Merge branch 'master' of https://github.com/Lockdis/firejail into lockdis_ipc_fixes

4 files changed, 103 insertions, 0 deletions

diff --git a/etc/crow.profile b/etc/crow.profile
new file mode 100644
index 000000000..a8a00f596
--- /dev/null
+++ b/etc/crow.profile
@@ -0,0 +1,47 @@
+# Firejail profile for crow
+# Description: A translator that allows to translate and say selected text using Google, Yandex and Bing translate API
+# This file is overwritten after every install/update
+# Persistent local customizations
+include crow.local
+# Persistent global definitions
+include globals.local
+
+mkdir ${HOME}/.config/crow
+mkdir ${HOME}/.cache/gstreamer-1.0
+whitelist ${HOME}/.config/crow
+whitelist ${HOME}/.cache/gstreamer-1.0
+
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+include whitelist-common.inc
+
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+
+disable-mnt
+private-bin crow
+private-dev
+private-etc ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies
+private-opt none
+private-tmp
+private-srv none
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index f98f247d5..80ea918df 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -305,6 +305,7 @@ blacklist ${HOME}/.msmtprc
 blacklist ${HOME}/.mutt
 blacklist ${HOME}/.muttrc
 blacklist ${HOME}/.netrc
+blacklist ${HOME}/.nyx
 blacklist ${HOME}/.pki
 blacklist ${HOME}/.local/share/pki
 blacklist ${HOME}/.smbcredentials
diff --git a/etc/nyx.profile b/etc/nyx.profile
new file mode 100644
index 000000000..d5e1e1f84
--- /dev/null
+++ b/etc/nyx.profile
@@ -0,0 +1,52 @@
+# Firejail profile for nyx
+# Description: Command-line status monitor for tor
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nyx.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${PATH}/python2*
+noblacklist ${PATH}/python3*
+noblacklist /usr/lib/python2*
+noblacklist /usr/lib/python3*
+
+noblacklist ${HOME}/.nyx
+mkdir ${HOME}/.nyx
+whitelist ${HOME}/.nyx
+
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private-bin nyx,python*
+private-cache
+private-dev
+private-etc passwd,tor,fonts
+private-opt none
+private-srv none
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index f4d5b71d4..041ff1256 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -94,6 +94,7 @@ code
 conkeror
 conky
 corebird
+crow
 cvlc
 cyberfox
 darktable
@@ -200,6 +201,7 @@ google-chrome-beta
 google-chrome-stable
 google-chrome-unstable
 google-earth
+google-earth-pro
 google-play-music-desktop-player
 gpa
 gpicview
@@ -318,6 +320,7 @@ neverball
 nheko
 nitroshare
 nylas
+nyx
 obs
 ocenaudio
 odt2txt