Add autokey profiles (#2635)

* Add autokey to firecfg.config * Update README.md * Update RELNOTES * Create autokey-common.profile * Create autokey-gtk.profile * Create autokey-qt.profile * Create autokey-run.profile * Create autokey-shell.profile
author: glitsj16 <glitsj16@users.noreply.github.com> 2019-04-02 11:59:55 +0000
committer: GitHub <noreply@github.com> 2019-04-02 11:59:55 +0000
commit: c041aec25fffd86e26f1e195a320495bdef6c95a (patch)
tree: 90f0d948add22ab43d6e290945a21f67a28fd05d
parent: Temp fix firecfg (#2634) (diff)
download: firejail-c041aec25fffd86e26f1e195a320495bdef6c95a.tar.gz
firejail-c041aec25fffd86e26f1e195a320495bdef6c95a.tar.zst
firejail-c041aec25fffd86e26f1e195a320495bdef6c95a.zip
8 files changed, 97 insertions, 2 deletions
diff --git a/README.md b/README.md
index 29a2fadff..429f3362c 100644
--- a/README.md
+++ b/README.md
@@ -102,5 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## Current development version: 0.9.59
 ## New profiles:
-crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow, lugaru, manaplus, pioneer, scorched3d, widelands, freemind, kid3, kid3-cli, kid3-qt, nomacs, freecol, opencity, openclonk, slashem, vulturesclaw, vultureseye, anki
+anki, assogiate, autokey-gtk, autokey-qt, autokey-run, autokey-shell, bzflag, celluoid, code-oss, crawl, crawl-tiles, crow, d-feet, dconf, dconf-editor, devhelp, exfalso, font-manager, freeciv, freecol, freemind, gconf-editor, geekbench, gnome-keyring, gnome-nettool, gnome-system-log, gsettings, kid3, kid3-cli, kid3-qt, klavaro, lincity-ng, lugaru, Maelstrom, manaplus, megaglest, mpdris2, mypaint, nano, netactview, nomacs, nyx, opencity, openclonk, openttd, ostrichriders, pavucontrol, pioneer, pragha, redshift, regextester, seahorse, seahorse-tool, scorched3d, secret-tool, simplescreenrecorder, slashem, subdownloader, sysprof, sysprof-cli, teeworlds, torcs, tremulous, transgui, vulturesclaw, vultureseye, warsow, widelands, xfce4-mixer
diff --git a/RELNOTES b/RELNOTES
index 3e5329a52..a3cf6bea0 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -12,6 +12,7 @@ firejail (0.9.59) baseline; urgency=low
  * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt
  * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem
  * new profiles: vultureseye, vulturesclaw, anki
+  * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell
  * memory-deny-write-execute now also blocks memfd_create
  * drop support for flatpak/snap packages
diff --git a/etc/autokey-common.profile b/etc/autokey-common.profile
new file mode 100644
index 000000000..44c0a3c15
--- /dev/null
+++ b/etc/autokey-common.profile
@@ -0,0 +1,47 @@
+# Firejail profile for autokey
+# Description: Desktop automation utility
+# This file is overwritten after every install/update
+# Persistent local customizations
+include autokey-common.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/autokey
+noblacklist ${HOME}/.local/share/autokey
+# Allow python (blacklisted by disable-interpreters.inc)
+noblacklist ${PATH}/python2*
+noblacklist ${PATH}/python3*
+noblacklist /usr/lib/python2*
+noblacklist /usr/lib/python3*
+noblacklist /usr/local/lib/python2*
+noblacklist /usr/local/lib/python3*
+noblacklist /usr/share/python2*
+noblacklist /usr/share/python3*
+include disable-common.inc
+include disable-devel.inc
+# disable-exec.inc might break scripting functionality
+#include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include whitelist-var-common.inc
+caps.drop all
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+nou2f
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-cache
+private-dev
+private-tmp
+# memory-deny-write-execute - Breaks on Arch
diff --git a/etc/autokey-gtk.profile b/etc/autokey-gtk.profile
new file mode 100644
index 000000000..86168ba0d
--- /dev/null
+++ b/etc/autokey-gtk.profile
@@ -0,0 +1,11 @@
+# Firejail profile for autokey-gtk
+# Description: Desktop automation utility (GTK version)
+# This file is overwritten after every install/update
+# Persistent local customizations
+include autokey-gtk.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+#Redirect
+include autokey-common.profile
diff --git a/etc/autokey-qt.profile b/etc/autokey-qt.profile
new file mode 100644
index 000000000..f3877d829
--- /dev/null
+++ b/etc/autokey-qt.profile
@@ -0,0 +1,11 @@
+# Firejail profile for autokey-qt
+# Description: Desktop automation utility (Qt version)
+# This file is overwritten after every install/update
+# Persistent local customizations
+include autokey-qt.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+#Redirect
+include autokey-common.profile
diff --git a/etc/autokey-run.profile b/etc/autokey-run.profile
new file mode 100644
index 000000000..b70239022
--- /dev/null
+++ b/etc/autokey-run.profile
@@ -0,0 +1,11 @@
+# Firejail profile for autokey-run
+# Description: Desktop automation utility (CLI version)
+# This file is overwritten after every install/update
+# Persistent local customizations
+include autokey-run.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+#Redirect
+include autokey-common.profile
diff --git a/etc/autokey-shell.profile b/etc/autokey-shell.profile
new file mode 100644
index 000000000..5745fce77
--- /dev/null
+++ b/etc/autokey-shell.profile
@@ -0,0 +1,11 @@
+# Firejail profile for autokey-shell
+# Description: Desktop automation utility (CLI shell)
+# This file is overwritten after every install/update
+# Persistent local customizations
+include autokey-shell.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+#Redirect
+include autokey-common.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 84f496d8c..5125d0cca 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -53,6 +53,10 @@ atril-thumbnailer
 audacious
 audacity
 authenticator
+autokey-gtk
+autokey-qt
+autokey-run
+autokey-shell
 aweather
 baloo_file
 baloo_filemetadata_temp_extractor
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-04-02 11:59:55 +0000
committer	GitHub <noreply@github.com>	2019-04-02 11:59:55 +0000
commit	c041aec25fffd86e26f1e195a320495bdef6c95a (patch)
tree	90f0d948add22ab43d6e290945a21f67a28fd05d
parent	Temp fix firecfg (#2634) (diff)
download	firejail-c041aec25fffd86e26f1e195a320495bdef6c95a.tar.gz firejail-c041aec25fffd86e26f1e195a320495bdef6c95a.tar.zst firejail-c041aec25fffd86e26f1e195a320495bdef6c95a.zip

