New profile: journal-viewer (#5943)

author: glitsj16 <glitsj16@users.noreply.github.com> 2023-08-10 09:09:53 +0000
committer: GitHub <noreply@github.com> 2023-08-10 09:09:53 +0000
commit: 3a088f1e6941bdf4cd89c140cd0fdd4070bbc5fe (patch)
tree: 9a83d0d9b881c4631c20a3407176441906f0f4c0
parent: Merge pull request #5942 from kmk3/build-firecfg-improvements (diff)
download: firejail-3a088f1e6941bdf4cd89c140cd0fdd4070bbc5fe.tar.gz
firejail-3a088f1e6941bdf4cd89c140cd0fdd4070bbc5fe.tar.zst
firejail-3a088f1e6941bdf4cd89c140cd0fdd4070bbc5fe.zip
3 files changed, 71 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 4dac9e3e4..38ab7221e 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -142,6 +142,7 @@ blacklist ${HOME}/.cache/inkscape
 blacklist ${HOME}/.cache/inox
 blacklist ${HOME}/.cache/io.github.lainsce.Notejot
 blacklist ${HOME}/.cache/iridium
+blacklist ${HOME}/.cache/journal-viewer
 blacklist ${HOME}/.cache/kcmshell5
 blacklist ${HOME}/.cache/kdenlive
 blacklist ${HOME}/.cache/keepassxc
@@ -901,6 +902,7 @@ blacklist ${HOME}/.local/share/cdprojektred
 blacklist ${HOME}/.local/share/chatterino
 blacklist ${HOME}/.local/share/clipit
 blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
+blacklist ${HOME}/.local/share/com.vmingueza.journal-viewer
 blacklist ${HOME}/.local/share/contacts
 blacklist ${HOME}/.local/share/cor-games
 blacklist ${HOME}/.local/share/data/Mendeley Ltd.
diff --git a/etc/profile-a-l/journal-viewer.profile b/etc/profile-a-l/journal-viewer.profile
new file mode 100644
index 000000000..f73595fb1
--- /dev/null
+++ b/etc/profile-a-l/journal-viewer.profile
@@ -0,0 +1,68 @@
+# Firejail profile for journal-viewer
+# Description: Visualize systemd logs
+# This file is overwritten after every install/update
+# Persistent local customizations
+include journal-viewer.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/journal-viewer
+noblacklist ${HOME}/.local/share/com.vmingueza.journal-viewer
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/journal-viewer
+mkdir ${HOME}/.local/share/com.vmingueza.journal-viewer
+whitelist ${HOME}/.cache/journal-viewer
+whitelist ${HOME}/.local/share/com.vmingueza.journal-viewer
+whitelist /run/log/journal
+whitelist /var/log/journal
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+tracelog
+disable-mnt
+private-bin journal-viewer
+private-cache
+private-dev
+private-etc machine-id
+private-lib webkit2gtk-*
+private-tmp
+dbus-user none
+dbus-system none
+restrict-namespaces
+read-only ${HOME}
+read-write ${HOME}/.cache/journal-viewer
+read-write ${HOME}/.local/share/com.vmingueza.journal-viewer
+writable-var-log
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 968ba7bf5..71c03a5e6 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -432,6 +432,7 @@ jdownloader
 jerry
 jitsi
 jitsi-meet-desktop
+journal-viewer
 jumpnbump
 jumpnbump-menu
 k3b
author	glitsj16 <glitsj16@users.noreply.github.com>	2023-08-10 09:09:53 +0000
committer	GitHub <noreply@github.com>	2023-08-10 09:09:53 +0000
commit	3a088f1e6941bdf4cd89c140cd0fdd4070bbc5fe (patch)
tree	9a83d0d9b881c4631c20a3407176441906f0f4c0
parent	Merge pull request #5942 from kmk3/build-firecfg-improvements (diff)
download	firejail-3a088f1e6941bdf4cd89c140cd0fdd4070bbc5fe.tar.gz firejail-3a088f1e6941bdf4cd89c140cd0fdd4070bbc5fe.tar.zst firejail-3a088f1e6941bdf4cd89c140cd0fdd4070bbc5fe.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 4dac9e3e4..38ab7221e 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -142,6 +142,7 @@ blacklist ${HOME}/.cache/inkscape
142	blacklist ${HOME}/.cache/inox	142	blacklist ${HOME}/.cache/inox
143	blacklist ${HOME}/.cache/io.github.lainsce.Notejot	143	blacklist ${HOME}/.cache/io.github.lainsce.Notejot
144	blacklist ${HOME}/.cache/iridium	144	blacklist ${HOME}/.cache/iridium
		145	blacklist ${HOME}/.cache/journal-viewer
145	blacklist ${HOME}/.cache/kcmshell5	146	blacklist ${HOME}/.cache/kcmshell5
146	blacklist ${HOME}/.cache/kdenlive	147	blacklist ${HOME}/.cache/kdenlive
147	blacklist ${HOME}/.cache/keepassxc	148	blacklist ${HOME}/.cache/keepassxc
@@ -901,6 +902,7 @@ blacklist ${HOME}/.local/share/cdprojektred
901	blacklist ${HOME}/.local/share/chatterino	902	blacklist ${HOME}/.local/share/chatterino
902	blacklist ${HOME}/.local/share/clipit	903	blacklist ${HOME}/.local/share/clipit
903	blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate	904	blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
		905	blacklist ${HOME}/.local/share/com.vmingueza.journal-viewer
904	blacklist ${HOME}/.local/share/contacts	906	blacklist ${HOME}/.local/share/contacts
905	blacklist ${HOME}/.local/share/cor-games	907	blacklist ${HOME}/.local/share/cor-games
906	blacklist ${HOME}/.local/share/data/Mendeley Ltd.	908	blacklist ${HOME}/.local/share/data/Mendeley Ltd.


