diff options
| author |  smitsohu <smitsohu@gmail.com> | 2017-08-11 05:03:35 +0200 |
|---|---|---|
| committer |  Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-08-10 22:03:35 -0500 |
| commit | e1fc59bb144e2c68b6349dbd0a3d147b8e8d1daf (patch) | |
| tree | 2201a5db9bb463225b35e2b8104a0df78e99e50a | |
| parent | Enable syscall groups for non-internal use (diff) | |
| download | firejail-e1fc59bb144e2c68b6349dbd0a3d147b8e8d1daf.tar.gz firejail-e1fc59bb144e2c68b6349dbd0a3d147b8e8d1daf.tar.zst firejail-e1fc59bb144e2c68b6349dbd0a3d147b8e8d1daf.zip | |
Add TuxGuitar profile (#1453)
* add tuxguitar profile
tested for versions < 1.3
* blacklist tuxguitar
* add tuxguitar
* add tuxguitar
* add support for tuxguitar > 1.2
higher versions fail to launch without protocol=inet,inet6 and with noexec=~. Yet, net=none seems to be still tolerated, which comes handy to block talk with internet and dbus.
* unbreak tuxguitar Internet access
versions >= 1.3 actually run fine with net=none enabled, if the built-in internet dependent feature is not used
| -rw-r--r-- | etc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/tuxguitar.profile | 30 | ||||
| -rw-r--r-- | platform/debian/conffiles | 1 | ||||
| -rw-r--r-- | src/firecfg/firecfg.config | 1 |
4 files changed, 33 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 470a607d9..a54d2a739 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -357,6 +357,7 @@ blacklist ${HOME}/.tconn | |||
| 357 | blacklist ${HOME}/.thunderbird | 357 | blacklist ${HOME}/.thunderbird |
| 358 | blacklist ${HOME}/.tooling | 358 | blacklist ${HOME}/.tooling |
| 359 | blacklist ${HOME}/.ts3client | 359 | blacklist ${HOME}/.ts3client |
| 360 | blacklist ${HOME}/.tuxguitar* | ||
| 360 | blacklist ${HOME}/.unknow-horizons | 361 | blacklist ${HOME}/.unknow-horizons |
| 361 | blacklist ${HOME}/.viking | 362 | blacklist ${HOME}/.viking |
| 362 | blacklist ${HOME}/.viking-maps | 363 | blacklist ${HOME}/.viking-maps |
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile new file mode 100644 index 000000000..e3f4239f5 --- /dev/null +++ b/etc/tuxguitar.profile | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | # Firejail profile for tuxguitar | ||
| 2 | # This file is overwritten after every install/update | ||
| 3 | # Persistent local customizations | ||
| 4 | include /etc/firejail/tuxguitar.local | ||
| 5 | # Persistent global definitions | ||
| 6 | include /etc/firejail/globals.local | ||
| 7 | |||
| 8 | noblacklist ~/.java | ||
| 9 | noblacklist ~/.tuxguitar* | ||
| 10 | |||
| 11 | include /etc/firejail/disable-common.inc | ||
| 12 | include /etc/firejail/disable-devel.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | ||
| 14 | include /etc/firejail/disable-programs.inc | ||
| 15 | |||
| 16 | caps.drop all | ||
| 17 | # net none - breaks internet for tuxguitar versions 1.3 and higher | ||
| 18 | no3d | ||
| 19 | nonewprivs | ||
| 20 | noroot | ||
| 21 | novideo | ||
| 22 | protocol unix,inet,inet6 | ||
| 23 | seccomp | ||
| 24 | tracelog | ||
| 25 | |||
| 26 | private-dev | ||
| 27 | private-tmp | ||
| 28 | |||
| 29 | # noexec ${HOME} - tuxguitar versions 1.3 and higher might fail to launch | ||
| 30 | noexec /tmp | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index afd22c041..360ac8921 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
| @@ -298,6 +298,7 @@ | |||
| 298 | /etc/firejail/transmission-qt.profile | 298 | /etc/firejail/transmission-qt.profile |
| 299 | /etc/firejail/transmission-show.profile | 299 | /etc/firejail/transmission-show.profile |
| 300 | /etc/firejail/truecraft.profile | 300 | /etc/firejail/truecraft.profile |
| 301 | /etc/firejail/tuxguitar.profile | ||
| 301 | /etc/firejail/uget-gtk.profile | 302 | /etc/firejail/uget-gtk.profile |
| 302 | /etc/firejail/unbound.profile | 303 | /etc/firejail/unbound.profile |
| 303 | /etc/firejail/unknown-horizons.profile | 304 | /etc/firejail/unknown-horizons.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index cd821aa69..d66b026b0 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
| @@ -268,6 +268,7 @@ transmission-gtk | |||
| 268 | transmission-qt | 268 | transmission-qt |
| 269 | transmission-show | 269 | transmission-show |
| 270 | truecraft | 270 | truecraft |
| 271 | tuxguitar | ||
| 271 | uget-gtk | 272 | uget-gtk |
| 272 | unbound | 273 | unbound |
| 273 | unknown-horizons | 274 | unknown-horizons |