Merge pull request #872 from Fred-Barclay/extra-profiles

Extra profiles

9 files changed, 65 insertions, 2 deletions

diff --git a/README b/README
index 6ed82907f..cbd15f02a 100644
--- a/README
+++ b/README
@@ -70,7 +70,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
         - added audacity profile
         - fixed Telegram and qtox profiles
         - added Atom Beta and Atom profiles
-        - tightened 0ad, atril, evince, gthumb, pix, qtox, and xreader profiles.
+        - tightened 0ad, atril, evince, gthumb, pix, qtox, and xreader profiles
         - several private-bin conversions
         - added jitsi profile
         - pidgin private-bin conversion
@@ -79,6 +79,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
         - added DOSBox profile
         - evince profile enhancement
         - tightened Spotify profile
+        - added xiphos and Tor Browser Bundle profiles
 valoq (https://github.com/valoq)
         - LibreOffice profile fixes
         - cherrytree profile fixes
diff --git a/README.md b/README.md
index fe7c91f01..ff1b2e8ba 100644
--- a/README.md
+++ b/README.md
@@ -48,4 +48,9 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is
 
 `````
 # Current development version: 0.9.45
+`````
+
+`````
+## New Profiles
+xiphos, Tor Browser Bundle
 
diff --git a/RELNOTES b/RELNOTES
index 6e1f502c7..c0fb8b20b 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,6 +1,7 @@
 firejail (0.9.45) baseline; urgency=low
   * development version, work in progress
  -- netblue30 <netblue30@yahoo.com>  Sun, 23 Oct 2016 08:00:00 -0500
+  * new profiles: xiphos, Tor Browser Bundle
 
 firejail (0.9.44) baseline; urgency=low
   * CVE-2016-7545 submitted by Aleksey Manevich
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index edd4ee374..6e22fe04d 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -7,6 +7,8 @@ blacklist ${HOME}/.wine
 blacklist ${HOME}/.Mathematica
 blacklist ${HOME}/.Wolfram Research
 blacklist ${HOME}/.stellarium
+blacklist ${HOME}/.sword
+blacklist ${HOME}/.xiphos
 blacklist ${HOME}/.config/Atom
 blacklist ${HOME}/.config/gthumb
 blacklist ${HOME}/.config/mupen64plus
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
index 0cc6c416b..801304c18 100644
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@@ -6,7 +6,6 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 # Whitelist
-mkdir ~/.config/Gpredict
 whitelist ~/.config/Gpredict
 
 caps.drop all
@@ -21,5 +20,6 @@ shell none
 tracelog
 
 private-bin gpredict
+private-etc fonts,resolv.conf
 private-dev
 private-tmp
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
new file mode 100644
index 000000000..ee19cee25
--- /dev/null
+++ b/etc/start-tor-browser.profile
@@ -0,0 +1,20 @@
+# Firejail profile for the Tor Brower Bundle
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+private-bin bash,grep,sed,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf
+private-etc fonts
+private-dev
+private-tmp
diff --git a/etc/xiphos.profile b/etc/xiphos.profile
new file mode 100644
index 000000000..b7fb6ecf3
--- /dev/null
+++ b/etc/xiphos.profile
@@ -0,0 +1,30 @@
+# Firejail profile for xiphos
+noblacklist ~/.sword
+noblacklist ~/.xiphos
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+blacklist ~/.bashrc
+blacklist ~/.Xauthority
+
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+private-bin xiphos
+private-etc fonts,resolv.conf,sword
+private-dev
+private-tmp
+
+whitelist ${HOME}/.sword
+whitelist ${HOME}/.xiphos
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 6d444b90d..0c2e85904 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -166,3 +166,5 @@
 /etc/firejail/flowblade.profile
 /etc/firejail/eog.profile
 /etc/firejail/evolution.profile
+/etc/firejail/start-tor-browser.profile
+/etc/firejail/xiphos.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 2d2c7b20e..e3e333497 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -42,6 +42,7 @@ opera-beta
 opera
 palemoon
 qutebrowser
+start-tor-browser
 seamonkey
 seamonkey-bin
 thunderbird
@@ -150,6 +151,7 @@ atom
 ranger
 keepass
 keepassx
+xiphos
 
 # weather/climate
 aweather