diff --git a/README.md b/README.md index 29a2fadff..429f3362c 100644 --- a/README.md +++ b/README.md
@@ -102,5 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
102	## Current development version: 0.9.59	102	## Current development version: 0.9.59
103		103
104	## New profiles:	104	## New profiles:
105	crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow, lugaru, manaplus, pioneer, scorched3d, widelands, freemind, kid3, kid3-cli, kid3-qt, nomacs, freecol, opencity, openclonk, slashem, vulturesclaw, vultureseye, anki	105	anki, assogiate, autokey-gtk, autokey-qt, autokey-run, autokey-shell, bzflag, celluoid, code-oss, crawl, crawl-tiles, crow, d-feet, dconf, dconf-editor, devhelp, exfalso, font-manager, freeciv, freecol, freemind, gconf-editor, geekbench, gnome-keyring, gnome-nettool, gnome-system-log, gsettings, kid3, kid3-cli, kid3-qt, klavaro, lincity-ng, lugaru, Maelstrom, manaplus, megaglest, mpdris2, mypaint, nano, netactview, nomacs, nyx, opencity, openclonk, openttd, ostrichriders, pavucontrol, pioneer, pragha, redshift, regextester, seahorse, seahorse-tool, scorched3d, secret-tool, simplescreenrecorder, slashem, subdownloader, sysprof, sysprof-cli, teeworlds, torcs, tremulous, transgui, vulturesclaw, vultureseye, warsow, widelands, xfce4-mixer
106


diff --git a/RELNOTES b/RELNOTES index 3e5329a52..a3cf6bea0 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -12,6 +12,7 @@ firejail (0.9.59) baseline; urgency=low
12	* new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt	12	* new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt
13	* new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem	13	* new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem
14	* new profiles: vultureseye, vulturesclaw, anki	14	* new profiles: vultureseye, vulturesclaw, anki
		15	* new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell
15	* memory-deny-write-execute now also blocks memfd_create	16	* memory-deny-write-execute now also blocks memfd_create
16	* drop support for flatpak/snap packages	17	* drop support for flatpak/snap packages
17		18


