added lxterminal profile

author: netblue30 <netblue30@yahoo.com> 2016-02-12 17:55:26 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-02-12 17:55:26 -0500
commit: 5dd4748076b6016b0faf0a99485e99a2134b5b06 (patch)
tree: 11ada466619363823b8bfb1588f48f71f632c473
parent: split out terminal blacklisting in disable-terminals.inc (diff)
download: firejail-5dd4748076b6016b0faf0a99485e99a2134b5b06.tar.gz
firejail-5dd4748076b6016b0faf0a99485e99a2134b5b06.tar.zst
firejail-5dd4748076b6016b0faf0a99485e99a2134b5b06.zip
3 files changed, 22 insertions, 0 deletions
diff --git a/Makefile.in b/Makefile.in
index c4b3d238a..f5e52979f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -137,6 +137,7 @@ realinstall:
        install -c -m 0644 .etc/uget-gtk.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/mupen64plus.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/disable-terminals.inc $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/lxterminal.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
        rm -fr .etc
        # man pages
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile
new file mode 100644
index 000000000..a614a8dbf
--- /dev/null
+++ b/etc/lxterminal.profile
@@ -0,0 +1,19 @@
+# lxterminal (LXDE) profile
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist ${HOME}/.lastpass
+blacklist ${HOME}/.keepassx
+blacklist ${HOME}/.password-store
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+netfilter
+#noroot - somehow this breaks on Debian Jessie!
+# lxterminal is a single-instence program
+# blacklist any existing lxterminal socket in order to force a second process instance
+blacklist /tmp/.lxterminal-socket*
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 3adb5201d..27e65c5e6 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -62,3 +62,5 @@
 /etc/firejail/Mathematica.profile
 /etc/firejail/uget-gtk.profile
 /etc/firejail/mupen64plus.profile
+/etc/disable-terminals.inc
+/etc/lxterminal.profile
author	netblue30 <netblue30@yahoo.com>	2016-02-12 17:55:26 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-02-12 17:55:26 -0500
commit	5dd4748076b6016b0faf0a99485e99a2134b5b06 (patch)
tree	11ada466619363823b8bfb1588f48f71f632c473
parent	split out terminal blacklisting in disable-terminals.inc (diff)
download	firejail-5dd4748076b6016b0faf0a99485e99a2134b5b06.tar.gz firejail-5dd4748076b6016b0faf0a99485e99a2134b5b06.tar.zst firejail-5dd4748076b6016b0faf0a99485e99a2134b5b06.zip

diff --git a/Makefile.in b/Makefile.in index c4b3d238a..f5e52979f 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -137,6 +137,7 @@ realinstall:
137	install -c -m 0644 .etc/uget-gtk.profile $(DESTDIR)/$(sysconfdir)/firejail/.	137	install -c -m 0644 .etc/uget-gtk.profile $(DESTDIR)/$(sysconfdir)/firejail/.
138	install -c -m 0644 .etc/mupen64plus.profile $(DESTDIR)/$(sysconfdir)/firejail/.	138	install -c -m 0644 .etc/mupen64plus.profile $(DESTDIR)/$(sysconfdir)/firejail/.
139	install -c -m 0644 .etc/disable-terminals.inc $(DESTDIR)/$(sysconfdir)/firejail/.	139	install -c -m 0644 .etc/disable-terminals.inc $(DESTDIR)/$(sysconfdir)/firejail/.
		140	install -c -m 0644 .etc/lxterminal.profile $(DESTDIR)/$(sysconfdir)/firejail/.
140	bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"	141	bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
141	rm -fr .etc	142	rm -fr .etc
142	# man pages	143	# man pages


diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile new file mode 100644 index 000000000..a614a8dbf --- /dev/null +++ b/etc/lxterminal.profile
@@ -0,0 +1,19 @@
		1	# lxterminal (LXDE) profile
		2
		3	include /etc/firejail/disable-mgmt.inc
		4	include /etc/firejail/disable-secret.inc
		5	include /etc/firejail/disable-common.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist ${HOME}/.lastpass
		8	blacklist ${HOME}/.keepassx
		9	blacklist ${HOME}/.password-store
		10	caps.drop all
		11	seccomp
		12	protocol unix,inet,inet6
		13	netfilter
		14
		15	#noroot - somehow this breaks on Debian Jessie!
		16
		17	# lxterminal is a single-instence program
		18	# blacklist any existing lxterminal socket in order to force a second process instance
		19	blacklist /tmp/.lxterminal-socket*


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 3adb5201d..27e65c5e6 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -62,3 +62,5 @@
62	/etc/firejail/Mathematica.profile	62	/etc/firejail/Mathematica.profile
63	/etc/firejail/uget-gtk.profile	63	/etc/firejail/uget-gtk.profile
64	/etc/firejail/mupen64plus.profile	64	/etc/firejail/mupen64plus.profile
		65	/etc/disable-terminals.inc
		66	/etc/lxterminal.profile