Merge pull request #502 from Fred-Barclay/xapps

Xapps
author: netblue30 <netblue30@yahoo.com> 2016-05-07 09:36:05 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-05-07 09:36:05 -0400
commit: 92448c0dc55f64ee02dd08914d7e337f4236f670 (patch)
tree: 53490a4662e1ef1d102927dfe2e3f12ca9ca972d
parent: test fixes (diff)
parent: ignorance is NOT bliss (diff)
download: firejail-92448c0dc55f64ee02dd08914d7e337f4236f670.tar.gz
firejail-92448c0dc55f64ee02dd08914d7e337f4236f670.tar.zst
firejail-92448c0dc55f64ee02dd08914d7e337f4236f670.zip
11 files changed, 72 insertions, 12 deletions
diff --git a/Makefile.in b/Makefile.in
index fdf247255..2d49f88e1 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -180,6 +180,9 @@ realinstall:
        install -c -m 0644 .etc/quiterss.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/cyberfox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/snap.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/xplayer.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/xreader.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/xviewer.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
        sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
        rm -fr .etc
diff --git a/README b/README
index c40f99210..fcd1c54cd 100644
--- a/README
+++ b/README
@@ -70,6 +70,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
        - fixed disable-common.inc for mate-terminal
        - blacklisted escape-happy terminals in disable-common.inc
        - blacklisted g++
+        - added xplayer, xreader, and xviewer profiles
 Petter Reinholdtsen (pere@hungry.com)
        - Opera profile patch
 n1trux (https://github.com/n1trux)
diff --git a/README.md b/README.md
index c148608d9..eb4b1af81 100644
--- a/README.md
+++ b/README.md
@@ -283,6 +283,6 @@ $ man firejail-profile
 lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
 OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,
 Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium, Google-Play-Music-Desktop-Player, quiterss,
-cyberfox, generic Ubuntu snap application profile
+cyberfox, generic Ubuntu snap application profile, xplayer, xreader, xviewer
diff --git a/RELNOTES b/RELNOTES
index 8ccbeed0d..339e2ee2d 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -23,7 +23,8 @@ firejail (0.9.40-rc1) baseline; urgency=low
  * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100
  * new profiles: okular, gwenview, Google-Play-Music-Desktop-Player
  * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox
-  * new profiles: generic Ubuntu snap application profile
+  * new profiles: generic Ubuntu snap application profile, xplayer
+  * new profiles: xreader, xplayer
  * generic.profile renamed default.profile
  * build rpm packages using "make rpms"
  * bugfixes
diff --git a/etc/atril.profile b/etc/atril.profile
index c5b2abc48..d1a7b25f8 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -1,5 +1,6 @@
 # Atril profile
 noblacklist ~/.config/atril
+noblacklist ~/.local/share
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
@@ -8,10 +9,6 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
-net none
 noroot
 tracelog
+netfilter
-mkdir ~/.config
-mkdir ~/.config/atril
-whitelist ~/.config/atril
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 297d25bf2..1f3768693 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -12,17 +12,22 @@ blacklist ${HOME}/.config/uGet
