private-etc: libreoffice, audacity, forzen-bubble, transmission, md5sum/sha512sum, more sysutils testing, fix electron-hardened.inc.profile

author: netblue30 <netblue30@protonmail.com> 2023-02-08 17:50:44 -0500
committer: netblue30 <netblue30@protonmail.com> 2023-02-08 17:50:44 -0500
commit: 7176e6324d444b681b822f2a29c15d61c7f92677 (patch)
tree: 3a86a02ba87253be99886ff0f593ae300e2f9959
parent: adding machine-id to x11 group (diff)
download: firejail-7176e6324d444b681b822f2a29c15d61c7f92677.tar.gz
firejail-7176e6324d444b681b822f2a29c15d61c7f92677.tar.zst
firejail-7176e6324d444b681b822f2a29c15d61c7f92677.zip
11 files changed, 73 insertions, 1 deletions
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile
index 371054728..fcac0137e 100644
--- a/etc/profile-a-l/audacity.profile
+++ b/etc/profile-a-l/audacity.profile
@@ -50,6 +50,7 @@ tracelog
 private-bin audacity
 private-dev
+private-etc @x11,gcrypt
 private-tmp
 # problems on Fedora 27
diff --git a/etc/profile-a-l/electron-hardened.inc.profile b/etc/profile-a-l/electron-hardened.inc.profile
index eacf5cebe..a9e1756d9 100644
--- a/etc/profile-a-l/electron-hardened.inc.profile
+++ b/etc/profile-a-l/electron-hardened.inc.profile
@@ -7,4 +7,4 @@ include electron-hardened.inc.local
 #include globals.local
 # Redirect
-include chrome-common-hardened.inc.profile
+include chromium-common-hardened.inc.profile
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile
index 86a8a8fc6..f162a4a31 100644
--- a/etc/profile-a-l/frozen-bubble.profile
+++ b/etc/profile-a-l/frozen-bubble.profile
@@ -22,6 +22,7 @@ mkdir ${HOME}/.frozen-bubble
 whitelist ${HOME}/.frozen-bubble
 include whitelist-common.inc
 include whitelist-runuser-common.inc
+whitelist /usr/share/games
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
@@ -42,6 +43,7 @@ tracelog
 disable-mnt
 # private-bin frozen-bubble
 private-dev
+private-etc @games,@x11
 private-tmp
 dbus-user none
diff --git a/etc/profile-a-l/gnome-calculator.profile b/etc/profile-a-l/gnome-calculator.profile
index 3926146ff..e5c6022e8 100644
--- a/etc/profile-a-l/gnome-calculator.profile
+++ b/etc/profile-a-l/gnome-calculator.profile
@@ -45,6 +45,7 @@ disable-mnt
 private-bin gnome-calculator
 private-cache
 private-dev
+private-etc @x11
 #private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*,libgnutls.so.*,libproxy.so.*,librsvg-2.so.*,libxml2.so.*
 private-tmp
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile
index fd8246aae..96e69d6cf 100644
--- a/etc/profile-a-l/hasher-common.profile
+++ b/etc/profile-a-l/hasher-common.profile
@@ -48,6 +48,7 @@ x11 none
 # Add the next line to your hasher-common.local if you don't need to hash files in ~/.cache.
 #private-cache
 private-dev
+private-etc
 # Add the next line to your hasher-common.local if you don't need to hash files in /tmp.
 #private-tmp
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile
index 518928876..d7144d8c3 100644
--- a/etc/profile-a-l/libreoffice.profile
+++ b/etc/profile-a-l/libreoffice.profile
@@ -50,6 +50,7 @@ tracelog
 #private-bin libreoffice,sh,uname,dirname,grep,sed,basename,ls
 private-cache
 private-dev
+private-etc @tls-ca,@x11,cups,gnupg,libreoffice,papersize,ssh
 private-tmp
 dbus-system none
diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile
index 0a9029c97..d80eb708b 100644
--- a/etc/profile-m-z/transmission-common.profile
+++ b/etc/profile-m-z/transmission-common.profile
@@ -44,6 +44,7 @@ tracelog
 private-cache
 private-dev
+private-etc @tls-ca,@x11
 private-tmp
 dbus-user none
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 793ec9a52..db73dd1f6 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -519,6 +519,7 @@ matrix-mirage
 mattermost-desktop
 mcabber
 mcomix
+md5sum
 mediainfo
 mediathekview
 megaglest
@@ -736,6 +737,11 @@ seahorse-tool
 seamonkey
 seamonkey-bin
 secret-tool
+sha1sum
+sha224sum
+sha256sum
+sha348sum
+sha512sum
 shellcheck
 shortwave
 shotcut
@@ -775,6 +781,7 @@ straw-viewer
 strings
 studio.sh
 subdownloader
+sum
 supertux2
 supertuxkart
 surf
diff --git a/test/sysutils/md5sum.exp b/test/sysutils/md5sum.exp
new file mode 100755
index 000000000..ab2482808
--- /dev/null
+++ b/test/sysutils/md5sum.exp
@@ -0,0 +1,21 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2022 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail md5sum ../../COPYING\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "b234ee"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "COPYING"
+}
+after 500
+puts "\nall done\n"
diff --git a/test/sysutils/sha512sum.exp b/test/sysutils/sha512sum.exp
new file mode 100755
index 000000000..2a88fef83
--- /dev/null
+++ b/test/sysutils/sha512sum.exp
@@ -0,0 +1,21 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2022 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail sha512sum ../../COPYING\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "aee80b1f"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "COPYING"
+}
+after 500
+puts "\nall done\n"
diff --git a/test/sysutils/sysutils.sh b/test/sysutils/sysutils.sh
index a1aaa80a7..3c035c69c 100755
--- a/test/sysutils/sysutils.sh
+++ b/test/sysutils/sysutils.sh
@@ -7,6 +7,22 @@ export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 export LC_ALL=C
+if command -v md5sum
+then
+        echo "TESTING: md5sum"
+        ./md5sum.exp
+else
+        echo "TESTING SKIP: md5sum not found"
+fi
+if command -v sha512sum
+then
+        echo "TESTING: sha512sum"
+        ./sha512sum.exp
+else
+        echo "TESTING SKIP: sha512sum not found"
+fi
 if command -v cpio
 then
        echo "TESTING: cpio"
author	netblue30 <netblue30@protonmail.com>	2023-02-08 17:50:44 -0500
committer	netblue30 <netblue30@protonmail.com>	2023-02-08 17:50:44 -0500
commit	7176e6324d444b681b822f2a29c15d61c7f92677 (patch)
tree	3a86a02ba87253be99886ff0f593ae300e2f9959
parent	adding machine-id to x11 group (diff)
download	firejail-7176e6324d444b681b822f2a29c15d61c7f92677.tar.gz firejail-7176e6324d444b681b822f2a29c15d61c7f92677.tar.zst firejail-7176e6324d444b681b822f2a29c15d61c7f92677.zip

diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile index 371054728..fcac0137e 100644 --- a/etc/profile-a-l/audacity.profile +++ b/etc/profile-a-l/audacity.profile
@@ -50,6 +50,7 @@ tracelog
50		50
51	private-bin audacity	51	private-bin audacity
52	private-dev	52	private-dev
		53	private-etc @x11,gcrypt
53	private-tmp	54	private-tmp
54		55
55	# problems on Fedora 27	56	# problems on Fedora 27


diff --git a/etc/profile-a-l/electron-hardened.inc.profile b/etc/profile-a-l/electron-hardened.inc.profile index eacf5cebe..a9e1756d9 100644 --- a/etc/profile-a-l/electron-hardened.inc.profile +++ b/etc/profile-a-l/electron-hardened.inc.profile
@@ -7,4 +7,4 @@ include electron-hardened.inc.local
7	#include globals.local	7	#include globals.local
8		8
9	# Redirect	9	# Redirect
10	include chrome-common-hardened.inc.profile	10	include chromium-common-hardened.inc.profile


diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile index 86a8a8fc6..f162a4a31 100644 --- a/etc/profile-a-l/frozen-bubble.profile +++ b/etc/profile-a-l/frozen-bubble.profile
@@ -22,6 +22,7 @@ mkdir ${HOME}/.frozen-bubble
22	whitelist ${HOME}/.frozen-bubble	22	whitelist ${HOME}/.frozen-bubble
23	include whitelist-common.inc	23	include whitelist-common.inc
24	include whitelist-runuser-common.inc	24	include whitelist-runuser-common.inc
		25	whitelist /usr/share/games
25	include whitelist-usr-share-common.inc	26	include whitelist-usr-share-common.inc
26	include whitelist-var-common.inc	27	include whitelist-var-common.inc
27		28
@@ -42,6 +43,7 @@ tracelog
42	disable-mnt	43	disable-mnt
43	# private-bin frozen-bubble	44	# private-bin frozen-bubble
44	private-dev	45	private-dev
		46	private-etc @games,@x11
45	private-tmp	47	private-tmp
46		48
47	dbus-user none	49	dbus-user none


diff --git a/etc/profile-a-l/gnome-calculator.profile b/etc/profile-a-l/gnome-calculator.profile index 3926146ff..e5c6022e8 100644 --- a/etc/profile-a-l/gnome-calculator.profile +++ b/etc/profile-a-l/gnome-calculator.profile
@@ -45,6 +45,7 @@ disable-mnt
45	private-bin gnome-calculator	45	private-bin gnome-calculator
46	private-cache	46	private-cache
47	private-dev	47	private-dev
		48	private-etc @x11
48	#private-lib gdk-pixbuf-2.,gio,girepository-1.,gvfs,libgconf-2.so.,libgnutls.so.,libproxy.so.,librsvg-2.so.,libxml2.so.*	49	#private-lib gdk-pixbuf-2.,gio,girepository-1.,gvfs,libgconf-2.so.,libgnutls.so.,libproxy.so.,librsvg-2.so.,libxml2.so.*
49	private-tmp	50	private-tmp
50		51


diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile index fd8246aae..96e69d6cf 100644 --- a/etc/profile-a-l/hasher-common.profile +++ b/etc/profile-a-l/hasher-common.profile
@@ -48,6 +48,7 @@ x11 none
48	# Add the next line to your hasher-common.local if you don't need to hash files in ~/.cache.	48	# Add the next line to your hasher-common.local if you don't need to hash files in ~/.cache.
49	#private-cache	49	#private-cache
50	private-dev	50	private-dev
		51	private-etc
51	# Add the next line to your hasher-common.local if you don't need to hash files in /tmp.	52	# Add the next line to your hasher-common.local if you don't need to hash files in /tmp.
52	#private-tmp	53	#private-tmp
53		54


diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index 518928876..d7144d8c3 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile
@@ -50,6 +50,7 @@ tracelog
50	#private-bin libreoffice,sh,uname,dirname,grep,sed,basename,ls	50	#private-bin libreoffice,sh,uname,dirname,grep,sed,basename,ls
51	private-cache	51	private-cache
52	private-dev	52	private-dev
		53	private-etc @tls-ca,@x11,cups,gnupg,libreoffice,papersize,ssh
53	private-tmp	54	private-tmp
54		55
55	dbus-system none	56	dbus-system none


diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile index 0a9029c97..d80eb708b 100644 --- a/etc/profile-m-z/transmission-common.profile +++ b/etc/profile-m-z/transmission-common.profile
@@ -44,6 +44,7 @@ tracelog
44		44
45	private-cache	45	private-cache
46	private-dev	46	private-dev
		47	private-etc @tls-ca,@x11
47	private-tmp	48	private-tmp
48		49
49	dbus-user none	50	dbus-user none


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 793ec9a52..db73dd1f6 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -519,6 +519,7 @@ matrix-mirage
519	mattermost-desktop	519	mattermost-desktop
520	mcabber	520	mcabber
521	mcomix	521	mcomix
		522	md5sum
522	mediainfo	523	mediainfo
523	mediathekview	524	mediathekview
524	megaglest	525	megaglest
@@ -736,6 +737,11 @@ seahorse-tool
736	seamonkey	737	seamonkey
737	seamonkey-bin	738	seamonkey-bin
738	secret-tool	739	secret-tool
		740	sha1sum
		741	sha224sum
		742	sha256sum
		743	sha348sum
		744	sha512sum
739	shellcheck	745	shellcheck
740	shortwave	746	shortwave
741	shotcut	747	shotcut
@@ -775,6 +781,7 @@ straw-viewer
775	strings	781	strings
776	studio.sh	782	studio.sh
777	subdownloader	783	subdownloader
		784	sum
778	supertux2	785	supertux2
779	supertuxkart	786	supertuxkart
780	surf	787	surf


diff --git a/test/sysutils/md5sum.exp b/test/sysutils/md5sum.exp new file mode 100755 index 000000000..ab2482808 --- /dev/null +++ b/test/sysutils/md5sum.exp
@@ -0,0 +1,21 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2022 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail md5sum ../../COPYING\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"b234ee"
		14	}
		15	expect {
		16	timeout {puts "TESTING ERROR 1\n";exit}
		17	"COPYING"
		18	}
		19
		20	after 500
		21	puts "\nall done\n"


diff --git a/test/sysutils/sha512sum.exp b/test/sysutils/sha512sum.exp new file mode 100755 index 000000000..2a88fef83 --- /dev/null +++ b/test/sysutils/sha512sum.exp
@@ -0,0 +1,21 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2022 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail sha512sum ../../COPYING\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"aee80b1f"
		14	}
		15	expect {
		16	timeout {puts "TESTING ERROR 1\n";exit}
		17	"COPYING"
		18	}
		19
		20	after 500
		21	puts "\nall done\n"


diff --git a/test/sysutils/sysutils.sh b/test/sysutils/sysutils.sh index a1aaa80a7..3c035c69c 100755 --- a/test/sysutils/sysutils.sh +++ b/test/sysutils/sysutils.sh
@@ -7,6 +7,22 @@ export MALLOC_CHECK_=3
7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))	7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
8	export LC_ALL=C	8	export LC_ALL=C
9		9
		10	if command -v md5sum
		11	then
		12	echo "TESTING: md5sum"
		13	./md5sum.exp
		14	else
		15	echo "TESTING SKIP: md5sum not found"
		16	fi
		17
		18	if command -v sha512sum
		19	then
		20	echo "TESTING: sha512sum"
		21	./sha512sum.exp
		22	else
		23	echo "TESTING SKIP: sha512sum not found"
		24	fi
		25
10	if command -v cpio	26	if command -v cpio
11	then	27	then
12	echo "TESTING: cpio"	28	echo "TESTING: cpio"