diff options
author | netblue30 <netblue30@yahoo.com> | 2017-09-19 11:40:47 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-09-19 11:40:47 -0400 |
commit | 3c1756f2425ecc514f4e8ebbf362233d4ce1c7a7 (patch) | |
tree | da5b405167e1a19e5973c568f6107325d8d5eb5d | |
parent | add private-bin support to profile builder (diff) | |
parent | Update README (diff) | |
download | firejail-3c1756f2425ecc514f4e8ebbf362233d4ce1c7a7.tar.gz firejail-3c1756f2425ecc514f4e8ebbf362233d4ce1c7a7.tar.zst firejail-3c1756f2425ecc514f4e8ebbf362233d4ce1c7a7.zip |
Merge branch 'master' of http://github.com/netblue30/firejail
-rw-r--r-- | README | 10 | ||||
-rw-r--r-- | README.md | 3 | ||||
-rw-r--r-- | etc/conky.profile | 35 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
4 files changed, 48 insertions, 1 deletions
@@ -112,6 +112,10 @@ creideiki (https://github.com/creideiki) | |||
112 | - make the sandbox process reap all children | 112 | - make the sandbox process reap all children |
113 | chiraag-nataraj (https://github.com/chiraag-nataraj) | 113 | chiraag-nataraj (https://github.com/chiraag-nataraj) |
114 | - support for newer Xpra versions (2.1+) | 114 | - support for newer Xpra versions (2.1+) |
115 | - added Viber, amule, ardour5, brackets, calligra, cin, fetchmail profiles | ||
116 | - added freecad, google-earth, imagej, kdenlive, linphone, lmms profiles | ||
117 | - added macrofusion, mpd, natron, ricochet, shotcut, tor-browser-en profiles | ||
118 | - added tor, x-terminal-emulator, zart profiles | ||
115 | Christian Stadelmann (https://github.com/genodeftest) | 119 | Christian Stadelmann (https://github.com/genodeftest) |
116 | - profile fixes | 120 | - profile fixes |
117 | - evolution profile fix | 121 | - evolution profile fix |
@@ -241,6 +245,8 @@ Impyy (https://github.com/Impyy) | |||
241 | - added mumble profile | 245 | - added mumble profile |
242 | irregulator (https://github.com/irregulator) | 246 | irregulator (https://github.com/irregulator) |
243 | - thunderbird profile fixes for debian stretch | 247 | - thunderbird profile fixes for debian stretch |
248 | Irvine (https://github.com/Irvinehimself) | ||
249 | - added conky profile | ||
244 | Ivan Kozik (https://github.com/ivan) | 250 | Ivan Kozik (https://github.com/ivan) |
245 | - speed up sandbox exit | 251 | - speed up sandbox exit |
246 | Jaykishan Mutkawoa (https://github.com/jmutkawoa) | 252 | Jaykishan Mutkawoa (https://github.com/jmutkawoa) |
@@ -307,6 +313,8 @@ Mattias Wadman (https://github.com/wader) | |||
307 | - seccomp errno filter support | 313 | - seccomp errno filter support |
308 | Matthew Gyurgyik (https://github.com/pyther) | 314 | Matthew Gyurgyik (https://github.com/pyther) |
309 | - rpm spec and several fixes | 315 | - rpm spec and several fixes |
316 | melvinvermeeren (https://github.com/melvinvermeeren) | ||
317 | - added teamspeak3 profile | ||
310 | Michael Haas (https://github.com/mhaas) | 318 | Michael Haas (https://github.com/mhaas) |
311 | - bugfixes | 319 | - bugfixes |
312 | Mike Frysinger (vapier@gentoo.org) | 320 | Mike Frysinger (vapier@gentoo.org) |
@@ -320,6 +328,8 @@ n1trux (https://github.com/n1trux) | |||
320 | netblue30 (netblue30@yahoo.com) | 328 | netblue30 (netblue30@yahoo.com) |
321 | Niklas Haas (https://github.com/haasn) | 329 | Niklas Haas (https://github.com/haasn) |
322 | - blacklisting for keybase.io's client | 330 | - blacklisting for keybase.io's client |
331 | nyancat18 (https://github.com/nyancat18) | ||
332 | - added ardour4, dooble, karbon, krita profiles | ||
323 | Ondra Nekola (https://github.com/satai) | 333 | Ondra Nekola (https://github.com/satai) |
324 | - allow firefox theming with non-global themes | 334 | - allow firefox theming with non-global themes |
325 | Panzerfather (https://github.com/Panzerfather) | 335 | Panzerfather (https://github.com/Panzerfather) |
@@ -179,4 +179,5 @@ amule, ardour4, ardour5, brackets, calligra, calligraauthor, calligraconverter, | |||
179 | calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage, | 179 | calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage, |
180 | calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth, | 180 | calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth, |
181 | imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, | 181 | imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, |
182 | ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart | 182 | ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, |
183 | conky | ||
diff --git a/etc/conky.profile b/etc/conky.profile new file mode 100644 index 000000000..4ee25f099 --- /dev/null +++ b/etc/conky.profile | |||
@@ -0,0 +1,35 @@ | |||
1 | # Firejail profile for conky | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/conky.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | |||
9 | include /etc/firejail/disable-common.inc | ||
10 | include /etc/firejail/disable-devel.inc | ||
11 | include /etc/firejail/disable-passwdmgr.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | |||
14 | caps.drop all | ||
15 | ipc-namespace | ||
16 | netfilter | ||
17 | no3d | ||
18 | nodvd | ||
19 | nogroups | ||
20 | nonewprivs | ||
21 | noroot | ||
22 | nosound | ||
23 | notv | ||
24 | novideo | ||
25 | protocol unix,inet,inet6 | ||
26 | seccomp | ||
27 | shell none | ||
28 | |||
29 | disable-mnt | ||
30 | private-dev | ||
31 | private-tmp | ||
32 | |||
33 | memory-deny-write-execute | ||
34 | noexec ${HOME} | ||
35 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 5d6afe68b..95fc14d04 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -65,6 +65,7 @@ clementine | |||
65 | clipit | 65 | clipit |
66 | cmus | 66 | cmus |
67 | conkeror | 67 | conkeror |
68 | conky | ||
68 | corebird | 69 | corebird |
69 | cvlc | 70 | cvlc |
70 | cyberfox | 71 | cyberfox |