New profile: session-desktop.profile (#6259)

Description: Encrypted messenger. https://github.com/oxen-io/session-desktop/ https://aur.archlinux.org/packages/session-desktop https://aur.archlinux.org/packages/session-desktop-bin https://aur.archlinux.org/packages/session-desktop-appimage Note: The AUR packages all work with the profiles.
author: glitsj16 <glitsj16@users.noreply.github.com> 2024-03-19 11:57:10 +0000
committer: GitHub <noreply@github.com> 2024-03-19 11:57:10 +0000
commit: 3c6016e6b3a4f389d8f432d76ab39a0b2dd164b7 (patch)
tree: e65640b875d19c27bec843e04c2c767e9ec6ae6b
parent: New profile: mimetype.profile (#6247) (diff)
download: firejail-3c6016e6b3a4f389d8f432d76ab39a0b2dd164b7.tar.gz
firejail-3c6016e6b3a4f389d8f432d76ab39a0b2dd164b7.tar.zst
firejail-3c6016e6b3a4f389d8f432d76ab39a0b2dd164b7.zip
5 files changed, 97 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 126bd54f3..198afaf86 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -343,6 +343,7 @@ blacklist ${HOME}/.config/Rocket.Chat
 blacklist ${HOME}/.config/RogueLegacy
 blacklist ${HOME}/.config/RogueLegacyStorageContainer
 blacklist ${HOME}/.config/Seafile
+blacklist ${HOME}/.config/Session
 blacklist ${HOME}/.config/Signal
 blacklist ${HOME}/.config/Sinew Software Systems
 blacklist ${HOME}/.config/Slack
diff --git a/etc/profile-m-z/session-messenger-desktop.profile b/etc/profile-m-z/session-messenger-desktop.profile
new file mode 100644
index 000000000..3b42c8db1
--- /dev/null
+++ b/etc/profile-m-z/session-messenger-desktop.profile
@@ -0,0 +1,11 @@
+# Firejail profile for session-messenger-desktop
+# Description: Encrypted messenger
+# This file is overwritten after every install/update
+# Persistent local customizations
+include session-messenger-desktop.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+# Redirect
+include session-desktop.profile
diff --git a/etc/profile-m-z/session-messenger.profile b/etc/profile-m-z/session-messenger.profile
new file mode 100644
index 000000000..739cfb8b1
--- /dev/null
+++ b/etc/profile-m-z/session-messenger.profile
@@ -0,0 +1,11 @@
+# Firejail profile for session-messenger
+# Description: Encrypted messenger
+# This file is overwritten after every install/update
+# Persistent local customizations
+include session-messenger.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+# Redirect
+include session-desktop.profile
diff --git a/etc/session-desktop.profile b/etc/session-desktop.profile
new file mode 100644
index 000000000..b1076b080
--- /dev/null
+++ b/etc/session-desktop.profile
@@ -0,0 +1,71 @@
+# Firejail profile for session-desktop
+# Description: Encrypted messenger
+# This file is overwritten after every install/update
+# Persistent local customizations
+include session-desktop.local
+# Persistent global definitions
+include globals.local
+blacklist /usr/libexec
+ignore noexec /tmp
+noblacklist ${HOME}/.config/Session
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/Session
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/Session
+whitelist /opt/Session
+whitelist /opt/session-desktop
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+?HAS_APPIMAGE: ignore noinput
+noinput
+nonewprivs
+noprinters
+noroot
+notv
+nou2f
+protocol unix,inet,inet6,netlink
+seccomp !chroot
+seccomp.block-secondary
+tracelog
+disable-mnt
+private-bin session-desktop*,session-messenger-desktop*
+private-cache
+?HAS_APPIMAGE: ignore private-dev
+private-dev
+private-etc @network,@tls-ca,@x11
+private-tmp
+dbus-user filter
+dbus-user.talk org.freedesktop.impl.*
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.freedesktop.portal.*
+dbus-user.talk org.freedesktop.secrets
+?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
+?ALLOW_TRAY: dbus-user.own org.kde.*
+dbus-system none
+# breaks app
+#restrict-namespaces
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 0783de9e1..957c1f1eb 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -783,6 +783,9 @@ seahorse-tool
 seamonkey
 seamonkey-bin
 secret-tool
+session-desktop
+session-messenger
+session-messenger-desktop
 sha1sum
 sha224sum
 sha256sum
author	glitsj16 <glitsj16@users.noreply.github.com>	2024-03-19 11:57:10 +0000
committer	GitHub <noreply@github.com>	2024-03-19 11:57:10 +0000
commit	3c6016e6b3a4f389d8f432d76ab39a0b2dd164b7 (patch)
tree	e65640b875d19c27bec843e04c2c767e9ec6ae6b
parent	New profile: mimetype.profile (#6247) (diff)
download	firejail-3c6016e6b3a4f389d8f432d76ab39a0b2dd164b7.tar.gz firejail-3c6016e6b3a4f389d8f432d76ab39a0b2dd164b7.tar.zst firejail-3c6016e6b3a4f389d8f432d76ab39a0b2dd164b7.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 126bd54f3..198afaf86 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -343,6 +343,7 @@ blacklist ${HOME}/.config/Rocket.Chat
343	blacklist ${HOME}/.config/RogueLegacy	343	blacklist ${HOME}/.config/RogueLegacy
344	blacklist ${HOME}/.config/RogueLegacyStorageContainer	344	blacklist ${HOME}/.config/RogueLegacyStorageContainer
345	blacklist ${HOME}/.config/Seafile	345	blacklist ${HOME}/.config/Seafile
		346	blacklist ${HOME}/.config/Session
346	blacklist ${HOME}/.config/Signal	347	blacklist ${HOME}/.config/Signal
347	blacklist ${HOME}/.config/Sinew Software Systems	348	blacklist ${HOME}/.config/Sinew Software Systems
348	blacklist ${HOME}/.config/Slack	349	blacklist ${HOME}/.config/Slack


