New profile: qt5ct (#6249)

author: glitsj16 <glitsj16@users.noreply.github.com> 2024-03-05 08:59:11 +0000
committer: GitHub <noreply@github.com> 2024-03-05 08:59:11 +0000
commit: 301826a67446052f46eeb80611ecef650bb8e2ac (patch)
tree: a8f5d6b80c0b4983ed84d9987aecdda71a8ba1c9
parent: New profiles: lz4 and redirects (#6241) (diff)
download: firejail-301826a67446052f46eeb80611ecef650bb8e2ac.tar.gz
firejail-301826a67446052f46eeb80611ecef650bb8e2ac.tar.zst
firejail-301826a67446052f46eeb80611ecef650bb8e2ac.zip
3 files changed, 71 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index aa83691eb..c9e566948 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -613,6 +613,7 @@ blacklist ${HOME}/.config/qBittorrent
 blacklist ${HOME}/.config/qBittorrentrc
 blacklist ${HOME}/.config/qnapi.ini
 blacklist ${HOME}/.config/qpdfview
+blacklist ${HOME}/.config/qt5ct
 blacklist ${HOME}/.config/quodlibet
 blacklist ${HOME}/.config/qupzilla
 blacklist ${HOME}/.config/qutebrowser
@@ -1027,6 +1028,7 @@ blacklist ${HOME}/.local/share/psi
 blacklist ${HOME}/.local/share/psi+
 blacklist ${HOME}/.local/share/qBittorrent
 blacklist ${HOME}/.local/share/qpdfview
+blacklist ${HOME}/.local/share/qt5ct
 blacklist ${HOME}/.local/share/quadrapassel
 blacklist ${HOME}/.local/share/qutebrowser
 blacklist ${HOME}/.local/share/remmina
diff --git a/etc/profile-m-z/qt5ct.profile b/etc/profile-m-z/qt5ct.profile
new file mode 100644
index 000000000..851dc651a
--- /dev/null
+++ b/etc/profile-m-z/qt5ct.profile
@@ -0,0 +1,68 @@
+# Firejail profile for qt5ct
+# Description: Qt5 Configuration Utility
+# This file is overwritten after every install/update
+# Persistent local customizations
+include qt5ct.local
+# Persistent global definitions
+include globals.local
+blacklist /usr/libexec
+noblacklist ${HOME}/.config/qt5ct
+noblacklist ${HOME}/.local/share/qt5ct
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/qt5ct
+mkdir ${HOME}/.local/share/qt5ct
+whitelist ${HOME}/.config/qt5ct
+whitelist ${HOME}/.local/share/qt5ct
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+tracelog
+disable-mnt
+private-bin qt5ct
+private-cache
+private-dev
+private-etc dbus-1,machine-id
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+read-only ${HOME}
+read-write ${HOME}/.config/qt5ct
+read-write ${HOME}/.local/share/qt5ct
+restrict-namespaces
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 8d1867ca3..f1c9507d7 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -727,6 +727,7 @@ qpdf
 qpdfview
 qq
 qt-faststart
+qt5ct
 qtox
 quadrapassel
 quassel
author	glitsj16 <glitsj16@users.noreply.github.com>	2024-03-05 08:59:11 +0000
committer	GitHub <noreply@github.com>	2024-03-05 08:59:11 +0000
commit	301826a67446052f46eeb80611ecef650bb8e2ac (patch)
tree	a8f5d6b80c0b4983ed84d9987aecdda71a8ba1c9
parent	New profiles: lz4 and redirects (#6241) (diff)
download	firejail-301826a67446052f46eeb80611ecef650bb8e2ac.tar.gz firejail-301826a67446052f46eeb80611ecef650bb8e2ac.tar.zst firejail-301826a67446052f46eeb80611ecef650bb8e2ac.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index aa83691eb..c9e566948 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -613,6 +613,7 @@ blacklist ${HOME}/.config/qBittorrent
613	blacklist ${HOME}/.config/qBittorrentrc	613	blacklist ${HOME}/.config/qBittorrentrc
614	blacklist ${HOME}/.config/qnapi.ini	614	blacklist ${HOME}/.config/qnapi.ini
615	blacklist ${HOME}/.config/qpdfview	615	blacklist ${HOME}/.config/qpdfview
		616	blacklist ${HOME}/.config/qt5ct
616	blacklist ${HOME}/.config/quodlibet	617	blacklist ${HOME}/.config/quodlibet
617	blacklist ${HOME}/.config/qupzilla	618	blacklist ${HOME}/.config/qupzilla
618	blacklist ${HOME}/.config/qutebrowser	619	blacklist ${HOME}/.config/qutebrowser
@@ -1027,6 +1028,7 @@ blacklist ${HOME}/.local/share/psi
1027	blacklist ${HOME}/.local/share/psi+	1028	blacklist ${HOME}/.local/share/psi+
1028	blacklist ${HOME}/.local/share/qBittorrent	1029	blacklist ${HOME}/.local/share/qBittorrent
1029	blacklist ${HOME}/.local/share/qpdfview	1030	blacklist ${HOME}/.local/share/qpdfview
		1031	blacklist ${HOME}/.local/share/qt5ct
1030	blacklist ${HOME}/.local/share/quadrapassel	1032	blacklist ${HOME}/.local/share/quadrapassel
1031	blacklist ${HOME}/.local/share/qutebrowser	1033	blacklist ${HOME}/.local/share/qutebrowser
1032	blacklist ${HOME}/.local/share/remmina	1034	blacklist ${HOME}/.local/share/remmina


