diff options
author | Tad <tad@spotco.us> | 2017-09-22 08:42:52 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-09-22 08:42:52 -0400 |
commit | 04adc450151cc5107098ef2f555ad526ac9f632e (patch) | |
tree | ce43807c66368539ffba1630ccedb0819cbc12dc | |
parent | Fixup merge of #1565 (diff) | |
download | firejail-04adc450151cc5107098ef2f555ad526ac9f632e.tar.gz firejail-04adc450151cc5107098ef2f555ad526ac9f632e.tar.zst firejail-04adc450151cc5107098ef2f555ad526ac9f632e.zip |
Further fixup #1565 and add a profile for uefitool
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | etc/bluefish.profile | 4 | ||||
-rw-r--r-- | etc/cliqz.profile | 4 | ||||
-rw-r--r-- | etc/disable-programs.inc | 3 | ||||
-rw-r--r-- | etc/pinta.profile | 12 | ||||
-rw-r--r-- | etc/uefitool.profile | 33 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 5 |
7 files changed, 53 insertions, 10 deletions
@@ -180,4 +180,4 @@ calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage, | |||
180 | calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth, | 180 | calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth, |
181 | imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, | 181 | imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, |
182 | ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, | 182 | ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, |
183 | conky, arch-audit, ffmpeg | 183 | conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool |
diff --git a/etc/bluefish.profile b/etc/bluefish.profile index a0bceabbe..f18dea296 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile | |||
@@ -1,11 +1,10 @@ | |||
1 | # Firejail profile for pluma | 1 | # Firejail profile for bluefish |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/pluma.local | 4 | include /etc/firejail/pluma.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/pluma | ||
9 | 8 | ||
10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
@@ -29,7 +28,6 @@ tracelog | |||
29 | 28 | ||
30 | private-bin bluefish | 29 | private-bin bluefish |
31 | private-dev | 30 | private-dev |
32 | # private-etc fonts | ||
33 | private-tmp | 31 | private-tmp |
34 | 32 | ||
35 | noexec ${HOME} | 33 | noexec ${HOME} |
diff --git a/etc/cliqz.profile b/etc/cliqz.profile index 9c0f44e97..a7c791a02 100644 --- a/etc/cliqz.profile +++ b/etc/cliqz.profile | |||
@@ -1,7 +1,7 @@ | |||
1 | # Firejail profile for firefox | 1 | # Firejail profile for cliqz |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/firefox.local | 4 | include /etc/firejail/cliqz.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 615e28172..ad589890c 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -81,6 +81,7 @@ blacklist ${HOME}/.config/chromium | |||
81 | blacklist ${HOME}/.config/chromium-dev | 81 | blacklist ${HOME}/.config/chromium-dev |
82 | blacklist ${HOME}/.config/chromium-flags.conf | 82 | blacklist ${HOME}/.config/chromium-flags.conf |
83 | blacklist ${HOME}/.config/clipit | 83 | blacklist ${HOME}/.config/clipit |
84 | blacklist ${HOME}/.config/cliqz | ||
84 | blacklist ${HOME}/.config/cmus | 85 | blacklist ${HOME}/.config/cmus |
85 | blacklist ${HOME}/.config/corebird | 86 | blacklist ${HOME}/.config/corebird |
86 | blacklist ${HOME}/.config/darktable | 87 | blacklist ${HOME}/.config/darktable |
@@ -142,6 +143,7 @@ blacklist ${HOME}/.config/opera-beta | |||
142 | blacklist ${HOME}/.config/orage | 143 | blacklist ${HOME}/.config/orage |
143 | blacklist ${HOME}/.config/org.kde.gwenviewrc | 144 | blacklist ${HOME}/.config/org.kde.gwenviewrc |
144 | blacklist ${HOME}/.config/pcmanfm | 145 | blacklist ${HOME}/.config/pcmanfm |
146 | blacklist ${HOME}/.config/Pinta | ||
145 | blacklist ${HOME}/.config/pix | 147 | blacklist ${HOME}/.config/pix |
146 | blacklist ${HOME}/.config/pluma | 148 | blacklist ${HOME}/.config/pluma |
147 | blacklist ${HOME}/.config/psi+ | 149 | blacklist ${HOME}/.config/psi+ |
@@ -408,6 +410,7 @@ blacklist ${HOME}/.cache/calibre | |||
