new profiles: ripperx, sound-juicer

author: netblue30 <netblue30@yahoo.com> 2020-03-19 15:30:08 -0400
committer: netblue30 <netblue30@yahoo.com> 2020-03-19 15:30:08 -0400
commit: 5dbdf657bdaafbb1dd1643b2115232a02b328286 (patch)
tree: 582534c0550f084e8148d3489e9433f456f92ac6
parent: various profile fixes (diff)
download: firejail-5dbdf657bdaafbb1dd1643b2115232a02b328286.tar.gz
firejail-5dbdf657bdaafbb1dd1643b2115232a02b328286.tar.zst
firejail-5dbdf657bdaafbb1dd1643b2115232a02b328286.zip
6 files changed, 92 insertions, 1 deletions
diff --git a/README.md b/README.md
index e333df314..374d6f456 100644
--- a/README.md
+++ b/README.md
@@ -175,4 +175,5 @@ Run ./profstats -h for help.
 ### New profiles:
-gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, gnome-screenshot
+gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal,
+gnome-screenshot, ripperX, sound-juicer
diff --git a/etc/asunder.profile b/etc/asunder.profile
index 1f3acd735..fceac7cf9 100644
--- a/etc/asunder.profile
+++ b/etc/asunder.profile
@@ -20,21 +20,25 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
 caps.drop all
 netfilter
+no3d
 nodbus
 # nogroups
 nonewprivs
 noroot
 nou2f
+notv
 novideo
 protocol unix,inet,inet6
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 0786ba7d2..b54c1cce3 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -305,6 +305,7 @@ blacklist ${HOME}/.config/slimjet
 blacklist ${HOME}/.config/smplayer
 blacklist ${HOME}/.config/smtube
 blacklist ${HOME}/.config/snox
+blacklist ${HOME}/.config/sound-juicer
 blacklist ${HOME}/.config/specialmailcollectionsrc
 blacklist ${HOME}/.config/spotify
 blacklist ${HOME}/.config/sqlitebrowser
@@ -650,6 +651,7 @@ blacklist ${HOME}/.remmina
 blacklist ${HOME}/.repo_.gitconfig.json
 blacklist ${HOME}/.repoconfig
 blacklist ${HOME}/.retroshare
+blacklist ${HOME}/.ripperXrc
 blacklist ${HOME}/.scorched3d
 blacklist ${HOME}/.scribus
 blacklist ${HOME}/.scribusrc
diff --git a/etc/ripperx.profile b/etc/ripperx.profile
new file mode 100644
index 000000000..b572aa1b4
--- /dev/null
+++ b/etc/ripperx.profile
@@ -0,0 +1,41 @@
+# Firejail profile for mpv
+# Description: Graphical audio CD ripper and encoder
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ripperx.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.ripperXrc
+noblacklist ${MUSIC}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+no3d
+nodbus
+nogroups
+nonewprivs
+noroot
+nou2f
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-cache
+private-dev
+private-tmp
diff --git a/etc/sound-juicer.profile b/etc/sound-juicer.profile
new file mode 100644
index 000000000..ebd321573
--- /dev/null
+++ b/etc/sound-juicer.profile
@@ -0,0 +1,41 @@
+# Firejail profile for mpv
+# Description: Graphical audio CD ripper and encoder
+# This file is overwritten after every install/update
+# Persistent local customizations
+include sound-juicer.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/sound-juicer
+noblacklist ${MUSIC}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+no3d
+#nodbus
+nogroups
+nonewprivs
+noroot
+nosound
+nou2f
+notv
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+private-cache
+private-dev
+private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index c2401ee32..2798605d5 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -552,6 +552,7 @@ rhythmbox-client
 ricochet
 riot-desktop
 riot-web
+ripperx
 ristretto
 rocketchat
 rtorrent
@@ -584,6 +585,7 @@ smtube
 snox
 soffice
 sol
+sound-juicer
 soundconverter
 spotify
 sqlitebrowser
author	netblue30 <netblue30@yahoo.com>	2020-03-19 15:30:08 -0400
committer	netblue30 <netblue30@yahoo.com>	2020-03-19 15:30:08 -0400
commit	5dbdf657bdaafbb1dd1643b2115232a02b328286 (patch)
tree	582534c0550f084e8148d3489e9433f456f92ac6
parent	various profile fixes (diff)
download	firejail-5dbdf657bdaafbb1dd1643b2115232a02b328286.tar.gz firejail-5dbdf657bdaafbb1dd1643b2115232a02b328286.tar.zst firejail-5dbdf657bdaafbb1dd1643b2115232a02b328286.zip

diff --git a/README.md b/README.md index e333df314..374d6f456 100644 --- a/README.md +++ b/README.md
@@ -175,4 +175,5 @@ Run ./profstats -h for help.
175		175
176	### New profiles:	176	### New profiles:
177		177
178	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, gnome-screenshot	178	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal,
		179	gnome-screenshot, ripperX, sound-juicer