diff --git a/etc/profile-a-l/journal-viewer.profile b/etc/profile-a-l/journal-viewer.profile new file mode 100644 index 000000000..f73595fb1 --- /dev/null +++ b/etc/profile-a-l/journal-viewer.profile
@@ -0,0 +1,68 @@
		1	# Firejail profile for journal-viewer
		2	# Description: Visualize systemd logs
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include journal-viewer.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.cache/journal-viewer
		10	noblacklist ${HOME}/.local/share/com.vmingueza.journal-viewer
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-proc.inc
		17	include disable-programs.inc
		18	include disable-shell.inc
		19	include disable-xdg.inc
		20
		21	mkdir ${HOME}/.cache/journal-viewer
		22	mkdir ${HOME}/.local/share/com.vmingueza.journal-viewer
		23	whitelist ${HOME}/.cache/journal-viewer
		24	whitelist ${HOME}/.local/share/com.vmingueza.journal-viewer
		25	whitelist /run/log/journal
		26	whitelist /var/log/journal
		27	include whitelist-common.inc
		28	include whitelist-run-common.inc
		29	include whitelist-runuser-common.inc
		30	include whitelist-usr-share-common.inc
		31	include whitelist-var-common.inc
		32
		33	apparmor
		34	caps.drop all
		35	ipc-namespace
		36	net none
		37	no3d
		38	nodvd
		39	nogroups
		40	noinput
		41	nonewprivs
		42	noprinters
		43	noroot
		44	nosound
		45	notv
		46	nou2f
		47	novideo
		48	protocol unix
		49	seccomp
		50	seccomp.block-secondary
		51	tracelog
		52
		53	disable-mnt
		54	private-bin journal-viewer
		55	private-cache
		56	private-dev
		57	private-etc machine-id
		58	private-lib webkit2gtk-*
		59	private-tmp
		60
		61	dbus-user none
		62	dbus-system none
		63
		64	restrict-namespaces
		65	read-only ${HOME}
		66	read-write ${HOME}/.cache/journal-viewer
		67	read-write ${HOME}/.local/share/com.vmingueza.journal-viewer
		68	writable-var-log


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 968ba7bf5..71c03a5e6 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -432,6 +432,7 @@ jdownloader
432	jerry	432	jerry
433	jitsi	433	jitsi
434	jitsi-meet-desktop	434	jitsi-meet-desktop
		435	journal-viewer
435	jumpnbump	436	jumpnbump
436	jumpnbump-menu	437	jumpnbump-menu
437	k3b	438	k3b