 blacklist ${HOME}/.config/Gpredict
 blacklist ${HOME}/.config/aweather
 blacklist ${HOME}/.config/stellarium
-blacklist ~/.kde/share/apps/okular
+blacklist ${HOME}/.config/atril
-blacklist ~/.kde/share/config/okularrc
+blacklist ${HOME}/.config/xreader
-blacklist ~/.kde/share/config/okularpartrc
+blacklist ${HOME}/.config/xviewer
-blacklist ~/.kde/share/apps/gwenview
+blacklist ${HOME}/.kde/share/apps/okular
-blacklist ~/.kde/share/config/gwenviewrc
+blacklist ${HOME}/.kde/share/config/okularrc
+blacklist ${HOME}/.kde/share/config/okularpartrc
+blacklist ${HOME}/.kde/share/apps/gwenview
+blacklist ${HOME}/.kde/share/config/gwenviewrc
 # Media players
 blacklist ${HOME}/.config/cmus
 blacklist ${HOME}/.config/deadbeef
 blacklist ${HOME}/.config/spotify
 blacklist ${HOME}/.config/vlc
+blacklist ${HOME}/.config/totem
+blacklist ${HOME}/.config/xplayer
 # HTTP / FTP / Mail
 blacklist ${HOME}/.icedove
@@ -95,6 +100,7 @@ blacklist ${HOME}/.cache/transmission
 blacklist ${HOME}/.cache/wesnoth
 blacklist ${HOME}/.cache/0ad
 blacklist ${HOME}/.cache/8pecxstudios
+blacklist ${HOME}/.cache/xreader
 # share
 blacklist ${HOME}/.local/share/epiphany
@@ -103,3 +109,4 @@ blacklist ${HOME}/.local/share/spotify
 blacklist ${HOME}/.local/share/steam
 blacklist ${HOME}/.local/share/wesnoth
 blacklist ${HOME}/.local/share/0ad
+blacklist ${HOME}/.local/share/xplayer
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
new file mode 100644
index 000000000..67a46a7da
--- /dev/null
+++ b/etc/xplayer.profile
@@ -0,0 +1,15 @@
+# Xplayer profile
+noblacklist ~/.config/xplayer
+noblacklist ~/.local/share/xplayer
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+noroot
+tracelog
+netfilter
diff --git a/etc/xreader.profile b/etc/xreader.profile
new file mode 100644
index 000000000..7b72d41a6
--- /dev/null
+++ b/etc/xreader.profile
@@ -0,0 +1,16 @@
+# Xreader profile
+noblacklist ~/.config/xreader
+noblacklist ~/.cache/xreader
+noblacklist ~/.local/share
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+noroot
+tracelog
+netfilter
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
new file mode 100644
index 000000000..33e1e3c68
--- /dev/null
+++ b/etc/xviewer.profile
@@ -0,0 +1,13 @@
+noblacklist ~/.config/xviewer
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+noroot
+tracelog
+netfilter
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 109af24d7..4f118d571 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -94,3 +94,6 @@
 /etc/firejail/quiterss.profile
 /etc/firejail/cyberfox.profile
 /etc/firejail/snap.profile
+/etc/firejail/xplayer.profile
+/etc/firejail/xreader.profile
+/etc/firejail/xviewer.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 3812ee7d8..d019c3a5c 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -60,6 +60,8 @@ Mathematica
 mathematica
 gwenview
 okular
+atril
+xreader
 # Media
 vlc
@@ -70,6 +72,8 @@ parole
 rhythmbox
 totem
 cmus
+xplayer
+xviewer
 # chat/messaging
 bitlbee
author	netblue30 <netblue30@yahoo.com>	2016-05-07 09:36:05 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-05-07 09:36:05 -0400
commit	92448c0dc55f64ee02dd08914d7e337f4236f670 (patch)
tree	53490a4662e1ef1d102927dfe2e3f12ca9ca972d
parent	test fixes (diff)
parent	ignorance is NOT bliss (diff)
download	firejail-92448c0dc55f64ee02dd08914d7e337f4236f670.tar.gz firejail-92448c0dc55f64ee02dd08914d7e337f4236f670.tar.zst firejail-92448c0dc55f64ee02dd08914d7e337f4236f670.zip

