Merge pull request #826 from vismir2/master

Added profiles for feh, ranger and zathura
author: netblue30 <netblue30@yahoo.com> 2016-10-02 08:44:31 -0400
committer: GitHub <noreply@github.com> 2016-10-02 08:44:31 -0400
commit: a14569035e39fc9906a86ec0b3659306a02304c5 (patch)
tree: 920a1e01250be9eabbdc617b7adba3a0a687576e
parent: dropping requirement for network namespace when using --x11 (diff)
parent: Updated list of new profiles (diff)
download: firejail-a14569035e39fc9906a86ec0b3659306a02304c5.tar.gz
firejail-a14569035e39fc9906a86ec0b3659306a02304c5.tar.zst
firejail-a14569035e39fc9906a86ec0b3659306a02304c5.zip
6 files changed, 67 insertions, 16 deletions
diff --git a/README.md b/README.md
index 6fa6c996c..99b78d8ca 100644
--- a/README.md
+++ b/README.md
@@ -88,5 +88,5 @@ x11 xpra, x11 xephyr, x11 block, allusers, join-or-start
 ## New profiles
-qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
+qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape, feh, ranger, zathura
diff --git a/etc/feh.profile b/etc/feh.profile
new file mode 100644
index 000000000..ba8f32f44
--- /dev/null
+++ b/etc/feh.profile
@@ -0,0 +1,13 @@
+# feh image viewer profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
diff --git a/etc/ranger.profile b/etc/ranger.profile
new file mode 100644
index 000000000..775098d91
--- /dev/null
+++ b/etc/ranger.profile
@@ -0,0 +1,13 @@
+# ranger file manager profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix
+seccomp
+nosound
diff --git a/etc/zathura.profile b/etc/zathura.profile
new file mode 100644
index 000000000..99d9a1a90
--- /dev/null
+++ b/etc/zathura.profile
@@ -0,0 +1,19 @@
+# zathura document viewer profile
+# noblacklist ~/.config/zathura
+# noblacklist ~/.local/share/zathura
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix
+netfilter
+nonewprivs
+noroot
+nosound
+#net none
+shell none
+#private-etc X11
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index fb6c18b36..af8e74ba8 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -30,12 +30,14 @@
 /etc/firejail/disable-programs.inc
 /etc/firejail/dnscrypt-proxy.profile
 /etc/firejail/dnsmasq.profile
+/etc/firejail/dosbox.profile
 /etc/firejail/dropbox.profile
 /etc/firejail/empathy.profile
 /etc/firejail/eom.profile
 /etc/firejail/epiphany.profile
 /etc/firejail/evince.profile
 /etc/firejail/fbreader.profile
+/etc/firejail/feh.profile
 /etc/firejail/file.profile
 /etc/firejail/filezilla.profile
 /etc/firejail/firefox-esr.profile
@@ -44,6 +46,7 @@
 /etc/firejail/flashpeak-slimjet.profile
 /etc/firejail/franz.profile
 /etc/firejail/gajim.profile
+/etc/firejail/gimp.profile
 /etc/firejail/gitter.profile
 /etc/firejail/gnome-chess.profile
 /etc/firejail/gnome-mplayer.profile
@@ -62,6 +65,7 @@
 /etc/firejail/icecat.profile
 /etc/firejail/icedove.profile
 /etc/firejail/iceweasel.profile
+/etc/firejail/inkscape.profile
 /etc/firejail/inox.profile
 /etc/firejail/jitsi.profile
 /etc/firejail/kmail.profile
@@ -77,11 +81,13 @@
 /etc/firejail/lomath.profile
 /etc/firejail/loweb.profile
 /etc/firejail/lowriter.profile
+/etc/firejail/luminance-hdr.profile
 /etc/firejail/lxterminal.profile
 /etc/firejail/mathematica.profile
 /etc/firejail/mcabber.profile
 /etc/firejail/midori.profile
 /etc/firejail/mpv.profile
+/etc/firejail/mupdf.profile
 /etc/firejail/mupen64plus.profile
 /etc/firejail/netsurf.profile