408 | blacklist ${HOME}/.cache/champlain | 410 | blacklist ${HOME}/.cache/champlain |
409 | blacklist ${HOME}/.cache/chromium | 411 | blacklist ${HOME}/.cache/chromium |
410 | blacklist ${HOME}/.cache/chromium-dev | 412 | blacklist ${HOME}/.cache/chromium-dev |
413 | blacklist ${HOME}/.cache/cliqz | ||
411 | blacklist ${HOME}/.cache/darktable | 414 | blacklist ${HOME}/.cache/darktable |
412 | blacklist ${HOME}/.cache/epiphany | 415 | blacklist ${HOME}/.cache/epiphany |
413 | blacklist ${HOME}/.cache/evolution | 416 | blacklist ${HOME}/.cache/evolution |
diff --git a/etc/pinta.profile b/etc/pinta.profile index 2562e1b80..4228e5880 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile | |||
@@ -1,15 +1,21 @@ | |||
1 | # Firejail profile for krita | 1 | # Firejail profile for pinta |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/krita.local | 4 | include /etc/firejail/pinta.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | |||
9 | noblacklist ${HOME}/.config/Pinta | ||
10 | |||
8 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
10 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
11 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
12 | 15 | ||
16 | whitelist ${HOME}/.config/Pinta | ||
17 | include /etc/firejail/whitelist-common.inc | ||
18 | |||
13 | caps.drop all | 19 | caps.drop all |
14 | ipc-namespace | 20 | ipc-namespace |
15 | net none | 21 | net none |
@@ -27,7 +33,5 @@ shell none | |||
27 | private-dev | 33 | private-dev |
28 | private-tmp | 34 | private-tmp |
29 | 35 | ||
30 | |||
31 | whitelist ~/.config/Pinta | ||
32 | noexec ${HOME} | 36 | noexec ${HOME} |
33 | noexec /tmp | 37 | noexec /tmp |
diff --git a/etc/uefitool.profile b/etc/uefitool.profile new file mode 100644 index 000000000..138f69aa8 --- /dev/null +++ b/etc/uefitool.profile | |||
@@ -0,0 +1,33 @@ | |||
1 | # Firejail profile for uefitool | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/uefitool.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | |||
9 | include /etc/firejail/disable-common.inc | ||
10 | include /etc/firejail/disable-devel.inc | ||
11 | include /etc/firejail/disable-passwdmgr.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | |||
14 | caps.drop all | ||
15 | ipc-namespace | ||
16 | net none | ||
17 | no3d | ||
18 | nodvd | ||
19 | nogroups | ||
20 | nonewprivs | ||
21 | noroot | ||
22 | nosound | ||
23 | notv | ||
24 | novideo | ||
25 | protocol unix | ||
26 | seccomp | ||
27 | shell none | ||
28 | |||
29 | private-dev | ||
30 | private-tmp | ||
31 | |||
32 | noexec ${HOME} | ||
33 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 5a36f5e3e..e4a096d81 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -40,6 +40,7 @@ bitlbee | |||
40 | bleachbit | 40 | bleachbit |
41 | blender | 41 | blender |
42 | bless | 42 | bless |
43 | bluefish | ||
43 | brackets | 44 | brackets |
44 | brasero | 45 | brasero |
45 | brave | 46 | brave |
@@ -58,6 +59,7 @@ cherrytree | |||
58 | chromium | 59 | chromium |
59 | chromium-browser | 60 | chromium-browser |
60 | cin | 61 | cin |
62 | cinelerra | ||
61 | clamdscan | 63 | clamdscan |
62 | clamdtop | 64 | clamdtop |
63 | clamscan | 65 | clamscan |
@@ -241,6 +243,7 @@ odt2txt | |||
241 | okular | 243 | okular |
242 | open-invaders | 244 | open-invaders |
243 | openshot | 245 | openshot |
246 | openshot-qt | ||
244 | opera | 247 | opera |
245 | opera-beta | 248 | opera-beta |
246 | orage | 249 | orage |
@@ -252,6 +255,7 @@ peek | |||
252 | picard | 255 | picard |
253 | pidgin | 256 | pidgin |
254 | pingus | 257 | pingus |
258 | pinta | ||
255 | pithos | 259 | pithos |
256 | pix | 260 | pix |
257 | pluma | 261 | pluma |
@@ -314,6 +318,7 @@ transmission-qt | |||
314 | transmission-show | 318 | transmission-show |
315 | truecraft | 319 | truecraft |
316 | tuxguitar | 320 | tuxguitar |
321 | uefitool | ||
317 | uget-gtk | 322 | uget-gtk |
318 | unbound | 323 | unbound |
319 | unknown-horizons | 324 | unknown-horizons |