aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2015-11-02 09:05:31 -0500
committerLibravatar netblue30 <netblue30@yahoo.com>2015-11-02 09:05:31 -0500
commit67b5c497926b777a696a8814f909b6a3da06fdb5 (patch)
tree76a5259d191781605f987f104898fcd1048fe4e4
parentMerge pull request #113 from emacsomancer/master (diff)
downloadfirejail-67b5c497926b777a696a8814f909b6a3da06fdb5.tar.gz
firejail-67b5c497926b777a696a8814f909b6a3da06fdb5.tar.zst
firejail-67b5c497926b777a696a8814f909b6a3da06fdb5.zip
whitelisting ~/.fonts
Diffstat
-rw-r--r--Makefile.in1
-rw-r--r--README2
-rw-r--r--RELNOTES2
-rw-r--r--etc/chromium.profile7
-rw-r--r--etc/conkeror.profile6
-rw-r--r--etc/firefox.profile7
-rw-r--r--etc/spotify.profile9
-rw-r--r--platform/debian/conffiles1
-rw-r--r--todo8
9 files changed, 40 insertions, 3 deletions
diff --git a/Makefile.in b/Makefile.in
index 27ecce4fb..aeb1d34d0 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -111,6 +111,7 @@ realinstall:
111 install -c -m 0644 etc/skype.profile $(DESTDIR)/$(sysconfdir)/firejail/. 111 install -c -m 0644 etc/skype.profile $(DESTDIR)/$(sysconfdir)/firejail/.
112 install -c -m 0644 etc/wine.profile $(DESTDIR)/$(sysconfdir)/firejail/. 112 install -c -m 0644 etc/wine.profile $(DESTDIR)/$(sysconfdir)/firejail/.
113 install -c -m 0644 etc/disable-devel.inc $(DESTDIR)/$(sysconfdir)/firejail/. 113 install -c -m 0644 etc/disable-devel.inc $(DESTDIR)/$(sysconfdir)/firejail/.
114 install -c -m 0644 etc/conkeror.profile $(DESTDIR)/$(sysconfdir)/firejail/.
114 bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" 115 bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
115 # man pages 116 # man pages
116 rm -f firejail.1.gz 117 rm -f firejail.1.gz
diff --git a/README b/README
index 9edc65b11..ffb28134b 100644
--- a/README
+++ b/README
@@ -18,6 +18,8 @@ License: GPL v2
18Firejail Authors: 18Firejail Authors:
19 19
20netblue30 (netblue30@yahoo.com) 20netblue30 (netblue30@yahoo.com)
21emacsomancer (https://github.com/emacsomancer)
22 - added profile for Conkeror browser
21Daan Bakker (https://github.com/dbakker) 23Daan Bakker (https://github.com/dbakker)
22 - protect shell startup files 24 - protect shell startup files
23Duncan Overbruck (https://github.com/Duncaen) 25Duncan Overbruck (https://github.com/Duncaen)
diff --git a/RELNOTES b/RELNOTES
index 4a790707e..289b2ea70 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -2,7 +2,7 @@ firejail (0.9.34-rc1) baseline; urgency=low
2 * added --ignore option 2 * added --ignore option
3 * added --protocol option 3 * added --protocol option
4 * support dual i386/amd64 seccomp filters 4 * support dual i386/amd64 seccomp filters
5 * added Steam, Skype and Wine profiles 5 * added Steam, Skype, Wine and Conkeror profiles
6 * bugfixes 6 * bugfixes
7 -- netblue30 <netblue30@yahoo.com> Thu, 29 Oct 2015 08:00:00 -0500 7 -- netblue30 <netblue30@yahoo.com> Thu, 29 Oct 2015 08:00:00 -0500
8 8
diff --git a/etc/chromium.profile b/etc/chromium.profile
index bba2f0e10..ee5600170 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -7,3 +7,10 @@ include /etc/firejail/disable-devel.inc
7netfilter 7netfilter
