kalgebra.profile, kalgebramobile.profile

author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-10-12 17:48:24 +0200
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-10-12 17:48:24 +0200
commit: 79a3aefdbc098b85d9989852a4eb2598316f9964 (patch)
tree: 0bb9f1d1dda7adf981575da2483315cda7a47795
parent: x11 xorg: blacklist non-default Xauthority file (diff)
download: firejail-79a3aefdbc098b85d9989852a4eb2598316f9964.tar.gz
firejail-79a3aefdbc098b85d9989852a4eb2598316f9964.tar.zst
firejail-79a3aefdbc098b85d9989852a4eb2598316f9964.zip
6 files changed, 61 insertions, 2 deletions
diff --git a/README.md b/README.md
index bd6ba406a..f73168986 100644
--- a/README.md
+++ b/README.md
@@ -118,4 +118,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## New profiles:
-gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformula, klatexformula_cmdl, links, newsbeuter, OpenArena, pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt, gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop, ar, gnome-latex, pngquant
+gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformula, klatexformula_cmdl, links, newsbeuter, OpenArena, pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt, gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop, ar, gnome-latex, pngquant, kalgebra, kalgebramobile
diff --git a/RELNOTES b/RELNOTES
index cad0b974c..92208fba0 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -6,6 +6,8 @@ firejail (0.9.61) baseline; urgency=low
  * several seccomp enhancements
  * compiler flags autodetection
  * new scripts in conrib: gdb-firejail.sh and sort.py
+  * enhancement: whitelist /usr/share in some profiles
+  * new condition: HAS_X11
  * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
  * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
  * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli
@@ -16,7 +18,8 @@ firejail (0.9.61) baseline; urgency=low
  * new profiles: gnome-characters, gnome-character-map, rsync, Whalebird,
  * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat,
  * new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless
-  * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant
+  * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra
+  * new profiles: kalgebramobile
 -- netblue30 <netblue30@yahoo.com>  Sat, 1 Jun 2019 08:00:00 -0500
 firejail (0.9.60) baseline; urgency=low
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 9098d38c8..a546f05e3 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -203,6 +203,7 @@ blacklist ${HOME}/.config/itch
 blacklist ${HOME}/.config/jd-gui.cfg
 blacklist ${HOME}/.config/k3brc
 blacklist ${HOME}/.config/kaffeinerc
+blacklist ${HOME}/.config/kalgebrarc
 blacklist ${HOME}/.config/katemetainfos
 blacklist ${HOME}/.config/katepartrc
 blacklist ${HOME}/.config/katerc
@@ -516,6 +517,7 @@ blacklist ${HOME}/.local/share/gradio
 blacklist ${HOME}/.local/share/gwenview
 blacklist ${HOME}/.local/share/i2p
 blacklist ${HOME}/.local/share/kaffeine
+blacklist ${HOME}/.local/share/kalgebra
 blacklist ${HOME}/.local/share/kate
 blacklist ${HOME}/.local/share/kdenlive
 blacklist ${HOME}/.local/share/kget
diff --git a/etc/kalgebra.profile b/etc/kalgebra.profile
new file mode 100644
index 000000000..2dc90b9b9
--- /dev/null
+++ b/etc/kalgebra.profile
@@ -0,0 +1,47 @@
+# Firejail profile for kalgebra
+# Description: 2D and 3D Graph Calculator
+# This file is overwritten after every install/update
+# Persistent local customizations
+include kalgebra.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/kalgebrarc
+noblacklist ${HOME}/.local/share/kalgebra
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist /usr/share/kalgebramobile
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,netlink
+seccomp !chroot
+shell none
+# tracelog
+disable-mnt
+private-bin kalgebra,kalgebramobile
+private-cache
+private-dev
+private-etc fonts,machine-id
+private-tmp
diff --git a/etc/kalgebramobile.profile b/etc/kalgebramobile.profile
new file mode 100644
index 000000000..d2394fe20
--- /dev/null
+++ b/etc/kalgebramobile.profile
@@ -0,0 +1,5 @@
+# Firejail profile for kalgebramobile
+# This file is overwritten after every install/update
+# Redirect
+include kalgebra.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index f90d6c6bc..1ab3efdd1 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -300,6 +300,8 @@ jerry
 jitsi
 k3b
 kaffeine
+kalgebra
+kalgebramobile
 karbon
 kate
 kcalc
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-10-12 17:48:24 +0200
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-10-12 17:48:24 +0200
commit	79a3aefdbc098b85d9989852a4eb2598316f9964 (patch)
tree	0bb9f1d1dda7adf981575da2483315cda7a47795
parent	x11 xorg: blacklist non-default Xauthority file (diff)
download	firejail-79a3aefdbc098b85d9989852a4eb2598316f9964.tar.gz firejail-79a3aefdbc098b85d9989852a4eb2598316f9964.tar.zst firejail-79a3aefdbc098b85d9989852a4eb2598316f9964.zip

