moving out of youtube, and some cleanup

author: netblue30 <netblue30@protonmail.com> 2021-10-09 10:39:38 -0400
committer: netblue30 <netblue30@protonmail.com> 2021-10-09 10:39:38 -0400
commit: 022af61cb4c3163de774cdfead74bd5811d8b81b (patch)
tree: fe7747f03e1eb4f45ecf3ef3745a9429d4a9fd84
parent: Merge pull request #4591 from kmk3/replace-iwrite-iwuser (diff)
download: firejail-022af61cb4c3163de774cdfead74bd5811d8b81b.tar.gz
firejail-022af61cb4c3163de774cdfead74bd5811d8b81b.tar.zst
firejail-022af61cb4c3163de774cdfead74bd5811d8b81b.zip
3 files changed, 39 insertions, 52 deletions
diff --git a/README b/README
index 3f8eb6136..04d2c7001 100644
--- a/README
+++ b/README
@@ -310,6 +310,8 @@ DiGitHubCap (https://github.com/DiGitHubCap)
        - fix qt5ct colour schemes and QSS
 Disconnect3d (https://github.com/disconnect3d)
        - code cleanup
+dm9pZCAq (https://github.com/dm9pZCAq)
+        - fix for compilation under musl
 dmfreemon (https://github.com/dmfreemon)
        - add sandbox name or name of private directory to the window title when xpra is used
        - handle malloc() failures; use gnu_basename() instead of basenaem()
diff --git a/README.md b/README.md
index 40c6e9d98..aa0dd013e 100644
--- a/README.md
+++ b/README.md
@@ -22,43 +22,23 @@ implemented directly in Linux kernel and available on any Linux computer.
 <table><tr>
 <td>
-<a href="http://www.youtube.com/watch?feature=player_embedded&v=8jfXL0ePV7U
+<a href="https://www.brighteon.com/1928415c-2bce-40b2-a81f-7861a3734913" target="_blank">
-" target="_blank"><img src="http://img.youtube.com/vi/8jfXL0ePV7U/0.jpg"
+<img src="https://www.brighteon.com/thumbnail/1928415c-2bce-40b2-a81f-7861a3734913"
-alt="Firejail Introduction" width="240" height="180" border="10" /><br/>Firejail Intro</a>
+alt="Introduction" width="240" height="180" border="10" /><br/>Introduction</a>
 </td>
 <td>
-<a href="http://www.youtube.com/watch?feature=player_embedded&v=J1ZsXrpAgBU
+<a href="https://www.brighteon.com/c20c32ac-1953-438f-8640-a414dcb318d6" target="_blank">
-" target="_blank"><img src="http://img.youtube.com/vi/J1ZsXrpAgBU/0.jpg"
+<img src="https://www.brighteon.com/thumbnail/c20c32ac-1953-438f-8640-a414dcb318d6"
-alt="Firejail Demo" width="240" height="180" border="10" /><br/>Firejail Demo</a>
+alt="Technology" width="240" height="180" border="10" /><br/>Technology</a>
 </td>
 <td>
-<a href="http://www.youtube.com/watch?feature=player_embedded&v=EyEz65RYfw4
+<a href="https://www.brighteon.com/94ae1731-2352-4cda-bb48-7cc7a6ad32f8" target="_blank">
-" target="_blank"><img src="http://img.youtube.com/vi/EyEz65RYfw4/0.jpg"
+<img src="https://www.brighteon.com/thumbnail/94ae1731-2352-4cda-bb48-7cc7a6ad32f8"
-alt="Debian Install" width="240" height="180" border="10" /><br/>Debian Install</a>
+alt="Deep Dive" width="240" height="180" border="10" /><br/>Deep Dive</a>
 </td>
-</tr><tr>
-<td>
-<a href="http://www.youtube.com/watch?feature=player_embedded&v=Uy2ZTHc4s0w
-" target="_blank"><img src="http://img.youtube.com/vi/Uy2ZTHc4s0w/0.jpg"
-alt="Arch Linux Install" width="240" height="180" border="10" /><br/>Arch Linux Install</a>
-</td>
-<td>
-<a href="http://www.youtube.com/watch?feature=player_embedded&v=xuMxRx0zSfQ
-" target="_blank"><img src="http://img.youtube.com/vi/xuMxRx0zSfQ/0.jpg"
-alt="Disable Network Access" width="240" height="180" border="10" /><br/>Disable Network Access</a>
-</td>
-<td>
-<a href="http://www.youtube.com/watch?feature=player_embedded&v=N-Mso2bSr3o
-" target="_blank"><img src="http://img.youtube.com/vi/N-Mso2bSr3o/0.jpg"
-alt="Firejail Security Deep Dive" width="240" height="180" border="10" /><br/>Firejail Security Deep Dive</a>
-</td>
 </tr></table>
 Project webpage: https://firejail.wordpress.com/
@@ -239,30 +219,30 @@ A small tool to print profile statistics. Compile as usual and run in /etc/profi
 $ sudo cp src/profstats/profstats /etc/firejail/.
