Added xfce4-screenshooter profile

Initial,removed common blaclist,add netfilter,private-etc
author: kortewegdevries <k0rtic_dv@aol.com> 2020-07-25 15:38:30 +0530
committer: kortewegdevries <k0rtic_dv@aol.com> 2020-07-25 19:02:28 +0530
commit: 59e896e6a074f119c35ab7ca855f0c1fb7dd9ae5 (patch)
tree: d0e18deff3ed19158b8af2508a9e6bc2c3630951
parent: add newsflash profile (diff)
download: firejail-59e896e6a074f119c35ab7ca855f0c1fb7dd9ae5.tar.gz
firejail-59e896e6a074f119c35ab7ca855f0c1fb7dd9ae5.tar.zst
firejail-59e896e6a074f119c35ab7ca855f0c1fb7dd9ae5.zip
2 files changed, 52 insertions, 0 deletions
diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile
new file mode 100644
index 000000000..f04dc0a67
--- /dev/null
+++ b/etc/profile-m-z/xfce4-screenshooter.profile
@@ -0,0 +1,51 @@
+# Firejail profile for xfce4-screenshooter
+# Description: Xfce screenshot tool
+# This file is overwritten after every install/update
+# Persistent local customizations
+include xfce4-screenshooter.local
+# Persistent global definitions
+include globals.local
+noblacklist ${PICTURES}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+whitelist /usr/share/xfce4
+include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin xfconf-query,xfce4-screenshooter
+private-dev
+private-etc ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,pki,resolv.conf,ssl
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index fd8d21268..07887a396 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -784,6 +784,7 @@ xfburn
 xfce4-dict
 xfce4-mixer
 xfce4-notes
+xfce4-screenshooter
 xiphos
 xlinks
 xmms
author	kortewegdevries <k0rtic_dv@aol.com>	2020-07-25 15:38:30 +0530
committer	kortewegdevries <k0rtic_dv@aol.com>	2020-07-25 19:02:28 +0530
commit	59e896e6a074f119c35ab7ca855f0c1fb7dd9ae5 (patch)
tree	d0e18deff3ed19158b8af2508a9e6bc2c3630951
parent	add newsflash profile (diff)
download	firejail-59e896e6a074f119c35ab7ca855f0c1fb7dd9ae5.tar.gz firejail-59e896e6a074f119c35ab7ca855f0c1fb7dd9ae5.tar.zst firejail-59e896e6a074f119c35ab7ca855f0c1fb7dd9ae5.zip

diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile new file mode 100644 index 000000000..f04dc0a67 --- /dev/null +++ b/etc/profile-m-z/xfce4-screenshooter.profile
@@ -0,0 +1,51 @@
		1	# Firejail profile for xfce4-screenshooter
		2	# Description: Xfce screenshot tool
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include xfce4-screenshooter.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${PICTURES}
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-shell.inc
		18	include disable-xdg.inc
		19
		20	whitelist /usr/share/xfce4
		21	include whitelist-usr-share-common.inc
		22	include whitelist-runuser-common.inc
		23	include whitelist-var-common.inc
		24
		25	apparmor
		26	caps.drop all
		27	machine-id
		28	netfilter
		29	no3d
		30	nodvd
		31	nogroups
		32	nonewprivs
		33	noroot
		34	notv
		35	nou2f
		36	novideo
		37	protocol unix,inet,inet6
		38	seccomp
		39	shell none
		40	tracelog
		41
		42	disable-mnt
		43	private-bin xfconf-query,xfce4-screenshooter
		44	private-dev
		45	private-etc ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,pki,resolv.conf,ssl
		46	private-tmp
		47
		48	dbus-user none
		49	dbus-system none
		50
		51	memory-deny-write-execute


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index fd8d21268..07887a396 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -784,6 +784,7 @@ xfburn
784	xfce4-dict	784	xfce4-dict
785	xfce4-mixer	785	xfce4-mixer
786	xfce4-notes	786	xfce4-notes
		787	xfce4-screenshooter
787	xiphos	788	xiphos
788	xlinks	789	xlinks
789	xmms	790	xmms