Add qTox profile

author: Janik Rabe <jrabe@openmailbox.org> 2016-03-23 11:14:12 +0200
committer: Janik Rabe <jrabe@openmailbox.org> 2016-03-23 11:14:12 +0200
commit: a8503fb9a3919b674e4a31d960e043a59b236bff (patch)
tree: 5f8810b3633621d86b2cf3e83c57ed19409bdfd7
parent: --private-etc fix (diff)
download: firejail-a8503fb9a3919b674e4a31d960e043a59b236bff.tar.gz
firejail-a8503fb9a3919b674e4a31d960e043a59b236bff.tar.zst
firejail-a8503fb9a3919b674e4a31d960e043a59b236bff.zip
5 files changed, 19 insertions, 1 deletions
diff --git a/Makefile.in b/Makefile.in
index 29d8004f3..90b238752 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -78,6 +78,7 @@ realinstall:
        install -c -m 0644 .etc/audacious.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/clementine.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/epiphany.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/qtox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/polari.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/gnome-mplayer.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/rhythmbox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
diff --git a/README b/README
index bfbbc5c6b..07b73232e 100644
--- a/README
+++ b/README
@@ -41,6 +41,7 @@ jrabe (https://github.com/jrabe)
        - disallow access to kdbx files
        - Epiphany profile
        - Polari profile
+        - qTox profile
 jgriffiths (https://github.com/jgriffiths)
        - make rpm packages support
 Tom Mellor (https://github.com/kalegrill)
diff --git a/README.md b/README.md
index 2406cfc49..9b045d50c 100644
--- a/README.md
+++ b/README.md
@@ -189,5 +189,5 @@ $ man firejail-profile
 ## New security profiles
-lxterminal, Epiphany, cherrytree, Battle for Wesnoth, Hedgewars, qutebrowser, SlimJet
+lxterminal, Epiphany, cherrytree, Battle for Wesnoth, Hedgewars, qutebrowser, SlimJet, qTox
diff --git a/etc/qtox.profile b/etc/qtox.profile
new file mode 100644
index 000000000..8e75f01e6
--- /dev/null
+++ b/etc/qtox.profile
@@ -0,0 +1,15 @@
+# qTox instant messaging profile
+noblacklist ${HOME}/.config/tox
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-terminals.inc
+mkdir ${HOME}/.config/tox
+whitelist ${HOME}/.config/tox
+whitelist ${DOWNLOADS}
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+noroot
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 9f324c59f..a40ca2fdf 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -22,6 +22,7 @@
 /etc/firejail/audacious.profile
 /etc/firejail/clementine.profile
 /etc/firejail/epiphany.profile
+/etc/firejail/qtox.profile
 /etc/firejail/polari.profile
 /etc/firejail/gnome-mplayer.profile
 /etc/firejail/rhythmbox.profile
author	Janik Rabe <jrabe@openmailbox.org>	2016-03-23 11:14:12 +0200
committer	Janik Rabe <jrabe@openmailbox.org>	2016-03-23 11:14:12 +0200
commit	a8503fb9a3919b674e4a31d960e043a59b236bff (patch)
tree	5f8810b3633621d86b2cf3e83c57ed19409bdfd7
parent	--private-etc fix (diff)
download	firejail-a8503fb9a3919b674e4a31d960e043a59b236bff.tar.gz firejail-a8503fb9a3919b674e4a31d960e043a59b236bff.tar.zst firejail-a8503fb9a3919b674e4a31d960e043a59b236bff.zip