aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2016-04-18 09:38:54 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2016-04-18 09:38:54 -0400
commit96e801fd8a8f4a743e2286b9367177ce8f7b3c65 (patch)
treeb2f89daf4ae9655535fc4cadd480fe2f53279797
parentadded --writable-etc and --writable-var options (diff)
downloadfirejail-96e801fd8a8f4a743e2286b9367177ce8f7b3c65.tar.gz
firejail-96e801fd8a8f4a743e2286b9367177ce8f7b3c65.tar.zst
firejail-96e801fd8a8f4a743e2286b9367177ce8f7b3c65.zip
added okular and gwenview profiles
Diffstat
-rw-r--r--Makefile.in2
-rw-r--r--README7
-rw-r--r--README.md2
-rw-r--r--RELNOTES1
-rw-r--r--etc/disable-programs.inc5
-rw-r--r--etc/gwenview.profile19
-rw-r--r--etc/okular.profile21
-rw-r--r--platform/debian/conffiles3
-rw-r--r--src/firecfg/firecfg.config2
9 files changed, 58 insertions, 4 deletions
diff --git a/Makefile.in b/Makefile.in
index 590f2cd5f..bc8061985 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -166,6 +166,8 @@ realinstall:
166 install -c -m 0644 .etc/0ad.profile $(DESTDIR)/$(sysconfdir)/firejail/. 166 install -c -m 0644 .etc/0ad.profile $(DESTDIR)/$(sysconfdir)/firejail/.
167 install -c -m 0644 .etc/netsurf.profile $(DESTDIR)/$(sysconfdir)/firejail/. 167 install -c -m 0644 .etc/netsurf.profile $(DESTDIR)/$(sysconfdir)/firejail/.
168 install -c -m 0644 .etc/warzone2100.profile $(DESTDIR)/$(sysconfdir)/firejail/. 168 install -c -m 0644 .etc/warzone2100.profile $(DESTDIR)/$(sysconfdir)/firejail/.
169 install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/.
170 install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/.
169 sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" 171 sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
170 sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" 172 sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
171 rm -fr .etc 173 rm -fr .etc
diff --git a/README b/README
index 55f9109da..e4ad5a49f 100644
--- a/README
+++ b/README
@@ -18,6 +18,10 @@ License: GPL v2
18Firejail Authors: 18Firejail Authors:
19 19
20netblue30 (netblue30@yahoo.com) 20netblue30 (netblue30@yahoo.com)
21curiosity-seeker (https://github.com/curiosity-seeker)
22 - tightening unbound and dnscrypt-proxy profiles
23 - dnsmasq profile
24 - okular and gwenview profiles
21Matthew Gyurgyik (https://github.com/pyther) 25Matthew Gyurgyik (https://github.com/pyther)
22 - rpm spec and several fixes 26 - rpm spec and several fixes
23Joan Figueras (https://github.com/figue) 27Joan Figueras (https://github.com/figue)
@@ -86,9 +90,6 @@ Rahiel Kasim (https://github.com/rahiel)
86 - Mathematica profile 90 - Mathematica profile
87creideiki (https://github.com/creideiki) 91creideiki (https://github.com/creideiki)
88 - make the sandbox process reap all children 92 - make the sandbox process reap all children
89curiosity-seeker (https://github.com/curiosity-seeker)
90 - tightening unbound and dnscrypt-proxy profiles
91 - dnsmasq profile
92sinkuu (https://github.com/sinkuu) 93sinkuu (https://github.com/sinkuu)
93 - blacklisting kwalletd 94 - blacklisting kwalletd
94 - fix symlink invocation for programs placing symlinks in $PATH 95 - fix symlink invocation for programs placing symlinks in $PATH
diff --git a/README.md b/README.md
index ed564e58a..afa1fa35c 100644
--- a/README.md
+++ b/README.md
@@ -282,5 +282,5 @@ $ man firejail-profile
282## New security profiles 282## New security profiles
283lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, 283lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
284OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf, 284OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,
285Warzone2100 285Warzone2100, okular, gwenview
286 286
diff --git a/RELNOTES b/RELNOTES
index 37b4faf47..188f9d513 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -20,6 +20,7 @@ firejail (0.9.40-rc1) baseline; urgency=low
20 * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars 20 * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars
21 * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq 21 * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq
22 * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100 22 * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100
23 * new profiles: okular, gwenview
23 * build rpm packages using "make rpms" 24 * build rpm packages using "make rpms"
24 * bugfixes 25 * bugfixes
25 -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 26 -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 43b9cff38..23dd8e025 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -8,6 +8,11 @@ blacklist ${HOME}/.Wolfram Research
8blacklist ${HOME}/.config/mupen64plus 8blacklist ${HOME}/.config/mupen64plus
9blacklist ${HOME}/.config/transmission 9blacklist ${HOME}/.config/transmission
10blacklist ${HOME}/.config/uGet 10blacklist ${HOME}/.config/uGet
11blacklist ~/.kde/share/apps/okular
12blacklist ~/.kde/share/config/okularrc
13blacklist ~/.kde/share/config/okularpartrc
14blacklist ~/.kde/share/apps/gwenview
15blacklist ~/.kde/share/config/gwenviewrc
11 16
12# Media players 17# Media players
13blacklist ${HOME}/.config/cmus 18blacklist ${HOME}/.config/cmus
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
new file mode 100644
index 000000000..d61c57adc
--- /dev/null
+++ b/etc/gwenview.profile
@@ -0,0 +1,19 @@
1# KDE gwenview profile
2noblacklist ~/.kde/share/apps/gwenview
3noblacklist ~/.kde/share/config/gwenviewrc
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-programs.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc
8caps.drop all
9seccomp
10protocol unix
11noroot
12nogroups
13private-dev
14
15#Experimental:
16#shell none
17#private-bin gwenview
18#private-etc X11
19
diff --git a/etc/okular.profile b/etc/okular.profile
new file mode 100644
index 000000000..7929a8796
--- /dev/null
+++ b/etc/okular.profile
@@ -0,0 +1,21 @@
1# KDE okular profile
2noblacklist ~/.kde/share/apps/okular
3noblacklist ~/.kde/share/config/okularrc
4noblacklist ~/.kde/share/config/okularpartrc
5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-programs.inc
7include /etc/firejail/disable-devel.inc
8include /etc/firejail/disable-passwdmgr.inc
9caps.drop all
10seccomp
11protocol unix
12noroot
13nogroups
14private-dev
15
16#Experimental:
17#net none
18#shell none
19#private-bin okular,kbuildsycoca4,kbuildsycoca5
20#private-etc X11
21
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 2413965ba..1ea112301 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -85,3 +85,6 @@
85/etc/firejail/0ad.profile 85/etc/firejail/0ad.profile
86/etc/firejail/netsurf.profile 86/etc/firejail/netsurf.profile
87/etc/firejail/warzone2100.profile 87/etc/firejail/warzone2100.profile
88/etc/firejail/okular.profile
89/etc/firejail/gwenview.profile
90
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 80433f1e5..d732796e9 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -51,6 +51,8 @@ loweb
51lowriter 51lowriter
52Mathematica 52Mathematica
53mathematica 53mathematica
54gwenview
55okular
54 56
55# Media 57# Media
56vlc 58vlc
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 15:15:04 +0000