diff --git a/README.md b/README.md index bd6ba406a..f73168986 100644 --- a/README.md +++ b/README.md
@@ -118,4 +118,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
118		118
119	## New profiles:	119	## New profiles:
120		120
121	gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformula, klatexformula_cmdl, links, newsbeuter, OpenArena, pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt, gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop, ar, gnome-latex, pngquant	121	gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformula, klatexformula_cmdl, links, newsbeuter, OpenArena, pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt, gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop, ar, gnome-latex, pngquant, kalgebra, kalgebramobile


diff --git a/RELNOTES b/RELNOTES index cad0b974c..92208fba0 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -6,6 +6,8 @@ firejail (0.9.61) baseline; urgency=low
6	* several seccomp enhancements	6	* several seccomp enhancements
7	* compiler flags autodetection	7	* compiler flags autodetection
8	* new scripts in conrib: gdb-firejail.sh and sort.py	8	* new scripts in conrib: gdb-firejail.sh and sort.py
		9	* enhancement: whitelist /usr/share in some profiles
		10	* new condition: HAS_X11
9	* new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks	11	* new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
10	* new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder	12	* new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
11	* new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli	13	* new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli
@@ -16,7 +18,8 @@ firejail (0.9.61) baseline; urgency=low
16	* new profiles: gnome-characters, gnome-character-map, rsync, Whalebird,	18	* new profiles: gnome-characters, gnome-character-map, rsync, Whalebird,
17	* new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat,	19	* new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat,
18	* new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless	20	* new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless
19	* new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant	21	* new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra
		22	* new profiles: kalgebramobile
20	-- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500	23	-- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500
21		24
22	firejail (0.9.60) baseline; urgency=low	25	firejail (0.9.60) baseline; urgency=low


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 9098d38c8..a546f05e3 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -203,6 +203,7 @@ blacklist ${HOME}/.config/itch
203	blacklist ${HOME}/.config/jd-gui.cfg	203	blacklist ${HOME}/.config/jd-gui.cfg
204	blacklist ${HOME}/.config/k3brc	204	blacklist ${HOME}/.config/k3brc
205	blacklist ${HOME}/.config/kaffeinerc	205	blacklist ${HOME}/.config/kaffeinerc
		206	blacklist ${HOME}/.config/kalgebrarc
206	blacklist ${HOME}/.config/katemetainfos	207	blacklist ${HOME}/.config/katemetainfos
207	blacklist ${HOME}/.config/katepartrc	208	blacklist ${HOME}/.config/katepartrc
208	blacklist ${HOME}/.config/katerc	209	blacklist ${HOME}/.config/katerc
@@ -516,6 +517,7 @@ blacklist ${HOME}/.local/share/gradio
516	blacklist ${HOME}/.local/share/gwenview	517	blacklist ${HOME}/.local/share/gwenview
517	blacklist ${HOME}/.local/share/i2p	518	blacklist ${HOME}/.local/share/i2p
518	blacklist ${HOME}/.local/share/kaffeine	519	blacklist ${HOME}/.local/share/kaffeine
		520	blacklist ${HOME}/.local/share/kalgebra
519	blacklist ${HOME}/.local/share/kate	521	blacklist ${HOME}/.local/share/kate
520	blacklist ${HOME}/.local/share/kdenlive	522	blacklist ${HOME}/.local/share/kdenlive
521	blacklist ${HOME}/.local/share/kget	523	blacklist ${HOME}/.local/share/kget


diff --git a/etc/kalgebra.profile b/etc/kalgebra.profile new file mode 100644 index 000000000..2dc90b9b9 --- /dev/null +++ b/etc/kalgebra.profile
@@ -0,0 +1,47 @@
		1	# Firejail profile for kalgebra
		2	# Description: 2D and 3D Graph Calculator
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include kalgebra.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/kalgebrarc
		10	noblacklist ${HOME}/.local/share/kalgebra
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-passwdmgr.inc
		17	include disable-programs.inc
		18	include disable-xdg.inc
		19
		20	whitelist /usr/share/kalgebramobile
		21	include whitelist-usr-share-common.inc
		22	include whitelist-var-common.inc
		23
		24	apparmor
		25	caps.drop all
		26	machine-id
		27	net none
		28	nodbus
		29	nodvd
		30	nogroups
		31	nonewprivs
		32	noroot
		33	nosound
		34	notv
		35	nou2f
		36	novideo
		37	protocol unix,netlink
		38	seccomp !chroot
		39	shell none
		40	# tracelog
		41
		42	disable-mnt
		43	private-bin kalgebra,kalgebramobile
		44	private-cache
		45	private-dev
		46	private-etc fonts,machine-id
		47	private-tmp


diff --git a/etc/kalgebramobile.profile b/etc/kalgebramobile.profile new file mode 100644 index 000000000..d2394fe20 --- /dev/null +++ b/etc/kalgebramobile.profile
@@ -0,0 +1,5 @@
		1	# Firejail profile for kalgebramobile
		2	# This file is overwritten after every install/update
		3
		4	# Redirect
		5	include kalgebra.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index f90d6c6bc..1ab3efdd1 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -300,6 +300,8 @@ jerry
300	jitsi	300	jitsi
301	k3b	301	k3b
302	kaffeine	302	kaffeine
		303	kalgebra
		304	kalgebramobile
303	karbon	305	karbon
304	kate	306	kate
305	kcalc	307	kcalc