Merge branch 'master' of https://github.com/netblue30/firejail

author: smitsohu <smitsohu@gmail.com> 2019-01-20 19:09:23 +0100
committer: smitsohu <smitsohu@gmail.com> 2019-01-20 19:09:23 +0100
commit: 26584e22a338007bd3c770e296af163d7717298b (patch)
tree: 1c6dca42f67ae2ffb3119ac9e3b0caf576fc91f9
parent: cleanup, minor improvements (diff)
parent: Merge pull request #2356 from glitsj16/gnome-calculator (diff)
download: firejail-26584e22a338007bd3c770e296af163d7717298b.tar.gz
firejail-26584e22a338007bd3c770e296af163d7717298b.tar.zst
firejail-26584e22a338007bd3c770e296af163d7717298b.zip
7 files changed, 75 insertions, 0 deletions
diff --git a/etc/clawsker.profile b/etc/clawsker.profile
new file mode 100644
index 000000000..e863a6a45
--- /dev/null
+++ b/etc/clawsker.profile
@@ -0,0 +1,53 @@
+# Firejail profile for clawsker
+# Description: An applet to edit Claws Mail's hidden preferences
+# This file is overwritten after every install/update
+# Persistent local customizations
+include clawsker.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.claws-mail
+whitelist ${HOME}/.claws-mail
+# Allow perl (blacklisted by disable-interpreters.inc)
+noblacklist ${PATH}/cpan*
+noblacklist ${PATH}/core_perl
+noblacklist ${PATH}/perl
+noblacklist /usr/lib/perl*
+noblacklist /usr/share/perl*
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include whitelist-common.inc
+caps.drop all
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+# disable-mnt
+# private
+private-bin clawsker,perl
+private-cache
+private-dev
+private-etc fonts
+private-lib girepository-1.*,libgirepository-1.*,perl*
+private-tmp
+# memory-deny-write-execute - breaks on Arch
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/eog.profile b/etc/eog.profile
index 8cb64009c..75d343d4e 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -37,6 +37,7 @@ seccomp
 shell none
 private-bin eog
+private-cache
 private-dev
 private-etc fonts
 private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*
diff --git a/etc/gcalccmd.profile b/etc/gcalccmd.profile
new file mode 100644
index 000000000..691d6b0c4
--- /dev/null
+++ b/etc/gcalccmd.profile
@@ -0,0 +1,13 @@
+# Firejail profile for gcalccmd
+# Description: GNOME console calculator
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gcalccmd.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+private-bin gcalccmd
+# Redirect
+include gnome-calculator.profile
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index 7974211c7..be4b0c03f 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -37,6 +37,7 @@ shell none
 disable-mnt
 private-bin gnome-calculator
+private-cache
 private-dev
 private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*,libgnutls.so.*,libproxy.so.*,librsvg-2.so.*,libxml2.so.*
 private-tmp
diff --git a/etc/google-earth-pro.profile b/etc/google-earth-pro.profile
new file mode 100644
index 000000000..d62319fa2
--- /dev/null
+++ b/etc/google-earth-pro.profile
@@ -0,0 +1,4 @@
+# Redirect
+include google-earth.profile
+private-bin google-earth-pro
diff --git a/etc/google-earth.profile b/etc/google-earth.profile
index 6e5f99745..e075bfe9a 100644
--- a/etc/google-earth.profile
+++ b/etc/google-earth.profile
@@ -43,8 +43,10 @@ protocol unix,inet,inet6
 seccomp
 shell none
+disable-mnt
 private-bin google-earth,sh,bash,grep,sed,ls,dirname
 private-dev
+private-opt google
 noexec ${HOME}
 noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 0dd5f7ec5..ac94d16d6 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -86,6 +86,7 @@ clamdtop
 clamscan
 clamtk
 claws-mail
+clawsker
 clementine
 clipit
 cliqz
author	smitsohu <smitsohu@gmail.com>	2019-01-20 19:09:23 +0100
committer	smitsohu <smitsohu@gmail.com>	2019-01-20 19:09:23 +0100
commit	26584e22a338007bd3c770e296af163d7717298b (patch)
tree	1c6dca42f67ae2ffb3119ac9e3b0caf576fc91f9
parent	cleanup, minor improvements (diff)
parent	Merge pull request #2356 from glitsj16/gnome-calculator (diff)
download	firejail-26584e22a338007bd3c770e296af163d7717298b.tar.gz firejail-26584e22a338007bd3c770e296af163d7717298b.tar.zst firejail-26584e22a338007bd3c770e296af163d7717298b.zip

