Merge pull request #457 from Fred-Barclay/proposed

Aweather && Stellarium
author: netblue30 <netblue30@yahoo.com> 2016-04-19 08:18:54 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-04-19 08:18:54 -0400
commit: cf6069de722602c8bd73913d48bddb0ebaef54a4 (patch)
tree: ef4bf41099040783a966affbe6f72543560f660c
parent: Merge pull request #456 from figue/master (diff)
parent: extra stellarium files (diff)
download: firejail-cf6069de722602c8bd73913d48bddb0ebaef54a4.tar.gz
firejail-cf6069de722602c8bd73913d48bddb0ebaef54a4.tar.zst
firejail-cf6069de722602c8bd73913d48bddb0ebaef54a4.zip
8 files changed, 67 insertions, 4 deletions
diff --git a/Makefile.in b/Makefile.in
index cb897c23d..c15ecd7dd 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -169,6 +169,8 @@ realinstall:
        install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/gpredict.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/aweather.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/stellarium.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
        sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
        rm -fr .etc
diff --git a/README b/README
index d0a7aaf8d..7919bdaad 100644
--- a/README
+++ b/README
@@ -19,9 +19,9 @@ Firejail Authors:
 netblue30 (netblue30@yahoo.com)
 curiosity-seeker (https://github.com/curiosity-seeker)
-        - tightening unbound and dnscrypt-proxy profiles
+    - tightening unbound and dnscrypt-proxy profiles
-        - dnsmasq profile
+    - dnsmasq profile
-        - okular and gwenview profiles
+    - okular and gwenview profiles
 Matthew Gyurgyik (https://github.com/pyther)
        - rpm spec and several fixes
 Joan Figueras (https://github.com/figue)
@@ -35,6 +35,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
        - added Warzone2100 profile
        - blacklisted VeraCrypt
        - added Gpredict profile
+        - added Aweather, Stellarium profiles
 avoidr (https://github.com/avoidr)
        - whitelist fix
        - recently-used.xbel fix
diff --git a/README.md b/README.md
index ca7927fff..5b2626288 100644
--- a/README.md
+++ b/README.md
@@ -282,5 +282,5 @@ $ man firejail-profile
 ## New security profiles
 lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
 OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,
-Warzone2100, okular, gwenview, Gpredict
+Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium
diff --git a/etc/aweather.profile b/etc/aweather.profile
new file mode 100644
index 000000000..d7f510a7e
--- /dev/null
+++ b/etc/aweather.profile
@@ -0,0 +1,23 @@
+# Firejail profile for aweather.
+# Noblacklist
+noblacklist ~/.config/aweather
+# Include
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+# Call these options
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+# Whitelist
+mkdir ~/.config
+mkdir ~/.config/aweather
+whitelist ~/.config/aweather
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 6c5515894..317ac082f 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -5,10 +5,13 @@ blacklist ${HOME}/.FBReader
 blacklist ${HOME}/.wine
 blacklist ${HOME}/.Mathematica
 blacklist ${HOME}/.Wolfram Research
+blacklist ${HOME}/.stellarium
 blacklist ${HOME}/.config/mupen64plus
 blacklist ${HOME}/.config/transmission
 blacklist ${HOME}/.config/uGet
 blacklist ${HOME}/.config/Gpredict
+blacklist ${HOME}/.config/aweather
+blacklist ${HOME}/.config/stellarium
 blacklist ~/.kde/share/apps/okular
 blacklist ~/.kde/share/config/okularrc
 blacklist ~/.kde/share/config/okularpartrc
diff --git a/etc/stellarium.profile b/etc/stellarium.profile
new file mode 100644
index 000000000..7cb74eeaa
--- /dev/null
+++ b/etc/stellarium.profile
@@ -0,0 +1,27 @@
+# Firejail profile for Stellarium.
+# Noblacklist
+noblacklist ~/.stellarium
+noblacklist ~/.config/stellarium
+# Include
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+# Call these options
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+# Whitelist
+mkdir ~/.stellarium
+whitelist ~/.stellarium
+mkdir ~/.config
+mkdir ~/.config/stellarium
+whitelist ~/.config/stellarium
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 6f5b564a0..7ce729d6e 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -88,3 +88,5 @@
 /etc/firejail/okular.profile
 /etc/firejail/gwenview.profile
 /etc/firejail/gpredict.profile
+/etc/firejail/aweather.profile
+/etc/firejail/stellarium.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 8bebf76af..3812ee7d8 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -4,6 +4,10 @@
 # astronomy
 gpredict
+stellarium
+# weather/climate
+aweather
 # browsers/email
 firefox
@@ -78,6 +82,7 @@ quassel
 xchat
 # games
+0ad
 hedgewars
 wesnot
 warzone2100
author	netblue30 <netblue30@yahoo.com>	2016-04-19 08:18:54 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-04-19 08:18:54 -0400
commit	cf6069de722602c8bd73913d48bddb0ebaef54a4 (patch)
tree	ef4bf41099040783a966affbe6f72543560f660c
parent	Merge pull request #456 from figue/master (diff)
parent	extra stellarium files (diff)
download	firejail-cf6069de722602c8bd73913d48bddb0ebaef54a4.tar.gz firejail-cf6069de722602c8bd73913d48bddb0ebaef54a4.tar.zst firejail-cf6069de722602c8bd73913d48bddb0ebaef54a4.zip