diff --git a/etc/asunder.profile b/etc/asunder.profile index 1f3acd735..fceac7cf9 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile
@@ -20,21 +20,25 @@ include disable-passwdmgr.inc
20	include disable-programs.inc	20	include disable-programs.inc
21	include disable-xdg.inc	21	include disable-xdg.inc
22		22
		23	include whitelist-usr-share-common.inc
23	include whitelist-var-common.inc	24	include whitelist-var-common.inc
24		25
25	apparmor	26	apparmor
26	caps.drop all	27	caps.drop all
27	netfilter	28	netfilter
		29	no3d
28	nodbus	30	nodbus
29	# nogroups	31	# nogroups
30	nonewprivs	32	nonewprivs
31	noroot	33	noroot
32	nou2f	34	nou2f
		35	notv
33	novideo	36	novideo
34	protocol unix,inet,inet6	37	protocol unix,inet,inet6
35	seccomp	38	seccomp
36	shell none	39	shell none
37		40
		41	private-cache
38	private-dev	42	private-dev
39	private-tmp	43	private-tmp
40		44


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0786ba7d2..b54c1cce3 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -305,6 +305,7 @@ blacklist ${HOME}/.config/slimjet
305	blacklist ${HOME}/.config/smplayer	305	blacklist ${HOME}/.config/smplayer
306	blacklist ${HOME}/.config/smtube	306	blacklist ${HOME}/.config/smtube
307	blacklist ${HOME}/.config/snox	307	blacklist ${HOME}/.config/snox
		308	blacklist ${HOME}/.config/sound-juicer
308	blacklist ${HOME}/.config/specialmailcollectionsrc	309	blacklist ${HOME}/.config/specialmailcollectionsrc
309	blacklist ${HOME}/.config/spotify	310	blacklist ${HOME}/.config/spotify
310	blacklist ${HOME}/.config/sqlitebrowser	311	blacklist ${HOME}/.config/sqlitebrowser
@@ -650,6 +651,7 @@ blacklist ${HOME}/.remmina
650	blacklist ${HOME}/.repo_.gitconfig.json	651	blacklist ${HOME}/.repo_.gitconfig.json
651	blacklist ${HOME}/.repoconfig	652	blacklist ${HOME}/.repoconfig
652	blacklist ${HOME}/.retroshare	653	blacklist ${HOME}/.retroshare
		654	blacklist ${HOME}/.ripperXrc
653	blacklist ${HOME}/.scorched3d	655	blacklist ${HOME}/.scorched3d
654	blacklist ${HOME}/.scribus	656	blacklist ${HOME}/.scribus
655	blacklist ${HOME}/.scribusrc	657	blacklist ${HOME}/.scribusrc


diff --git a/etc/ripperx.profile b/etc/ripperx.profile new file mode 100644 index 000000000..b572aa1b4 --- /dev/null +++ b/etc/ripperx.profile
@@ -0,0 +1,41 @@
		1	# Firejail profile for mpv
		2	# Description: Graphical audio CD ripper and encoder
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include ripperx.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.ripperXrc
		10	noblacklist ${MUSIC}
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-passwdmgr.inc
		17	include disable-programs.inc
		18	include disable-xdg.inc
		19
		20	include whitelist-usr-share-common.inc
		21	include whitelist-var-common.inc
		22
		23	apparmor
		24	caps.drop all
		25	netfilter
		26	no3d
		27	nodbus
		28	nogroups
		29	nonewprivs
		30	noroot
		31	nou2f
		32	notv
		33	novideo
		34	protocol unix,inet,inet6
		35	seccomp
		36	shell none
		37	tracelog
		38
		39	private-cache
		40	private-dev
		41	private-tmp


diff --git a/etc/sound-juicer.profile b/etc/sound-juicer.profile new file mode 100644 index 000000000..ebd321573 --- /dev/null +++ b/etc/sound-juicer.profile
@@ -0,0 +1,41 @@
		1	# Firejail profile for mpv
		2	# Description: Graphical audio CD ripper and encoder
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include sound-juicer.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/sound-juicer
		10	noblacklist ${MUSIC}
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-passwdmgr.inc
		17	include disable-programs.inc
		18	include disable-xdg.inc
		19
		20	include whitelist-var-common.inc
		21
		22	apparmor
		23	caps.drop all
		24	netfilter
		25	no3d
		26	#nodbus
		27	nogroups
		28	nonewprivs
		29	noroot
		30	nosound
		31	nou2f
		32	notv
		33	novideo
		34	protocol unix,inet,inet6,netlink
		35	seccomp
		36	shell none
		37	tracelog
		38
		39	private-cache
		40	private-dev
		41	private-tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index c2401ee32..2798605d5 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -552,6 +552,7 @@ rhythmbox-client
552	ricochet	552	ricochet
553	riot-desktop	553	riot-desktop
554	riot-web	554	riot-web
		555	ripperx
555	ristretto	556	ristretto
556	rocketchat	557	rocketchat
557	rtorrent	558	rtorrent
@@ -584,6 +585,7 @@ smtube
584	snox	585	snox
585	soffice	586	soffice
586	sol	587	sol
		588	sound-juicer
587	soundconverter	589	soundconverter
588	spotify	590	spotify
589	sqlitebrowser	591	sqlitebrowser