diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-09-18 09:00:47 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-09-18 09:00:47 -0400 |
| commit | b0abaaaedc723a37efb993211a9f9ae83fbecc84 (patch) | |
| tree | 20f147e76fd6f5d3c45bb8ad32488e2a748ee6de | |
| parent | blacklist clipboard manager in disable-common.inc (diff) | |
| download | firejail-b0abaaaedc723a37efb993211a9f9ae83fbecc84.tar.gz firejail-b0abaaaedc723a37efb993211a9f9ae83fbecc84.tar.zst firejail-b0abaaaedc723a37efb993211a9f9ae83fbecc84.zip | |
electron profile whitelisting
| -rw-r--r-- | README | 2 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/electron.profile | 5 |
3 files changed, 7 insertions, 1 deletions
| @@ -509,6 +509,8 @@ Topi Miettinen (https://github.com/topimiettinen) | |||
| 509 | - seccomp default list update | 509 | - seccomp default list update |
| 510 | - improve loading of seccomp filter and memory-deny-write-execute feature | 510 | - improve loading of seccomp filter and memory-deny-write-execute feature |
| 511 | - private-lib feature | 511 | - private-lib feature |
| 512 | user1024 (user1024@tut.by) | ||
| 513 | - electron profile whitelisting | ||
| 512 | valoq (https://github.com/valoq) | 514 | valoq (https://github.com/valoq) |
| 513 | - lots of profile fixes | 515 | - lots of profile fixes |
| 514 | - added support for /srv in --whitelist feature | 516 | - added support for /srv in --whitelist feature |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index ff750ecd9..e740353a6 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -51,6 +51,7 @@ blacklist ${HOME}/.config/Qlipper | |||
| 51 | blacklist ${HOME}/.config/QuiteRss | 51 | blacklist ${HOME}/.config/QuiteRss |
| 52 | blacklist ${HOME}/.config/QuiteRssrc | 52 | blacklist ${HOME}/.config/QuiteRssrc |
| 53 | blacklist ${HOME}/.config/Riot | 53 | blacklist ${HOME}/.config/Riot |
| 54 | blacklist ${HOME}/.config/Rocket.Chat | ||
| 54 | blacklist ${HOME}/.config/Slack | 55 | blacklist ${HOME}/.config/Slack |
| 55 | blacklist ${HOME}/.config/Thunar | 56 | blacklist ${HOME}/.config/Thunar |
| 56 | blacklist ${HOME}/.config/VirtualBox | 57 | blacklist ${HOME}/.config/VirtualBox |
diff --git a/etc/electron.profile b/etc/electron.profile index 9b21c1bfd..e5aee4358 100644 --- a/etc/electron.profile +++ b/etc/electron.profile | |||
| @@ -5,11 +5,14 @@ include /etc/firejail/electron.local | |||
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
| 8 | 8 | noblacklist ~/.config/Rocket.Chat | |
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
| 12 | 12 | ||
| 13 | whitelist ${DOWNLOADS} | ||
| 14 | whitelist ~/.config/Rocket.Chat | ||
| 15 | |||
| 13 | caps.drop all | 16 | caps.drop all |
| 14 | netfilter | 17 | netfilter |
| 15 | nodvd | 18 | nodvd |