diff --git a/Makefile.in b/Makefile.in index cb897c23d..c15ecd7dd 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -169,6 +169,8 @@ realinstall:
169	install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/.	169	install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/.
170	install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/.	170	install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/.
171	install -c -m 0644 .etc/gpredict.profile $(DESTDIR)/$(sysconfdir)/firejail/.	171	install -c -m 0644 .etc/gpredict.profile $(DESTDIR)/$(sysconfdir)/firejail/.
		172	install -c -m 0644 .etc/aweather.profile $(DESTDIR)/$(sysconfdir)/firejail/.
		173	install -c -m 0644 .etc/stellarium.profile $(DESTDIR)/$(sysconfdir)/firejail/.
172	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"	174	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
173	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"	175	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
174	rm -fr .etc	176	rm -fr .etc


diff --git a/README b/README index d0a7aaf8d..7919bdaad 100644 --- a/README +++ b/README
@@ -19,9 +19,9 @@ Firejail Authors:
19		19
20	netblue30 (netblue30@yahoo.com)	20	netblue30 (netblue30@yahoo.com)
21	curiosity-seeker (https://github.com/curiosity-seeker)	21	curiosity-seeker (https://github.com/curiosity-seeker)
22	- tightening unbound and dnscrypt-proxy profiles	22	- tightening unbound and dnscrypt-proxy profiles
23	- dnsmasq profile	23	- dnsmasq profile
24	- okular and gwenview profiles	24	- okular and gwenview profiles
25	Matthew Gyurgyik (https://github.com/pyther)	25	Matthew Gyurgyik (https://github.com/pyther)
26	- rpm spec and several fixes	26	- rpm spec and several fixes
27	Joan Figueras (https://github.com/figue)	27	Joan Figueras (https://github.com/figue)
@@ -35,6 +35,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
35	- added Warzone2100 profile	35	- added Warzone2100 profile
36	- blacklisted VeraCrypt	36	- blacklisted VeraCrypt
37	- added Gpredict profile	37	- added Gpredict profile
		38	- added Aweather, Stellarium profiles
38	avoidr (https://github.com/avoidr)	39	avoidr (https://github.com/avoidr)
39	- whitelist fix	40	- whitelist fix
40	- recently-used.xbel fix	41	- recently-used.xbel fix


diff --git a/README.md b/README.md index ca7927fff..5b2626288 100644 --- a/README.md +++ b/README.md
@@ -282,5 +282,5 @@ $ man firejail-profile
282	## New security profiles	282	## New security profiles
283	lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,	283	lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
284	OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,	284	OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,
285	Warzone2100, okular, gwenview, Gpredict	285	Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium
286		286


