aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2015-11-10 07:56:29 -0500
committerLibravatar netblue30 <netblue30@yahoo.com>2015-11-10 07:56:29 -0500
commit863e09e7c9e964b6feb760f7642ee629b29a5702 (patch)
treea84aec86b8faa40fbca9389a150cf3f457195670
parentremoved test and src/tools from make dist achive (diff)
downloadfirejail-863e09e7c9e964b6feb760f7642ee629b29a5702.tar.gz
firejail-863e09e7c9e964b6feb760f7642ee629b29a5702.tar.zst
firejail-863e09e7c9e964b6feb760f7642ee629b29a5702.zip
added dnscrypt-proxy and unbound profiles
Diffstat
-rw-r--r--Makefile.in2
-rw-r--r--README.md29
-rw-r--r--RELNOTES5
-rw-r--r--etc/dnscrypt-proxy.profile8
-rw-r--r--etc/unbound.profile8
-rw-r--r--platform/debian/conffiles2
6 files changed, 54 insertions, 0 deletions
diff --git a/Makefile.in b/Makefile.in
index 461fa4086..d9343d149 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -113,6 +113,8 @@ realinstall:
113 install -c -m 0644 etc/wine.profile $(DESTDIR)/$(sysconfdir)/firejail/. 113 install -c -m 0644 etc/wine.profile $(DESTDIR)/$(sysconfdir)/firejail/.
114 install -c -m 0644 etc/disable-devel.inc $(DESTDIR)/$(sysconfdir)/firejail/. 114 install -c -m 0644 etc/disable-devel.inc $(DESTDIR)/$(sysconfdir)/firejail/.
115 install -c -m 0644 etc/conkeror.profile $(DESTDIR)/$(sysconfdir)/firejail/. 115 install -c -m 0644 etc/conkeror.profile $(DESTDIR)/$(sysconfdir)/firejail/.
116 install -c -m 0644 etc/unbound.profile $(DESTDIR)/$(sysconfdir)/firejail/.
117 install -c -m 0644 etc/dnscrypt-proxy.profile $(DESTDIR)/$(sysconfdir)/firejail/.
116 bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" 118 bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
117 # man pages 119 # man pages
118 rm -f firejail.1.gz 120 rm -f firejail.1.gz
diff --git a/README.md b/README.md
index ecae2d38a..eb4a1c21b 100644
--- a/README.md
+++ b/README.md
@@ -32,5 +32,34 @@ Usage: https://l3net.wordpress.com/projects/firejail/firejail-usage/
32 32
33FAQ: https://l3net.wordpress.com/projects/firejail/firejail-faq/ 33FAQ: https://l3net.wordpress.com/projects/firejail/firejail-faq/
34 34
35## Development version 0.9.35
35 36
37### Firefox whitelists:
38
39The current whitelist of files and directories for Firefox is as follows:
40`````
41whitelist ~/.mozilla (0.9.34)
42whitelist ~/Downloads (0.9.34)
43whitelist ~/Загрузки (new in 0.9.35)
44whitelist ~/dwhelper (0.9.34)
45whitelist ~/.zotero (0.9.34)
46whitelist ~/.lastpass (0.9.34)
47whitelist ~/.gtkrc-2.0 (0.9.34)
48whitelist ~/.config/gtk-3.0 (new in 0.9.35)
49whitelist ~/.vimperatorrc (0.9.34)
50whitelist ~/.vimperator (0.9.34)
51whitelist ~/.pentadactylrc (0.9.34)
52whitelist ~/.pentadactyl (0.9.34)
53
54# common
55whitelist ~/.fonts (0.9.34)
56whitelist ~/.fonts.d (0.9.34)
57whitelist ~/.fontconfig (0.9.34)
58whitelist ~/.fonts.conf (0.9.34)
59whitelist ~/.fonts.conf.d (0.9.34)
60`````
61If you are using a plugin or extension that requires other directories, please open a new issue: https://github.com/netblue30/firejail/issues
62
63### New security profiles:
64New profiles introduced in this version: unbound, dnscrypt-proxy
36 65
diff --git a/RELNOTES b/RELNOTES
index 46231ed6d..0513f72c7 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,4 +1,9 @@
1firejail (0.9.34) baseline; urgency=low 1firejail (0.9.34) baseline; urgency=low
2 * added unbound and dnscrypt-proxy profiles
3 * bugfixes
4 -- netblue30 <netblue30@yahoo.com> ongoing development
5
6firejail (0.9.34) baseline; urgency=low
2 * added --ignore option 7 * added --ignore option
3 * added --protocol option 8 * added --protocol option
4 * support dual i386/amd64 seccomp filters 9 * support dual i386/amd64 seccomp filters
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
new file mode 100644
index 000000000..e0c5c93a3
--- /dev/null
+++ b/etc/dnscrypt-proxy.profile
@@ -0,0 +1,8 @@
1# security profile for dnscrypt-proxy
2noblacklist /sbin
3noblacklist /usr/sbin
4include /etc/firejail/disable-mgmt.inc
5private
6private-dev
7seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
8
diff --git a/etc/unbound.profile b/etc/unbound.profile
new file mode 100644
index 000000000..4dd00178b
--- /dev/null
+++ b/etc/unbound.profile
@@ -0,0 +1,8 @@
1# security profile for unbound (https://unbound.net)
2noblacklist /sbin
3noblacklist /usr/sbin
4include /etc/firejail/disable-mgmt.inc
5private
6private-dev
7seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
8
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 579e6caad..60f375cb6 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -39,3 +39,5 @@
39/etc/firejail/wine.profile 39/etc/firejail/wine.profile
40/etc/firejail/disable-devel.inc 40/etc/firejail/disable-devel.inc
41/etc/firejail/conkeror.profile 41/etc/firejail/conkeror.profile
42/etc/firejail/unbound.profile
43/etc/firejail/dnscrypt-proxy.profile
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 18:48:02 +0000