diff options
author | netblue30 <netblue30@yahoo.com> | 2015-09-24 08:03:57 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-09-24 08:03:57 -0400 |
commit | 4f36b7246a74ecd3c2599292677ed82d96130801 (patch) | |
tree | d3358e03f344739e60ae2b0cb67766e727d2a960 | |
parent | profile work (diff) | |
download | firejail-4f36b7246a74ecd3c2599292677ed82d96130801.tar.gz firejail-4f36b7246a74ecd3c2599292677ed82d96130801.tar.zst firejail-4f36b7246a74ecd3c2599292677ed82d96130801.zip |
security profile work
-rw-r--r-- | RELNOTES | 9 | ||||
-rw-r--r-- | etc/audacious.profile | 4 | ||||
-rw-r--r-- | etc/clementine.profile | 4 | ||||
-rw-r--r-- | etc/deadbeef.profile | 4 | ||||
-rw-r--r-- | etc/deluge.profile | 4 | ||||
-rw-r--r-- | etc/disable-secret.inc | 1 | ||||
-rw-r--r-- | etc/dropbox.profile | 4 | ||||
-rw-r--r-- | etc/evince.profile | 4 | ||||
-rw-r--r-- | etc/fbreader.profile | 4 | ||||
-rw-r--r-- | etc/generic.profile | 5 | ||||
-rw-r--r-- | etc/gnome-mplayer.profile | 4 | ||||
-rw-r--r-- | etc/qbittorrent.profile | 4 | ||||
-rw-r--r-- | etc/rhythmbox.profile | 4 | ||||
-rw-r--r-- | etc/totem.profile | 4 | ||||
-rw-r--r-- | etc/transmission-gtk.profile | 4 | ||||
-rw-r--r-- | etc/transmission-qt.profile | 6 | ||||
-rw-r--r-- | etc/vlc.profile | 4 |
17 files changed, 66 insertions, 7 deletions
@@ -1,11 +1,12 @@ | |||
1 | ffirejail (0.9.31) baseline; urgency=low | 1 | firejail (0.9.31) baseline; urgency=low |
2 | * disable X11 autostart folders in default profiles | 2 | * lots of security profile changes |
3 | * disable subversion and git config files in home directory | ||
4 | * added FBReader default profile | 3 | * added FBReader default profile |
4 | * added --interface option | ||
5 | * bugfixes | ||
5 | -- netblue30 <netblue30@yahoo.com> current development | 6 | -- netblue30 <netblue30@yahoo.com> current development |
6 | 7 | ||
7 | 8 | ||
8 | irejail (0.9.30) baseline; urgency=low | 9 | firejail (0.9.30) baseline; urgency=low |
9 | * added a disable-history.inc profile as a result of Firefox PDF.js exploit; | 10 | * added a disable-history.inc profile as a result of Firefox PDF.js exploit; |
10 | disable-history.inc included in all default profiles | 11 | disable-history.inc included in all default profiles |
11 | * Firefox PDF.js exploit (CVE-2015-4495) fixes | 12 | * Firefox PDF.js exploit (CVE-2015-4495) fixes |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 923b70184..5f870c8ab 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
6 | caps.drop all | 10 | caps.drop all |
7 | seccomp | 11 | seccomp |
8 | noroot | 12 | noroot |
diff --git a/etc/clementine.profile b/etc/clementine.profile index 47c40506a..b972c18ff 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
6 | caps.drop all | 10 | caps.drop all |
7 | seccomp | 11 | seccomp |
8 | noroot | 12 | noroot |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 68027bd7c..d25db072c 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
6 | caps.drop all | 10 | caps.drop all |
7 | seccomp | 11 | seccomp |
8 | noroot | 12 | noroot |
diff --git a/etc/deluge.profile b/etc/deluge.profile index 24a082099..b54e31cfa 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
6 | caps.drop all | 10 | caps.drop all |
7 | seccomp | 11 | seccomp |
8 | netfilter | 12 | netfilter |
diff --git a/etc/disable-secret.inc b/etc/disable-secret.inc index 8ac1b3792..1042582a0 100644 --- a/etc/disable-secret.inc +++ b/etc/disable-secret.inc | |||
@@ -4,6 +4,5 @@ tmpfs ${HOME}/.gnome2_private | |||
4 | blacklist ${HOME}/.gnome2/keyrings | 4 | blacklist ${HOME}/.gnome2/keyrings |
5 | blacklist ${HOME}/kde4/share/apps/kwallet | 5 | blacklist ${HOME}/kde4/share/apps/kwallet |
6 | blacklist ${HOME}/kde/share/apps/kwallet | 6 | blacklist ${HOME}/kde/share/apps/kwallet |
7 | blacklist ${HOME}/.pki/nssdb | ||
