diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-05-26 09:09:15 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-05-26 09:09:15 -0400 |
| commit | a5f1cb619dc4741e74404e3abae3d6e2da7decf8 (patch) | |
| tree | 5a1567bd89a2faf7b15797a11932a6eae4bf1e38 | |
| parent | Merge pull request #538 from KellerFuchs/no_new_profiles (diff) | |
| parent | nosound xreader and atril (diff) | |
| download | firejail-a5f1cb619dc4741e74404e3abae3d6e2da7decf8.tar.gz firejail-a5f1cb619dc4741e74404e3abae3d6e2da7decf8.tar.zst firejail-a5f1cb619dc4741e74404e3abae3d6e2da7decf8.zip | |
Merge pull request #540 from Fred-Barclay/brave
Brave
| -rw-r--r-- | Makefile.in | 1 | ||||
| -rw-r--r-- | README | 2 | ||||
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | RELNOTES | 1 | ||||
| -rw-r--r-- | etc/atril.profile | 1 | ||||
| -rw-r--r-- | etc/brave.profile | 18 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/xreader.profile | 1 | ||||
| -rw-r--r-- | platform/debian/conffiles | 1 | ||||
| -rw-r--r-- | src/firecfg/firecfg.config | 1 |
10 files changed, 28 insertions, 3 deletions
diff --git a/Makefile.in b/Makefile.in index edcf09225..6699ab732 100644 --- a/Makefile.in +++ b/Makefile.in | |||
| @@ -187,6 +187,7 @@ realinstall: | |||
| 187 | install -c -m 0644 .etc/corebird.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 187 | install -c -m 0644 .etc/corebird.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
| 188 | install -c -m 0644 .etc/konversation.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 188 | install -c -m 0644 .etc/konversation.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
| 189 | install -c -m 0644 .etc/psi-plus.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 189 | install -c -m 0644 .etc/psi-plus.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
| 190 | install -c -m 0644 .etc/brave.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
| 190 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 191 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
| 191 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 192 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
| 192 | rm -fr .etc | 193 | rm -fr .etc |
| @@ -77,6 +77,8 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
| 77 | - blacklisted escape-happy terminals in disable-common.inc | 77 | - blacklisted escape-happy terminals in disable-common.inc |
| 78 | - blacklisted g++ | 78 | - blacklisted g++ |
| 79 | - added xplayer, xreader, and xviewer profiles | 79 | - added xplayer, xreader, and xviewer profiles |
| 80 | - added Brave profile | ||
| 81 | - added "shutdown" filter for x86_64 arch to seccomp | ||
| 80 | Petter Reinholdtsen (pere@hungry.com) | 82 | Petter Reinholdtsen (pere@hungry.com) |
| 81 | - Opera profile patch | 83 | - Opera profile patch |
| 82 | n1trux (https://github.com/n1trux) | 84 | n1trux (https://github.com/n1trux) |
| @@ -290,6 +290,4 @@ $ man firejail-profile | |||
| 290 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, | 290 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, |
| 291 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf, | 291 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf, |
| 292 | Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium, Google-Play-Music-Desktop-Player, quiterss, | 292 | Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium, Google-Play-Music-Desktop-Player, quiterss, |
| 293 | cyberfox, generic Ubuntu snap application profile, xplayer, xreader, xviewer, mcabber, Psi+, Corebird, Konversation | 293 | cyberfox, generic Ubuntu snap application profile, xplayer, xreader, xviewer, mcabber, Psi+, Corebird, Konversation, Brave |
| 294 | |||
| 295 | |||
| @@ -25,6 +25,7 @@ firejail (0.9.40) baseline; urgency=low | |||
| 25 | * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox | 25 | * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox |
| 26 | * new profiles: generic Ubuntu snap application profile, xplayer | 26 | * new profiles: generic Ubuntu snap application profile, xplayer |
| 27 | * new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation | 27 | * new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation |
| 28 | * new profiles: Brave | ||
| 28 | * generic.profile renamed default.profile | 29 | * generic.profile renamed default.profile |
| 29 | * build rpm packages using "make rpms" | 30 | * build rpm packages using "make rpms" |
| 30 | * bugfixes | 31 | * bugfixes |
diff --git a/etc/atril.profile b/etc/atril.profile index c20a8c7b3..b55f99cdd 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
| @@ -13,3 +13,4 @@ nonewprivs | |||
| 13 | noroot | 13 | noroot |
| 14 | tracelog | 14 | tracelog |
| 15 | netfilter | 15 | netfilter |
| 16 | nosound | ||
diff --git a/etc/brave.profile b/etc/brave.profile new file mode 100644 index 000000000..24a0a31c9 --- /dev/null +++ b/etc/brave.profile | |||
| @@ -0,0 +1,18 @@ | |||
| 1 | # Profile for Brave browser | ||
| 2 | |||
| 3 | noblacklist ~/.config/brave | ||
| 4 | include /etc/firejail/disable-common.inc | ||
| 5 | include /etc/firejail/disable-programs.inc | ||
| 6 | include /etc/firejail/disable-devel.inc | ||
| 7 | |||
| 8 | caps.drop all | ||
| 9 | seccomp | ||
| 10 | protocol unix,inet,inet6,netlink | ||
| 11 | netfilter | ||
| 12 | noroot | ||
| 13 | |||
| 14 | whitelist ${DOWNLOADS} | ||
| 15 | |||
| 16 | mkdir ~/.config | ||
| 17 | mkdir ~/.config/brave | ||
| 18 | whitelist ~/.config/brave | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 3474a6592..633f9c548 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -51,6 +51,7 @@ blacklist ${HOME}/.config/epiphany | |||
| 51 | blacklist ${HOME}/.config/slimjet | 51 | blacklist ${HOME}/.config/slimjet |
| 52 | blacklist ${HOME}/.config/qutebrowser | 52 | blacklist ${HOME}/.config/qutebrowser |
| 53 | blacklist ${HOME}/.8pecxstudios | 53 | blacklist ${HOME}/.8pecxstudios |
| 54 | blacklist ${HOME}/.config/brave | ||
| 54 | 55 | ||
| 55 | # Instant Messaging | 56 | # Instant Messaging |
| 56 | blacklist ${HOME}/.config/hexchat | 57 | blacklist ${HOME}/.config/hexchat |
diff --git a/etc/xreader.profile b/etc/xreader.profile index 4b7ed41be..267330c1f 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
| @@ -15,3 +15,4 @@ nonewprivs | |||
| 15 | noroot | 15 | noroot |
| 16 | tracelog | 16 | tracelog |
| 17 | netfilter | 17 | netfilter |
| 18 | nosound | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index eff859cc5..7da95eb68 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
| @@ -101,3 +101,4 @@ | |||
| 101 | /etc/firejail/corebird.profile | 101 | /etc/firejail/corebird.profile |
| 102 | /etc/firejail/konversation.profile | 102 | /etc/firejail/konversation.profile |
| 103 | /etc/firejail/psi-plus.profile | 103 | /etc/firejail/psi-plus.profile |
| 104 | /etc/firejail/brave.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index d019c3a5c..567f97c69 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
| @@ -35,6 +35,7 @@ vivaldi-beta | |||
| 35 | vivaldi | 35 | vivaldi |
| 36 | dillo | 36 | dillo |
| 37 | netsurf | 37 | netsurf |
| 38 | brave | ||
| 38 | 39 | ||
| 39 | # bittorrent/ftp | 40 | # bittorrent/ftp |
| 40 | deluge | 41 | deluge |