8whitelist ~/Downloads 8whitelist ~/Downloads
9whitelist ~/.config/chromium 9whitelist ~/.config/chromium
10
11# common
12whitelist ~/.fonts
13whitelist ~/.fonts.d
14whitelist ~/.fontconfig
15whitelist ~/.fonts.conf
16whitelist ~/.fonts.conf.d
diff --git a/etc/conkeror.profile b/etc/conkeror.profile
index e33edac0e..7c1384523 100644
--- a/etc/conkeror.profile
+++ b/etc/conkeror.profile
@@ -19,4 +19,10 @@ whitelist ~/.vimperator
19whitelist ~/.pentadactylrc 19whitelist ~/.pentadactylrc
20whitelist ~/.pentadactyl 20whitelist ~/.pentadactyl
21whitelist ~/.conkerorrc 21whitelist ~/.conkerorrc
22
23# common
22whitelist ~/.fonts 24whitelist ~/.fonts
25whitelist ~/.fonts.d
26whitelist ~/.fontconfig
27whitelist ~/.fonts.conf
28whitelist ~/.fonts.conf.d
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 50d5c940b..d926474d0 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -19,3 +19,10 @@ whitelist ~/.vimperatorrc
19whitelist ~/.vimperator 19whitelist ~/.vimperator
20whitelist ~/.pentadactylrc 20whitelist ~/.pentadactylrc
21whitelist ~/.pentadactyl 21whitelist ~/.pentadactyl
22
23# common
24whitelist ~/.fonts
25whitelist ~/.fonts.d
26whitelist ~/.fontconfig
27whitelist ~/.fonts.conf
28whitelist ~/.fonts.conf.d
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 36d8f2b7a..f77f900cf 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -10,11 +10,16 @@ include /etc/firejail/disable-devel.inc
10whitelist ${HOME}/.config/spotify 10whitelist ${HOME}/.config/spotify
11whitelist ${HOME}/.local/share/spotify 11whitelist ${HOME}/.local/share/spotify
12whitelist ${HOME}/.cache/spotify 12whitelist ${HOME}/.cache/spotify
13# Whitelist the pulseaudio config, to allow PulseAudio workaround (Issue #69)
14whitelist ${HOME}/.config/pulse
15 13
16caps.drop all 14caps.drop all
17seccomp 15seccomp
18protocol unix,inet,inet6 16protocol unix,inet,inet6
19netfilter 17netfilter
20noroot 18noroot
19
20# common
21whitelist ~/.fonts
22whitelist ~/.fonts.d
23whitelist ~/.fontconfig
24whitelist ~/.fonts.conf
25whitelist ~/.fonts.conf.d
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 78f42b83e..6ba79f9c7 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -37,3 +37,4 @@
37/etc/firejail/steam.profile 37/etc/firejail/steam.profile
38/etc/firejail/wine.profile 38/etc/firejail/wine.profile
39/etc/firejail/disable-devel.inc 39/etc/firejail/disable-devel.inc
40/etc/firejail/conkeror.profile
diff --git a/todo b/todo
index 8d1211425..8dcb0acf9 100644
--- a/todo
+++ b/todo
@@ -54,3 +54,11 @@ cat <&3
54c) A list of attacks 54c) A list of attacks
55http://www.lanmaster53.com/2011/05/7-linux-shells-using-built-in-tools/ 55http://www.lanmaster53.com/2011/05/7-linux-shells-using-built-in-tools/
56 56
578. SELinux
58
59Firefox selinux disabled (RedHat): http://danwalsh.livejournal.com/72697.html
60Firefox selinux enabled (Gentoo hardened): http://blog.siphos.be/2015/08/why-we-do-confine-firefox/
61"desktops are notoriously difficult to use a mandatory access control system on"
62
639. blacklist .muttrc, contains passwords in clear text
64
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-05-28 12:30:13 +0000