diff options
author | netblue30 <netblue30@yahoo.com> | 2016-12-16 12:43:54 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-12-16 12:43:54 -0500 |
commit | ad1efc4dcc627880667a2eab7e949bbeb6530f6a (patch) | |
tree | a84790f5897bd4042685a0f8a4998d71adf8521d | |
parent | testing (diff) | |
parent | Fixed accidental typo (diff) | |
download | firejail-ad1efc4dcc627880667a2eab7e949bbeb6530f6a.tar.gz firejail-ad1efc4dcc627880667a2eab7e949bbeb6530f6a.tar.zst firejail-ad1efc4dcc627880667a2eab7e949bbeb6530f6a.zip |
Merge pull request #978 from Fred-Barclay/keepassx2
Add keepassx2 profile
-rw-r--r-- | README.md | 6 | ||||
-rw-r--r-- | RELNOTES | 16 | ||||
-rw-r--r-- | etc/disable-common.inc | 28 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/keepassx2.profile | 22 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 |
7 files changed, 50 insertions, 27 deletions
@@ -18,7 +18,7 @@ prefix your command with “firejail”: | |||
18 | 18 | ||
19 | ````` | 19 | ````` |
20 | $ firejail firefox # starting Mozilla Firefox | 20 | $ firejail firefox # starting Mozilla Firefox |
21 | $ firejail transmission-gtk # starting Transmission BitTorrent | 21 | $ firejail transmission-gtk # starting Transmission BitTorrent |
22 | $ firejail vlc # starting VideoLAN Client | 22 | $ firejail vlc # starting VideoLAN Client |
23 | $ sudo firejail /etc/init.d/nginx start | 23 | $ sudo firejail /etc/init.d/nginx start |
24 | ````` | 24 | ````` |
@@ -88,5 +88,5 @@ amarok, ark, atool, bleachbit, brasero, dolphin, dragon, elinks, enchant, exifto | |||
88 | gjs, gnome-books, gnome-clocks, gnome-documents, gnome-maps, gnome-music, gnome-photos, gnome-weather, | 88 | gjs, gnome-books, gnome-clocks, gnome-documents, gnome-maps, gnome-music, gnome-photos, gnome-weather, |
89 | goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, | 89 | goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, |
90 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, | 90 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, |
91 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, | 91 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, |
92 | PDFSam, Pithos, Xonotic, wireshark | 92 | PDFSam, Pithos, Xonotic, wireshark, keepassx2 |
@@ -16,9 +16,9 @@ firejail (0.9.45) baseline; urgency=low | |||
16 | * feature: config support for firejail prompt in terminal | 16 | * feature: config support for firejail prompt in terminal |
17 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, | 17 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, |
18 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, | 18 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, |
19 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, | 19 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, |
20 | * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, | 20 | * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, |
21 | * new profies: Xonotic, wireshark | 21 | * new profies: Xonotic, wireshark, keepassx2 |
22 | * bugfixes | 22 | * bugfixes |
23 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 | 23 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 |
24 | 24 | ||
@@ -32,7 +32,7 @@ firejail (0.9.44) baseline; urgency=low | |||
32 | * feature: support starting/joining sandbox is a single command | 32 | * feature: support starting/joining sandbox is a single command |
33 | (--join-or-start) | 33 | (--join-or-start) |
34 | * feature: X11 detection support for --audit | 34 | * feature: X11 detection support for --audit |
35 | * feature: assign a name to the interface connected to the bridge | 35 | * feature: assign a name to the interface connected to the bridge |
36 | (--veth-name) | 36 | (--veth-name) |
37 | * feature: all user home directories are visible (--allusers) | 37 | * feature: all user home directories are visible (--allusers) |
38 | * feature: add files to sandbox container (--put) | 38 | * feature: add files to sandbox container (--put) |
