-z/url-eater.profile
@@ -0,0 +1,58 @@
+# Firejail profile for url-eater
+# Description: Clean unnecessary parameters from URLs copied to clipboard
+# This file is overwritten after every install/update
+# Persistent local customizations
+include url-eater.local
+# Persistent global definitions
+include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+tracelog
+disable-mnt
+private-bin url-eater
+private-cache
+private-dev
+private-etc url-eater.kdl
+private-lib
+#private-tmp # breaks on Arch
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+read-only ${HOME}
+restrict-namespaces
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 94e8b9194..1e996ef72 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -883,6 +883,7 @@ unbound
 unf
 unknown-horizons
 # unzstd - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095)
+url-eater
 utox
 uudeview
 uzbl-browser
author	glitsj16 <glitsj16@users.noreply.github.com>	2023-04-18 02:36:55 +0000
committer	GitHub <noreply@github.com>	2023-04-18 02:36:55 +0000
commit	7140573b9269b04cc36f5a9bd34a861ed2feb380 (patch)
tree	adaf50c9d1d61a5c28570e09b93f4ed37168eae3
parent	build(deps): bump actions/checkout from 3.5.0 to 3.5.2 (diff)
download	firejail-7140573b9269b04cc36f5a9bd34a861ed2feb380.tar.gz firejail-7140573b9269b04cc36f5a9bd34a861ed2feb380.tar.zst firejail-7140573b9269b04cc36f5a9bd34a861ed2feb380.zip

diff --git a/RELNOTES b/RELNOTES index 72cfa336e..6452e11ff 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -30,7 +30,7 @@ firejail (0.9.73) baseline; urgency=low
30	* docs: markdown formatting and misc improvements (#5757)	30	* docs: markdown formatting and misc improvements (#5757)
31	* legal: selinux.c: Split Copyright notice & use same license as upstream	31	* legal: selinux.c: Split Copyright notice & use same license as upstream
32	(#5667)	32	(#5667)
33	* new profiles: fix-qdf, qpdf, zlib-flate, standard-notes	33	* new profiles: fix-qdf, qpdf, zlib-flate, standard-notes, url-eater
34	-- netblue30 <netblue30@yahoo.com> Mon, 17 Jan 2023 09:00:00 -0500	34	-- netblue30 <netblue30@yahoo.com> Mon, 17 Jan 2023 09:00:00 -0500
35		35
36	firejail (0.9.72) baseline; urgency=low	36	firejail (0.9.72) baseline; urgency=low


diff --git a/etc/profile-m-z/url-eater.profile b/etc/profile-m-z/url-eater.profile new file mode 100644 index 000000000..a894ff0f6 --- /dev/null +++ b/etc/profile-m-z/url-eater.profile
@@ -0,0 +1,58 @@
		1	# Firejail profile for url-eater
		2	# Description: Clean unnecessary parameters from URLs copied to clipboard
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include url-eater.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	include disable-common.inc
		10	include disable-devel.inc
		11	include disable-exec.inc
		12	include disable-interpreters.inc
		13	include disable-proc.inc
		14	include disable-programs.inc
		15	include disable-shell.inc
		16	include disable-xdg.inc
		17
		18	include whitelist-common.inc
		19	include whitelist-run-common.inc
		20	include whitelist-runuser-common.inc
		21	include whitelist-usr-share-common.inc
		22	include whitelist-var-common.inc
		23
		24	apparmor
		25	caps.drop all
		26	ipc-namespace
		27	machine-id
		28	net none
		29	no3d
		30	nodvd
		31	nogroups
		32	noinput
		33	nonewprivs
		34	noprinters
		35	noroot
		36	nosound
		37	notv
		38	nou2f
		39	novideo
		40	protocol unix
		41	seccomp
		42	seccomp.block-secondary
		43	tracelog
		44
		45	disable-mnt
		46	private-bin url-eater
		47	private-cache
		48	private-dev
		49	private-etc url-eater.kdl
		50	private-lib
		51	#private-tmp # breaks on Arch
		52
		53	dbus-user none
		54	dbus-system none
		55
		56	memory-deny-write-execute
		57	read-only ${HOME}
		58	restrict-namespaces


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 94e8b9194..1e996ef72 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -883,6 +883,7 @@ unbound
883	unf	883	unf
884	unknown-horizons	884	unknown-horizons
885	# unzstd - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095)	885	# unzstd - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095)
		886	url-eater
886	utox	887	utox
887	uudeview	888	uudeview
888	uzbl-browser	889	uzbl-browser