diff --git a/etc/profile-m-z/session-messenger-desktop.profile b/etc/profile-m-z/session-messenger-desktop.profile new file mode 100644 index 000000000..3b42c8db1 --- /dev/null +++ b/etc/profile-m-z/session-messenger-desktop.profile
@@ -0,0 +1,11 @@
		1	# Firejail profile for session-messenger-desktop
		2	# Description: Encrypted messenger
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include session-messenger-desktop.local
		6	# Persistent global definitions
		7	# added by included profile
		8	#include globals.local
		9
		10	# Redirect
		11	include session-desktop.profile


diff --git a/etc/profile-m-z/session-messenger.profile b/etc/profile-m-z/session-messenger.profile new file mode 100644 index 000000000..739cfb8b1 --- /dev/null +++ b/etc/profile-m-z/session-messenger.profile
@@ -0,0 +1,11 @@
		1	# Firejail profile for session-messenger
		2	# Description: Encrypted messenger
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include session-messenger.local
		6	# Persistent global definitions
		7	# added by included profile
		8	#include globals.local
		9
		10	# Redirect
		11	include session-desktop.profile


diff --git a/etc/session-desktop.profile b/etc/session-desktop.profile new file mode 100644 index 000000000..b1076b080 --- /dev/null +++ b/etc/session-desktop.profile
@@ -0,0 +1,71 @@
		1	# Firejail profile for session-desktop
		2	# Description: Encrypted messenger
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include session-desktop.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	blacklist /usr/libexec
		10
		11	ignore noexec /tmp
		12
		13	noblacklist ${HOME}/.config/Session
		14
		15	include disable-common.inc
		16	include disable-devel.inc
		17	include disable-exec.inc
		18	include disable-interpreters.inc
		19	include disable-proc.inc
		20	include disable-programs.inc
		21	include disable-shell.inc
		22	include disable-xdg.inc
		23
		24	mkdir ${HOME}/.config/Session
		25	whitelist ${DOWNLOADS}
		26	whitelist ${HOME}/.config/Session
		27	whitelist /opt/Session
		28	whitelist /opt/session-desktop
		29	include whitelist-common.inc
		30	include whitelist-run-common.inc
		31	include whitelist-runuser-common.inc
		32	include whitelist-usr-share-common.inc
		33	include whitelist-var-common.inc
		34
		35	apparmor
		36	caps.drop all
		37	ipc-namespace
		38	netfilter
		39	nodvd
		40	nogroups
		41	?HAS_APPIMAGE: ignore noinput
		42	noinput
		43	nonewprivs
		44	noprinters
		45	noroot
		46	notv
		47	nou2f
		48	protocol unix,inet,inet6,netlink
		49	seccomp !chroot
		50	seccomp.block-secondary
		51	tracelog
		52
		53	disable-mnt
		54	private-bin session-desktop,session-messenger-desktop
		55	private-cache
		56	?HAS_APPIMAGE: ignore private-dev
		57	private-dev
		58	private-etc @network,@tls-ca,@x11
		59	private-tmp
		60
		61	dbus-user filter
		62	dbus-user.talk org.freedesktop.impl.*
		63	dbus-user.talk org.freedesktop.Notifications
		64	dbus-user.talk org.freedesktop.portal.*
		65	dbus-user.talk org.freedesktop.secrets
		66	?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
		67	?ALLOW_TRAY: dbus-user.own org.kde.*
		68	dbus-system none
		69
		70	# breaks app
		71	#restrict-namespaces


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 0783de9e1..957c1f1eb 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -783,6 +783,9 @@ seahorse-tool
783	seamonkey	783	seamonkey
784	seamonkey-bin	784	seamonkey-bin
785	secret-tool	785	secret-tool
		786	session-desktop
		787	session-messenger
		788	session-messenger-desktop
786	sha1sum	789	sha1sum
787	sha224sum	790	sha224sum
788	sha256sum	791	sha256sum