 /etc/firejail/nolocal.net
@@ -96,10 +102,12 @@
 /etc/firejail/polari.profile
 /etc/firejail/psi-plus.profile
 /etc/firejail/qbittorrent.profile
+/etc/firejail/qpdfview.profile
 /etc/firejail/qtox.profile
 /etc/firejail/quassel.profile
 /etc/firejail/quiterss.profile
 /etc/firejail/qutebrowser.profile
+/etc/firejail/ranger.profile
 /etc/firejail/rhythmbox.profile
 /etc/firejail/rtorrent.profile
 /etc/firejail/seamonkey-bin.profile
@@ -114,6 +122,8 @@
 /etc/firejail/ssh.profile
 /etc/firejail/steam.profile
 /etc/firejail/stellarium.profile
+/etc/firejail/strings.profile
+/etc/firejail/synfigstudio.profile
 /etc/firejail/tar.profile
 /etc/firejail/telegram.profile
 /etc/firejail/thunderbird.profile
@@ -141,11 +151,4 @@
 /etc/firejail/xviewer.profile
 /etc/firejail/xz.profile
 /etc/firejail/xzdec.profile
-/etc/firejail/strings.profile
+/etc/firejail/zathura.profile
-/etc/firejail/dosbox.profile
-/etc/firejail/mupdf.profile
-/etc/firejail/qpdfview.profile
-/etc/firejail/luminance-hdr.profile
-/etc/firejail/synfigstudio.profile
-/etc/firejail/gimp.profile
-/etc/firejail/inkscape.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 75265545b..9e5ff7f12 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -91,6 +91,7 @@ audacity
 clementine
 cmus
 deadbeef
+feh
 gnome-mplayer
 google-play-music-desktop-player
 mpv
@@ -111,8 +112,10 @@ atril
 cherrytree
 evince
 fbreader
-gwenview
+gimp
 gthumb
+gwenview
+inkscape
 libreoffice
 localc
 lodraw
@@ -122,23 +125,23 @@ loimpress
 lomath
 loweb
 lowriter
+luminance-hdr
+mupdf
+qpdfview
 soffice
+synfigstudio
 Mathematica
 mathematica
 okular
 pix
 xreader
-mupdf
+zathura
-qpdfview
-luminance-hdr
-synfigstudio
-gimp
-inkscape
 # other
 ssh
 atom-beta
 atom
+ranger
 # weather/climate
 aweather
author	netblue30 <netblue30@yahoo.com>	2016-10-02 08:44:31 -0400
committer	GitHub <noreply@github.com>	2016-10-02 08:44:31 -0400
commit	a14569035e39fc9906a86ec0b3659306a02304c5 (patch)
tree	920a1e01250be9eabbdc617b7adba3a0a687576e
parent	dropping requirement for network namespace when using --x11 (diff)
parent	Updated list of new profiles (diff)
download	firejail-a14569035e39fc9906a86ec0b3659306a02304c5.tar.gz firejail-a14569035e39fc9906a86ec0b3659306a02304c5.tar.zst firejail-a14569035e39fc9906a86ec0b3659306a02304c5.zip

diff --git a/README.md b/README.md index 6fa6c996c..99b78d8ca 100644 --- a/README.md +++ b/README.md
@@ -88,5 +88,5 @@ x11 xpra, x11 xephyr, x11 block, allusers, join-or-start
88		88
89	## New profiles	89	## New profiles
90		90
91	qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape	91	qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape, feh, ranger, zathura
92		92


diff --git a/etc/feh.profile b/etc/feh.profile new file mode 100644 index 000000000..ba8f32f44 --- /dev/null +++ b/etc/feh.profile
@@ -0,0 +1,13 @@
		1	# feh image viewer profile
		2	include /etc/firejail/disable-common.inc
		3	include /etc/firejail/disable-programs.inc
		4	include /etc/firejail/disable-devel.inc
		5	include /etc/firejail/disable-passwdmgr.inc
		6
		7	caps.drop all
		8	netfilter
		9	nonewprivs
		10	noroot
		11	nosound
		12	protocol unix
		13	seccomp


diff --git a/etc/ranger.profile b/etc/ranger.profile new file mode 100644 index 000000000..775098d91 --- /dev/null +++ b/etc/ranger.profile
@@ -0,0 +1,13 @@
		1	# ranger file manager profile