 $ cd /etc/firejail
 $ ./profstats *.profile
-    profiles                    1150
+    profiles                    1167
-    include local profile       1150   (include profile-name.local)
+    include local profile       1167   (include profile-name.local)
-    include globals             1120   (include globals.local)
+    include globals             1136   (include globals.local)
-    blacklist ~/.ssh            1026   (include disable-common.inc)
+    blacklist ~/.ssh            1042   (include disable-common.inc)
-    seccomp                     1050
+    seccomp                     1062
-    capabilities                1146
+    capabilities                1163
-    noexec                      1030   (include disable-exec.inc)
+    noexec                      1049   (include disable-exec.inc)
-    noroot                      959
+    noroot                      971
-    memory-deny-write-execute   253
+    memory-deny-write-execute   256
-    apparmor                    681
+    apparmor                    693
-    private-bin                 667
+    private-bin                 677
-    private-dev                 1009
+    private-dev                 1027
-    private-etc                 523
+    private-etc                 532
-    private-tmp                 883
+    private-tmp                 897
-    whitelist home directory    547
+    whitelist home directory    557
-    whitelist var               818   (include whitelist-var-common.inc)
+    whitelist var               836   (include whitelist-var-common.inc)
-    whitelist run/user          616   (include whitelist-runuser-common.inc
+    whitelist run/user          1137   (include whitelist-runuser-common.inc
                                        or blacklist ${RUNUSER})
-    whitelist usr/share         591   (include whitelist-usr-share-common.inc
+    whitelist usr/share         609   (include whitelist-usr-share-common.inc
-    net none                    391
+    net none                    396
-    dbus-user none              641
+    dbus-user none              656
-    dbus-user filter            105
+    dbus-user filter            108
-    dbus-system none            792
+    dbus-system none            808
-    dbus-system filter          7
+    dbus-system filter          10
 ```
 ### New profiles:
diff --git a/etc/profile-a-l/Books.profile b/etc/profile-a-l/Books.profile
index 76fd21d32..a256e942f 100644
--- a/etc/profile-a-l/Books.profile
+++ b/etc/profile-a-l/Books.profile
@@ -1,5 +1,10 @@
 # Firejail profile for gnome-books
 # This file is overwritten after every install/update
+# Persistent local customizations
+include Books.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
 # Temporary fix for https://github.com/netblue30/firejail/issues/2624
author	netblue30 <netblue30@protonmail.com>	2021-10-09 10:39:38 -0400
committer	netblue30 <netblue30@protonmail.com>	2021-10-09 10:39:38 -0400
commit	022af61cb4c3163de774cdfead74bd5811d8b81b (patch)
tree	fe7747f03e1eb4f45ecf3ef3745a9429d4a9fd84
parent	Merge pull request #4591 from kmk3/replace-iwrite-iwuser (diff)
download	firejail-022af61cb4c3163de774cdfead74bd5811d8b81b.tar.gz firejail-022af61cb4c3163de774cdfead74bd5811d8b81b.tar.zst firejail-022af61cb4c3163de774cdfead74bd5811d8b81b.zip