diff --git a/etc/profile-m-z/qt5ct.profile b/etc/profile-m-z/qt5ct.profile new file mode 100644 index 000000000..851dc651a --- /dev/null +++ b/etc/profile-m-z/qt5ct.profile
@@ -0,0 +1,68 @@
		1	# Firejail profile for qt5ct
		2	# Description: Qt5 Configuration Utility
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include qt5ct.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	blacklist /usr/libexec
		10
		11	noblacklist ${HOME}/.config/qt5ct
		12	noblacklist ${HOME}/.local/share/qt5ct
		13
		14	include disable-common.inc
		15	include disable-devel.inc
		16	include disable-exec.inc
		17	include disable-interpreters.inc
		18	include disable-proc.inc
		19	include disable-programs.inc
		20	include disable-shell.inc
		21	include disable-xdg.inc
		22
		23	mkdir ${HOME}/.config/qt5ct
		24	mkdir ${HOME}/.local/share/qt5ct
		25	whitelist ${HOME}/.config/qt5ct
		26	whitelist ${HOME}/.local/share/qt5ct
		27
		28	include whitelist-common.inc
		29	include whitelist-run-common.inc
		30	include whitelist-runuser-common.inc
		31	include whitelist-usr-share-common.inc
		32	include whitelist-var-common.inc
		33
		34	apparmor
		35	caps.drop all
		36	machine-id
		37	net none
		38	no3d
		39	nodvd
		40	nogroups
		41	noinput
		42	nonewprivs
		43	noprinters
		44	noroot
		45	nosound
		46	notv
		47	nou2f
		48	novideo
		49	protocol unix
		50	seccomp
		51	seccomp.block-secondary
		52	tracelog
		53
		54	disable-mnt
		55	private-bin qt5ct
		56	private-cache
		57	private-dev
		58	private-etc dbus-1,machine-id
		59	private-tmp
		60
		61	dbus-user none
		62	dbus-system none
		63
		64	memory-deny-write-execute
		65	read-only ${HOME}
		66	read-write ${HOME}/.config/qt5ct
		67	read-write ${HOME}/.local/share/qt5ct
		68	restrict-namespaces


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 8d1867ca3..f1c9507d7 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -727,6 +727,7 @@ qpdf
727	qpdfview	727	qpdfview
728	qq	728	qq
729	qt-faststart	729	qt-faststart
		730	qt5ct
730	qtox	731	qtox
731	quadrapassel	732	quadrapassel
732	quassel	733	quassel