diff --git a/etc/autokey-common.profile b/etc/autokey-common.profile new file mode 100644 index 000000000..44c0a3c15 --- /dev/null +++ b/etc/autokey-common.profile
@@ -0,0 +1,47 @@
		1	# Firejail profile for autokey
		2	# Description: Desktop automation utility
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include autokey-common.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/autokey
		10	noblacklist ${HOME}/.local/share/autokey
		11
		12	# Allow python (blacklisted by disable-interpreters.inc)
		13	noblacklist ${PATH}/python2*
		14	noblacklist ${PATH}/python3*
		15	noblacklist /usr/lib/python2*
		16	noblacklist /usr/lib/python3*
		17	noblacklist /usr/local/lib/python2*
		18	noblacklist /usr/local/lib/python3*
		19	noblacklist /usr/share/python2*
		20	noblacklist /usr/share/python3*
		21
		22	include disable-common.inc
		23	include disable-devel.inc
		24	# disable-exec.inc might break scripting functionality
		25	#include disable-exec.inc
		26	include disable-interpreters.inc
		27	include disable-passwdmgr.inc
		28	include disable-programs.inc
		29	include whitelist-var-common.inc
		30
		31	caps.drop all
		32	netfilter
		33	no3d
		34	nogroups
		35	nonewprivs
		36	noroot
		37	nou2f
		38	protocol unix,inet,inet6
		39	seccomp
		40	shell none
		41	tracelog
		42
		43	private-cache
		44	private-dev
		45	private-tmp
		46
		47	# memory-deny-write-execute - Breaks on Arch


diff --git a/etc/autokey-gtk.profile b/etc/autokey-gtk.profile new file mode 100644 index 000000000..86168ba0d --- /dev/null +++ b/etc/autokey-gtk.profile
@@ -0,0 +1,11 @@
		1	# Firejail profile for autokey-gtk
		2	# Description: Desktop automation utility (GTK version)
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include autokey-gtk.local
		6	# Persistent global definitions
		7	# added by included profile
		8	#include globals.local
		9
		10	#Redirect
		11	include autokey-common.profile


diff --git a/etc/autokey-qt.profile b/etc/autokey-qt.profile new file mode 100644 index 000000000..f3877d829 --- /dev/null +++ b/etc/autokey-qt.profile
@@ -0,0 +1,11 @@
		1	# Firejail profile for autokey-qt
		2	# Description: Desktop automation utility (Qt version)
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include autokey-qt.local
		6	# Persistent global definitions
		7	# added by included profile
		8	#include globals.local
		9
		10	#Redirect
		11	include autokey-common.profile


diff --git a/etc/autokey-run.profile b/etc/autokey-run.profile new file mode 100644 index 000000000..b70239022 --- /dev/null +++ b/etc/autokey-run.profile
@@ -0,0 +1,11 @@
		1	# Firejail profile for autokey-run
		2	# Description: Desktop automation utility (CLI version)
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include autokey-run.local
		6	# Persistent global definitions
		7	# added by included profile
		8	#include globals.local
		9
		10	#Redirect
		11	include autokey-common.profile


diff --git a/etc/autokey-shell.profile b/etc/autokey-shell.profile new file mode 100644 index 000000000..5745fce77 --- /dev/null +++ b/etc/autokey-shell.profile
@@ -0,0 +1,11 @@
		1	# Firejail profile for autokey-shell
		2	# Description: Desktop automation utility (CLI shell)
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include autokey-shell.local
		6	# Persistent global definitions
		7	# added by included profile
		8	#include globals.local
		9
		10	#Redirect
		11	include autokey-common.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 84f496d8c..5125d0cca 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -53,6 +53,10 @@ atril-thumbnailer
53	audacious	53	audacious
54	audacity	54	audacity
55	authenticator	55	authenticator
		56	autokey-gtk
		57	autokey-qt
		58	autokey-run
		59	autokey-shell
56	aweather	60	aweather
57	baloo_file	61	baloo_file
58	baloo_filemetadata_temp_extractor	62	baloo_filemetadata_temp_extractor