Merge branch 'master' of http://github.com/netblue30/firejail

author: netblue30 <netblue30@yahoo.com> 2018-03-12 16:45:10 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-03-12 16:45:10 -0400
commit: abf3f585b35042866de433233cafe3ca0ee5f2ba (patch)
tree: 799ad3ee5dc6f9aa968f14b79e33221240fe465c
parent: bringing back private-lib in evince, and some fixes for Arch Linux (diff)
parent: Add a profile for gnome-builder (diff)
download: firejail-abf3f585b35042866de433233cafe3ca0ee5f2ba.tar.gz
firejail-abf3f585b35042866de433233cafe3ca0ee5f2ba.tar.zst
firejail-abf3f585b35042866de433233cafe3ca0ee5f2ba.zip
5 files changed, 30 insertions, 3 deletions
diff --git a/README.md b/README.md
index fd3518c27..8ff75b46a 100644
--- a/README.md
+++ b/README.md
@@ -244,4 +244,4 @@ firefox-common-addons.inc in firefox-common.profile.
 Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,
 pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,
-tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon
+tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder
diff --git a/RELNOTES b/RELNOTES
index 682e40d0e..8e9f65501 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -26,7 +26,7 @@ firejail (0.9.53) baseline; urgency=low
  * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,
  * new profiles: discord-canary, pycharm-community, pycharm-professional,
  * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code,
-  * new profiles: falkon
+  * new profiles: falkon, gnome-builder
 -- netblue30 <netblue30@yahoo.com>  Thu, 1 Mar 2018 08:00:00 -0500
 firejail (0.9.52) baseline; urgency=low
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile
new file mode 100644
index 000000000..a5a48e97a
--- /dev/null
+++ b/etc/gnome-builder.profile
@@ -0,0 +1,25 @@
+# Firejail profile for gnome-builder
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/gnome-builder.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+private-dev
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index 4df71f728..39bf3f7ce 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -37,6 +37,7 @@ private-dev
 private-etc fonts
 private-tmp
-memory-deny-write-execute
+# memory-deny-write-executes breaks on Arch - see issue #1808
+#memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 4eb01c5b5..3cf5df1c1 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -141,6 +141,7 @@ gitter
 gjs
 globaltime
 gnome-2048
+gnome-builder
 gnome-books
 gnome-calculator
 gnome-chess
author	netblue30 <netblue30@yahoo.com>	2018-03-12 16:45:10 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-03-12 16:45:10 -0400
commit	abf3f585b35042866de433233cafe3ca0ee5f2ba (patch)
tree	799ad3ee5dc6f9aa968f14b79e33221240fe465c
parent	bringing back private-lib in evince, and some fixes for Arch Linux (diff)
parent	Add a profile for gnome-builder (diff)
download	firejail-abf3f585b35042866de433233cafe3ca0ee5f2ba.tar.gz firejail-abf3f585b35042866de433233cafe3ca0ee5f2ba.tar.zst firejail-abf3f585b35042866de433233cafe3ca0ee5f2ba.zip

diff --git a/README.md b/README.md index fd3518c27..8ff75b46a 100644 --- a/README.md +++ b/README.md
@@ -244,4 +244,4 @@ firefox-common-addons.inc in firefox-common.profile.
244		244
245	Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,	245	Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,
246	pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,	246	pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,
247	tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon	247	tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder


diff --git a/RELNOTES b/RELNOTES index 682e40d0e..8e9f65501 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -26,7 +26,7 @@ firejail (0.9.53) baseline; urgency=low
26	* new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,	26	* new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,
27	* new profiles: discord-canary, pycharm-community, pycharm-professional,	27	* new profiles: discord-canary, pycharm-community, pycharm-professional,
28	* new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code,	28	* new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code,
29	* new profiles: falkon	29	* new profiles: falkon, gnome-builder
30	-- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500	30	-- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500
31		31
32	firejail (0.9.52) baseline; urgency=low	32	firejail (0.9.52) baseline; urgency=low


diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile new file mode 100644 index 000000000..a5a48e97a --- /dev/null +++ b/etc/gnome-builder.profile
@@ -0,0 +1,25 @@
		1	# Firejail profile for gnome-builder
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/gnome-builder.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	include /etc/firejail/disable-common.inc
		9	include /etc/firejail/disable-passwdmgr.inc
		10	include /etc/firejail/disable-programs.inc
		11
		12	caps.drop all
		13	ipc-namespace
		14	netfilter
		15	nodvd
		16	nogroups
		17	nonewprivs
		18	noroot
		19	notv
		20	novideo
		21	protocol unix,inet,inet6
		22	seccomp
		23	shell none
		24
		25	private-dev


diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 4df71f728..39bf3f7ce 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile
@@ -37,6 +37,7 @@ private-dev
37	private-etc fonts	37	private-etc fonts
38	private-tmp	38	private-tmp
39		39
40	memory-deny-write-execute	40	# memory-deny-write-executes breaks on Arch - see issue #1808
		41	#memory-deny-write-execute
41	noexec ${HOME}	42	noexec ${HOME}
42	noexec /tmp	43	noexec /tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 4eb01c5b5..3cf5df1c1 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -141,6 +141,7 @@ gitter
141	gjs	141	gjs
142	globaltime	142	globaltime
143	gnome-2048	143	gnome-2048
		144	gnome-builder
144	gnome-books	145	gnome-books
145	gnome-calculator	146	gnome-calculator
146	gnome-chess	147	gnome-chess