Add ktouch.profile

author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-05-25 10:24:28 +0200
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-05-25 10:24:28 +0200
commit: 74b71ae2f1cada1295826a24fd636d23683d343e (patch)
tree: f74b2e47093d46f007edb82e27ff73c1ff2d0f93
parent: small private-cwd adjustments (diff)
download: firejail-74b71ae2f1cada1295826a24fd636d23683d343e.tar.gz
firejail-74b71ae2f1cada1295826a24fd636d23683d343e.tar.zst
firejail-74b71ae2f1cada1295826a24fd636d23683d343e.zip
5 files changed, 56 insertions, 2 deletions
diff --git a/README b/README
index 61b21ac6d..b2123aba2 100644
--- a/README
+++ b/README
@@ -559,6 +559,7 @@ rusty-snake (https://github.com/rusty-snake)
        - added profiles: gajim-history-manager, freemind, nomacs, kid3
        - added profiles: kid3-qt, kid3-cli, anki, utox, mp3splt, mp3wrap
        - added profiles: oggsplt, flacsplt, cheese, inkview, mp3splt-gtk
+        - added profiles: ktouch
        - fixed profiles: kdenlive, bibletime, rhythmbox, gajim, seahorse
        - fixed profiles: libreoffice, gnome-maps, wget, seahorse-tool
        - fixed profiles: gnome-logs, atom, brackets, gnome-builder, geany
@@ -573,6 +574,7 @@ rusty-snake (https://github.com/rusty-snake)
        - hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox
        - hardened profiles: gnome-clocks, meld, minetest, youtube-dl
        - hardened profiles: bibletime, whois, etr, display, feh, mpv, xiphos
+        - hardened profiles: gnome-chess
        - gnome-mpv was renamed to celluloid
        - some typo fixes
 Salvo 'LtWorf' Tomaselli (https://github.com/ltworf)
diff --git a/README.md b/README.md
index c11402386..68caf2f13 100644
--- a/README.md
+++ b/README.md
@@ -112,7 +112,7 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## New profiles:
 anki, assogiate, autokey-gtk, autokey-qt, autokey-run, autokey-shell, bzflag, celluoid, cheese, code-oss, crawl, crawl-tiles, crow, d-feet, dconf,
 dconf-editor, devhelp, exfalso, font-manager, freeciv, freecol, freeoffice-planmaker, freeoffice-presentations, freeoffice-textmaker, freemind,
-gconf-editor, geekbench, gnome-keyring, gnome-nettool, gnome-system-log, gramps, gsettings, inkview kid3, kid3-cli, kid3-qt, lincity-ng, lugaru,
+gconf-editor, geekbench, gnome-keyring, gnome-nettool, gnome-system-log, gramps, gsettings, inkview, kid3, kid3-cli, kid3-qt, ktouch, lincity-ng, lugaru,
 Maelstrom, manaplus, megaglest, meteo-qt, mp3splt-gtk, mpdris2, mypaint, nano, netactview, newsboat, nomacs, nyx, opencity, openclonk, openttd, ostrichriders, pavucontrol,
 pioneer, pragha, redshift, regextester, seahorse, seahorse-tool, scorched3d, secret-tool, simplescreenrecorder, slashem, subdownloader, sysprof,
 sysprof-cli, teeworlds, torcs, tremulous, transgui, utox, vulturesclaw, vultureseye, warsow, widelands, xfce4-mixer
diff --git a/RELNOTES b/RELNOTES
index 508511621..b9e5dd7db 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -15,7 +15,7 @@ firejail (0.9.60~rc2) baseline; urgency=low
  * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker
  * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell
  * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap
-  * new profiles: inkview, meteo-qt, mp3splt-gtk
+  * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch
  * memory-deny-write-execute now also blocks memfd_create
  * drop support for flatpak/snap packages
 -- netblue30 <netblue30@yahoo.com>  Sun, 21 Apr 2019 08:00:00 -0500
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index eb0f73ba2..43157c6c3 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -209,6 +209,7 @@ blacklist ${HOME}/.config/kdeconnect
 blacklist ${HOME}/.config/knotesrc
 blacklist ${HOME}/.config/konversationrc
 blacklist ${HOME}/.config/ktorrentrc
+blacklist ${HOME}/.config/ktouch2rc
 blacklist ${HOME}/.config/leafpad
 blacklist ${HOME}/.config/libreoffice
 blacklist ${HOME}/.config/liferea
@@ -494,6 +495,7 @@ blacklist ${HOME}/.local/share/knotes
 blacklist ${HOME}/.local/share/krita
 blacklist ${HOME}/.local/share/ktorrentrc
 blacklist ${HOME}/.local/share/ktorrent
+blacklist ${HOME}/.local/share/ktouch
 blacklist ${HOME}/.local/share/kwrite
 blacklist ${HOME}/.local/share/liferea
 blacklist ${HOME}/.local/share/local-mail
diff --git a/etc/ktouch.profile b/etc/ktouch.profile
new file mode 100644
index 000000000..446bc50ee
--- /dev/null
+++ b/etc/ktouch.profile
@@ -0,0 +1,50 @@
+# Firejail profile for KTouch
+# Description: a typing tutor by KDE
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ktouch.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/ktouch2rc
+noblacklist ${HOME}/.local/share/ktouch
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkfile ${HOME}/.config/ktouch2rc
+mkdir ${HOME}/.local/share/ktouch
+whitelist ${HOME}/.config/ktouch2rc
+whitelist ${HOME}/.local/share/ktouch
+include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,netlink
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin ktouch
+private-cache
+private-dev
+private-etc alternatives,fonts,kde5rc,machine-id
+private-tmp
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-05-25 10:24:28 +0200
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-05-25 10:24:28 +0200
commit	74b71ae2f1cada1295826a24fd636d23683d343e (patch)
tree	f74b2e47093d46f007edb82e27ff73c1ff2d0f93
parent	small private-cwd adjustments (diff)
download	firejail-74b71ae2f1cada1295826a24fd636d23683d343e.tar.gz firejail-74b71ae2f1cada1295826a24fd636d23683d343e.tar.zst firejail-74b71ae2f1cada1295826a24fd636d23683d343e.zip

