diff options
author | Kishore96in <kishore96@gmail.com> | 2020-04-19 09:31:31 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-19 09:31:31 +0000 |
commit | 824d517b2c5bdfb0e233349f6e4c546e5ad9dcfb (patch) | |
tree | 5ebbe7316b3b21bd7424e8d6755a828f604b8ac8 | |
parent | Allow Lua for mpv in dolphin.profile (diff) | |
download | firejail-824d517b2c5bdfb0e233349f6e4c546e5ad9dcfb.tar.gz firejail-824d517b2c5bdfb0e233349f6e4c546e5ad9dcfb.tar.zst firejail-824d517b2c5bdfb0e233349f6e4c546e5ad9dcfb.zip |
Profile for jitsi-meet-desktop (#3362)
* Profile for Jitsi Meet desktop app (electron)
* Update description.
* Correctly include global definitions.
* Add jitsi-meet-desktop to firecfg.
* blacklist Jitsi-meet config directory in disable-programs.inc
* Disable more things.
disable-exec.inc not included, as the application shows some error if I
include it.
* Disable more stuff.
* No need to whitelist Downloads directory.
I don't think this application has any file sharing / downloading
feature.
* Use private-bin
I needed to allow the bash executable as well for this to work.
* Add some whitelist rules.
* Use private-cache option
* include disable-exec.inc
Apparently one needs to allow execution in /tmp for the program to work.
* Redirect to electron.profile.
* Use private-etc.
* Do not whitelist Downloads directory.
electron.profile does this, but I do not think this program needs it.
* Rearrange whitelisted files to alphabetical order.
* Move nonwhitelist to appropriate section.
* Newlines as section separators.
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/jitsi-meet-desktop.profile | 39 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
3 files changed, 41 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index ffe60e283..9e6af8785 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -88,6 +88,7 @@ blacklist ${HOME}/.config/Google Play Music Desktop Player | |||
88 | blacklist ${HOME}/.config/Gpredict | 88 | blacklist ${HOME}/.config/Gpredict |
89 | blacklist ${HOME}/.config/INRIA | 89 | blacklist ${HOME}/.config/INRIA |
90 | blacklist ${HOME}/.config/InSilmaril | 90 | blacklist ${HOME}/.config/InSilmaril |
91 | blacklist ${HOME}/.config/Jitsi Meet | ||
91 | blacklist ${HOME}/.config/Kid3 | 92 | blacklist ${HOME}/.config/Kid3 |
92 | blacklist ${HOME}/.config/Kingsoft | 93 | blacklist ${HOME}/.config/Kingsoft |
93 | blacklist ${HOME}/.config/Luminance | 94 | blacklist ${HOME}/.config/Luminance |
diff --git a/etc/jitsi-meet-desktop.profile b/etc/jitsi-meet-desktop.profile new file mode 100644 index 000000000..c4121d835 --- /dev/null +++ b/etc/jitsi-meet-desktop.profile | |||
@@ -0,0 +1,39 @@ | |||
1 | # Firejail profile for jitsi-meet-desktop | ||
2 | # Description: Jitsi Meet desktop application powered by Electron | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include jitsi-meet-desktop.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | ignore noexec /tmp | ||
10 | |||
11 | noblacklist ${HOME}/.config/Jitsi Meet | ||
12 | |||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-xdg.inc | ||
17 | |||
18 | nowhitelist ${DOWNLOADS} | ||
19 | |||
20 | mkdir ${HOME}/.config/Jitsi Meet | ||
21 | |||
22 | whitelist ${HOME}/.config/Jitsi Meet | ||
23 | |||
24 | include whitelist-common.inc | ||
25 | include whitelist-usr-share-common.inc | ||
26 | include whitelist-runuser-common.inc | ||
27 | include whitelist-var-common.inc | ||
28 | |||
29 | seccomp !chroot | ||
30 | |||
31 | disable-mnt | ||
32 | private-bin bash,jitsi-meet-desktop | ||
33 | private-cache | ||
34 | private-dev | ||
35 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | ||
36 | private-tmp | ||
37 | |||
38 | # Redirect | ||
39 | include electron.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 809ab3129..313f796b9 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -346,6 +346,7 @@ jd-gui | |||
346 | jdownloader | 346 | jdownloader |
347 | jerry | 347 | jerry |
348 | jitsi | 348 | jitsi |
349 | jitsi-meet-desktop | ||
349 | jumpnbump | 350 | jumpnbump |
350 | jumpnbump-menu | 351 | jumpnbump-menu |
351 | k3b | 352 | k3b |