gimp and inkscape profiles

author: netblue30 <netblue30@yahoo.com> 2016-09-30 10:13:00 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-09-30 10:13:00 -0400
commit: b806f35192817e78b95a92dd658f1430bcc6fb56 (patch)
tree: 8ec9c12b8aa5b1616c2cc605d357ea05efe8aaaa
parent: added luminance-hdr and synfigstudio profiles (diff)
download: firejail-b806f35192817e78b95a92dd658f1430bcc6fb56.tar.gz
firejail-b806f35192817e78b95a92dd658f1430bcc6fb56.tar.zst
firejail-b806f35192817e78b95a92dd658f1430bcc6fb56.zip
8 files changed, 44 insertions, 4 deletions
diff --git a/README.md b/README.md
index e98f8ad21..6fa6c996c 100644
--- a/README.md
+++ b/README.md
@@ -88,5 +88,5 @@ x11 xpra, x11 xephyr, x11 block, allusers, join-or-start
 ## New profiles
-qpdfview, mupdf, Luminance HDR, Synfig Studio
+qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
diff --git a/RELNOTES b/RELNOTES
index f09c628e1..97ace1c91 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -13,7 +13,7 @@ firejail (0.9.43) baseline; urgency=low
  * feature: blocking x11 (--x11=block)
  * feature: disable 3D hardware acceleration (--no3d)
  * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
-  * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio
+  * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
  * bugfixes
 -- netblue30 <netblue30@yahoo.com>  Fri, 9 Sept 2016 08:00:00 -0500
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 8566ea0c5..1e2b81d27 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -30,6 +30,8 @@ blacklist ${HOME}/.config/qpdfview
 blacklist ${HOME}/.config/Luminance
 blacklist ${HOME}/.config/synfig
 blacklist ${HOME}/.synfig
+blacklist ${HOME}/.inkscape
+blacklist ${HOME}/.gimp*
 # Media players
 blacklist ${HOME}/.config/cmus
diff --git a/etc/gimp.profile b/etc/gimp.profile
new file mode 100644
index 000000000..23361b771
--- /dev/null
+++ b/etc/gimp.profile
@@ -0,0 +1,18 @@
+# gimp
+noblacklist ${HOME}/.gimp*
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix
+seccomp
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
+nogroups
+nosound
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
new file mode 100644
index 000000000..cf885fba2
--- /dev/null
+++ b/etc/inkscape.profile
@@ -0,0 +1,18 @@
+# inkscape
+noblacklist ${HOME}/.inkscape
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix
+seccomp
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
+nogroups
+nosound
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile
index e9207fba3..6e059ea52 100644
--- a/etc/luminance-hdr.profile
+++ b/etc/luminance-hdr.profile
@@ -3,8 +3,6 @@ noblacklist ${HOME}/.config/Luminance
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
-include /etc/firejail/disable-devel.inc
 caps.drop all
 netfilter
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 86f5564fd..75e7a469b 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -147,4 +147,6 @@
 /etc/firejail/qpdfview.profile
 /etc/firejail/luminance-hdr.profile
 /etc/firejail/synfigstudio.profile
+/etc/firejail/gimp.profile
+/etc/firejail/inkscape.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 2fec8ef90..75265545b 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -132,6 +132,8 @@ mupdf
 qpdfview
 luminance-hdr
 synfigstudio
+gimp
+inkscape
 # other
 ssh
author	netblue30 <netblue30@yahoo.com>	2016-09-30 10:13:00 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-09-30 10:13:00 -0400
commit	b806f35192817e78b95a92dd658f1430bcc6fb56 (patch)
tree	8ec9c12b8aa5b1616c2cc605d357ea05efe8aaaa
parent	added luminance-hdr and synfigstudio profiles (diff)
download	firejail-b806f35192817e78b95a92dd658f1430bcc6fb56.tar.gz firejail-b806f35192817e78b95a92dd658f1430bcc6fb56.tar.zst firejail-b806f35192817e78b95a92dd658f1430bcc6fb56.zip

diff --git a/README.md b/README.md index e98f8ad21..6fa6c996c 100644 --- a/README.md +++ b/README.md
@@ -88,5 +88,5 @@ x11 xpra, x11 xephyr, x11 block, allusers, join-or-start
88		88
89	## New profiles	89	## New profiles
90		90
91	qpdfview, mupdf, Luminance HDR, Synfig Studio	91	qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
92		92


