Aisleriot fixes + add profile for FeedReader

author: Tad <tad@spotco.us> 2018-11-22 13:50:48 -0500
committer: Tad <tad@spotco.us> 2018-11-22 13:50:48 -0500
commit: cc898c19023a9aea92bc7e863f8fd46600d27598 (patch)
tree: 8dcaab722a48b4fe44ddd2b4e7f9c02116d528b0
parent: playonlinux.profile: allow python (diff)
download: firejail-cc898c19023a9aea92bc7e863f8fd46600d27598.tar.gz
firejail-cc898c19023a9aea92bc7e863f8fd46600d27598.tar.zst
firejail-cc898c19023a9aea92bc7e863f8fd46600d27598.zip
5 files changed, 53 insertions, 9 deletions
diff --git a/README.md b/README.md
index 9e61e5633..df436721e 100644
--- a/README.md
+++ b/README.md
@@ -148,4 +148,4 @@ QMediathekView, aria2c, Authenticator, checkbashisms, devilspie, devilspie2, eas
 bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep,
 lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore,
 lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui, mencoder, gnome-pie,
-masterpdfeditor, QOwnNotes, aisleriot, Mendeley
+masterpdfeditor, QOwnNotes, aisleriot, Mendeley, feedreader
diff --git a/RELNOTES b/RELNOTES
index 4e2e22acf..6d2582a59 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -11,6 +11,7 @@ firejail (0.9.56.1) baseline; urgency=low
  * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
  * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
  * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley
+  * new profiles: feedreader
 -- netblue30 <netblue30@yahoo.com>  Thu, 11 Oct 2018 08:00:00 -0500
 firejail (0.9.56) baseline; urgency=low
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 4ef0f2f53..796af28f0 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -408,6 +408,7 @@ blacklist ${HOME}/.local/share/dolphin
 blacklist ${HOME}/.local/share/emailidentities
 blacklist ${HOME}/.local/share/epiphany
 blacklist ${HOME}/.local/share/evolution
+blacklist ${HOME}/.local/share/feedreader
 blacklist ${HOME}/.local/share/feral-interactive
 blacklist ${HOME}/.local/share/gajim
 blacklist ${HOME}/.local/share/geary
@@ -568,6 +569,7 @@ blacklist ${HOME}/.cache/dolphin
 blacklist ${HOME}/.cache/epiphany
 blacklist ${HOME}/.cache/evolution
 blacklist ${HOME}/.cache/falkon
+blacklist ${HOME}/.cache/feedreader
 blacklist ${HOME}/.cache/fossamail
 blacklist ${HOME}/.cache/gajim
 blacklist ${HOME}/.cache/geeqie
diff --git a/etc/feedreader.profile b/etc/feedreader.profile
new file mode 100644
index 000000000..44ed475bc
--- /dev/null
+++ b/etc/feedreader.profile
@@ -0,0 +1,45 @@
+# Firejail profile for feedreader
+# Description: RSS client
+# This file is overwritten after every install/update
+# Persistent local customizations
+include feedreader.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/feedreader
+noblacklist ${HOME}/.local/share/feedreader
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+mkdir ${HOME}/.cache/feedreader
+mkdir ${HOME}/.local/share/feedreader
+whitelist ${HOME}/.cache/feedreader
+whitelist ${HOME}/.local/share/feedreader
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+netfilter
+# no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+# nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/sol.profile b/etc/sol.profile
index c0ad3c739..e5a356f68 100644
--- a/etc/sol.profile
+++ b/etc/sol.profile
@@ -15,13 +15,12 @@ include disable-xdg.inc
 # all necessary files in $HOME are in whitelist-common.inc
 include whitelist-common.inc
 include whitelist-var-common.inc
-net none
 caps.drop all
-# ipc-namespace
+ipc-namespace
-# netfilter
+net none
 # no3d
-# nodbus
+nodbus
 nodvd
 nogroups
 nonewprivs
@@ -35,12 +34,9 @@ seccomp
 shell none
 disable-mnt
-# private
 private-bin sol
-# private-cache
+private-cache
 private-dev
-# private-etc none
-# private-lib
 private-tmp
 memory-deny-write-execute
author	Tad <tad@spotco.us>	2018-11-22 13:50:48 -0500
committer	Tad <tad@spotco.us>	2018-11-22 13:50:48 -0500
commit	cc898c19023a9aea92bc7e863f8fd46600d27598 (patch)
tree	8dcaab722a48b4fe44ddd2b4e7f9c02116d528b0
parent	playonlinux.profile: allow python (diff)
download	firejail-cc898c19023a9aea92bc7e863f8fd46600d27598.tar.gz firejail-cc898c19023a9aea92bc7e863f8fd46600d27598.tar.zst firejail-cc898c19023a9aea92bc7e863f8fd46600d27598.zip

