diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-10-23 14:06:37 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-10-23 14:06:37 +0200 |
commit | 582ae38e811a7a768d2cfbcf93e711ebbc984e07 (patch) | |
tree | f290de320d79ced20ee3e194e91e12cab0d0baea | |
parent | Merge pull request #3683 from jmetrius/vlc-aacs-fix (diff) | |
download | firejail-582ae38e811a7a768d2cfbcf93e711ebbc984e07.tar.gz firejail-582ae38e811a7a768d2cfbcf93e711ebbc984e07.tar.zst firejail-582ae38e811a7a768d2cfbcf93e711ebbc984e07.zip |
harden peek; update README.md; add gnome-sound-…
…recorder to firecfg.config
-rw-r--r-- | README.md | 13 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/profile-m-z/peek.profile | 24 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
4 files changed, 25 insertions, 15 deletions
@@ -154,9 +154,9 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
154 | ````` | 154 | ````` |
155 | 155 | ||
156 | ````` | 156 | ````` |
157 | ## Latest released version: 0.9.62 | 157 | ## Latest released version: 0.9.64 |
158 | 158 | ||
159 | ## Current development version: 0.9.63 | 159 | ## Current development version: 0.9.65 |
160 | 160 | ||
161 | ### Profile Statistics | 161 | ### Profile Statistics |
162 | 162 | ||
@@ -191,12 +191,3 @@ Stats: | |||
191 | 191 | ||
192 | ### New profiles: | 192 | ### New profiles: |
193 | 193 | ||
194 | gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, | ||
195 | multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, | ||
196 | muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, | ||
197 | gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, | ||
198 | penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword, | ||
199 | four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars, | ||
200 | hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers, | ||
201 | seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication, xonotic-sdl-wrapper, openarena_ded, cawbird, freetube, homebank, mattermost-desktop, newsflash, com.gitlab.newsflash, element-desktop, sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx, minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar, vmware, git-cola, otter-browser, kazam, menulibre, musictube, onboard, fractal, mirage, quaternion, spectral, man, psi, smuxi-frontend-gnome, balsa, kube, trojita, cola, twitch, youtube, youtubemusic-nativefier, ytmdesktop, dbus-send, notify-send, qrencode, | ||
202 | xournalpp, chromium-freeworld, equalx | ||
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index a7ce7ed8a..42d690c94 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -68,7 +68,6 @@ blacklist ${HOME}/.cliqz | |||
68 | blacklist ${HOME}/.clonk | 68 | blacklist ${HOME}/.clonk |
69 | blacklist ${HOME}/.config/0ad | 69 | blacklist ${HOME}/.config/0ad |
70 | blacklist ${HOME}/.config/2048-qt | 70 | blacklist ${HOME}/.config/2048-qt |
71 | blacklist ${HOME}/.config/aacs | ||
72 | blacklist ${HOME}/.config/Atom | 71 | blacklist ${HOME}/.config/Atom |
73 | blacklist ${HOME}/.config/Audaciousrc | 72 | blacklist ${HOME}/.config/Audaciousrc |
74 | blacklist ${HOME}/.config/Authenticator | 73 | blacklist ${HOME}/.config/Authenticator |
@@ -143,6 +142,7 @@ blacklist ${HOME}/.config/Wire | |||
143 | blacklist ${HOME}/.config/Youtube | 142 | blacklist ${HOME}/.config/Youtube |
144 | blacklist ${HOME}/.config/Zeal | 143 | blacklist ${HOME}/.config/Zeal |
145 | blacklist ${HOME}/.config/ZeGrapher Project | 144 | blacklist ${HOME}/.config/ZeGrapher Project |
145 | blacklist ${HOME}/.config/aacs | ||
146 | blacklist ${HOME}/.config/abiword | 146 | blacklist ${HOME}/.config/abiword |
147 | blacklist ${HOME}/.config/agenda | 147 | blacklist ${HOME}/.config/agenda |
148 | blacklist ${HOME}/.config/akonadi* | 148 | blacklist ${HOME}/.config/akonadi* |
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile index 66fdd6496..28a7da404 100644 --- a/etc/profile-m-z/peek.profile +++ b/etc/profile-m-z/peek.profile | |||
@@ -17,7 +17,18 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | #mkdir ${HOME}/.cache/peek | ||
21 | #whitelist ${HOME}/.cache/peek | ||
22 | #whitelist ${PICTURES} | ||
23 | #whitelist ${VIDEOS} | ||
24 | #include whitelist-common.inc | ||
25 | include whitelist-runuser-common.inc | ||
26 | include whitelist-usr-share-common.inc | ||
27 | include whitelist-var-common.inc | ||
28 | |||
29 | apparmor | ||
20 | caps.drop all | 30 | caps.drop all |
31 | machine-id | ||
21 | net none | 32 | net none |
22 | no3d | 33 | no3d |
23 | nodvd | 34 | nodvd |
@@ -31,13 +42,20 @@ novideo | |||
31 | protocol unix | 42 | protocol unix |
32 | seccomp | 43 | seccomp |
33 | shell none | 44 | shell none |
45 | tracelog | ||
34 | 46 | ||
35 | # private-bin breaks gif mode, mp4 and webm mode work fine however | 47 | disable-mnt |
36 | # private-bin convert,ffmpeg,peek | 48 | private-bin bash,convert,ffmpeg,firejail,fish,peek,sh,which,zsh |
37 | private-dev | 49 | private-dev |
50 | private-etc dconf,firejail,fonts,gtk-3.0,login.defs,pango,passwd,X11 | ||
38 | private-tmp | 51 | private-tmp |
39 | 52 | ||
40 | dbus-user none | 53 | dbus-user filter |
54 | dbus-user.own com.uploadedlobster.peek | ||
55 | dbus-user.talk ca.desrt.dconf | ||
56 | dbus-user.talk org.freedesktop.FileManager1 | ||
57 | dbus-user.talk org.freedesktop.Notifications | ||
58 | dbus-user.talk org.gnome.Shell.Screencast | ||
41 | dbus-system none | 59 | dbus-system none |
42 | 60 | ||
43 | memory-deny-write-execute | 61 | memory-deny-write-execute |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index d16aa2ee9..906d86484 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -307,6 +307,7 @@ gnome-recipes | |||
307 | gnome-robots | 307 | gnome-robots |
308 | gnome-schedule | 308 | gnome-schedule |
309 | gnome-screenshot | 309 | gnome-screenshot |
310 | gnome-sound-recorder | ||
310 | gnome-sudoku | 311 | gnome-sudoku |
311 | gnome-system-log | 312 | gnome-system-log |
312 | gnome-taquin | 313 | gnome-taquin |