New profile: green-recoder.profile (#6237)

Simple screen recorder for Linux desktop, supports Wayland & Xorg. https://github.com/dvershinin/green-recorder https://aur.archlinux.org/packages/green-recorder https://aur.archlinux.org/packages/green-recorder-git
author: glitsj16 <glitsj16@users.noreply.github.com> 2024-03-05 17:20:34 +0000
committer: GitHub <noreply@github.com> 2024-03-05 17:20:34 +0000
commit: a456e5182cd6495b8e8d6ae0f49b557c9240f848 (patch)
tree: 40c9a28b20e867b71534a17c640e6e148c495757
parent: disable-programs.inc: blacklist /tmp/lwjgl_* (diff)
download: firejail-a456e5182cd6495b8e8d6ae0f49b557c9240f848.tar.gz
firejail-a456e5182cd6495b8e8d6ae0f49b557c9240f848.tar.zst
firejail-a456e5182cd6495b8e8d6ae0f49b557c9240f848.zip
3 files changed, 74 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 914964b63..26f11470f 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -482,6 +482,7 @@ blacklist ${HOME}/.config/google-chrome-beta
 blacklist ${HOME}/.config/google-chrome-unstable
 blacklist ${HOME}/.config/gpicview
 blacklist ${HOME}/.config/gramps
+blacklist ${HOME}/.config/green-recorder
 blacklist ${HOME}/.config/gthumb
 blacklist ${HOME}/.config/gummi
 blacklist ${HOME}/.config/guvcview2
diff --git a/etc/profile-a-l/green-recoder.profile b/etc/profile-a-l/green-recoder.profile
new file mode 100644
index 000000000..77c980daa
--- /dev/null
+++ b/etc/profile-a-l/green-recoder.profile
@@ -0,0 +1,72 @@
+# Firejail profile for green-recorder
+# Description: A simple screen recorder for Linux desktop (supports Wayland & Xorg)
+# This file is overwritten after every install/update
+# Persistent local customizations
+include green-recorder.local
+# Persistent global definitions
+include globals.local
+blacklist /usr/libexec
+noblacklist ${HOME}/.config/green-recorder
+# Allow python 3 (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+# Allow /bin/sh (blacklisted by disable-shell.inc)
+include allow-bin-sh.inc
+noblacklist ${VIDEOS}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/green-recorder
+whitelist ${HOME}/.config/green-recorder
+whitelist ${DOWNLOADS}
+whitelist ${VIDEOS}
+whitelist /usr/share/ffmpeg
+whitelist /usr/share/green-recorder
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+notv
+nou2f
+novideo
+protocol unix
+# allow set_mempolicy, which is required to encode using libx265
+seccomp !set_mempolicy
+seccomp.block-secondary
+tracelog
+disable-mnt
+private-bin awk,bash,convert,ffmpeg,green-recorder,grep,mv,pactl,ps,python*,sh,sleep,xdg-open,xdpyinfo,xwininfo
+private-cache
+private-dev
+private-etc @x11
+private-tmp
+dbus-user filter
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.gnome.Shell.*
+?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
+dbus-system none
+restrict-namespaces
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index e3a2f5200..5cf5947ed 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -391,6 +391,7 @@ gpredict
 gradio
 gramps
 gravity-beams-and-evaporating-stars
+green-recorder
 gthumb
 gtk-lbry-viewer
 gtk-pipe-viewer
author	glitsj16 <glitsj16@users.noreply.github.com>	2024-03-05 17:20:34 +0000
committer	GitHub <noreply@github.com>	2024-03-05 17:20:34 +0000
commit	a456e5182cd6495b8e8d6ae0f49b557c9240f848 (patch)
tree	40c9a28b20e867b71534a17c640e6e148c495757
parent	disable-programs.inc: blacklist /tmp/lwjgl_* (diff)
download	firejail-a456e5182cd6495b8e8d6ae0f49b557c9240f848.tar.gz firejail-a456e5182cd6495b8e8d6ae0f49b557c9240f848.tar.zst firejail-a456e5182cd6495b8e8d6ae0f49b557c9240f848.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 914964b63..26f11470f 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -482,6 +482,7 @@ blacklist ${HOME}/.config/google-chrome-beta
482	blacklist ${HOME}/.config/google-chrome-unstable	482	blacklist ${HOME}/.config/google-chrome-unstable
483	blacklist ${HOME}/.config/gpicview	483	blacklist ${HOME}/.config/gpicview
484	blacklist ${HOME}/.config/gramps	484	blacklist ${HOME}/.config/gramps
		485	blacklist ${HOME}/.config/green-recorder
485	blacklist ${HOME}/.config/gthumb	486	blacklist ${HOME}/.config/gthumb
486	blacklist ${HOME}/.config/gummi	487	blacklist ${HOME}/.config/gummi
487	blacklist ${HOME}/.config/guvcview2	488	blacklist ${HOME}/.config/guvcview2


