Add profile for jerry chess

author: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2019-06-26 21:59:01 -0500
committer: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2019-06-26 21:59:01 -0500
commit: 5bad67a48618ad8039ba93291948f0e2cf8808c6 (patch)
tree: babcb1b36283eac7b79d6149a090b21021a57ad5
parent: Hardening a few profiles (#2800) (diff)
download: firejail-5bad67a48618ad8039ba93291948f0e2cf8808c6.tar.gz
firejail-5bad67a48618ad8039ba93291948f0e2cf8808c6.tar.zst
firejail-5bad67a48618ad8039ba93291948f0e2cf8808c6.zip
5 files changed, 46 insertions, 2 deletions
diff --git a/README.md b/README.md
index f0cecd1e7..e1a79120a 100644
--- a/README.md
+++ b/README.md
@@ -115,4 +115,5 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## New profiles:
-klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark, keepassxc-cli, keepassxc-proxy, newsbeuter, rhythmbox-client
+klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark, keepassxc-cli, keepassxc-proxy, newsbeuter, rhythmbox-client,
+jerry
diff --git a/RELNOTES b/RELNOTES
index 0a3a0a011..a00a27b32 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -4,7 +4,7 @@ firejail (0.9.61) baseline; urgency=low
  * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
  * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
  * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli
-  * new profiles: keepassxc-proxy, rhythmbox-client
+  * new profiles: keepassxc-proxy, rhythmbox-client, jerry
 -- netblue30 <netblue30@yahoo.com>  Sat, 1 Jun 2019 08:00:00 -0500
 firejail (0.9.60) baseline; urgency=low
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index fb7e02d0b..679a8c0a0 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -151,6 +151,7 @@ blacklist ${HOME}/.config/digikam
 blacklist ${HOME}/.config/digikamrc
 blacklist ${HOME}/.config/discord
 blacklist ${HOME}/.config/discordcanary
+blacklist ${HOME}/.config/dkl
 blacklist ${HOME}/.config/dnox
 blacklist ${HOME}/.config/dolphinrc
 blacklist ${HOME}/.config/dragonplayerrc
diff --git a/etc/jerry.profile b/etc/jerry.profile
new file mode 100644
index 000000000..28eb4d207
--- /dev/null
+++ b/etc/jerry.profile
@@ -0,0 +1,41 @@
+# Firejail profile for jerry
+# Description: Chess GUI
+# This file is overwritten after every install/update
+# Persistent local customizations
+include jerry.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/dkl
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+caps.drop all
+machine-id
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+private-bin jerry,stockfish,sh,bash
+private-dev
+private-etc fonts,gtk-2.0,gtk-3.0
+private-tmp
+memory-deny-write-execute
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index b4efa3add..b9f493969 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -286,6 +286,7 @@ inkview
 inox
 iridium
 iridium-browser
+jerry
 jd-gui
 jdownloader
 jitsi
author	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2019-06-26 21:59:01 -0500
committer	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2019-06-26 21:59:01 -0500
commit	5bad67a48618ad8039ba93291948f0e2cf8808c6 (patch)
tree	babcb1b36283eac7b79d6149a090b21021a57ad5
parent	Hardening a few profiles (#2800) (diff)
download	firejail-5bad67a48618ad8039ba93291948f0e2cf8808c6.tar.gz firejail-5bad67a48618ad8039ba93291948f0e2cf8808c6.tar.zst firejail-5bad67a48618ad8039ba93291948f0e2cf8808c6.zip

diff --git a/README.md b/README.md index f0cecd1e7..e1a79120a 100644 --- a/README.md +++ b/README.md
@@ -115,4 +115,5 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
115		115
116	## New profiles:	116	## New profiles:
117		117
118	klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark, keepassxc-cli, keepassxc-proxy, newsbeuter, rhythmbox-client	118	klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark, keepassxc-cli, keepassxc-proxy, newsbeuter, rhythmbox-client,
		119	jerry


diff --git a/RELNOTES b/RELNOTES index 0a3a0a011..a00a27b32 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -4,7 +4,7 @@ firejail (0.9.61) baseline; urgency=low
4	* new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks	4	* new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
5	* new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder	5	* new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
6	* new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli	6	* new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli
7	* new profiles: keepassxc-proxy, rhythmbox-client	7	* new profiles: keepassxc-proxy, rhythmbox-client, jerry
8	-- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500	8	-- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500
9		9
10	firejail (0.9.60) baseline; urgency=low	10	firejail (0.9.60) baseline; urgency=low


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fb7e02d0b..679a8c0a0 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -151,6 +151,7 @@ blacklist ${HOME}/.config/digikam
151	blacklist ${HOME}/.config/digikamrc	151	blacklist ${HOME}/.config/digikamrc
152	blacklist ${HOME}/.config/discord	152	blacklist ${HOME}/.config/discord
153	blacklist ${HOME}/.config/discordcanary	153	blacklist ${HOME}/.config/discordcanary
		154	blacklist ${HOME}/.config/dkl
154	blacklist ${HOME}/.config/dnox	155	blacklist ${HOME}/.config/dnox
155	blacklist ${HOME}/.config/dolphinrc	156	blacklist ${HOME}/.config/dolphinrc
156	blacklist ${HOME}/.config/dragonplayerrc	157	blacklist ${HOME}/.config/dragonplayerrc


diff --git a/etc/jerry.profile b/etc/jerry.profile new file mode 100644 index 000000000..28eb4d207 --- /dev/null +++ b/etc/jerry.profile
@@ -0,0 +1,41 @@
		1	# Firejail profile for jerry
		2	# Description: Chess GUI
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include jerry.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/dkl
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	caps.drop all
		20	machine-id
		21	net none
		22	no3d
		23	nodbus
		24	nodvd
		25	nogroups
		26	nonewprivs
		27	noroot
		28	nosound
		29	notv
		30	novideo
		31	protocol unix
		32	seccomp
		33	shell none
		34	tracelog
		35
		36	private-bin jerry,stockfish,sh,bash
		37	private-dev
		38	private-etc fonts,gtk-2.0,gtk-3.0
		39	private-tmp
		40
		41	memory-deny-write-execute


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index b4efa3add..b9f493969 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -286,6 +286,7 @@ inkview
286	inox	286	inox
287	iridium	287	iridium
288	iridium-browser	288	iridium-browser
		289	jerry
289	jd-gui	290	jd-gui
290	jdownloader	291	jdownloader
291	jitsi	292	jitsi