diff --git a/README.md b/README.md index 9e61e5633..df436721e 100644 --- a/README.md +++ b/README.md
@@ -148,4 +148,4 @@ QMediathekView, aria2c, Authenticator, checkbashisms, devilspie, devilspie2, eas
148	bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep,	148	bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep,
149	lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore,	149	lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore,
150	lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui, mencoder, gnome-pie,	150	lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui, mencoder, gnome-pie,
151	masterpdfeditor, QOwnNotes, aisleriot, Mendeley	151	masterpdfeditor, QOwnNotes, aisleriot, Mendeley, feedreader


diff --git a/RELNOTES b/RELNOTES index 4e2e22acf..6d2582a59 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -11,6 +11,7 @@ firejail (0.9.56.1) baseline; urgency=low
11	* new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh	11	* new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
12	* new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie	12	* new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
13	* new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley	13	* new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley
		14	* new profiles: feedreader
14	-- netblue30 <netblue30@yahoo.com> Thu, 11 Oct 2018 08:00:00 -0500	15	-- netblue30 <netblue30@yahoo.com> Thu, 11 Oct 2018 08:00:00 -0500
15		16
16	firejail (0.9.56) baseline; urgency=low	17	firejail (0.9.56) baseline; urgency=low


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 4ef0f2f53..796af28f0 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -408,6 +408,7 @@ blacklist ${HOME}/.local/share/dolphin
408	blacklist ${HOME}/.local/share/emailidentities	408	blacklist ${HOME}/.local/share/emailidentities
409	blacklist ${HOME}/.local/share/epiphany	409	blacklist ${HOME}/.local/share/epiphany
410	blacklist ${HOME}/.local/share/evolution	410	blacklist ${HOME}/.local/share/evolution
		411	blacklist ${HOME}/.local/share/feedreader
411	blacklist ${HOME}/.local/share/feral-interactive	412	blacklist ${HOME}/.local/share/feral-interactive
412	blacklist ${HOME}/.local/share/gajim	413	blacklist ${HOME}/.local/share/gajim
413	blacklist ${HOME}/.local/share/geary	414	blacklist ${HOME}/.local/share/geary
@@ -568,6 +569,7 @@ blacklist ${HOME}/.cache/dolphin
568	blacklist ${HOME}/.cache/epiphany	569	blacklist ${HOME}/.cache/epiphany
569	blacklist ${HOME}/.cache/evolution	570	blacklist ${HOME}/.cache/evolution
570	blacklist ${HOME}/.cache/falkon	571	blacklist ${HOME}/.cache/falkon
		572	blacklist ${HOME}/.cache/feedreader
571	blacklist ${HOME}/.cache/fossamail	573	blacklist ${HOME}/.cache/fossamail
572	blacklist ${HOME}/.cache/gajim	574	blacklist ${HOME}/.cache/gajim
573	blacklist ${HOME}/.cache/geeqie	575	blacklist ${HOME}/.cache/geeqie


diff --git a/etc/feedreader.profile b/etc/feedreader.profile new file mode 100644 index 000000000..44ed475bc --- /dev/null +++ b/etc/feedreader.profile
@@ -0,0 +1,45 @@
		1	# Firejail profile for feedreader
		2	# Description: RSS client
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include feedreader.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.cache/feedreader
		10	noblacklist ${HOME}/.local/share/feedreader
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17
		18	mkdir ${HOME}/.cache/feedreader
		19	mkdir ${HOME}/.local/share/feedreader
		20	whitelist ${HOME}/.cache/feedreader
		21	whitelist ${HOME}/.local/share/feedreader
		22	include whitelist-common.inc
		23	include whitelist-var-common.inc
		24
		25	caps.drop all
		26	netfilter
		27	# no3d
		28	nodvd
		29	nogroups
		30	nonewprivs
		31	noroot
		32	# nosound
		33	notv
		34	nou2f
		35	novideo
		36	protocol unix,inet,inet6
		37	seccomp
		38	shell none
		39
		40	disable-mnt
		41	private-dev
		42	private-tmp
		43
		44	noexec ${HOME}
		45	noexec /tmp


diff --git a/etc/sol.profile b/etc/sol.profile index c0ad3c739..e5a356f68 100644 --- a/etc/sol.profile +++ b/etc/sol.profile
@@ -15,13 +15,12 @@ include disable-xdg.inc
15	# all necessary files in $HOME are in whitelist-common.inc	15	# all necessary files in $HOME are in whitelist-common.inc
16	include whitelist-common.inc	16	include whitelist-common.inc
17	include whitelist-var-common.inc	17	include whitelist-var-common.inc
18	net none
19		18
20	caps.drop all	19	caps.drop all
21	# ipc-namespace	20	ipc-namespace
22	# netfilter	21	net none
23	# no3d	22	# no3d
24	# nodbus	23	nodbus
25	nodvd	24	nodvd
26	nogroups	25	nogroups
27	nonewprivs	26	nonewprivs
@@ -35,12 +34,9 @@ seccomp
35	shell none	34	shell none
36		35
37	disable-mnt	36	disable-mnt
38	# private
39	private-bin sol	37	private-bin sol
40	# private-cache	38	private-cache
41	private-dev	39	private-dev
42	# private-etc none
43	# private-lib
44	private-tmp	40	private-tmp
45		41
46	memory-deny-write-execute	42	memory-deny-write-execute