diff --git a/README b/README index 3f8eb6136..04d2c7001 100644 --- a/README +++ b/README
@@ -310,6 +310,8 @@ DiGitHubCap (https://github.com/DiGitHubCap)
310	- fix qt5ct colour schemes and QSS	310	- fix qt5ct colour schemes and QSS
311	Disconnect3d (https://github.com/disconnect3d)	311	Disconnect3d (https://github.com/disconnect3d)
312	- code cleanup	312	- code cleanup
		313	dm9pZCAq (https://github.com/dm9pZCAq)
		314	- fix for compilation under musl
313	dmfreemon (https://github.com/dmfreemon)	315	dmfreemon (https://github.com/dmfreemon)
314	- add sandbox name or name of private directory to the window title when xpra is used	316	- add sandbox name or name of private directory to the window title when xpra is used
315	- handle malloc() failures; use gnu_basename() instead of basenaem()	317	- handle malloc() failures; use gnu_basename() instead of basenaem()


diff --git a/README.md b/README.md index 40c6e9d98..aa0dd013e 100644 --- a/README.md +++ b/README.md
@@ -22,43 +22,23 @@ implemented directly in Linux kernel and available on any Linux computer.
22	<table><tr>	22	<table><tr>
23		23
24	<td>	24	<td>
25	<a href="http://www.youtube.com/watch?feature=player_embedded&v=8jfXL0ePV7U	25	<a href="https://www.brighteon.com/1928415c-2bce-40b2-a81f-7861a3734913" target="_blank">
26	" target="_blank"><img src="http://img.youtube.com/vi/8jfXL0ePV7U/0.jpg"	26	<img src="https://www.brighteon.com/thumbnail/1928415c-2bce-40b2-a81f-7861a3734913"
27	alt="Firejail Introduction" width="240" height="180" border="10" /><br/>Firejail Intro</a>	27	alt="Introduction" width="240" height="180" border="10" /><br/>Introduction</a>
28	</td>	28	</td>
29		29
30	<td>	30	<td>
31	<a href="http://www.youtube.com/watch?feature=player_embedded&v=J1ZsXrpAgBU	31	<a href="https://www.brighteon.com/c20c32ac-1953-438f-8640-a414dcb318d6" target="_blank">
32	" target="_blank"><img src="http://img.youtube.com/vi/J1ZsXrpAgBU/0.jpg"	32	<img src="https://www.brighteon.com/thumbnail/c20c32ac-1953-438f-8640-a414dcb318d6"
33	alt="Firejail Demo" width="240" height="180" border="10" /><br/>Firejail Demo</a>	33	alt="Technology" width="240" height="180" border="10" /><br/>Technology</a>
34	</td>	34	</td>
35		35
36	<td>	36	<td>
37	<a href="http://www.youtube.com/watch?feature=player_embedded&v=EyEz65RYfw4	37	<a href="https://www.brighteon.com/94ae1731-2352-4cda-bb48-7cc7a6ad32f8" target="_blank">
38	" target="_blank"><img src="http://img.youtube.com/vi/EyEz65RYfw4/0.jpg"	38	<img src="https://www.brighteon.com/thumbnail/94ae1731-2352-4cda-bb48-7cc7a6ad32f8"
39	alt="Debian Install" width="240" height="180" border="10" /><br/>Debian Install</a>	39	alt="Deep Dive" width="240" height="180" border="10" /><br/>Deep Dive</a>
40	</td>	40	</td>
41		41
42
43	</tr><tr>
44	<td>
45	<a href="http://www.youtube.com/watch?feature=player_embedded&v=Uy2ZTHc4s0w
46	" target="_blank"><img src="http://img.youtube.com/vi/Uy2ZTHc4s0w/0.jpg"
47	alt="Arch Linux Install" width="240" height="180" border="10" /><br/>Arch Linux Install</a>
48
49	</td>
50	<td>
51	<a href="http://www.youtube.com/watch?feature=player_embedded&v=xuMxRx0zSfQ
