fix gucharmap & add gnome-characters, gnome-character-map

author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-07-18 23:18:11 +0200
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-07-18 23:18:11 +0200
commit: 4ed800a2623b4644277ad0d477f3511aeefdd1db (patch)
tree: 80960279837d14c5f83f85ef55da56c4b4769c41
parent: use allow-debuggers in spectre-meltdown-checker (diff)
download: firejail-4ed800a2623b4644277ad0d477f3511aeefdd1db.tar.gz
firejail-4ed800a2623b4644277ad0d477f3511aeefdd1db.tar.zst
firejail-4ed800a2623b4644277ad0d477f3511aeefdd1db.zip
4 files changed, 65 insertions, 5 deletions
diff --git a/etc/gnome-character-map.profile b/etc/gnome-character-map.profile
new file mode 100644
index 000000000..35db448f2
--- /dev/null
+++ b/etc/gnome-character-map.profile
@@ -0,0 +1,9 @@
+# Firejail profile for gnome-character-map
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-character-map.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+include gucharmap.profile
diff --git a/etc/gnome-characters.profile b/etc/gnome-characters.profile
new file mode 100644
index 000000000..828c6324e
--- /dev/null
+++ b/etc/gnome-characters.profile
@@ -0,0 +1,50 @@
+# Firejail profile for gnome-characters
+# Description: Character map application for GNOME
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-characters.local
+# Persistent global definitions
+include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+machine-id
+net none
+no3d
+# Uncomment the next line (or add it to your gnome-characters.local)
+# if you don't need recently used chars
+#nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+# Uncomment the next line (or add it to your gnome-characters.local)
+# if you don't need recently used chars
+#private
+private-bin gjs,gnome-characters
+private-cache
+private-dev
+private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,X11,xdg
+private-tmp
+read-only ${HOME}
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile
index 9507188fc..c8fe9e8c9 100644
--- a/etc/gucharmap.profile
+++ b/etc/gucharmap.profile
@@ -6,7 +6,6 @@ include gucharmap.local
 # Persistent global definitions
 include globals.local
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -23,6 +22,7 @@ caps.drop all
 machine-id
 #net none - breaks dbus
 no3d
+#nodbus - breaks state saveing
 nodvd
 nogroups
 nonewprivs
@@ -34,15 +34,14 @@ novideo
 protocol unix
 seccomp
 shell none
+tracelog
 disable-mnt
-private-bin gucharmap
+private-bin gnome-character-map,gucharmap
 private-cache
 private-dev
-private-etc alternatives,fonts
+private-etc alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,X11,xdg
 private-lib
 private-tmp
-memory-deny-write-execute
 read-only ${HOME}
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 95ad95e95..72fac1893 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -233,6 +233,8 @@ gnome-2048
 gnome-books
 gnome-builder
 gnome-calculator
+gnome-character-map
+gnome-characters
 gnome-chess
 gnome-clocks
 gnome-contacts
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-07-18 23:18:11 +0200
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-07-18 23:18:11 +0200
commit	4ed800a2623b4644277ad0d477f3511aeefdd1db (patch)
tree	80960279837d14c5f83f85ef55da56c4b4769c41
parent	use allow-debuggers in spectre-meltdown-checker (diff)
download	firejail-4ed800a2623b4644277ad0d477f3511aeefdd1db.tar.gz firejail-4ed800a2623b4644277ad0d477f3511aeefdd1db.tar.zst firejail-4ed800a2623b4644277ad0d477f3511aeefdd1db.zip

diff --git a/etc/gnome-character-map.profile b/etc/gnome-character-map.profile new file mode 100644 index 000000000..35db448f2 --- /dev/null +++ b/etc/gnome-character-map.profile
@@ -0,0 +1,9 @@
		1	# Firejail profile for gnome-character-map
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include gnome-character-map.local
		5	# Persistent global definitions
		6	# added by included profile
		7	#include globals.local
		8
		9	include gucharmap.profile


diff --git a/etc/gnome-characters.profile b/etc/gnome-characters.profile new file mode 100644 index 000000000..828c6324e --- /dev/null +++ b/etc/gnome-characters.profile
@@ -0,0 +1,50 @@
		1	# Firejail profile for gnome-characters
		2	# Description: Character map application for GNOME
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include gnome-characters.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	include disable-common.inc
		10	include disable-devel.inc
		11	include disable-exec.inc
		12	include disable-interpreters.inc
		13	include disable-passwdmgr.inc
		14	include disable-programs.inc
		15	include disable-xdg.inc
		16
		17	include whitelist-common.inc
		18	include whitelist-var-common.inc
		19
		20	caps.drop all
		21	machine-id
		22	net none
		23	no3d
		24	# Uncomment the next line (or add it to your gnome-characters.local)
		25	# if you don't need recently used chars
		26	#nodbus
		27	nodvd
		28	nogroups
		29	nonewprivs
		30	noroot
		31	nosound
		32	notv
		33	nou2f
		34	novideo
		35	protocol unix
		36	seccomp
		37	shell none
		38	tracelog
		39
		40	disable-mnt
		41	# Uncomment the next line (or add it to your gnome-characters.local)
		42	# if you don't need recently used chars
		43	#private
		44	private-bin gjs,gnome-characters
		45	private-cache
		46	private-dev
		47	private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,X11,xdg
		48	private-tmp
		49
		50	read-only ${HOME}


diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index 9507188fc..c8fe9e8c9 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile
@@ -6,7 +6,6 @@ include gucharmap.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
9
10	include disable-common.inc	9	include disable-common.inc
11	include disable-devel.inc	10	include disable-devel.inc
12	include disable-exec.inc	11	include disable-exec.inc
@@ -23,6 +22,7 @@ caps.drop all
23	machine-id	22	machine-id
24	#net none - breaks dbus	23	#net none - breaks dbus
25	no3d	24	no3d
		25	#nodbus - breaks state saveing
26	nodvd	26	nodvd
27	nogroups	27	nogroups
28	nonewprivs	28	nonewprivs
@@ -34,15 +34,14 @@ novideo
34	protocol unix	34	protocol unix
35	seccomp	35	seccomp
36	shell none	36	shell none
		37	tracelog
37		38
38	disable-mnt	39	disable-mnt
39	private-bin gucharmap	40	private-bin gnome-character-map,gucharmap
40	private-cache	41	private-cache
41	private-dev	42	private-dev
42	private-etc alternatives,fonts	43	private-etc alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,X11,xdg
43	private-lib	44	private-lib
44	private-tmp	45	private-tmp
45		46
46	memory-deny-write-execute
47
48	read-only ${HOME}	47	read-only ${HOME}


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 95ad95e95..72fac1893 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -233,6 +233,8 @@ gnome-2048
233	gnome-books	233	gnome-books
234	gnome-builder	234	gnome-builder
235	gnome-calculator	235	gnome-calculator
		236	gnome-character-map
		237	gnome-characters
236	gnome-chess	238	gnome-chess
237	gnome-clocks	239	gnome-clocks
238	gnome-contacts	240	gnome-contacts