Merge pull request #3348 from chrpinedo/profile-nicotine

Add new profile: nicotine
author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-04-17 15:47:56 +0000
committer: GitHub <noreply@github.com> 2020-04-17 15:47:56 +0000
commit: e467bf5be33c8543cc20e9297ef09f878a68bb3a (patch)
tree: 20751ac844683592aed7e8136049cfde2cce55d0
parent: Revert https://github.com/netblue30/firejail/commit/ca6eec7dcf388c3d0bf52f54c... (diff)
parent: Add nicotine to firecfg.config (diff)
download: firejail-e467bf5be33c8543cc20e9297ef09f878a68bb3a.tar.gz
firejail-e467bf5be33c8543cc20e9297ef09f878a68bb3a.tar.zst
firejail-e467bf5be33c8543cc20e9297ef09f878a68bb3a.zip
3 files changed, 57 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 6a50f8561..ffe60e283 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -654,6 +654,7 @@ blacklist ${HOME}/.netactview
 blacklist ${HOME}/.neverball
 blacklist ${HOME}/.newsbeuter
 blacklist ${HOME}/.newsboat
+blacklist ${HOME}/.nicotine
 blacklist ${HOME}/.nv
 blacklist ${HOME}/.nylas-mail
 blacklist ${HOME}/.openarena
diff --git a/etc/nicotine.profile b/etc/nicotine.profile
new file mode 100644
index 000000000..7764edffb
--- /dev/null
+++ b/etc/nicotine.profile
@@ -0,0 +1,55 @@
+# Firejail profile for Nicotine Plus
+# Description: Soulseek music-sharing client
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nicotine.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.nicotine
+include allow-python2.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.nicotine
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.nicotine
+whitelist /usr/share/GeoIP
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+#ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin nicotine,python2*
+private-cache
+private-dev
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index a19819552..809ab3129 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -492,6 +492,7 @@ neverputt
 newsbeuter
 newsboat
 nheko
+nicotine
 nitroshare
 nitroshare-cli
 nitroshare-nmh
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-04-17 15:47:56 +0000
committer	GitHub <noreply@github.com>	2020-04-17 15:47:56 +0000
commit	e467bf5be33c8543cc20e9297ef09f878a68bb3a (patch)
tree	20751ac844683592aed7e8136049cfde2cce55d0
parent	Revert https://github.com/netblue30/firejail/commit/ca6eec7dcf388c3d0bf52f54c... (diff)
parent	Add nicotine to firecfg.config (diff)
download	firejail-e467bf5be33c8543cc20e9297ef09f878a68bb3a.tar.gz firejail-e467bf5be33c8543cc20e9297ef09f878a68bb3a.tar.zst firejail-e467bf5be33c8543cc20e9297ef09f878a68bb3a.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6a50f8561..ffe60e283 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -654,6 +654,7 @@ blacklist ${HOME}/.netactview
654	blacklist ${HOME}/.neverball	654	blacklist ${HOME}/.neverball
655	blacklist ${HOME}/.newsbeuter	655	blacklist ${HOME}/.newsbeuter
656	blacklist ${HOME}/.newsboat	656	blacklist ${HOME}/.newsboat
		657	blacklist ${HOME}/.nicotine
657	blacklist ${HOME}/.nv	658	blacklist ${HOME}/.nv
658	blacklist ${HOME}/.nylas-mail	659	blacklist ${HOME}/.nylas-mail
659	blacklist ${HOME}/.openarena	660	blacklist ${HOME}/.openarena


diff --git a/etc/nicotine.profile b/etc/nicotine.profile new file mode 100644 index 000000000..7764edffb --- /dev/null +++ b/etc/nicotine.profile
@@ -0,0 +1,55 @@
		1	# Firejail profile for Nicotine Plus
		2	# Description: Soulseek music-sharing client
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include nicotine.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.nicotine
		10
		11	include allow-python2.inc
		12
		13	include disable-common.inc
		14	include disable-devel.inc
		15	include disable-exec.inc
		16	include disable-interpreters.inc
		17	include disable-passwdmgr.inc
		18	include disable-programs.inc
		19	include disable-xdg.inc
		20
		21	mkdir ${HOME}/.nicotine
		22	whitelist ${DOWNLOADS}
		23	whitelist ${HOME}/.nicotine
		24	whitelist /usr/share/GeoIP
		25	include whitelist-common.inc
		26	include whitelist-runuser-common.inc
		27	include whitelist-usr-share-common.inc
		28	include whitelist-var-common.inc
		29
		30	apparmor
		31	caps.drop all
		32	#ipc-namespace
		33	netfilter
		34	no3d
		35	nodvd
		36	nogroups
		37	nonewprivs
		38	noroot
		39	nosound
		40	notv
		41	nou2f
		42	novideo
		43	protocol unix,inet,inet6
		44	seccomp
		45	shell none
		46	tracelog
		47
		48	disable-mnt
		49	private-bin nicotine,python2*
		50	private-cache
		51	private-dev
		52	private-tmp
		53
		54	dbus-user none
		55	dbus-system none


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index a19819552..809ab3129 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -492,6 +492,7 @@ neverputt
492	newsbeuter	492	newsbeuter
493	newsboat	493	newsboat
494	nheko	494	nheko
		495	nicotine
495	nitroshare	496	nitroshare
496	nitroshare-cli	497	nitroshare-cli
497	nitroshare-nmh	498	nitroshare-nmh