Merge branch 'master' of https://github.com/netblue30/firejail

author: netblue30 <netblue30@yahoo.com> 2020-04-02 08:09:33 -0400
committer: netblue30 <netblue30@yahoo.com> 2020-04-02 08:09:33 -0400
commit: 9c958b34c854749a63b3c2774aa125eec5584562 (patch)
tree: 0b0065f3bd0ea8a887796c1563b2c357703ff77f
parent: fixed firecfg man page, update README (diff)
parent: Merge pull request #3292 from davidebeatrici/steam-home-directory-privacy (diff)
download: firejail-9c958b34c854749a63b3c2774aa125eec5584562.tar.gz
firejail-9c958b34c854749a63b3c2774aa125eec5584562.tar.zst
firejail-9c958b34c854749a63b3c2774aa125eec5584562.zip
3 files changed, 35 insertions, 6 deletions
diff --git a/etc/steam.profile b/etc/steam.profile
index 499d21e6d..c6f0ca145 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -36,6 +36,34 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+mkdir ${HOME}/.killingfloor
+mkdir ${HOME}/.local/share/3909/PapersPlease
+mkdir ${HOME}/.local/share/aspyr-media
+mkdir ${HOME}/.local/share/cdprojektred
+mkdir ${HOME}/.local/share/feral-interactive
+mkdir ${HOME}/.local/share/Steam
+mkdir ${HOME}/.local/share/SuperHexagon
+mkdir ${HOME}/.local/share/Terraria
+mkdir ${HOME}/.local/share/vpltd
+mkdir ${HOME}/.local/share/vulkan
+mkdir ${HOME}/.steam
+mkfile ${HOME}/.steampath
+mkfile ${HOME}/.steampid
+whitelist ${HOME}/.killingfloor
+whitelist ${HOME}/.local/share/3909/PapersPlease
+whitelist ${HOME}/.local/share/aspyr-media
+whitelist ${HOME}/.local/share/cdprojektred
+whitelist ${HOME}/.local/share/feral-interactive
+whitelist ${HOME}/.local/share/Steam
+whitelist ${HOME}/.local/share/SuperHexagon
+whitelist ${HOME}/.local/share/Terraria
+whitelist ${HOME}/.local/share/vpltd
+whitelist ${HOME}/.local/share/vulkan
+whitelist ${HOME}/.steam
+whitelist ${HOME}/.steampath
+whitelist ${HOME}/.steampid
+whitelist ${HOME}/.steampid
+include whitelist-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile
index f6efcf1a4..4193ef963 100644
--- a/etc/thunderbird.profile
+++ b/etc/thunderbird.profile
@@ -17,12 +17,12 @@ writable-run-user
 #whitelist /var/spool/mail
 #writable-var
-# Uncomment the next 4 lines or put them in your thunderbird.local to
+# These lines are needed to allow Firefox to load your profile when clicking a link in an email
-# allow Firefox to load your profile when clicking a link in an email
+noblacklist ${HOME}/.cache/mozilla
-#noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
-#noblacklist ${HOME}/.mozilla
+whitelist ${HOME}/.cache/mozilla/firefox
-#whitelist ${HOME}/.cache/mozilla/firefox
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
-#whitelist ${HOME}/.mozilla
+read-only ${HOME}/.mozilla/firefox/profiles.ini
 noblacklist ${HOME}/.cache/thunderbird
 noblacklist ${HOME}/.gnupg
diff --git a/src/common.mk.in b/src/common.mk.in
index 945815a40..8104bc258 100644
--- a/src/common.mk.in
+++ b/src/common.mk.in
@@ -31,6 +31,7 @@ C_FILE_LIST       = $(sort $(wildcard *.c))
 OBJS = $(C_FILE_LIST:.c=.o)
 BINOBJS =  $(foreach file, $(OBJS), $file)
+CFLAGS = @CFLAGS@
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV)
 CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"'
 CFLAGS += $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)
author	netblue30 <netblue30@yahoo.com>	2020-04-02 08:09:33 -0400
committer	netblue30 <netblue30@yahoo.com>	2020-04-02 08:09:33 -0400
commit	9c958b34c854749a63b3c2774aa125eec5584562 (patch)
tree	0b0065f3bd0ea8a887796c1563b2c357703ff77f
parent	fixed firecfg man page, update README (diff)
parent	Merge pull request #3292 from davidebeatrici/steam-home-directory-privacy (diff)
download	firejail-9c958b34c854749a63b3c2774aa125eec5584562.tar.gz firejail-9c958b34c854749a63b3c2774aa125eec5584562.tar.zst firejail-9c958b34c854749a63b3c2774aa125eec5584562.zip