diff --git a/etc/aweather.profile b/etc/aweather.profile new file mode 100644 index 000000000..d7f510a7e --- /dev/null +++ b/etc/aweather.profile
@@ -0,0 +1,23 @@
		1	# Firejail profile for aweather.
		2
		3	# Noblacklist
		4	noblacklist ~/.config/aweather
		5
		6	# Include
		7	include /etc/firejail/disable-common.inc
		8	include /etc/firejail/disable-devel.inc
		9	include /etc/firejail/disable-passwdmgr.inc
		10	include /etc/firejail/disable-programs.inc
		11
		12	# Call these options
		13	caps.drop all
		14	netfilter
		15	noroot
		16	protocol unix,inet,inet6,netlink
		17	seccomp
		18	tracelog
		19
		20	# Whitelist
		21	mkdir ~/.config
		22	mkdir ~/.config/aweather
		23	whitelist ~/.config/aweather


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6c5515894..317ac082f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -5,10 +5,13 @@ blacklist ${HOME}/.FBReader
5	blacklist ${HOME}/.wine	5	blacklist ${HOME}/.wine
6	blacklist ${HOME}/.Mathematica	6	blacklist ${HOME}/.Mathematica
7	blacklist ${HOME}/.Wolfram Research	7	blacklist ${HOME}/.Wolfram Research
		8	blacklist ${HOME}/.stellarium
8	blacklist ${HOME}/.config/mupen64plus	9	blacklist ${HOME}/.config/mupen64plus
9	blacklist ${HOME}/.config/transmission	10	blacklist ${HOME}/.config/transmission
10	blacklist ${HOME}/.config/uGet	11	blacklist ${HOME}/.config/uGet
11	blacklist ${HOME}/.config/Gpredict	12	blacklist ${HOME}/.config/Gpredict
		13	blacklist ${HOME}/.config/aweather
		14	blacklist ${HOME}/.config/stellarium
12	blacklist ~/.kde/share/apps/okular	15	blacklist ~/.kde/share/apps/okular
13	blacklist ~/.kde/share/config/okularrc	16	blacklist ~/.kde/share/config/okularrc
14	blacklist ~/.kde/share/config/okularpartrc	17	blacklist ~/.kde/share/config/okularpartrc


diff --git a/etc/stellarium.profile b/etc/stellarium.profile new file mode 100644 index 000000000..7cb74eeaa --- /dev/null +++ b/etc/stellarium.profile
@@ -0,0 +1,27 @@
		1	# Firejail profile for Stellarium.
		2
		3	# Noblacklist
		4	noblacklist ~/.stellarium
		5	noblacklist ~/.config/stellarium
		6
		7	# Include
		8	include /etc/firejail/disable-common.inc
		9	include /etc/firejail/disable-devel.inc
		10	include /etc/firejail/disable-passwdmgr.inc
		11	include /etc/firejail/disable-programs.inc
		12
		13	# Call these options
		14	caps.drop all
		15	netfilter
		16	noroot
		17	protocol unix,inet,inet6,netlink
		18	seccomp
		19	tracelog
		20
		21	# Whitelist
		22	mkdir ~/.stellarium
		23	whitelist ~/.stellarium
		24
		25	mkdir ~/.config
		26	mkdir ~/.config/stellarium
		27	whitelist ~/.config/stellarium


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 6f5b564a0..7ce729d6e 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -88,3 +88,5 @@
88	/etc/firejail/okular.profile	88	/etc/firejail/okular.profile
89	/etc/firejail/gwenview.profile	89	/etc/firejail/gwenview.profile
90	/etc/firejail/gpredict.profile	90	/etc/firejail/gpredict.profile
		91	/etc/firejail/aweather.profile
		92	/etc/firejail/stellarium.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 8bebf76af..3812ee7d8 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -4,6 +4,10 @@
4		4
5	# astronomy	5	# astronomy
6	gpredict	6	gpredict
		7	stellarium
		8
		9	# weather/climate
		10	aweather
7		11
8	# browsers/email	12	# browsers/email
9	firefox	13	firefox
@@ -78,6 +82,7 @@ quassel
78	xchat	82	xchat
79		83
80	# games	84	# games
		85	0ad
81	hedgewars	86	hedgewars
82	wesnot	87	wesnot
83	warzone2100	88	warzone2100