diff --git a/Makefile.in b/Makefile.in index fdf247255..2d49f88e1 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -180,6 +180,9 @@ realinstall:
180	install -c -m 0644 .etc/quiterss.profile $(DESTDIR)/$(sysconfdir)/firejail/.	180	install -c -m 0644 .etc/quiterss.profile $(DESTDIR)/$(sysconfdir)/firejail/.
181	install -c -m 0644 .etc/cyberfox.profile $(DESTDIR)/$(sysconfdir)/firejail/.	181	install -c -m 0644 .etc/cyberfox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
182	install -c -m 0644 .etc/snap.profile $(DESTDIR)/$(sysconfdir)/firejail/.	182	install -c -m 0644 .etc/snap.profile $(DESTDIR)/$(sysconfdir)/firejail/.
		183	install -c -m 0644 .etc/xplayer.profile $(DESTDIR)/$(sysconfdir)/firejail/.
		184	install -c -m 0644 .etc/xreader.profile $(DESTDIR)/$(sysconfdir)/firejail/.
		185	install -c -m 0644 .etc/xviewer.profile $(DESTDIR)/$(sysconfdir)/firejail/.
183	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"	186	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
184	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"	187	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
185	rm -fr .etc	188	rm -fr .etc


diff --git a/README b/README index c40f99210..fcd1c54cd 100644 --- a/README +++ b/README
@@ -70,6 +70,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
70	- fixed disable-common.inc for mate-terminal	70	- fixed disable-common.inc for mate-terminal
71	- blacklisted escape-happy terminals in disable-common.inc	71	- blacklisted escape-happy terminals in disable-common.inc
72	- blacklisted g++	72	- blacklisted g++
		73	- added xplayer, xreader, and xviewer profiles
73	Petter Reinholdtsen (pere@hungry.com)	74	Petter Reinholdtsen (pere@hungry.com)
74	- Opera profile patch	75	- Opera profile patch
75	n1trux (https://github.com/n1trux)	76	n1trux (https://github.com/n1trux)


diff --git a/README.md b/README.md index c148608d9..eb4b1af81 100644 --- a/README.md +++ b/README.md
@@ -283,6 +283,6 @@ $ man firejail-profile
283	lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,	283	lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
284	OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,	284	OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,
285	Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium, Google-Play-Music-Desktop-Player, quiterss,	285	Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium, Google-Play-Music-Desktop-Player, quiterss,
286	cyberfox, generic Ubuntu snap application profile	286	cyberfox, generic Ubuntu snap application profile, xplayer, xreader, xviewer
287		287
288		288


diff --git a/RELNOTES b/RELNOTES index 8ccbeed0d..339e2ee2d 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -23,7 +23,8 @@ firejail (0.9.40-rc1) baseline; urgency=low
23	* new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100	23	* new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100
24	* new profiles: okular, gwenview, Google-Play-Music-Desktop-Player	24	* new profiles: okular, gwenview, Google-Play-Music-Desktop-Player
25	* new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox	25	* new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox
26	* new profiles: generic Ubuntu snap application profile	26	* new profiles: generic Ubuntu snap application profile, xplayer
		27	* new profiles: xreader, xplayer
27	* generic.profile renamed default.profile	28	* generic.profile renamed default.profile
28	* build rpm packages using "make rpms"	29	* build rpm packages using "make rpms"
29	* bugfixes	30	* bugfixes


diff --git a/etc/atril.profile b/etc/atril.profile index c5b2abc48..d1a7b25f8 100644 --- a/etc/atril.profile +++ b/etc/atril.profile
@@ -1,5 +1,6 @@
1	# Atril profile	1	# Atril profile
2	noblacklist ~/.config/atril	2	noblacklist ~/.config/atril
		3	noblacklist ~/.local/share
3	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
4	include /etc/firejail/disable-programs.inc	5	include /etc/firejail/disable-programs.inc
5	include /etc/firejail/disable-devel.inc	6	include /etc/firejail/disable-devel.inc
@@ -8,10 +9,6 @@ include /etc/firejail/disable-passwdmgr.inc
8	caps.drop all	9	caps.drop all
9	seccomp	10	seccomp
10	protocol unix,inet,inet6	11	protocol unix,inet,inet6
11	net none
12	noroot	12	noroot
13	tracelog	13	tracelog
14		14	netfilter
15	mkdir ~/.config
16	mkdir ~/.config/atril
17	whitelist ~/.config/atril