		2	include /etc/firejail/disable-common.inc
		3	include /etc/firejail/disable-programs.inc
		4	include /etc/firejail/disable-devel.inc
		5	include /etc/firejail/disable-passwdmgr.inc
		6
		7	caps.drop all
		8	netfilter
		9	nonewprivs
		10	noroot
		11	protocol unix
		12	seccomp
		13	nosound


diff --git a/etc/zathura.profile b/etc/zathura.profile new file mode 100644 index 000000000..99d9a1a90 --- /dev/null +++ b/etc/zathura.profile
@@ -0,0 +1,19 @@
		1	# zathura document viewer profile
		2	# noblacklist ~/.config/zathura
		3	# noblacklist ~/.local/share/zathura
		4	include /etc/firejail/disable-common.inc
		5	include /etc/firejail/disable-programs.inc
		6	include /etc/firejail/disable-devel.inc
		7	include /etc/firejail/disable-passwdmgr.inc
		8
		9	caps.drop all
		10	seccomp
		11	protocol unix
		12	netfilter
		13	nonewprivs
		14	noroot
		15	nosound
		16
		17	#net none
		18	shell none
		19	#private-etc X11


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index fb6c18b36..af8e74ba8 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -30,12 +30,14 @@
30	/etc/firejail/disable-programs.inc	30	/etc/firejail/disable-programs.inc
31	/etc/firejail/dnscrypt-proxy.profile	31	/etc/firejail/dnscrypt-proxy.profile
32	/etc/firejail/dnsmasq.profile	32	/etc/firejail/dnsmasq.profile
		33	/etc/firejail/dosbox.profile
33	/etc/firejail/dropbox.profile	34	/etc/firejail/dropbox.profile
34	/etc/firejail/empathy.profile	35	/etc/firejail/empathy.profile
35	/etc/firejail/eom.profile	36	/etc/firejail/eom.profile
36	/etc/firejail/epiphany.profile	37	/etc/firejail/epiphany.profile
37	/etc/firejail/evince.profile	38	/etc/firejail/evince.profile
38	/etc/firejail/fbreader.profile	39	/etc/firejail/fbreader.profile
		40	/etc/firejail/feh.profile
39	/etc/firejail/file.profile	41	/etc/firejail/file.profile
40	/etc/firejail/filezilla.profile	42	/etc/firejail/filezilla.profile
41	/etc/firejail/firefox-esr.profile	43	/etc/firejail/firefox-esr.profile
@@ -44,6 +46,7 @@
44	/etc/firejail/flashpeak-slimjet.profile	46	/etc/firejail/flashpeak-slimjet.profile
45	/etc/firejail/franz.profile	47	/etc/firejail/franz.profile
46	/etc/firejail/gajim.profile	48	/etc/firejail/gajim.profile
		49	/etc/firejail/gimp.profile
47	/etc/firejail/gitter.profile	50	/etc/firejail/gitter.profile
48	/etc/firejail/gnome-chess.profile	51	/etc/firejail/gnome-chess.profile
49	/etc/firejail/gnome-mplayer.profile	52	/etc/firejail/gnome-mplayer.profile
@@ -62,6 +65,7 @@
62	/etc/firejail/icecat.profile	65	/etc/firejail/icecat.profile
63	/etc/firejail/icedove.profile	66	/etc/firejail/icedove.profile
64	/etc/firejail/iceweasel.profile	67	/etc/firejail/iceweasel.profile
		68	/etc/firejail/inkscape.profile
65	/etc/firejail/inox.profile	69	/etc/firejail/inox.profile
66	/etc/firejail/jitsi.profile	70	/etc/firejail/jitsi.profile
67	/etc/firejail/kmail.profile	71	/etc/firejail/kmail.profile
@@ -77,11 +81,13 @@
77	/etc/firejail/lomath.profile	81	/etc/firejail/lomath.profile
78	/etc/firejail/loweb.profile	82	/etc/firejail/loweb.profile
79	/etc/firejail/lowriter.profile	83	/etc/firejail/lowriter.profile
		84	/etc/firejail/luminance-hdr.profile
80	/etc/firejail/lxterminal.profile	85	/etc/firejail/lxterminal.profile
81	/etc/firejail/mathematica.profile	86	/etc/firejail/mathematica.profile
82	/etc/firejail/mcabber.profile	87	/etc/firejail/mcabber.profile
