diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2016-04-19 00:06:13 +1000 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2016-04-19 00:06:13 +1000 |
commit | bc5a06e9970fe03325f28e0cdef96ea5c596113f (patch) | |
tree | 7004b74d466f00657c40c2986fc646c6d6abdc82 | |
parent | added okular and gwenview profiles (diff) | |
download | firejail-bc5a06e9970fe03325f28e0cdef96ea5c596113f.tar.gz firejail-bc5a06e9970fe03325f28e0cdef96ea5c596113f.tar.zst firejail-bc5a06e9970fe03325f28e0cdef96ea5c596113f.zip |
added gpredict profile
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README | 3 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/gpredict.profile | 23 | ||||
-rw-r--r-- | platform/debian/conffiles | 2 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 3 |
7 files changed, 32 insertions, 3 deletions
diff --git a/Makefile.in b/Makefile.in index bc8061985..cb897c23d 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -168,6 +168,7 @@ realinstall: | |||
168 | install -c -m 0644 .etc/warzone2100.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 168 | install -c -m 0644 .etc/warzone2100.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
169 | install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 169 | install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
170 | install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 170 | install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
171 | install -c -m 0644 .etc/gpredict.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
171 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 172 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
172 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 173 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
173 | rm -fr .etc | 174 | rm -fr .etc |
@@ -31,9 +31,10 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
31 | - added PaleMoon profile | 31 | - added PaleMoon profile |
32 | - split Icedove and Thunderbird profiles | 32 | - split Icedove and Thunderbird profiles |
33 | - added 0ad profile | 33 | - added 0ad profile |
34 | - fixed version for deb packages | 34 | - fixed version for .deb packages |
35 | - added Warzone2100 profile | 35 | - added Warzone2100 profile |
36 | - blacklisted VeraCrypt | 36 | - blacklisted VeraCrypt |
37 | - added Gpredict profile | ||
37 | avoidr (https://github.com/avoidr) | 38 | avoidr (https://github.com/avoidr) |
38 | - whitelist fix | 39 | - whitelist fix |
39 | - recently-used.xbel fix | 40 | - recently-used.xbel fix |
@@ -282,5 +282,5 @@ $ man firejail-profile | |||
282 | ## New security profiles | 282 | ## New security profiles |
283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, | 283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, |
284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf, | 284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf, |
285 | Warzone2100, okular, gwenview | 285 | Warzone2100, okular, gwenview, Gpredict |
286 | 286 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 23dd8e025..6c5515894 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -8,6 +8,7 @@ blacklist ${HOME}/.Wolfram Research | |||
8 | blacklist ${HOME}/.config/mupen64plus | 8 | blacklist ${HOME}/.config/mupen64plus |
9 | blacklist ${HOME}/.config/transmission | 9 | blacklist ${HOME}/.config/transmission |
10 | blacklist ${HOME}/.config/uGet | 10 | blacklist ${HOME}/.config/uGet |
11 | blacklist ${HOME}/.config/Gpredict | ||
11 | blacklist ~/.kde/share/apps/okular | 12 | blacklist ~/.kde/share/apps/okular |
12 | blacklist ~/.kde/share/config/okularrc | 13 | blacklist ~/.kde/share/config/okularrc |
13 | blacklist ~/.kde/share/config/okularpartrc | 14 | blacklist ~/.kde/share/config/okularpartrc |
diff --git a/etc/gpredict.profile b/etc/gpredict.profile new file mode 100644 index 000000000..f53cb1b4f --- /dev/null +++ b/etc/gpredict.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # Firejail profile for gpredict. | ||
2 | |||
3 | # Noblacklist | ||
4 | noblacklist ~/.config/Gpredict | ||
5 | |||
6 | # Include | ||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-devel.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | include /etc/firejail/disable-programs.inc | ||
11 | |||
12 | # Call these options | ||
13 | caps.drop all | ||
14 | netfilter | ||
15 | noroot | ||
16 | protocol unix,inet,inet6,netlink | ||
17 | seccomp | ||
18 | tracelog | ||
19 | |||
20 | # Whitelist | ||
21 | mkdir ~/.config | ||
22 | mkdir ~/.config/Gpredict | ||
23 | whitelist ~/.config/Gpredict | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 1ea112301..6f5b564a0 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -87,4 +87,4 @@ | |||
87 | /etc/firejail/warzone2100.profile | 87 | /etc/firejail/warzone2100.profile |
88 | /etc/firejail/okular.profile | 88 | /etc/firejail/okular.profile |
89 | /etc/firejail/gwenview.profile | 89 | /etc/firejail/gwenview.profile |
90 | 90 | /etc/firejail/gpredict.profile | |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index d732796e9..8bebf76af 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -2,6 +2,9 @@ | |||
2 | # This is the list of programs handled by firecfg utility | 2 | # This is the list of programs handled by firecfg utility |
3 | # | 3 | # |
4 | 4 | ||
5 | # astronomy | ||
6 | gpredict | ||
7 | |||
5 | # browsers/email | 8 | # browsers/email |
6 | firefox | 9 | firefox |
7 | iceweasel | 10 | iceweasel |