Merge pull request #684 from Fred-Barclay/checkmate

Checkmate
author: netblue30 <netblue30@yahoo.com> 2016-08-05 08:40:34 -0400
committer: GitHub <noreply@github.com> 2016-08-05 08:40:34 -0400
commit: 1d2e06c45f8f6af6c2d64a46be687d586db6e6b7 (patch)
tree: 846b5d4e290c33afc9270721e68e18540c1d2806
parent: fix whitelist ~/deletme problem (diff)
parent: tightened vlc (diff)
download: firejail-1d2e06c45f8f6af6c2d64a46be687d586db6e6b7.tar.gz
firejail-1d2e06c45f8f6af6c2d64a46be687d586db6e6b7.tar.zst
firejail-1d2e06c45f8f6af6c2d64a46be687d586db6e6b7.zip
7 files changed, 29 insertions, 5 deletions
diff --git a/README b/README
index f742dd506..a690a9b65 100644
--- a/README
+++ b/README
@@ -83,6 +83,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
        - added jitsi profile
        - pidgin private-bin conversion
        - added eom profile
+        - added gnome-chess profile
 Jaykishan Mutkawoa (https://github.com/jmutkawoa)
        - cpio profile
 Paupiah Yash (https://github.com/CaffeinatedStud)
diff --git a/README.md b/README.md
index 4eea1aafc..96c4b26b2 100644
--- a/README.md
+++ b/README.md
@@ -186,7 +186,7 @@ Office: evince, gthumb, fbreader, pix, atril, xreader,
 Chat/messaging: qtox, gitter, pidgin
-Games: warzone2100
+Games: warzone2100, gnome-chess
 Weather/climate: aweather
@@ -197,5 +197,5 @@ Browsers: Palemoon
 ## New security profiles
 Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix, audacity, strings, xz, xzdec, gzip, cpio, less, Atom Beta, Atom, jitsi, eom, uudeview
-tar (gtar), unzip, unrar, file, skypeforlinux
+tar (gtar), unzip, unrar, file, skypeforlinux, gnome-chess
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index ed7710728..01e68506d 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -128,3 +128,4 @@ blacklist ${HOME}/.local/share/xplayer
 blacklist ${HOME}/.local/share/totem
 blacklist ${HOME}/.local/share/psi+
 blacklist ${HOME}/.local/share/pix
+blacklist ${HOME}/.local/share/gnome-chess
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile
new file mode 100644
index 000000000..e93970f7d
--- /dev/null
+++ b/etc/gnome-chess.profile
@@ -0,0 +1,20 @@
+# Firejail profile for gnome-chess
+noblacklist /.local/share/gnome-chess
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+net none
+nogroups
+nonewprivs
+noroot
+nosound
+seccomp
+shell none
+tracelog
+private-bin gnome-chess
+private-dev
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 1a6e5a151..c82247dd2 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -8,12 +8,12 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
-# to test
 shell none
+tracelog
 private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index c8eda3cb4..d2ee3a83e 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -44,6 +44,7 @@
 /etc/firejail/flashpeak-slimjet.profile
 /etc/firejail/franz.profile
 /etc/firejail/gitter.profile
+/etc/firejail/gnome-chess.profile
 /etc/firejail/gnome-mplayer.profile
 /etc/firejail/google-chrome-beta.profile
 /etc/firejail/google-chrome-stable.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 48e205a58..c909e6903 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -78,6 +78,7 @@ wine
 # games
 0ad
+gnome-chess
 hedgewars
 steam
 wesnot
author	netblue30 <netblue30@yahoo.com>	2016-08-05 08:40:34 -0400
committer	GitHub <noreply@github.com>	2016-08-05 08:40:34 -0400
commit	1d2e06c45f8f6af6c2d64a46be687d586db6e6b7 (patch)
tree	846b5d4e290c33afc9270721e68e18540c1d2806
parent	fix whitelist ~/deletme problem (diff)
parent	tightened vlc (diff)
download	firejail-1d2e06c45f8f6af6c2d64a46be687d586db6e6b7.tar.gz firejail-1d2e06c45f8f6af6c2d64a46be687d586db6e6b7.tar.zst firejail-1d2e06c45f8f6af6c2d64a46be687d586db6e6b7.zip