Default profiles work

6 files changed, 50 insertions, 11 deletions

diff --git a/Makefile.in b/Makefile.in
index 10b057997..bb00a7911 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -100,6 +100,7 @@ realinstall:
         install -c -m 0644 etc/quassel.profile $(DESTDIR)/etc/firejail/.
         install -c -m 0644 etc/deadbeef.profile $(DESTDIR)/etc/firejail/.
         install -c -m 0644 etc/filezilla.profile $(DESTDIR)/etc/firejail/.
+        install -c -m 0644 etc/fbreader.profile $(DESTDIR)/etc/firejail/.
         bash -c "if [ ! -f /etc/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/.; fi;"
         # man pages
         rm -f firejail.1.gz
diff --git a/RELNOTES b/RELNOTES
index 3c7b2dcdf..87497e538 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,4 +1,11 @@
-firejail (0.9.30) baseline; urgency=low
+ffirejail (0.9.31) baseline; urgency=low
+  * disable X11 autostart folders in default profiles
+  * disable subversion and git config files in home directory
+  * added FBReader default profile
+ -- netblue30 <netblue30@yahoo.com>  current development
+
+
+irejail (0.9.30) baseline; urgency=low
   * added a disable-history.inc profile as a result of Firefox PDF.js exploit;
     disable-history.inc included in all default profiles
   * Firefox PDF.js exploit (CVE-2015-4495) fixes
diff --git a/configure b/configure
index 2e95be9d2..56a08d0e7 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for firejail 0.9.30.
+# Generated by GNU Autoconf 2.69 for firejail 0.9.31.
 #
 # Report bugs to <netblue30@yahoo.com>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='firejail'
 PACKAGE_TARNAME='firejail'
-PACKAGE_VERSION='0.9.30'
-PACKAGE_STRING='firejail 0.9.30'
+PACKAGE_VERSION='0.9.31'
+PACKAGE_STRING='firejail 0.9.31'
 PACKAGE_BUGREPORT='netblue30@yahoo.com'
 PACKAGE_URL='http://firejail.sourceforge.net'
 
@@ -1238,7 +1238,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures firejail 0.9.30 to adapt to many kinds of systems.
+\`configure' configures firejail 0.9.31 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1299,7 +1299,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of firejail 0.9.30:";;
+     short | recursive ) echo "Configuration of firejail 0.9.31:";;
    esac
   cat <<\_ACEOF
 
@@ -1389,7 +1389,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-firejail configure 0.9.30
+firejail configure 0.9.31
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1691,7 +1691,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by firejail $as_me 0.9.30, which was
+It was created by firejail $as_me 0.9.31, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -4102,7 +4102,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by firejail $as_me 0.9.30, which was
+This file was extended by firejail $as_me 0.9.31, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -4156,7 +4156,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-firejail config.status 0.9.30
+firejail config.status 0.9.31
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index ff11d95b6..0ccba0a13 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.68])
-AC_INIT(firejail, 0.9.30, netblue30@yahoo.com, , http://firejail.sourceforge.net)
+AC_INIT(firejail, 0.9.31, netblue30@yahoo.com, , http://firejail.sourceforge.net)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
 #AC_CONFIG_HEADERS([config.h])
 
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index f4aea1b6a..984bbe628 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -20,3 +20,23 @@ blacklist ${HOME}/.remmina
 
 # Other
 blacklist ${HOME}/.tconn
+blacklist ${HOME}/.FBReader
+
+# X11 session autostart
+blacklist ${HOME}/.xinitrc
+blacklist ${HOME}/.xprofile
+blacklist ${HOME}/.config/autostart
+blacklist /etc/xdg/autostart
+blacklist ${HOME}/.kde4/Autostart
+blacklist ${HOME}/.kde/Autostart
+blacklist ${HOME}/.config/plasma-workspace/shutdown
+blacklist ${HOME}/.config/plasma-workspace/env
+blacklist ${HOME}/.config/lxsession/LXDE/autostart
+blacklist ${HOME}/.fluxbox/startup
+blacklist ${HOME}/.config/openbox/autostart
+blacklist ${HOME}/.config/openbox/environment
+
+# git, subversion
+blacklist ${HOME}/.subversion
+blacklist ${HOME}/.gitconfig
+blacklist ${HOME}/.git-credential-cache
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
new file mode 100644
index 000000000..97baa2a3e
--- /dev/null
+++ b/etc/fbreader.profile
@@ -0,0 +1,11 @@
+# fbreader profile
+noblacklist ${HOME}/.FBReader
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
+caps.drop all
+seccomp
+netfilter
+noroot
+