@@ -265,7 +265,7 @@ firejail (0.9.24) baseline; urgency=low | |||
265 | * two build patches from Reiner Herman (tickets 11, 12) | 265 | * two build patches from Reiner Herman (tickets 11, 12) |
266 | * man page patch from Reiner Herman (ticket 13) | 266 | * man page patch from Reiner Herman (ticket 13) |
267 | * output patch (ticket 15) from sshirokov | 267 | * output patch (ticket 15) from sshirokov |
268 | 268 | ||
269 | -- netblue30 <netblue30@yahoo.com> Sun, 5 Apr 2015 08:00:00 -0500 | 269 | -- netblue30 <netblue30@yahoo.com> Sun, 5 Apr 2015 08:00:00 -0500 |
270 | 270 | ||
271 | firejail (0.9.22) baseline; urgency=low | 271 | firejail (0.9.22) baseline; urgency=low |
@@ -330,7 +330,7 @@ firejail (0.9.16) baseline; urgency=low | |||
330 | -- netblue30 <netblue30@yahoo.com> Tue, 4 Nov 2014 10:00:00 -0500 | 330 | -- netblue30 <netblue30@yahoo.com> Tue, 4 Nov 2014 10:00:00 -0500 |
331 | 331 | ||
332 | firejail (0.9.14) baseline; urgency=low | 332 | firejail (0.9.14) baseline; urgency=low |
333 | * Linux capabilities and seccomp filters are automatically enabled in | 333 | * Linux capabilities and seccomp filters are automatically enabled in |
334 | chroot mode (--chroot option) if the sandbox is started as regular user | 334 | chroot mode (--chroot option) if the sandbox is started as regular user |
335 | * Added support for user defined seccomp blacklists | 335 | * Added support for user defined seccomp blacklists |
336 | * Added syscall trace support | 336 | * Added syscall trace support |
@@ -382,7 +382,7 @@ firejail (0.9.8.1) baseline; urgency=low | |||
382 | * FIxed a number of bugs introduced in 0.9.8 | 382 | * FIxed a number of bugs introduced in 0.9.8 |
383 | 383 | ||
384 | -- netblue30 <netblue30@yahoo.com> Fri, 25 Jul 2014 07:25:00 -0500 | 384 | -- netblue30 <netblue30@yahoo.com> Fri, 25 Jul 2014 07:25:00 -0500 |
385 | 385 | ||
386 | firejail (0.9.8) baseline; urgency=low | 386 | firejail (0.9.8) baseline; urgency=low |
387 | * Implemented nowrap mode for firejail --list command option | 387 | * Implemented nowrap mode for firejail --list command option |
388 | * Added --top option in both firejail and firemon | 388 | * Added --top option in both firejail and firemon |
@@ -391,7 +391,7 @@ firejail (0.9.8) baseline; urgency=low | |||
391 | * bugfixes | 391 | * bugfixes |
392 | 392 | ||
393 | -- netblue30 <netblue30@yahoo.com> Tue, 24 Jul 2014 08:51:00 -0500 | 393 | -- netblue30 <netblue30@yahoo.com> Tue, 24 Jul 2014 08:51:00 -0500 |
394 | 394 | ||
395 | firejail (0.9.6) baseline; urgency=low | 395 | firejail (0.9.6) baseline; urgency=low |
396 | 396 | ||
397 | * Mounting tmpfs on top of /var/log, required by several server programs | 397 | * Mounting tmpfs on top of /var/log, required by several server programs |
@@ -430,7 +430,7 @@ firejail (0.9.2) baseline; urgency=low | |||
430 | * Added an expect-based testing framework for the project | 430 | * Added an expect-based testing framework for the project |
431 | * Added bash completion support | 431 | * Added bash completion support |
432 | * Added support for multiple networks | 432 | * Added support for multiple networks |
433 | 433 | ||
434 | -- netblue30 <netblue30@yahoo.com> Fri, 25 Apr 2014 08:00:00 -0500 | 434 | -- netblue30 <netblue30@yahoo.com> Fri, 25 Apr 2014 08:00:00 -0500 |
435 | 435 | ||
436 | firejail (0.9) baseline; urgency=low | 436 | firejail (0.9) baseline; urgency=low |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index b86c6f998..07814a704 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -39,19 +39,19 @@ blacklist /usr/share/applications/veracrypt.* | |||
39 | blacklist /usr/share/pixmaps/veracrypt.* | 39 | blacklist /usr/share/pixmaps/veracrypt.* |
40 | blacklist ${HOME}/.VeraCrypt | 40 | blacklist ${HOME}/.VeraCrypt |
41 | 41 | ||
42 | # TrueCrypt | 42 | # TrueCrypt |
43 | blacklist ${PATH}/truecrypt | 43 | blacklist ${PATH}/truecrypt |
