diff options
| author |  SkewedZeppelin <8296104+SkewedZeppelin@users.noreply.github.com> | 2019-02-17 10:36:56 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2019-02-17 10:36:56 +0000 |
| commit | 2021baf92be838b9bc30ff25c24ebcd7fbd3eb62 (patch) | |
| tree | 3bc4cab6e3633b740d8465623ecc45281f80b1e4 | |
| parent | typo (diff) | |
| parent | Review mypaint.profile (diff) | |
| download | firejail-2021baf92be838b9bc30ff25c24ebcd7fbd3eb62.tar.gz firejail-2021baf92be838b9bc30ff25c24ebcd7fbd3eb62.tar.zst firejail-2021baf92be838b9bc30ff25c24ebcd7fbd3eb62.zip | |
Merge pull request #2412 from rusty-snake/add-mypaint
Add profiles for mypaint & mypaint-ora-thumbnailer
| -rw-r--r-- | etc/disable-programs.inc | 3 | ||||
| -rw-r--r-- | etc/mypaint-ora-thumbnailer.profile | 5 | ||||
| -rw-r--r-- | etc/mypaint.profile | 48 | ||||
| -rw-r--r-- | src/firecfg/firecfg.config | 2 |
4 files changed, 58 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 32c3ddb07..39aab61c1 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -201,6 +201,7 @@ blacklist ${HOME}/.config/mono | |||
| 201 | blacklist ${HOME}/.config/mpd | 201 | blacklist ${HOME}/.config/mpd |
| 202 | blacklist ${HOME}/.config/mpv | 202 | blacklist ${HOME}/.config/mpv |
| 203 | blacklist ${HOME}/.config/mupen64plus | 203 | blacklist ${HOME}/.config/mupen64plus |
| 204 | blacklist ${HOME}/.config/mypaint | ||
| 204 | blacklist ${HOME}/.config/nautilus | 205 | blacklist ${HOME}/.config/nautilus |
| 205 | blacklist ${HOME}/.config/nemo | 206 | blacklist ${HOME}/.config/nemo |
| 206 | blacklist ${HOME}/.config/netsurf | 207 | blacklist ${HOME}/.config/netsurf |
| @@ -450,6 +451,7 @@ blacklist ${HOME}/.local/share/midori | |||
| 450 | blacklist ${HOME}/.local/share/multimc | 451 | blacklist ${HOME}/.local/share/multimc |
| 451 | blacklist ${HOME}/.local/share/multimc5 | 452 | blacklist ${HOME}/.local/share/multimc5 |
| 452 | blacklist ${HOME}/.local/share/mupen64plus | 453 | blacklist ${HOME}/.local/share/mupen64plus |
| 454 | blacklist ${HOME}/.local/share/mypaint | ||
| 453 | blacklist ${HOME}/.local/share/nautilus | 455 | blacklist ${HOME}/.local/share/nautilus |
| 454 | blacklist ${HOME}/.local/share/nautilus-python | 456 | blacklist ${HOME}/.local/share/nautilus-python |
| 455 | blacklist ${HOME}/.local/share/nemo | 457 | blacklist ${HOME}/.local/share/nemo |
| @@ -612,6 +614,7 @@ blacklist ${HOME}/.cache/moonchild productions/basilisk | |||
| 612 | blacklist ${HOME}/.cache/moonchild productions/pale moon | 614 | blacklist ${HOME}/.cache/moonchild productions/pale moon |
| 613 | blacklist ${HOME}/.cache/mozilla | 615 | blacklist ${HOME}/.cache/mozilla |
| 614 | blacklist ${HOME}/.cache/mutt | 616 | blacklist ${HOME}/.cache/mutt |
| 617 | blacklist ${HOME}/.cache/mypaint | ||
| 615 | blacklist ${HOME}/.cache/nheko/nheko | 618 | blacklist ${HOME}/.cache/nheko/nheko |
| 616 | blacklist ${HOME}/.cache/netsurf | 619 | blacklist ${HOME}/.cache/netsurf |
| 617 | blacklist ${HOME}/.cache/okular | 620 | blacklist ${HOME}/.cache/okular |
diff --git a/etc/mypaint-ora-thumbnailer.profile b/etc/mypaint-ora-thumbnailer.profile new file mode 100644 index 000000000..59b3024ed --- /dev/null +++ b/etc/mypaint-ora-thumbnailer.profile | |||
| @@ -0,0 +1,5 @@ | |||
| 1 | # Firejail profile alias for mypaint-ora-thumbnailer | ||
| 2 | # This file is overwritten after every install/update | ||
| 3 | |||
| 4 | # Redirect | ||
| 5 | include mypaint.profile | ||
diff --git a/etc/mypaint.profile b/etc/mypaint.profile new file mode 100644 index 000000000..acec61816 --- /dev/null +++ b/etc/mypaint.profile | |||
| @@ -0,0 +1,48 @@ | |||
| 1 | # Firejail profile for mypaint | ||
| 2 | # Description: A fast and easy graphics application for digital painters | ||
| 3 | # This file is overwritten after every install/update | ||
| 4 | # Persistent local customizations | ||
| 5 | include mypaint.local | ||
| 6 | # Persistent global definitions | ||
| 7 | include globals.local | ||
| 8 | |||
| 9 | noblacklist ${HOME}/.cache/mypaint | ||
| 10 | noblacklist ${HOME}/.config/mypaint | ||
| 11 | noblacklist ${HOME}/.local/share/mypaint | ||
| 12 | noblacklist ${PATH}/python2* | ||
| 13 | noblacklist /usr/lib/python2* | ||
| 14 | noblacklist ${PICTURES} | ||
| 15 | |||
| 16 | include disable-common.inc | ||
| 17 | include disable-devel.inc | ||
| 18 | include disable-interpreters.inc | ||
| 19 | include disable-passwdmgr.inc | ||
| 20 | include disable-programs.inc | ||
| 21 | include disable-xdg.inc | ||
| 22 | |||
| 23 | apparmor | ||
| 24 | caps.drop all | ||
| 25 | machine-id | ||
| 26 | net none | ||
| 27 | no3d | ||
| 28 | nodbus | ||
| 29 | nodvd | ||
| 30 | nogroups | ||
| 31 | nonewprivs | ||
| 32 | noroot | ||
| 33 | nosound | ||
| 34 | notv | ||
| 35 | nou2f | ||
| 36 | novideo | ||
| 37 | protocol unix | ||
| 38 | seccomp | ||
| 39 | shell none | ||
| 40 | tracelog | ||
| 41 | |||
| 42 | private-cache | ||
| 43 | private-dev | ||
| 44 | private-etc fonts,gtk-3.0,dconf | ||
| 45 | private-tmp | ||
| 46 | |||
| 47 | noexec ${HOME} | ||
| 48 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 041ff1256..47b20006d 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
| @@ -312,6 +312,8 @@ mupen64plus | |||
| 312 | musescore | 312 | musescore |
| 313 | musixmatch | 313 | musixmatch |
| 314 | mutt | 314 | mutt |
| 315 | mypaint | ||
| 316 | mypaint-ora-thumbnailer | ||
| 315 | natron | 317 | natron |
| 316 | #nautilus - removed in order to let the application start in a new sandbox when clicking on icons in the file manager | 318 | #nautilus - removed in order to let the application start in a new sandbox when clicking on icons in the file manager |
| 317 | ncdu | 319 | ncdu |