diff options
author | netblue30 <netblue30@yahoo.com> | 2016-09-27 11:32:59 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-09-27 11:32:59 -0400 |
commit | ed31d2238915749730856f877fceae3579b320da (patch) | |
tree | 9993d1a3f3dacc369a7cd237d5dcc58cf963c7cf | |
parent | CVE-2016-7545 (diff) | |
download | firejail-ed31d2238915749730856f877fceae3579b320da.tar.gz firejail-ed31d2238915749730856f877fceae3579b320da.tar.zst firejail-ed31d2238915749730856f877fceae3579b320da.zip |
mupdf and qpdfview profiles
-rw-r--r-- | README.md | 5 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/mupdf.profile | 18 | ||||
-rw-r--r-- | etc/qpdfview.profile | 22 | ||||
-rw-r--r-- | platform/debian/conffiles | 3 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 |
7 files changed, 53 insertions, 0 deletions
@@ -64,3 +64,8 @@ FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/ | |||
64 | ## New profile commands | 64 | ## New profile commands |
65 | 65 | ||
66 | x11 xpra, x11 xephyr, x11 block, allusers, join-or-start | 66 | x11 xpra, x11 xephyr, x11 block, allusers, join-or-start |
67 | |||
68 | ## New profiles | ||
69 | |||
70 | qpdfview, mupdf | ||
71 | |||
@@ -10,6 +10,7 @@ firejail (0.9.43) baseline; urgency=low | |||
10 | * feature: add files to sandbox container (--put) | 10 | * feature: add files to sandbox container (--put) |
11 | * feature: blocking x11 (--x11=block) | 11 | * feature: blocking x11 (--x11=block) |
12 | * feature: x11 xpra, x11 xephyr, x11 block, allusers profile commands | 12 | * feature: x11 xpra, x11 xephyr, x11 block, allusers profile commands |
13 | * new profiles: qpdfview, mupdf | ||
13 | * bugfixes | 14 | * bugfixes |
14 | -- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500 | 15 | -- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500 |
15 | 16 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fb0f5a669..54c53e794 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -26,6 +26,7 @@ blacklist ${HOME}/.kde/share/config/okularrc | |||
26 | blacklist ${HOME}/.kde/share/config/okularpartrc | 26 | blacklist ${HOME}/.kde/share/config/okularpartrc |
27 | blacklist ${HOME}/.kde/share/apps/gwenview | 27 | blacklist ${HOME}/.kde/share/apps/gwenview |
28 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 28 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
29 | blacklist ${HOME}/.config/qpdfview | ||
29 | 30 | ||
30 | # Media players | 31 | # Media players |
31 | blacklist ${HOME}/.config/cmus | 32 | blacklist ${HOME}/.config/cmus |
@@ -135,6 +136,7 @@ blacklist ${HOME}/.local/share/totem | |||
135 | blacklist ${HOME}/.local/share/psi+ | 136 | blacklist ${HOME}/.local/share/psi+ |
136 | blacklist ${HOME}/.local/share/pix | 137 | blacklist ${HOME}/.local/share/pix |
137 | blacklist ${HOME}/.local/share/gnome-chess | 138 | blacklist ${HOME}/.local/share/gnome-chess |
139 | blacklist ${HOME}/.local/share/qpdfview | ||
138 | 140 | ||
139 | # ssh | 141 | # ssh |
140 | blacklist /tmp/ssh-* | 142 | blacklist /tmp/ssh-* |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile new file mode 100644 index 000000000..6f2db511b --- /dev/null +++ b/etc/mupdf.profile | |||
@@ -0,0 +1,18 @@ | |||
1 | # mupdf reader profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | nogroups | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | nosound | ||
12 | protocol unix | ||
13 | seccomp | ||
14 | shell none | ||
15 | tracelog | ||
16 | |||
17 | private-tmp | ||
18 | private-dev | ||
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile new file mode 100644 index 000000000..07ea173e6 --- /dev/null +++ b/etc/qpdfview.profile | |||
@@ -0,0 +1,22 @@ | |||
1 | # qpdfview profile | ||
2 | noblacklist ${HOME}/.config/qpdfview | ||
3 | noblacklist ${HOME}/.local/share/qpdfview | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | nogroups | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | nosound | ||
15 | protocol unix | ||
16 | seccomp | ||
17 | shell none | ||
18 | tracelog | ||
19 | |||
20 | private-bin qpdfview | ||
21 | private-tmp | ||
22 | private-dev | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 691c536df..0c494c042 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -143,3 +143,6 @@ | |||
143 | /etc/firejail/xzdec.profile | 143 | /etc/firejail/xzdec.profile |
144 | /etc/firejail/strings.profile | 144 | /etc/firejail/strings.profile |
145 | /etc/firejail/dosbox.profile | 145 | /etc/firejail/dosbox.profile |
146 | /etc/firejail/mupdf.profile | ||
147 | /etc/firejail/qpdfview.profile | ||
148 | |||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index dd876c87c..ca28d025b 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -128,6 +128,8 @@ mathematica | |||
128 | okular | 128 | okular |
129 | pix | 129 | pix |
130 | xreader | 130 | xreader |
131 | mupdf | ||
132 | qpdfview | ||
131 | 133 | ||
132 | # other | 134 | # other |
133 | ssh | 135 | ssh |