added gpredict profile

author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2016-04-19 00:06:13 +1000
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2016-04-19 00:06:13 +1000
commit: bc5a06e9970fe03325f28e0cdef96ea5c596113f (patch)
tree: 7004b74d466f00657c40c2986fc646c6d6abdc82
parent: added okular and gwenview profiles (diff)
download: firejail-bc5a06e9970fe03325f28e0cdef96ea5c596113f.tar.gz
firejail-bc5a06e9970fe03325f28e0cdef96ea5c596113f.tar.zst
firejail-bc5a06e9970fe03325f28e0cdef96ea5c596113f.zip
7 files changed, 32 insertions, 3 deletions
diff --git a/Makefile.in b/Makefile.in
index bc8061985..cb897c23d 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -168,6 +168,7 @@ realinstall:
        install -c -m 0644 .etc/warzone2100.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/gpredict.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
        sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
        rm -fr .etc
diff --git a/README b/README
index e4ad5a49f..d0a7aaf8d 100644
--- a/README
+++ b/README
@@ -31,9 +31,10 @@ Fred-Barclay (https://github.com/Fred-Barclay)
        - added PaleMoon profile
        - split Icedove and Thunderbird profiles
        - added 0ad profile
-        - fixed version for deb packages
+        - fixed version for .deb packages
        - added Warzone2100 profile
        - blacklisted VeraCrypt
+        - added Gpredict profile
 avoidr (https://github.com/avoidr)
        - whitelist fix
        - recently-used.xbel fix
diff --git a/README.md b/README.md
index afa1fa35c..ca7927fff 100644
--- a/README.md
+++ b/README.md
@@ -282,5 +282,5 @@ $ man firejail-profile
 ## New security profiles
 lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
 OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,
-Warzone2100, okular, gwenview
+Warzone2100, okular, gwenview, Gpredict
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 23dd8e025..6c5515894 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -8,6 +8,7 @@ blacklist ${HOME}/.Wolfram Research
 blacklist ${HOME}/.config/mupen64plus
 blacklist ${HOME}/.config/transmission
 blacklist ${HOME}/.config/uGet
+blacklist ${HOME}/.config/Gpredict
 blacklist ~/.kde/share/apps/okular
 blacklist ~/.kde/share/config/okularrc
 blacklist ~/.kde/share/config/okularpartrc
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
new file mode 100644
index 000000000..f53cb1b4f
--- /dev/null
+++ b/etc/gpredict.profile
@@ -0,0 +1,23 @@
+# Firejail profile for gpredict.
+# Noblacklist
+noblacklist ~/.config/Gpredict
+# Include
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+# Call these options
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+# Whitelist
+mkdir ~/.config
+mkdir ~/.config/Gpredict
+whitelist ~/.config/Gpredict
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 1ea112301..6f5b564a0 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -87,4 +87,4 @@
 /etc/firejail/warzone2100.profile
 /etc/firejail/okular.profile
 /etc/firejail/gwenview.profile
+/etc/firejail/gpredict.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index d732796e9..8bebf76af 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -2,6 +2,9 @@
 # This is the list of programs handled by firecfg utility
 #
+# astronomy
+gpredict
 # browsers/email
 firefox
 iceweasel
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2016-04-19 00:06:13 +1000
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2016-04-19 00:06:13 +1000
commit	bc5a06e9970fe03325f28e0cdef96ea5c596113f (patch)
tree	7004b74d466f00657c40c2986fc646c6d6abdc82
parent	added okular and gwenview profiles (diff)
download	firejail-bc5a06e9970fe03325f28e0cdef96ea5c596113f.tar.gz firejail-bc5a06e9970fe03325f28e0cdef96ea5c596113f.tar.zst firejail-bc5a06e9970fe03325f28e0cdef96ea5c596113f.zip

diff --git a/Makefile.in b/Makefile.in index bc8061985..cb897c23d 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -168,6 +168,7 @@ realinstall:
168	install -c -m 0644 .etc/warzone2100.profile $(DESTDIR)/$(sysconfdir)/firejail/.	168	install -c -m 0644 .etc/warzone2100.profile $(DESTDIR)/$(sysconfdir)/firejail/.
169	install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/.	169	install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/.
170	install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/.	170	install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/.
		171	install -c -m 0644 .etc/gpredict.profile $(DESTDIR)/$(sysconfdir)/firejail/.
171	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"	172	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
172	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"	173	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
173	rm -fr .etc	174	rm -fr .etc