diff --git a/etc/clawsker.profile b/etc/clawsker.profile new file mode 100644 index 000000000..e863a6a45 --- /dev/null +++ b/etc/clawsker.profile
@@ -0,0 +1,53 @@
		1	# Firejail profile for clawsker
		2	# Description: An applet to edit Claws Mail's hidden preferences
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include clawsker.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.claws-mail
		10	whitelist ${HOME}/.claws-mail
		11
		12	# Allow perl (blacklisted by disable-interpreters.inc)
		13	noblacklist ${PATH}/cpan*
		14	noblacklist ${PATH}/core_perl
		15	noblacklist ${PATH}/perl
		16	noblacklist /usr/lib/perl*
		17	noblacklist /usr/share/perl*
		18
		19	include disable-common.inc
		20	include disable-devel.inc
		21	include disable-interpreters.inc
		22	include disable-passwdmgr.inc
		23	include disable-programs.inc
		24	include whitelist-common.inc
		25
		26	caps.drop all
		27	net none
		28	no3d
		29	nodbus
		30	nodvd
		31	nogroups
		32	nonewprivs
		33	noroot
		34	nosound
		35	notv
		36	nou2f
		37	novideo
		38	protocol unix
		39	seccomp
		40	shell none
		41
		42	# disable-mnt
		43	# private
		44	private-bin clawsker,perl
		45	private-cache
		46	private-dev
		47	private-etc fonts
		48	private-lib girepository-1.,libgirepository-1.,perl*
		49	private-tmp
		50
		51	# memory-deny-write-execute - breaks on Arch
		52	noexec ${HOME}
		53	noexec /tmp


diff --git a/etc/eog.profile b/etc/eog.profile index 8cb64009c..75d343d4e 100644 --- a/etc/eog.profile +++ b/etc/eog.profile
@@ -37,6 +37,7 @@ seccomp
37	shell none	37	shell none
38		38
39	private-bin eog	39	private-bin eog
		40	private-cache
40	private-dev	41	private-dev
41	private-etc fonts	42	private-etc fonts
42	private-lib gdk-pixbuf-2.,gio,girepository-1.,gvfs,libgconf-2.so.*	43	private-lib gdk-pixbuf-2.,gio,girepository-1.,gvfs,libgconf-2.so.*


diff --git a/etc/gcalccmd.profile b/etc/gcalccmd.profile new file mode 100644 index 000000000..691d6b0c4 --- /dev/null +++ b/etc/gcalccmd.profile
@@ -0,0 +1,13 @@
		1	# Firejail profile for gcalccmd
		2	# Description: GNOME console calculator
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include gcalccmd.local
		6	# Persistent global definitions
		7	# added by included profile
		8	#include globals.local
		9
		10	private-bin gcalccmd
		11
		12	# Redirect
		13	include gnome-calculator.profile


diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 7974211c7..be4b0c03f 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile
@@ -37,6 +37,7 @@ shell none
37		37
38	disable-mnt	38	disable-mnt
39	private-bin gnome-calculator	39	private-bin gnome-calculator
		40	private-cache
40	private-dev	41	private-dev
41	private-lib gdk-pixbuf-2.,gio,girepository-1.,gvfs,libgconf-2.so.,libgnutls.so.,libproxy.so.,librsvg-2.so.,libxml2.so.*	42	private-lib gdk-pixbuf-2.,gio,girepository-1.,gvfs,libgconf-2.so.,libgnutls.so.,libproxy.so.,librsvg-2.so.,libxml2.so.*
42	private-tmp	43	private-tmp


diff --git a/etc/google-earth-pro.profile b/etc/google-earth-pro.profile new file mode 100644 index 000000000..d62319fa2 --- /dev/null +++ b/etc/google-earth-pro.profile
@@ -0,0 +1,4 @@
		1	# Redirect
		2	include google-earth.profile
		3
		4	private-bin google-earth-pro


diff --git a/etc/google-earth.profile b/etc/google-earth.profile index 6e5f99745..e075bfe9a 100644 --- a/etc/google-earth.profile +++ b/etc/google-earth.profile
@@ -43,8 +43,10 @@ protocol unix,inet,inet6
43	seccomp	43	seccomp
44	shell none	44	shell none
45		45
		46	disable-mnt
46	private-bin google-earth,sh,bash,grep,sed,ls,dirname	47	private-bin google-earth,sh,bash,grep,sed,ls,dirname
47	private-dev	48	private-dev
		49	private-opt google
48		50
49	noexec ${HOME}	51	noexec ${HOME}
50	noexec /tmp	52	noexec /tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 0dd5f7ec5..ac94d16d6 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -86,6 +86,7 @@ clamdtop
86	clamscan	86	clamscan
87	clamtk	87	clamtk
88	claws-mail	88	claws-mail
		89	clawsker
89	clementine	90	clementine
90	clipit	91	clipit
91	cliqz	92	cliqz