diff --git a/README b/README index 61b21ac6d..b2123aba2 100644 --- a/README +++ b/README
@@ -559,6 +559,7 @@ rusty-snake (https://github.com/rusty-snake)
559	- added profiles: gajim-history-manager, freemind, nomacs, kid3	559	- added profiles: gajim-history-manager, freemind, nomacs, kid3
560	- added profiles: kid3-qt, kid3-cli, anki, utox, mp3splt, mp3wrap	560	- added profiles: kid3-qt, kid3-cli, anki, utox, mp3splt, mp3wrap
561	- added profiles: oggsplt, flacsplt, cheese, inkview, mp3splt-gtk	561	- added profiles: oggsplt, flacsplt, cheese, inkview, mp3splt-gtk
		562	- added profiles: ktouch
562	- fixed profiles: kdenlive, bibletime, rhythmbox, gajim, seahorse	563	- fixed profiles: kdenlive, bibletime, rhythmbox, gajim, seahorse
563	- fixed profiles: libreoffice, gnome-maps, wget, seahorse-tool	564	- fixed profiles: libreoffice, gnome-maps, wget, seahorse-tool
564	- fixed profiles: gnome-logs, atom, brackets, gnome-builder, geany	565	- fixed profiles: gnome-logs, atom, brackets, gnome-builder, geany
@@ -573,6 +574,7 @@ rusty-snake (https://github.com/rusty-snake)
573	- hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox	574	- hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox
574	- hardened profiles: gnome-clocks, meld, minetest, youtube-dl	575	- hardened profiles: gnome-clocks, meld, minetest, youtube-dl
575	- hardened profiles: bibletime, whois, etr, display, feh, mpv, xiphos	576	- hardened profiles: bibletime, whois, etr, display, feh, mpv, xiphos
		577	- hardened profiles: gnome-chess
576	- gnome-mpv was renamed to celluloid	578	- gnome-mpv was renamed to celluloid
577	- some typo fixes	579	- some typo fixes
578	Salvo 'LtWorf' Tomaselli (https://github.com/ltworf)	580	Salvo 'LtWorf' Tomaselli (https://github.com/ltworf)


diff --git a/README.md b/README.md index c11402386..68caf2f13 100644 --- a/README.md +++ b/README.md
@@ -112,7 +112,7 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
112	## New profiles:	112	## New profiles:
113	anki, assogiate, autokey-gtk, autokey-qt, autokey-run, autokey-shell, bzflag, celluoid, cheese, code-oss, crawl, crawl-tiles, crow, d-feet, dconf,	113	anki, assogiate, autokey-gtk, autokey-qt, autokey-run, autokey-shell, bzflag, celluoid, cheese, code-oss, crawl, crawl-tiles, crow, d-feet, dconf,
114	dconf-editor, devhelp, exfalso, font-manager, freeciv, freecol, freeoffice-planmaker, freeoffice-presentations, freeoffice-textmaker, freemind,	114	dconf-editor, devhelp, exfalso, font-manager, freeciv, freecol, freeoffice-planmaker, freeoffice-presentations, freeoffice-textmaker, freemind,
115	gconf-editor, geekbench, gnome-keyring, gnome-nettool, gnome-system-log, gramps, gsettings, inkview kid3, kid3-cli, kid3-qt, lincity-ng, lugaru,	115	gconf-editor, geekbench, gnome-keyring, gnome-nettool, gnome-system-log, gramps, gsettings, inkview, kid3, kid3-cli, kid3-qt, ktouch, lincity-ng, lugaru,
116	Maelstrom, manaplus, megaglest, meteo-qt, mp3splt-gtk, mpdris2, mypaint, nano, netactview, newsboat, nomacs, nyx, opencity, openclonk, openttd, ostrichriders, pavucontrol,	116	Maelstrom, manaplus, megaglest, meteo-qt, mp3splt-gtk, mpdris2, mypaint, nano, netactview, newsboat, nomacs, nyx, opencity, openclonk, openttd, ostrichriders, pavucontrol,
117	pioneer, pragha, redshift, regextester, seahorse, seahorse-tool, scorched3d, secret-tool, simplescreenrecorder, slashem, subdownloader, sysprof,	117	pioneer, pragha, redshift, regextester, seahorse, seahorse-tool, scorched3d, secret-tool, simplescreenrecorder, slashem, subdownloader, sysprof,
118	sysprof-cli, teeworlds, torcs, tremulous, transgui, utox, vulturesclaw, vultureseye, warsow, widelands, xfce4-mixer	118	sysprof-cli, teeworlds, torcs, tremulous, transgui, utox, vulturesclaw, vultureseye, warsow, widelands, xfce4-mixer


