diff options
| author |  smitsohu <smitsohu@gmail.com> | 2018-08-19 22:21:20 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2018-08-19 22:21:20 +0200 |
| commit | 203a76861fd8db3bc1ca60c04085a26ad6324ee9 (patch) | |
| tree | 308ea68eb33c2dc4313dcf095e0da9930483c610 | |
| parent | check privileges for dns.print (diff) | |
| parent | Add a profile for ClamTK (diff) | |
| download | firejail-203a76861fd8db3bc1ca60c04085a26ad6324ee9.tar.gz firejail-203a76861fd8db3bc1ca60c04085a26ad6324ee9.tar.zst firejail-203a76861fd8db3bc1ca60c04085a26ad6324ee9.zip | |
Merge branch 'master' of https://github.com/netblue30/firejail
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | RELNOTES | 2 | ||||
| -rw-r--r-- | etc/clamtk.profile | 28 | ||||
| -rw-r--r-- | etc/disable-passwdmgr.inc | 1 | ||||
| -rw-r--r-- | etc/keepassxc.profile | 6 | ||||
| -rw-r--r-- | etc/steam.profile | 2 | ||||
| -rw-r--r-- | src/firecfg/firecfg.config | 1 |
7 files changed, 37 insertions, 5 deletions
| @@ -167,4 +167,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
| 167 | ## New profiles | 167 | ## New profiles |
| 168 | Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop, | 168 | Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop, |
| 169 | shellcheck, patch, flameshot, rview, rvim, vimcat, vimdiff, vimpager, vimtutor, | 169 | shellcheck, patch, flameshot, rview, rvim, vimcat, vimdiff, vimpager, vimtutor, |
| 170 | xxd, Beaker, electrum | 170 | xxd, Beaker, electrum, clamtk |
| @@ -16,7 +16,7 @@ firejail (0.9.56~rc1) baseline; urgency=low | |||
| 16 | * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, | 16 | * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, |
| 17 | * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, | 17 | * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, |
| 18 | * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd, | 18 | * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd, |
| 19 | * new profiles: Beaker, electrum | 19 | * new profiles: Beaker, electrum, clamtk |
| 20 | -- netblue30 <netblue30@yahoo.com> Sat, 11 Aug 2018 08:00:00 -0500 | 20 | -- netblue30 <netblue30@yahoo.com> Sat, 11 Aug 2018 08:00:00 -0500 |
| 21 | 21 | ||
| 22 | firejail (0.9.54) baseline; urgency=low | 22 | firejail (0.9.54) baseline; urgency=low |
diff --git a/etc/clamtk.profile b/etc/clamtk.profile new file mode 100644 index 000000000..d916381b2 --- /dev/null +++ b/etc/clamtk.profile | |||
| @@ -0,0 +1,28 @@ | |||
| 1 | # Firejail profile for clamtk | ||
| 2 | # This file is overwritten after every install/update | ||
| 3 | # Persistent local customizations | ||
| 4 | include /etc/firejail/clamtk.local | ||
| 5 | # Persistent global definitions | ||
| 6 | include /etc/firejail/globals.local | ||
| 7 | |||
| 8 | caps.drop all | ||
| 9 | ipc-namespace | ||
| 10 | net none | ||
| 11 | no3d | ||
| 12 | nodbus | ||
| 13 | nodvd | ||
| 14 | nogroups | ||
| 15 | nonewprivs | ||
| 16 | noroot | ||
| 17 | nosound | ||
| 18 | notv | ||
| 19 | novideo | ||
| 20 | protocol unix | ||
| 21 | seccomp | ||
| 22 | shell none | ||
| 23 | |||
| 24 | private-dev | ||
| 25 | |||
| 26 | memory-deny-write-execute | ||
| 27 | noexec ${HOME} | ||
| 28 | noexec /tmp | ||
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index 6ef11780e..597fbd1fc 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc | |||