44 | blacklist ${PATH}/truecrypt-uninstall.sh | 44 | blacklist ${PATH}/truecrypt-uninstall.sh |
45 | blacklist /usr/share/truecrypt | 45 | blacklist /usr/share/truecrypt |
46 | blacklist /usr/share/applications/truecrypt.* | 46 | blacklist /usr/share/applications/truecrypt.* |
47 | blacklist /usr/share/pixmaps/truecrypt.* | 47 | blacklist /usr/share/pixmaps/truecrypt.* |
48 | blacklist ${HOME}/.TrueCrypt | 48 | blacklist ${HOME}/.TrueCrypt |
49 | 49 | ||
50 | # zuluCrypt | 50 | # zuluCrypt |
51 | blacklist ${HOME}/.zuluCrypt | 51 | blacklist ${HOME}/.zuluCrypt |
52 | blacklist ${HOME}/.zuluCrypt-socket | 52 | blacklist ${HOME}/.zuluCrypt-socket |
53 | blacklist ${PATH}/zuluCrypt-cli | 53 | blacklist ${PATH}/zuluCrypt-cli |
54 | blacklist ${PATH}/zuluMount-cli | 54 | blacklist ${PATH}/zuluMount-cli |
55 | 55 | ||
56 | # var | 56 | # var |
57 | blacklist /var/spool/cron | 57 | blacklist /var/spool/cron |
@@ -154,7 +154,7 @@ blacklist /etc/ssh | |||
154 | blacklist /var/backup | 154 | blacklist /var/backup |
155 | blacklist /home/.ecryptfs | 155 | blacklist /home/.ecryptfs |
156 | 156 | ||
157 | # system directories | 157 | # system directories |
158 | blacklist /sbin | 158 | blacklist /sbin |
159 | blacklist /usr/sbin | 159 | blacklist /usr/sbin |
160 | blacklist /usr/local/sbin | 160 | blacklist /usr/local/sbin |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a9ca487c5..279a65d6e 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -148,7 +148,7 @@ blacklist ${HOME}/.config/xreader | |||
148 | blacklist ${HOME}/.config/xviewer | 148 | blacklist ${HOME}/.config/xviewer |
149 | blacklist ${HOME}/.config/zathura | 149 | blacklist ${HOME}/.config/zathura |
150 | blacklist ${HOME}/.config/zoomus.conf | 150 | blacklist ${HOME}/.config/zoomus.conf |
151 | blacklist ${HOME}/.conkeror.mozdev.org | 151 | blacklist ${HOME}/.conkeror.mozdev.org |
152 | blacklist ${HOME}/.dillo | 152 | blacklist ${HOME}/.dillo |
153 | blacklist ${HOME}/.dosbox | 153 | blacklist ${HOME}/.dosbox |
154 | blacklist ${HOME}/.dropbox-dist | 154 | blacklist ${HOME}/.dropbox-dist |
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile new file mode 100644 index 000000000..d8621773f --- /dev/null +++ b/etc/keepassx2.profile | |||
@@ -0,0 +1,22 @@ | |||
1 | # keepassx password manager profile | ||
2 | noblacklist ${HOME}/.config/keepassx | ||
3 | noblacklist ${HOME}/.keepassx | ||
4 | noblacklist ${HOME}/keepassx.kdbx | ||
5 | |||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-devel.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | |||
11 | caps.drop all | ||
12 | nogroups | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | nosound | ||
16 | protocol unix | ||
17 | seccomp | ||
18 | netfilter | ||
19 | shell none | ||
20 | |||
21 | private-tmp | ||
22 | private-dev | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 97e7cf884..57657f208 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -111,6 +111,7 @@ | |||
111 | /etc/firejail/keepass.profile | 111 | /etc/firejail/keepass.profile |
112 | /etc/firejail/keepass2.profile | 112 | /etc/firejail/keepass2.profile |
113 | /etc/firejail/keepassx.profile | 113 | /etc/firejail/keepassx.profile |
114 | /etc/firejail/keepassx2.profile | ||
114 | /etc/firejail/kmail.profile | 115 | /etc/firejail/kmail.profile |
115 | /etc/firejail/konversation.profile | 116 | /etc/firejail/konversation.profile |
116 | /etc/firejail/less.profile | 117 | /etc/firejail/less.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index c4f52e256..fe65a5077 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -190,6 +190,7 @@ ranger | |||
190 | keepass | 190 | keepass |
191 | keepass2 | 191 | keepass2 |
192 | keepassx | 192 | keepassx |
193 | keepassx2 | ||
193 | pluma | 194 | pluma |
194 | tracker | 195 | tracker |
195 | wireshark | 196 | wireshark |
@@ -204,4 +205,3 @@ gnome-weather | |||
204 | ark | 205 | ark |
205 | atool | 206 | atool |
206 | file-roller | 207 | file-roller |
207 | |||