diff --git a/etc/profile-a-l/green-recoder.profile b/etc/profile-a-l/green-recoder.profile new file mode 100644 index 000000000..77c980daa --- /dev/null +++ b/etc/profile-a-l/green-recoder.profile
@@ -0,0 +1,72 @@
		1	# Firejail profile for green-recorder
		2	# Description: A simple screen recorder for Linux desktop (supports Wayland & Xorg)
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include green-recorder.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	blacklist /usr/libexec
		10
		11	noblacklist ${HOME}/.config/green-recorder
		12
		13	# Allow python 3 (blacklisted by disable-interpreters.inc)
		14	include allow-python3.inc
		15
		16	# Allow /bin/sh (blacklisted by disable-shell.inc)
		17	include allow-bin-sh.inc
		18
		19	noblacklist ${VIDEOS}
		20
		21	include disable-common.inc
		22	include disable-devel.inc
		23	include disable-exec.inc
		24	include disable-interpreters.inc
		25	include disable-programs.inc
		26	include disable-shell.inc
		27	include disable-xdg.inc
		28
		29	mkdir ${HOME}/.config/green-recorder
		30	whitelist ${HOME}/.config/green-recorder
		31	whitelist ${DOWNLOADS}
		32	whitelist ${VIDEOS}
		33	whitelist /usr/share/ffmpeg
		34	whitelist /usr/share/green-recorder
		35	include whitelist-common.inc
		36	include whitelist-run-common.inc
		37	include whitelist-runuser-common.inc
		38	include whitelist-usr-share-common.inc
		39	include whitelist-var-common.inc
		40
		41	apparmor
		42	caps.drop all
		43	net none
		44	nodvd
		45	nogroups
		46	noinput
		47	nonewprivs
		48	noprinters
		49	noroot
		50	notv
		51	nou2f
		52	novideo
		53	protocol unix
		54	# allow set_mempolicy, which is required to encode using libx265
		55	seccomp !set_mempolicy
		56	seccomp.block-secondary
		57	tracelog
		58
		59	disable-mnt
		60	private-bin awk,bash,convert,ffmpeg,green-recorder,grep,mv,pactl,ps,python*,sh,sleep,xdg-open,xdpyinfo,xwininfo
		61	private-cache
		62	private-dev
		63	private-etc @x11
		64	private-tmp
		65
		66	dbus-user filter
		67	dbus-user.talk org.freedesktop.Notifications
		68	dbus-user.talk org.gnome.Shell.*
		69	?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
		70	dbus-system none
		71
		72	restrict-namespaces


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index e3a2f5200..5cf5947ed 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -391,6 +391,7 @@ gpredict
391	gradio	391	gradio
392	gramps	392	gramps
393	gravity-beams-and-evaporating-stars	393	gravity-beams-and-evaporating-stars
		394	green-recorder
394	gthumb	395	gthumb
395	gtk-lbry-viewer	396	gtk-lbry-viewer
396	gtk-pipe-viewer	397	gtk-pipe-viewer