83	/etc/firejail/midori.profile	88	/etc/firejail/midori.profile
84	/etc/firejail/mpv.profile	89	/etc/firejail/mpv.profile
		90	/etc/firejail/mupdf.profile
85	/etc/firejail/mupen64plus.profile	91	/etc/firejail/mupen64plus.profile
86	/etc/firejail/netsurf.profile	92	/etc/firejail/netsurf.profile
87	/etc/firejail/nolocal.net	93	/etc/firejail/nolocal.net
@@ -96,10 +102,12 @@
96	/etc/firejail/polari.profile	102	/etc/firejail/polari.profile
97	/etc/firejail/psi-plus.profile	103	/etc/firejail/psi-plus.profile
98	/etc/firejail/qbittorrent.profile	104	/etc/firejail/qbittorrent.profile
		105	/etc/firejail/qpdfview.profile
99	/etc/firejail/qtox.profile	106	/etc/firejail/qtox.profile
100	/etc/firejail/quassel.profile	107	/etc/firejail/quassel.profile
101	/etc/firejail/quiterss.profile	108	/etc/firejail/quiterss.profile
102	/etc/firejail/qutebrowser.profile	109	/etc/firejail/qutebrowser.profile
		110	/etc/firejail/ranger.profile
103	/etc/firejail/rhythmbox.profile	111	/etc/firejail/rhythmbox.profile
104	/etc/firejail/rtorrent.profile	112	/etc/firejail/rtorrent.profile
105	/etc/firejail/seamonkey-bin.profile	113	/etc/firejail/seamonkey-bin.profile
@@ -114,6 +122,8 @@
114	/etc/firejail/ssh.profile	122	/etc/firejail/ssh.profile
115	/etc/firejail/steam.profile	123	/etc/firejail/steam.profile
116	/etc/firejail/stellarium.profile	124	/etc/firejail/stellarium.profile
		125	/etc/firejail/strings.profile
		126	/etc/firejail/synfigstudio.profile
117	/etc/firejail/tar.profile	127	/etc/firejail/tar.profile
118	/etc/firejail/telegram.profile	128	/etc/firejail/telegram.profile
119	/etc/firejail/thunderbird.profile	129	/etc/firejail/thunderbird.profile
@@ -141,11 +151,4 @@
141	/etc/firejail/xviewer.profile	151	/etc/firejail/xviewer.profile
142	/etc/firejail/xz.profile	152	/etc/firejail/xz.profile
143	/etc/firejail/xzdec.profile	153	/etc/firejail/xzdec.profile
144	/etc/firejail/strings.profile	154	/etc/firejail/zathura.profile
145	/etc/firejail/dosbox.profile
146	/etc/firejail/mupdf.profile
147	/etc/firejail/qpdfview.profile
148	/etc/firejail/luminance-hdr.profile
149	/etc/firejail/synfigstudio.profile
150	/etc/firejail/gimp.profile
151	/etc/firejail/inkscape.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 75265545b..9e5ff7f12 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -91,6 +91,7 @@ audacity
91	clementine	91	clementine
92	cmus	92	cmus
93	deadbeef	93	deadbeef
		94	feh
94	gnome-mplayer	95	gnome-mplayer
95	google-play-music-desktop-player	96	google-play-music-desktop-player
96	mpv	97	mpv
@@ -111,8 +112,10 @@ atril
111	cherrytree	112	cherrytree
112	evince	113	evince
113	fbreader	114	fbreader
114	gwenview	115	gimp
115	gthumb	116	gthumb
		117	gwenview
		118	inkscape
116	libreoffice	119	libreoffice
117	localc	120	localc
118	lodraw	121	lodraw
@@ -122,23 +125,23 @@ loimpress
122	lomath	125	lomath
123	loweb	126	loweb
124	lowriter	127	lowriter
		128	luminance-hdr
		129	mupdf
		130	qpdfview
125	soffice	131	soffice
		132	synfigstudio
126	Mathematica	133	Mathematica
127	mathematica	134	mathematica
128	okular	135	okular
129	pix	136	pix
130	xreader	137	xreader
131	mupdf	138	zathura
132	qpdfview
133	luminance-hdr
134	synfigstudio
135	gimp
136	inkscape
137		139
138	# other	140	# other
139	ssh	141	ssh
140	atom-beta	142	atom-beta
141	atom	143	atom
		144	ranger
142		145
143	# weather/climate	146	# weather/climate
144	aweather	147	aweather