| @@ -10,6 +10,7 @@ blacklist ${HOME}/.config/Sinew Software Systems | |||
| 10 | blacklist ${HOME}/.keepass | 10 | blacklist ${HOME}/.keepass |
| 11 | blacklist ${HOME}/.keepassx | 11 | blacklist ${HOME}/.keepassx |
| 12 | blacklist ${HOME}/.keepassxc | 12 | blacklist ${HOME}/.keepassxc |
| 13 | blacklist ${HOME}/.keepassxc-socket | ||
| 13 | blacklist ${HOME}/.lastpass | 14 | blacklist ${HOME}/.lastpass |
| 14 | blacklist ${HOME}/.local/share/KeePass | 15 | blacklist ${HOME}/.local/share/KeePass |
| 15 | blacklist ${HOME}/.local/share/keepass | 16 | blacklist ${HOME}/.local/share/keepass |
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index dcd652e55..2073feabb 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/*.kdb | |||
| 10 | noblacklist ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
| 11 | noblacklist ${HOME}/.config/keepassxc | 11 | noblacklist ${HOME}/.config/keepassxc |
| 12 | noblacklist ${HOME}/.keepassxc | 12 | noblacklist ${HOME}/.keepassxc |
| 13 | noblacklist ${HOME}/.keepassxc-socket | ||
| 13 | # 2.2.4 needs this path when compiled with "Native messaging browser extension" | 14 | # 2.2.4 needs this path when compiled with "Native messaging browser extension" |
| 14 | noblacklist ${HOME}/.mozilla | 15 | noblacklist ${HOME}/.mozilla |
| 15 | noblacklist ${DOCUMENTS} | 16 | noblacklist ${DOCUMENTS} |
| @@ -34,7 +35,7 @@ nonewprivs | |||
| 34 | noroot | 35 | noroot |
| 35 | nosound | 36 | nosound |
| 36 | notv | 37 | notv |
| 37 | pnovideo | 38 | novideo |
| 38 | protocol unix | 39 | protocol unix |
| 39 | seccomp | 40 | seccomp |
| 40 | shell none | 41 | shell none |
| @@ -49,6 +50,7 @@ private-tmp | |||
| 49 | noexec ${HOME} | 50 | noexec ${HOME} |
| 50 | noexec /tmp | 51 | noexec /tmp |
| 51 | 52 | ||
| 53 | # Mutex is stored in /tmp by default, which is broken by private-tmp | ||
| 54 | # Make a new directory and have it stored there. Fixes #2062 | ||
| 52 | mkdir ${HOME}/.keepassxc-socket | 55 | mkdir ${HOME}/.keepassxc-socket |
| 53 | |||
| 54 | env TMPDIR=${HOME}/.keepassxc-socket/ | 56 | env TMPDIR=${HOME}/.keepassxc-socket/ |
diff --git a/etc/steam.profile b/etc/steam.profile index 4ebd941dd..8dbe613f8 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
| @@ -67,5 +67,5 @@ shell none | |||
| 67 | # private-dev should be commented for controllers | 67 | # private-dev should be commented for controllers |
| 68 | private-dev | 68 | private-dev |
| 69 | # private-etc breaks a small selection of games on some systems, comment to support those | 69 | # private-etc breaks a small selection of games on some systems, comment to support those |
| 70 | private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives | 70 | private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives,bumblebee,nvidia,os-release |
| 71 | private-tmp | 71 | private-tmp |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index a33aaeb49..648470b27 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
| @@ -77,6 +77,7 @@ cinelerra | |||
| 77 | clamdscan | 77 | clamdscan |
| 78 | clamdtop | 78 | clamdtop |
| 79 | clamscan | 79 | clamscan |
| 80 | clamtk | ||
| 80 | claws-mail | 81 | claws-mail |
| 81 | clementine | 82 | clementine |
| 82 | clipit | 83 | clipit |