diff options
author | netblue30 <netblue30@yahoo.com> | 2017-03-19 12:53:18 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-03-19 12:53:18 -0400 |
commit | 8744cebb87a8b7868dbdbd7a568b2c40a1d42164 (patch) | |
tree | c668d8db05501ef9e916bbed793244471d08d02a | |
parent | profile merges (diff) | |
parent | harden scribus (nosound) (diff) | |
download | firejail-8744cebb87a8b7868dbdbd7a568b2c40a1d42164.tar.gz firejail-8744cebb87a8b7868dbdbd7a568b2c40a1d42164.tar.zst firejail-8744cebb87a8b7868dbdbd7a568b2c40a1d42164.zip |
Merge pull request #1147 from SYN-cook/SYN-cook-add-scribus
profile for scribus
-rw-r--r-- | etc/disable-devel.inc | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 6 | ||||
-rw-r--r-- | etc/scribus.profile | 25 |
3 files changed, 30 insertions, 3 deletions
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 24c739b5b..492cf4906 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc | |||
@@ -51,7 +51,7 @@ blacklist /usr/lib/php* | |||
51 | blacklist /usr/bin/ruby | 51 | blacklist /usr/bin/ruby |
52 | blacklist /usr/lib/ruby | 52 | blacklist /usr/lib/ruby |
53 | 53 | ||
54 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice | 54 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus |
55 | # Python 2 | 55 | # Python 2 |
56 | #blacklist /usr/bin/python2* | 56 | #blacklist /usr/bin/python2* |
57 | #blacklist /usr/lib/python2* | 57 | #blacklist /usr/lib/python2* |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index cc69c324b..a5c7502db 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -134,6 +134,7 @@ blacklist ${HOME}/.config/qpdfview | |||
134 | blacklist ${HOME}/.config/qutebrowser | 134 | blacklist ${HOME}/.config/qutebrowser |
135 | blacklist ${HOME}/.config/ranger | 135 | blacklist ${HOME}/.config/ranger |
136 | blacklist ${HOME}/.config/redshift.conf | 136 | blacklist ${HOME}/.config/redshift.conf |
137 | blacklist ${HOME}/.config/scribus | ||
137 | blacklist ${HOME}/.config/skypeforlinux | 138 | blacklist ${HOME}/.config/skypeforlinux |
138 | blacklist ${HOME}/.config/slimjet | 139 | blacklist ${HOME}/.config/slimjet |
139 | blacklist ${HOME}/.config/spotify | 140 | blacklist ${HOME}/.config/spotify |
@@ -197,6 +198,8 @@ blacklist ${HOME}/.kde/share/config/konquerorrc | |||
197 | blacklist ${HOME}/.kde/share/config/okularpartrc | 198 | blacklist ${HOME}/.kde/share/config/okularpartrc |
198 | blacklist ${HOME}/.kde/share/config/okularrc | 199 | blacklist ${HOME}/.kde/share/config/okularrc |
199 | blacklist ${HOME}/.killingfloor | 200 | blacklist ${HOME}/.killingfloor |
201 | blacklist ${HOME}/.kino-history | ||
202 | blacklist ${HOME}/.kinorc | ||
200 | blacklist ${HOME}/.linphone-history.db | 203 | blacklist ${HOME}/.linphone-history.db |
201 | blacklist ${HOME}/.linphonerc | 204 | blacklist ${HOME}/.linphonerc |
202 | blacklist ${HOME}/.lmmsrc.xml | 205 | blacklist ${HOME}/.lmmsrc.xml |
@@ -232,6 +235,7 @@ blacklist ${HOME}/.local/share/mupen64plus | |||
232 | blacklist ${HOME}/.local/share/pix | 235 | blacklist ${HOME}/.local/share/pix |
233 | blacklist ${HOME}/.local/share/psi+ | 236 | blacklist ${HOME}/.local/share/psi+ |
234 | blacklist ${HOME}/.local/share/qpdfview | 237 | blacklist ${HOME}/.local/share/qpdfview |
238 | blacklist ${HOME}/.local/share/scribus | ||
235 | blacklist ${HOME}/.local/share/spotify | 239 | blacklist ${HOME}/.local/share/spotify |
236 | blacklist ${HOME}/.local/share/steam | 240 | blacklist ${HOME}/.local/share/steam |
237 | blacklist ${HOME}/.local/share/telepathy | 241 | blacklist ${HOME}/.local/share/telepathy |
@@ -289,5 +293,3 @@ blacklist ${HOME}/.xpdfrc | |||
289 | blacklist ${HOME}/.zoom | 293 | blacklist ${HOME}/.zoom |
290 | blacklist ${HOME}/wallet.dat | 294 | blacklist ${HOME}/wallet.dat |
291 | blacklist /tmp/ssh-* | 295 | blacklist /tmp/ssh-* |
292 | blacklist ${HOME}/.kinorc | ||
293 | blacklist ${HOME}/.kino-history | ||
diff --git a/etc/scribus.profile b/etc/scribus.profile new file mode 100644 index 000000000..da2076286 --- /dev/null +++ b/etc/scribus.profile | |||
@@ -0,0 +1,25 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/scribus.local | ||
4 | |||
5 | # Firejail profile for Scribus | ||
6 | noblacklist ~/.scribus | ||
7 | noblacklist ~/.config/scribus | ||
8 | noblacklist ~/.local/share/scribus | ||
9 | noblacklist ~/.gimp* | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | include /etc/firejail/disable-devel.inc | ||
14 | include /etc/firejail/disable-passwdmgr.inc | ||
15 | |||
16 | caps.drop all | ||
17 | nonewprivs | ||
18 | noroot | ||
19 | nosound | ||
20 | protocol unix | ||
21 | seccomp | ||
22 | tracelog | ||
23 | |||
24 | private-dev | ||
25 | #private-tmp | ||