8 | blacklist ${HOME}/.gnupg | 7 | blacklist ${HOME}/.gnupg |
9 | blacklist ${HOME}/.local/share/recently-used.xbel | 8 | blacklist ${HOME}/.local/share/recently-used.xbel |
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 008660f77..76723eb38 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
6 | caps | 10 | caps |
7 | seccomp | 11 | seccomp |
8 | noroot | 12 | noroot |
diff --git a/etc/evince.profile b/etc/evince.profile index 023fd2444..a79c4cf54 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
6 | caps.drop all | 10 | caps.drop all |
7 | seccomp | 11 | seccomp |
8 | noroot | 12 | noroot |
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 97baa2a3e..bf707d8ca 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -4,6 +4,10 @@ include /etc/firejail/disable-mgmt.inc | |||
4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-history.inc | 6 | include /etc/firejail/disable-history.inc |
7 | blacklist ${HOME}/.pki/nssdb | ||
8 | blacklist {HOME}/.lastpass | ||
9 | blacklist {HOME}/.keepassx | ||
10 | blacklist {HOME}/.password-store | ||
7 | caps.drop all | 11 | caps.drop all |
8 | seccomp | 12 | seccomp |
9 | netfilter | 13 | netfilter |
diff --git a/etc/generic.profile b/etc/generic.profile index f1c6af30d..c5dfb7929 100644 --- a/etc/generic.profile +++ b/etc/generic.profile | |||
@@ -5,7 +5,10 @@ include /etc/firejail/disable-mgmt.inc | |||
5 | include /etc/firejail/disable-secret.inc | 5 | include /etc/firejail/disable-secret.inc |
6 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-history.inc | 7 | include /etc/firejail/disable-history.inc |
8 | 8 | blacklist ${HOME}/.pki/nssdb | |
9 | blacklist {HOME}/.lastpass | ||
10 | blacklist {HOME}/.keepassx | ||
11 | blacklist {HOME}/.password-store | ||
9 | caps.drop all | 12 | caps.drop all |
10 | seccomp | 13 | seccomp |
11 | netfilter | 14 | netfilter |
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 4be1c1093..201af5007 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
6 | caps.drop all | 10 | caps.drop all |
7 | seccomp | 11 | seccomp |
8 | noroot | 12 | noroot |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index dd7be997c..b4c2c91c7 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
6 | caps.drop all | 10 | caps.drop all |
7 | seccomp | 11 | seccomp |
8 | netfilter | 12 | netfilter |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index f2870d543..e2cd0ef71 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
6 | caps.drop all | 10 | caps.drop all |
7 | seccomp | 11 | seccomp |
8 | noroot | 12 | noroot |
diff --git a/etc/totem.profile b/etc/totem.profile index 6b26a4e0e..a6e26dbdb 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
6 | caps.drop all | 10 | caps.drop all |
7 | seccomp | 11 | seccomp |
8 | noroot | 12 | noroot |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index dc1d9d524..525ee1785 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
6 | caps.drop all | 10 | caps.drop all |
7 | seccomp | 11 | seccomp |
8 | netfilter | 12 | netfilter |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 64c2ba8ad..9857ac712 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -3,7 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | caps.drop all | 6 | cblacklist ${HOME}/.pki/nssdb |
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
10 | aps.drop all | ||
7 | seccomp | 11 | seccomp |
8 | netfilter | 12 | netfilter |
9 | noroot | 13 | noroot |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 365ea838a..ef687abb7 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc | |||
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist {HOME}/.lastpass | ||
8 | blacklist {HOME}/.keepassx | ||
9 | blacklist {HOME}/.password-store | ||
6 | caps.drop all | 10 | caps.drop all |
7 | seccomp | 11 | seccomp |
8 | noroot | 12 | noroot |