diff --git a/RELNOTES b/RELNOTES index 508511621..b9e5dd7db 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -15,7 +15,7 @@ firejail (0.9.60~rc2) baseline; urgency=low
15	* new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker	15	* new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker
16	* new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell	16	* new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell
17	* new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap	17	* new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap
18	* new profiles: inkview, meteo-qt, mp3splt-gtk	18	* new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch
19	* memory-deny-write-execute now also blocks memfd_create	19	* memory-deny-write-execute now also blocks memfd_create
20	* drop support for flatpak/snap packages	20	* drop support for flatpak/snap packages
21	-- netblue30 <netblue30@yahoo.com> Sun, 21 Apr 2019 08:00:00 -0500	21	-- netblue30 <netblue30@yahoo.com> Sun, 21 Apr 2019 08:00:00 -0500


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index eb0f73ba2..43157c6c3 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -209,6 +209,7 @@ blacklist ${HOME}/.config/kdeconnect
209	blacklist ${HOME}/.config/knotesrc	209	blacklist ${HOME}/.config/knotesrc
210	blacklist ${HOME}/.config/konversationrc	210	blacklist ${HOME}/.config/konversationrc
211	blacklist ${HOME}/.config/ktorrentrc	211	blacklist ${HOME}/.config/ktorrentrc
		212	blacklist ${HOME}/.config/ktouch2rc
212	blacklist ${HOME}/.config/leafpad	213	blacklist ${HOME}/.config/leafpad
213	blacklist ${HOME}/.config/libreoffice	214	blacklist ${HOME}/.config/libreoffice
214	blacklist ${HOME}/.config/liferea	215	blacklist ${HOME}/.config/liferea
@@ -494,6 +495,7 @@ blacklist ${HOME}/.local/share/knotes
494	blacklist ${HOME}/.local/share/krita	495	blacklist ${HOME}/.local/share/krita
495	blacklist ${HOME}/.local/share/ktorrentrc	496	blacklist ${HOME}/.local/share/ktorrentrc
496	blacklist ${HOME}/.local/share/ktorrent	497	blacklist ${HOME}/.local/share/ktorrent
		498	blacklist ${HOME}/.local/share/ktouch
497	blacklist ${HOME}/.local/share/kwrite	499	blacklist ${HOME}/.local/share/kwrite
498	blacklist ${HOME}/.local/share/liferea	500	blacklist ${HOME}/.local/share/liferea
499	blacklist ${HOME}/.local/share/local-mail	501	blacklist ${HOME}/.local/share/local-mail


diff --git a/etc/ktouch.profile b/etc/ktouch.profile new file mode 100644 index 000000000..446bc50ee --- /dev/null +++ b/etc/ktouch.profile
@@ -0,0 +1,50 @@
		1	# Firejail profile for KTouch
		2	# Description: a typing tutor by KDE
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include ktouch.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/ktouch2rc
		10	noblacklist ${HOME}/.local/share/ktouch
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-passwdmgr.inc
		17	include disable-programs.inc
		18	include disable-xdg.inc
		19
		20	mkfile ${HOME}/.config/ktouch2rc
		21	mkdir ${HOME}/.local/share/ktouch
		22	whitelist ${HOME}/.config/ktouch2rc
		23	whitelist ${HOME}/.local/share/ktouch
		24	include whitelist-common.inc
		25	include whitelist-var-common.inc
		26
		27	apparmor
		28	caps.drop all
		29	machine-id
		30	net none
		31	nodbus
		32	nodvd
		33	nogroups
		34	nonewprivs
		35	noroot
		36	nosound
		37	notv
		38	nou2f
		39	novideo
		40	protocol unix,netlink
		41	seccomp
		42	shell none
		43	tracelog
		44
		45	disable-mnt
		46	private-bin ktouch
		47	private-cache
		48	private-dev
		49	private-etc alternatives,fonts,kde5rc,machine-id
		50	private-tmp