diff --git a/etc/steam.profile b/etc/steam.profile index 499d21e6d..c6f0ca145 100644 --- a/etc/steam.profile +++ b/etc/steam.profile
@@ -36,6 +36,34 @@ include disable-interpreters.inc
36	include disable-passwdmgr.inc	36	include disable-passwdmgr.inc
37	include disable-programs.inc	37	include disable-programs.inc
38		38
		39	mkdir ${HOME}/.killingfloor
		40	mkdir ${HOME}/.local/share/3909/PapersPlease
		41	mkdir ${HOME}/.local/share/aspyr-media
		42	mkdir ${HOME}/.local/share/cdprojektred
		43	mkdir ${HOME}/.local/share/feral-interactive
		44	mkdir ${HOME}/.local/share/Steam
		45	mkdir ${HOME}/.local/share/SuperHexagon
		46	mkdir ${HOME}/.local/share/Terraria
		47	mkdir ${HOME}/.local/share/vpltd
		48	mkdir ${HOME}/.local/share/vulkan
		49	mkdir ${HOME}/.steam
		50	mkfile ${HOME}/.steampath
		51	mkfile ${HOME}/.steampid
		52	whitelist ${HOME}/.killingfloor
		53	whitelist ${HOME}/.local/share/3909/PapersPlease
		54	whitelist ${HOME}/.local/share/aspyr-media
		55	whitelist ${HOME}/.local/share/cdprojektred
		56	whitelist ${HOME}/.local/share/feral-interactive
		57	whitelist ${HOME}/.local/share/Steam
		58	whitelist ${HOME}/.local/share/SuperHexagon
		59	whitelist ${HOME}/.local/share/Terraria
		60	whitelist ${HOME}/.local/share/vpltd
		61	whitelist ${HOME}/.local/share/vulkan
		62	whitelist ${HOME}/.steam
		63	whitelist ${HOME}/.steampath
		64	whitelist ${HOME}/.steampid
		65	whitelist ${HOME}/.steampid
		66	include whitelist-common.inc
39	include whitelist-var-common.inc	67	include whitelist-var-common.inc
40		68
41	caps.drop all	69	caps.drop all


diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index f6efcf1a4..4193ef963 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile
@@ -17,12 +17,12 @@ writable-run-user
17	#whitelist /var/spool/mail	17	#whitelist /var/spool/mail
18	#writable-var	18	#writable-var
19		19
20	# Uncomment the next 4 lines or put them in your thunderbird.local to	20	# These lines are needed to allow Firefox to load your profile when clicking a link in an email
21	# allow Firefox to load your profile when clicking a link in an email	21	noblacklist ${HOME}/.cache/mozilla
22	#noblacklist ${HOME}/.cache/mozilla	22	noblacklist ${HOME}/.mozilla
23	#noblacklist ${HOME}/.mozilla	23	whitelist ${HOME}/.cache/mozilla/firefox
24	#whitelist ${HOME}/.cache/mozilla/firefox	24	whitelist ${HOME}/.mozilla/firefox/profiles.ini
25	#whitelist ${HOME}/.mozilla	25	read-only ${HOME}/.mozilla/firefox/profiles.ini
26		26
27	noblacklist ${HOME}/.cache/thunderbird	27	noblacklist ${HOME}/.cache/thunderbird
28	noblacklist ${HOME}/.gnupg	28	noblacklist ${HOME}/.gnupg


diff --git a/src/common.mk.in b/src/common.mk.in index 945815a40..8104bc258 100644 --- a/src/common.mk.in +++ b/src/common.mk.in
@@ -31,6 +31,7 @@ C_FILE_LIST = $(sort $(wildcard *.c))
31	OBJS = $(C_FILE_LIST:.c=.o)	31	OBJS = $(C_FILE_LIST:.c=.o)
32	BINOBJS = $(foreach file, $(OBJS), $file)	32	BINOBJS = $(foreach file, $(OBJS), $file)
33		33
		34	CFLAGS = @CFLAGS@
34	CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV)	35	CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV)
35	CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"'	36	CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"'
36	CFLAGS += $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)	37	CFLAGS += $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)