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 297d25bf2..1f3768693 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -12,17 +12,22 @@ blacklist ${HOME}/.config/uGet
12	blacklist ${HOME}/.config/Gpredict	12	blacklist ${HOME}/.config/Gpredict
13	blacklist ${HOME}/.config/aweather	13	blacklist ${HOME}/.config/aweather
14	blacklist ${HOME}/.config/stellarium	14	blacklist ${HOME}/.config/stellarium
15	blacklist ~/.kde/share/apps/okular	15	blacklist ${HOME}/.config/atril
16	blacklist ~/.kde/share/config/okularrc	16	blacklist ${HOME}/.config/xreader
17	blacklist ~/.kde/share/config/okularpartrc	17	blacklist ${HOME}/.config/xviewer
18	blacklist ~/.kde/share/apps/gwenview	18	blacklist ${HOME}/.kde/share/apps/okular
19	blacklist ~/.kde/share/config/gwenviewrc	19	blacklist ${HOME}/.kde/share/config/okularrc
		20	blacklist ${HOME}/.kde/share/config/okularpartrc
		21	blacklist ${HOME}/.kde/share/apps/gwenview
		22	blacklist ${HOME}/.kde/share/config/gwenviewrc
20		23
21	# Media players	24	# Media players
22	blacklist ${HOME}/.config/cmus	25	blacklist ${HOME}/.config/cmus
23	blacklist ${HOME}/.config/deadbeef	26	blacklist ${HOME}/.config/deadbeef
24	blacklist ${HOME}/.config/spotify	27	blacklist ${HOME}/.config/spotify
25	blacklist ${HOME}/.config/vlc	28	blacklist ${HOME}/.config/vlc
		29	blacklist ${HOME}/.config/totem
		30	blacklist ${HOME}/.config/xplayer
26		31
27	# HTTP / FTP / Mail	32	# HTTP / FTP / Mail
28	blacklist ${HOME}/.icedove	33	blacklist ${HOME}/.icedove
@@ -95,6 +100,7 @@ blacklist ${HOME}/.cache/transmission
95	blacklist ${HOME}/.cache/wesnoth	100	blacklist ${HOME}/.cache/wesnoth
96	blacklist ${HOME}/.cache/0ad	101	blacklist ${HOME}/.cache/0ad
97	blacklist ${HOME}/.cache/8pecxstudios	102	blacklist ${HOME}/.cache/8pecxstudios
		103	blacklist ${HOME}/.cache/xreader
98		104
99	# share	105	# share
100	blacklist ${HOME}/.local/share/epiphany	106	blacklist ${HOME}/.local/share/epiphany
@@ -103,3 +109,4 @@ blacklist ${HOME}/.local/share/spotify
103	blacklist ${HOME}/.local/share/steam	109	blacklist ${HOME}/.local/share/steam
104	blacklist ${HOME}/.local/share/wesnoth	110	blacklist ${HOME}/.local/share/wesnoth
105	blacklist ${HOME}/.local/share/0ad	111	blacklist ${HOME}/.local/share/0ad
		112	blacklist ${HOME}/.local/share/xplayer


diff --git a/etc/xplayer.profile b/etc/xplayer.profile new file mode 100644 index 000000000..67a46a7da --- /dev/null +++ b/etc/xplayer.profile
@@ -0,0 +1,15 @@
		1	# Xplayer profile
		2	noblacklist ~/.config/xplayer
		3	noblacklist ~/.local/share/xplayer
		4
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-programs.inc
		7	include /etc/firejail/disable-devel.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	seccomp
		12	protocol unix,inet,inet6
		13	noroot
		14	tracelog
		15	netfilter


diff --git a/etc/xreader.profile b/etc/xreader.profile new file mode 100644 index 000000000..7b72d41a6 --- /dev/null +++ b/etc/xreader.profile
@@ -0,0 +1,16 @@
		1	# Xreader profile
		2	noblacklist ~/.config/xreader
		3	noblacklist ~/.cache/xreader
		4	noblacklist ~/.local/share
		5
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-devel.inc
		9	include /etc/firejail/disable-passwdmgr.inc
		10
		11	caps.drop all
		12	seccomp
		13	protocol unix,inet,inet6
		14	noroot
		15	tracelog
		16	netfilter


diff --git a/etc/xviewer.profile b/etc/xviewer.profile new file mode 100644 index 000000000..33e1e3c68 --- /dev/null +++ b/etc/xviewer.profile
@@ -0,0 +1,13 @@
		1	noblacklist ~/.config/xviewer
		2
		3	include /etc/firejail/disable-common.inc
		4	include /etc/firejail/disable-programs.inc
		5	include /etc/firejail/disable-devel.inc
		6	include /etc/firejail/disable-passwdmgr.inc
		7
		8	caps.drop all
		9	seccomp
		10	protocol unix,inet,inet6
		11	noroot
		12	tracelog
		13	netfilter


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 109af24d7..4f118d571 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -94,3 +94,6 @@
94	/etc/firejail/quiterss.profile	94	/etc/firejail/quiterss.profile
95	/etc/firejail/cyberfox.profile	95	/etc/firejail/cyberfox.profile
96	/etc/firejail/snap.profile	96	/etc/firejail/snap.profile
		97	/etc/firejail/xplayer.profile
		98	/etc/firejail/xreader.profile
		99	/etc/firejail/xviewer.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 3812ee7d8..d019c3a5c 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -60,6 +60,8 @@ Mathematica
60	mathematica	60	mathematica
61	gwenview	61	gwenview
62	okular	62	okular
		63	atril
		64	xreader
63		65
64	# Media	66	# Media
65	vlc	67	vlc
@@ -70,6 +72,8 @@ parole
70	rhythmbox	72	rhythmbox
71	totem	73	totem
72	cmus	74	cmus
		75	xplayer
		76	xviewer
73		77
74	# chat/messaging	78	# chat/messaging
75	bitlbee	79	bitlbee