52	" target="_blank"><img src="http://img.youtube.com/vi/xuMxRx0zSfQ/0.jpg"
53	alt="Disable Network Access" width="240" height="180" border="10" /><br/>Disable Network Access</a>
54
55	</td>
56	<td>
57	<a href="http://www.youtube.com/watch?feature=player_embedded&v=N-Mso2bSr3o
58	" target="_blank"><img src="http://img.youtube.com/vi/N-Mso2bSr3o/0.jpg"
59	alt="Firejail Security Deep Dive" width="240" height="180" border="10" /><br/>Firejail Security Deep Dive</a>
60
61	</td>
62	</tr></table>	42	</tr></table>
63		43
64	Project webpage: https://firejail.wordpress.com/	44	Project webpage: https://firejail.wordpress.com/
@@ -239,30 +219,30 @@ A small tool to print profile statistics. Compile as usual and run in /etc/profi
239	$ sudo cp src/profstats/profstats /etc/firejail/.	219	$ sudo cp src/profstats/profstats /etc/firejail/.
240	$ cd /etc/firejail	220	$ cd /etc/firejail
241	$ ./profstats *.profile	221	$ ./profstats *.profile
242	profiles 1150	222	profiles 1167
243	include local profile 1150 (include profile-name.local)	223	include local profile 1167 (include profile-name.local)
244	include globals 1120 (include globals.local)	224	include globals 1136 (include globals.local)
245	blacklist ~/.ssh 1026 (include disable-common.inc)	225	blacklist ~/.ssh 1042 (include disable-common.inc)
246	seccomp 1050	226	seccomp 1062
247	capabilities 1146	227	capabilities 1163
248	noexec 1030 (include disable-exec.inc)	228	noexec 1049 (include disable-exec.inc)
249	noroot 959	229	noroot 971
250	memory-deny-write-execute 253	230	memory-deny-write-execute 256
251	apparmor 681	231	apparmor 693
252	private-bin 667	232	private-bin 677
253	private-dev 1009	233	private-dev 1027
254	private-etc 523	234	private-etc 532
255	private-tmp 883	235	private-tmp 897
256	whitelist home directory 547	236	whitelist home directory 557
257	whitelist var 818 (include whitelist-var-common.inc)	237	whitelist var 836 (include whitelist-var-common.inc)
258	whitelist run/user 616 (include whitelist-runuser-common.inc	238	whitelist run/user 1137 (include whitelist-runuser-common.inc
259	or blacklist ${RUNUSER})	239	or blacklist ${RUNUSER})
260	whitelist usr/share 591 (include whitelist-usr-share-common.inc	240	whitelist usr/share 609 (include whitelist-usr-share-common.inc
261	net none 391	241	net none 396
262	dbus-user none 641	242	dbus-user none 656
263	dbus-user filter 105	243	dbus-user filter 108
264	dbus-system none 792	244	dbus-system none 808
265	dbus-system filter 7	245	dbus-system filter 10
266	```	246	```
267		247
268	### New profiles:	248	### New profiles:


diff --git a/etc/profile-a-l/Books.profile b/etc/profile-a-l/Books.profile index 76fd21d32..a256e942f 100644 --- a/etc/profile-a-l/Books.profile +++ b/etc/profile-a-l/Books.profile
@@ -1,5 +1,10 @@
1	# Firejail profile for gnome-books	1	# Firejail profile for gnome-books
2	# This file is overwritten after every install/update	2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include Books.local
		5	# Persistent global definitions
		6	# added by included profile
		7	#include globals.local
3		8
4		9
5	# Temporary fix for https://github.com/netblue30/firejail/issues/2624	10	# Temporary fix for https://github.com/netblue30/firejail/issues/2624