diff --git a/README b/README index e4ad5a49f..d0a7aaf8d 100644 --- a/README +++ b/README
@@ -31,9 +31,10 @@ Fred-Barclay (https://github.com/Fred-Barclay)
31	- added PaleMoon profile	31	- added PaleMoon profile
32	- split Icedove and Thunderbird profiles	32	- split Icedove and Thunderbird profiles
33	- added 0ad profile	33	- added 0ad profile
34	- fixed version for deb packages	34	- fixed version for .deb packages
35	- added Warzone2100 profile	35	- added Warzone2100 profile
36	- blacklisted VeraCrypt	36	- blacklisted VeraCrypt
		37	- added Gpredict profile
37	avoidr (https://github.com/avoidr)	38	avoidr (https://github.com/avoidr)
38	- whitelist fix	39	- whitelist fix
39	- recently-used.xbel fix	40	- recently-used.xbel fix


diff --git a/README.md b/README.md index afa1fa35c..ca7927fff 100644 --- a/README.md +++ b/README.md
@@ -282,5 +282,5 @@ $ man firejail-profile
282	## New security profiles	282	## New security profiles
283	lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,	283	lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
284	OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,	284	OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,
285	Warzone2100, okular, gwenview	285	Warzone2100, okular, gwenview, Gpredict
286		286


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 23dd8e025..6c5515894 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -8,6 +8,7 @@ blacklist ${HOME}/.Wolfram Research
8	blacklist ${HOME}/.config/mupen64plus	8	blacklist ${HOME}/.config/mupen64plus
9	blacklist ${HOME}/.config/transmission	9	blacklist ${HOME}/.config/transmission
10	blacklist ${HOME}/.config/uGet	10	blacklist ${HOME}/.config/uGet
		11	blacklist ${HOME}/.config/Gpredict
11	blacklist ~/.kde/share/apps/okular	12	blacklist ~/.kde/share/apps/okular
12	blacklist ~/.kde/share/config/okularrc	13	blacklist ~/.kde/share/config/okularrc
13	blacklist ~/.kde/share/config/okularpartrc	14	blacklist ~/.kde/share/config/okularpartrc


diff --git a/etc/gpredict.profile b/etc/gpredict.profile new file mode 100644 index 000000000..f53cb1b4f --- /dev/null +++ b/etc/gpredict.profile
@@ -0,0 +1,23 @@
		1	# Firejail profile for gpredict.
		2
		3	# Noblacklist
		4	noblacklist ~/.config/Gpredict
		5
		6	# Include
		7	include /etc/firejail/disable-common.inc
		8	include /etc/firejail/disable-devel.inc
		9	include /etc/firejail/disable-passwdmgr.inc
		10	include /etc/firejail/disable-programs.inc
		11
		12	# Call these options
		13	caps.drop all
		14	netfilter
		15	noroot
		16	protocol unix,inet,inet6,netlink
		17	seccomp
		18	tracelog
		19
		20	# Whitelist
		21	mkdir ~/.config
		22	mkdir ~/.config/Gpredict
		23	whitelist ~/.config/Gpredict


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 1ea112301..6f5b564a0 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -87,4 +87,4 @@
87	/etc/firejail/warzone2100.profile	87	/etc/firejail/warzone2100.profile
88	/etc/firejail/okular.profile	88	/etc/firejail/okular.profile
89	/etc/firejail/gwenview.profile	89	/etc/firejail/gwenview.profile
90		90	/etc/firejail/gpredict.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index d732796e9..8bebf76af 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -2,6 +2,9 @@
2	# This is the list of programs handled by firecfg utility	2	# This is the list of programs handled by firecfg utility
3	#	3	#
4		4
		5	# astronomy
		6	gpredict
		7
5	# browsers/email	8	# browsers/email
6	firefox	9	firefox
7	iceweasel	10	iceweasel