profile fixes

author: netblue30 <netblue30@yahoo.com> 2016-11-05 09:44:50 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-11-05 09:44:50 -0400
commit: d43eb028d90d3417a70e9a5eb5e44ea3e3faa5a0 (patch)
tree: bf7eef48de8ec8467244cfc4b87f06c54ece1e32
parent: Merge pull request #893 from bog-dan-ro/master (diff)
download: firejail-d43eb028d90d3417a70e9a5eb5e44ea3e3faa5a0.tar.gz
firejail-d43eb028d90d3417a70e9a5eb5e44ea3e3faa5a0.tar.zst
firejail-d43eb028d90d3417a70e9a5eb5e44ea3e3faa5a0.zip
6 files changed, 9 insertions, 5 deletions
diff --git a/README b/README
index 50bc00099..7599f4cf1 100644
--- a/README
+++ b/README
@@ -80,6 +80,8 @@ Fred-Barclay (https://github.com/Fred-Barclay)
        - evince profile enhancement
        - tightened Spotify profile
        - added xiphos and Tor Browser Bundle profiles
+BogDan Vatra (https://github.com/bog-dan-ro)
+        - zoom profile
 Impyy (https://github.com/Impyy)
        - added mumble profile
 valoq (https://github.com/valoq)
@@ -88,6 +90,8 @@ valoq (https://github.com/valoq)
        - added support for /srv in --whitelist feature
        - Eye of GNOME, Evolution, display (imagemagik) and Wire profiles
        - blacklist suid binaries in disable-common.inc
+        - fix man pages
+        - various profile improvements
 Vadim A. Misbakh-Soloviov (https://github.com/msva)
        - profile fixes
 Rafael Cavalcanti (https://github.com/rccavalcanti)
diff --git a/README.md b/README.md
index c6484d3b7..931b27ef3 100644
--- a/README.md
+++ b/README.md
@@ -52,5 +52,5 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is
 `````
 ## New Profiles
-xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble
+xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom
diff --git a/etc/evince.profile b/etc/evince.profile
index 9a9113c70..cbb2083f4 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -6,7 +6,7 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 netfilter
-net none
+#net none - creates some problems on some distributions
 nogroups
 nonewprivs
 noroot
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 7875ca6b9..3fb56fd0e 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -47,8 +47,7 @@ whitelist ~/.config/pipelight-silverlight5.1
 include /etc/firejail/whitelist-common.inc
 # experimental features
+#private-bin firefox,which,sh,dbus-launch,dbus-send,env
-private-bin firefox,which,sh,dbus-launch,dbus-send,env
 private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
 private-dev
 private-tmp
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index 65e6a8978..e022866e8 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -16,7 +16,7 @@ net none
 shell none
 tracelog
-seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev
+#seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev
 private-bin mupdf
 private-tmp
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index df660ab4f..ae8db5a67 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -171,3 +171,4 @@
 /etc/firejail/display.profile
 /etc/firejail/Wire.profile
 /etc/firejail/mumble.profile
+/etc/firejail/zoom.profile
author	netblue30 <netblue30@yahoo.com>	2016-11-05 09:44:50 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-11-05 09:44:50 -0400
commit	d43eb028d90d3417a70e9a5eb5e44ea3e3faa5a0 (patch)
tree	bf7eef48de8ec8467244cfc4b87f06c54ece1e32
parent	Merge pull request #893 from bog-dan-ro/master (diff)
download	firejail-d43eb028d90d3417a70e9a5eb5e44ea3e3faa5a0.tar.gz firejail-d43eb028d90d3417a70e9a5eb5e44ea3e3faa5a0.tar.zst firejail-d43eb028d90d3417a70e9a5eb5e44ea3e3faa5a0.zip

diff --git a/README b/README index 50bc00099..7599f4cf1 100644 --- a/README +++ b/README
@@ -80,6 +80,8 @@ Fred-Barclay (https://github.com/Fred-Barclay)
80	- evince profile enhancement	80	- evince profile enhancement
81	- tightened Spotify profile	81	- tightened Spotify profile
82	- added xiphos and Tor Browser Bundle profiles	82	- added xiphos and Tor Browser Bundle profiles
		83	BogDan Vatra (https://github.com/bog-dan-ro)
		84	- zoom profile
83	Impyy (https://github.com/Impyy)	85	Impyy (https://github.com/Impyy)
84	- added mumble profile	86	- added mumble profile
85	valoq (https://github.com/valoq)	87	valoq (https://github.com/valoq)
@@ -88,6 +90,8 @@ valoq (https://github.com/valoq)
88	- added support for /srv in --whitelist feature	90	- added support for /srv in --whitelist feature
89	- Eye of GNOME, Evolution, display (imagemagik) and Wire profiles	91	- Eye of GNOME, Evolution, display (imagemagik) and Wire profiles
90	- blacklist suid binaries in disable-common.inc	92	- blacklist suid binaries in disable-common.inc
		93	- fix man pages
		94	- various profile improvements
91	Vadim A. Misbakh-Soloviov (https://github.com/msva)	95	Vadim A. Misbakh-Soloviov (https://github.com/msva)
92	- profile fixes	96	- profile fixes
93	Rafael Cavalcanti (https://github.com/rccavalcanti)	97	Rafael Cavalcanti (https://github.com/rccavalcanti)


diff --git a/README.md b/README.md index c6484d3b7..931b27ef3 100644 --- a/README.md +++ b/README.md
@@ -52,5 +52,5 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is
52		52
53	`````	53	`````
54	## New Profiles	54	## New Profiles
55	xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble	55	xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom
56		56


diff --git a/etc/evince.profile b/etc/evince.profile index 9a9113c70..cbb2083f4 100644 --- a/etc/evince.profile +++ b/etc/evince.profile
@@ -6,7 +6,7 @@ include /etc/firejail/disable-passwdmgr.inc
6		6
7	caps.drop all	7	caps.drop all
8	netfilter	8	netfilter
9	net none	9	#net none - creates some problems on some distributions
10	nogroups	10	nogroups
11	nonewprivs	11	nonewprivs
12	noroot	12	noroot


diff --git a/etc/firefox.profile b/etc/firefox.profile index 7875ca6b9..3fb56fd0e 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile
@@ -47,8 +47,7 @@ whitelist ~/.config/pipelight-silverlight5.1
47	include /etc/firejail/whitelist-common.inc	47	include /etc/firejail/whitelist-common.inc
48		48
49	# experimental features	49	# experimental features
50		50	#private-bin firefox,which,sh,dbus-launch,dbus-send,env
51	private-bin firefox,which,sh,dbus-launch,dbus-send,env
52	private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse	51	private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
53	private-dev	52	private-dev
54	private-tmp	53	private-tmp


diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 65e6a8978..e022866e8 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile
@@ -16,7 +16,7 @@ net none
16	shell none	16	shell none
17	tracelog	17	tracelog
18		18
19	seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev	19	#seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev
20		20
21	private-bin mupdf	21	private-bin mupdf
22	private-tmp	22	private-tmp


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index df660ab4f..ae8db5a67 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -171,3 +171,4 @@
171	/etc/firejail/display.profile	171	/etc/firejail/display.profile
172	/etc/firejail/Wire.profile	172	/etc/firejail/Wire.profile
173	/etc/firejail/mumble.profile	173	/etc/firejail/mumble.profile
		174	/etc/firejail/zoom.profile