Add profile for patch and shellcheck

author: Tad <tad@spotco.us> 2018-07-24 21:29:15 -0400
committer: Tad <tad@spotco.us> 2018-07-24 21:29:15 -0400
commit: a063ddc59e0eb5f61263af984b9a7478924cd2f2 (patch)
tree: 646de78ebf19105a328035a716bbc1f8c5ba6f3d
parent: Few disable-xdg.inc fixes (diff)
download: firejail-a063ddc59e0eb5f61263af984b9a7478924cd2f2.tar.gz
firejail-a063ddc59e0eb5f61263af984b9a7478924cd2f2.tar.zst
firejail-a063ddc59e0eb5f61263af984b9a7478924cd2f2.zip
5 files changed, 83 insertions, 2 deletions
diff --git a/README.md b/README.md
index fd7d87ecd..9e408ffb2 100644
--- a/README.md
+++ b/README.md
@@ -165,4 +165,5 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 `````
 ## New profiles
-Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop
+Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop,
+shellcheck, patch
diff --git a/RELNOTES b/RELNOTES
index f91ce203b..e6536ef73 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -11,7 +11,7 @@ firejail (0.9.55) baseline; urgency=low
  * globbing support in private-lib
  * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint
  * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio
-  * new profiles: standardnotes-desktop
+  * new profiles: standardnotes-desktop, shellcheck, patch
 -- netblue30 <netblue30@yahoo.com>  Fri, 25 May 2018 08:00:00 -0500
 firejail (0.9.54) baseline; urgency=low
diff --git a/etc/patch.profile b/etc/patch.profile
new file mode 100644
index 000000000..3e8045bd4
--- /dev/null
+++ b/etc/patch.profile
@@ -0,0 +1,39 @@
+# Firejail profile for patch
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/patch.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${DOCUMENTS}
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-xdg.inc
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+private-bin patch,red
+private-dev
+private-lib
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile
new file mode 100644
index 000000000..6827b0baf
--- /dev/null
+++ b/etc/shellcheck.profile
@@ -0,0 +1,39 @@
+# Firejail profile for shellcheck
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/shellcheck.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${DOCUMENTS}
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+private-dev
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 2c7e21813..44ff7a5c8 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -306,6 +306,7 @@ opera-beta
 orage
 palemoon
 parole
+patch
 pdfchain
 pdfmod
 pdfsam
@@ -354,6 +355,7 @@ scribus
 sdat2img
 seamonkey
 seamonkey-bin
+shellcheck
 shotcut
 signal-desktop
 silentarmy
author	Tad <tad@spotco.us>	2018-07-24 21:29:15 -0400
committer	Tad <tad@spotco.us>	2018-07-24 21:29:15 -0400
commit	a063ddc59e0eb5f61263af984b9a7478924cd2f2 (patch)
tree	646de78ebf19105a328035a716bbc1f8c5ba6f3d
parent	Few disable-xdg.inc fixes (diff)
download	firejail-a063ddc59e0eb5f61263af984b9a7478924cd2f2.tar.gz firejail-a063ddc59e0eb5f61263af984b9a7478924cd2f2.tar.zst firejail-a063ddc59e0eb5f61263af984b9a7478924cd2f2.zip

diff --git a/README.md b/README.md index fd7d87ecd..9e408ffb2 100644 --- a/README.md +++ b/README.md
@@ -165,4 +165,5 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
165	`````	165	`````
166		166
167	## New profiles	167	## New profiles
168	Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop	168	Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop,
		169	shellcheck, patch


diff --git a/RELNOTES b/RELNOTES index f91ce203b..e6536ef73 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -11,7 +11,7 @@ firejail (0.9.55) baseline; urgency=low
11	* globbing support in private-lib	11	* globbing support in private-lib
12	* new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint	12	* new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint
13	* new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio	13	* new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio
14	* new profiles: standardnotes-desktop	14	* new profiles: standardnotes-desktop, shellcheck, patch
15	-- netblue30 <netblue30@yahoo.com> Fri, 25 May 2018 08:00:00 -0500	15	-- netblue30 <netblue30@yahoo.com> Fri, 25 May 2018 08:00:00 -0500
16		16
17	firejail (0.9.54) baseline; urgency=low	17	firejail (0.9.54) baseline; urgency=low


diff --git a/etc/patch.profile b/etc/patch.profile new file mode 100644 index 000000000..3e8045bd4 --- /dev/null +++ b/etc/patch.profile
@@ -0,0 +1,39 @@
		1	# Firejail profile for patch
		2	# This file is overwritten after every install/update
		3	quiet
		4	# Persistent local customizations
		5	include /etc/firejail/patch.local
		6	# Persistent global definitions
		7	include /etc/firejail/globals.local
		8
		9	noblacklist ${DOCUMENTS}
		10
		11	include /etc/firejail/disable-common.inc
		12	include /etc/firejail/disable-devel.inc
		13	include /etc/firejail/disable-interpreters.inc
		14	include /etc/firejail/disable-passwdmgr.inc
		15	include /etc/firejail/disable-xdg.inc
		16
		17	caps.drop all
		18	ipc-namespace
		19	net none
		20	no3d
		21	nodbus
		22	nodvd
		23	nogroups
		24	nonewprivs
		25	noroot
		26	nosound
		27	notv
		28	novideo
		29	protocol unix
		30	seccomp
		31	shell none
		32
		33	private-bin patch,red
		34	private-dev
		35	private-lib
		36
		37	memory-deny-write-execute
		38	noexec ${HOME}
		39	noexec /tmp


diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile new file mode 100644 index 000000000..6827b0baf --- /dev/null +++ b/etc/shellcheck.profile
@@ -0,0 +1,39 @@
		1	# Firejail profile for shellcheck
		2	# This file is overwritten after every install/update
		3	quiet
		4	# Persistent local customizations
		5	include /etc/firejail/shellcheck.local
		6	# Persistent global definitions
		7	include /etc/firejail/globals.local
		8
		9	noblacklist ${DOCUMENTS}
		10
		11	include /etc/firejail/disable-common.inc
		12	include /etc/firejail/disable-devel.inc
		13	include /etc/firejail/disable-interpreters.inc
		14	include /etc/firejail/disable-passwdmgr.inc
		15	include /etc/firejail/disable-programs.inc
		16	include /etc/firejail/disable-xdg.inc
		17
		18	caps.drop all
		19	ipc-namespace
		20	net none
		21	no3d
		22	nodbus
		23	nodvd
		24	nogroups
		25	nonewprivs
		26	noroot
		27	nosound
		28	notv
		29	novideo
		30	protocol unix
		31	seccomp
		32	shell none
		33
		34	private-dev
		35	private-tmp
		36
		37	memory-deny-write-execute
		38	noexec ${HOME}
		39	noexec /tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2c7e21813..44ff7a5c8 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -306,6 +306,7 @@ opera-beta
306	orage	306	orage
307	palemoon	307	palemoon
308	parole	308	parole
		309	patch
309	pdfchain	310	pdfchain
310	pdfmod	311	pdfmod
311	pdfsam	312	pdfsam
@@ -354,6 +355,7 @@ scribus
354	sdat2img	355	sdat2img
355	seamonkey	356	seamonkey
356	seamonkey-bin	357	seamonkey-bin
		358	shellcheck
357	shotcut	359	shotcut
358	signal-desktop	360	signal-desktop
359	silentarmy	361	silentarmy