diff --git a/RELNOTES b/RELNOTES index f09c628e1..97ace1c91 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -13,7 +13,7 @@ firejail (0.9.43) baseline; urgency=low
13	* feature: blocking x11 (--x11=block)	13	* feature: blocking x11 (--x11=block)
14	* feature: disable 3D hardware acceleration (--no3d)	14	* feature: disable 3D hardware acceleration (--no3d)
15	* feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands	15	* feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
16	* new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio	16	* new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
17	* bugfixes	17	* bugfixes
18	-- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500	18	-- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500
19		19


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 8566ea0c5..1e2b81d27 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -30,6 +30,8 @@ blacklist ${HOME}/.config/qpdfview
30	blacklist ${HOME}/.config/Luminance	30	blacklist ${HOME}/.config/Luminance
31	blacklist ${HOME}/.config/synfig	31	blacklist ${HOME}/.config/synfig
32	blacklist ${HOME}/.synfig	32	blacklist ${HOME}/.synfig
		33	blacklist ${HOME}/.inkscape
		34	blacklist ${HOME}/.gimp*
33		35
34	# Media players	36	# Media players
35	blacklist ${HOME}/.config/cmus	37	blacklist ${HOME}/.config/cmus


diff --git a/etc/gimp.profile b/etc/gimp.profile new file mode 100644 index 000000000..23361b771 --- /dev/null +++ b/etc/gimp.profile
@@ -0,0 +1,18 @@
		1	# gimp
		2	noblacklist ${HOME}/.gimp*
		3	include /etc/firejail/disable-common.inc
		4	include /etc/firejail/disable-programs.inc
		5	include /etc/firejail/disable-passwdmgr.inc
		6
		7	caps.drop all
		8	netfilter
		9	nonewprivs
		10	noroot
		11	protocol unix
		12	seccomp
		13	private-dev
		14	private-tmp
		15	noexec ${HOME}
		16	noexec /tmp
		17	nogroups
		18	nosound


diff --git a/etc/inkscape.profile b/etc/inkscape.profile new file mode 100644 index 000000000..cf885fba2 --- /dev/null +++ b/etc/inkscape.profile
@@ -0,0 +1,18 @@
		1	# inkscape
		2	noblacklist ${HOME}/.inkscape
		3	include /etc/firejail/disable-common.inc
		4	include /etc/firejail/disable-programs.inc
		5	include /etc/firejail/disable-passwdmgr.inc
		6
		7	caps.drop all
		8	netfilter
		9	nonewprivs
		10	noroot
		11	protocol unix
		12	seccomp
		13	private-dev
		14	private-tmp
		15	noexec ${HOME}
		16	noexec /tmp
		17	nogroups
		18	nosound


diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index e9207fba3..6e059ea52 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile
@@ -3,8 +3,6 @@ noblacklist ${HOME}/.config/Luminance
3	include /etc/firejail/disable-common.inc	3	include /etc/firejail/disable-common.inc
4	include /etc/firejail/disable-programs.inc	4	include /etc/firejail/disable-programs.inc
5	include /etc/firejail/disable-passwdmgr.inc	5	include /etc/firejail/disable-passwdmgr.inc
6	include /etc/firejail/disable-devel.inc
7
8		6
9	caps.drop all	7	caps.drop all
10	netfilter	8	netfilter


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 86f5564fd..75e7a469b 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -147,4 +147,6 @@
147	/etc/firejail/qpdfview.profile	147	/etc/firejail/qpdfview.profile
148	/etc/firejail/luminance-hdr.profile	148	/etc/firejail/luminance-hdr.profile
149	/etc/firejail/synfigstudio.profile	149	/etc/firejail/synfigstudio.profile
		150	/etc/firejail/gimp.profile
		151	/etc/firejail/inkscape.profile
150		152


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2fec8ef90..75265545b 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -132,6 +132,8 @@ mupdf
132	qpdfview	132	qpdfview
133	luminance-hdr	133	luminance-hdr
134	synfigstudio	134	synfigstudio
		135	gimp
		136	inkscape
135		137
136	# other	138	# other
137	ssh	139	ssh