Merge pull request #2172 from glitsj16/min

New profile min
author: netblue30 <netblue30@yahoo.com> 2018-10-11 08:37:04 -0500
committer: GitHub <noreply@github.com> 2018-10-11 08:37:04 -0500
commit: c67588ec3626254c56398deb0741baa012ef2c85 (patch)
tree: 1e6345a1e01441e5f29a38582f907ae57adea6f0
parent: Merge pull request #2171 from glitsj16/desktop (diff)
parent: Update for min (diff)
download: firejail-c67588ec3626254c56398deb0741baa012ef2c85.tar.gz
firejail-c67588ec3626254c56398deb0741baa012ef2c85.tar.zst
firejail-c67588ec3626254c56398deb0741baa012ef2c85.zip
3 files changed, 52 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index fe6b04ed0..6fa0eed26 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -66,6 +66,7 @@ blacklist ${HOME}/.config/INRIA
 blacklist ${HOME}/.config/InSilmaril
 blacklist ${HOME}/.config/Luminance
 blacklist ${HOME}/.config/Meltytech
+blacklist ${HOME}/.config/Min
 blacklist ${HOME}/.config/Mousepad
 blacklist ${HOME}/.config/Mumble
 blacklist ${HOME}/.config/MusE
diff --git a/etc/min.profile b/etc/min.profile
new file mode 100644
index 000000000..91c6fce3c
--- /dev/null
+++ b/etc/min.profile
@@ -0,0 +1,50 @@
+# Firejail profile for min
+# Description: A faster, smarter web browser.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/min.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.config/Min
+noblacklist ${HOME}/.pki
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-programs.inc
+mkdir ${HOME}/.pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.pki
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+# ipc-namespace
+# machine-id breaks pulse audio; it should work fine in setups where sound is not required
+#machine-id
+netfilter
+# no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+# private-bin min
+private-cache
+private-dev
+# private-etc below works fine on most distributions. There are some problems on CentOS.
+private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache
+private-tmp
+# memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 542812624..2190f133d 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -280,6 +280,7 @@ mediainfo
 mediathekview
 meld
 midori
+min
 minetest
 mousepad
 mplayer
author	netblue30 <netblue30@yahoo.com>	2018-10-11 08:37:04 -0500
committer	GitHub <noreply@github.com>	2018-10-11 08:37:04 -0500
commit	c67588ec3626254c56398deb0741baa012ef2c85 (patch)
tree	1e6345a1e01441e5f29a38582f907ae57adea6f0
parent	Merge pull request #2171 from glitsj16/desktop (diff)
parent	Update for min (diff)
download	firejail-c67588ec3626254c56398deb0741baa012ef2c85.tar.gz firejail-c67588ec3626254c56398deb0741baa012ef2c85.tar.zst firejail-c67588ec3626254c56398deb0741baa012ef2c85.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fe6b04ed0..6fa0eed26 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -66,6 +66,7 @@ blacklist ${HOME}/.config/INRIA
66	blacklist ${HOME}/.config/InSilmaril	66	blacklist ${HOME}/.config/InSilmaril
67	blacklist ${HOME}/.config/Luminance	67	blacklist ${HOME}/.config/Luminance
68	blacklist ${HOME}/.config/Meltytech	68	blacklist ${HOME}/.config/Meltytech
		69	blacklist ${HOME}/.config/Min
69	blacklist ${HOME}/.config/Mousepad	70	blacklist ${HOME}/.config/Mousepad
70	blacklist ${HOME}/.config/Mumble	71	blacklist ${HOME}/.config/Mumble
71	blacklist ${HOME}/.config/MusE	72	blacklist ${HOME}/.config/MusE


diff --git a/etc/min.profile b/etc/min.profile new file mode 100644 index 000000000..91c6fce3c --- /dev/null +++ b/etc/min.profile
@@ -0,0 +1,50 @@
		1	# Firejail profile for min
		2	# Description: A faster, smarter web browser.
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include /etc/firejail/min.local
		6	# Persistent global definitions
		7	include /etc/firejail/globals.local
		8
		9	noblacklist ${HOME}/.config/Min
		10
		11	noblacklist ${HOME}/.pki
		12
		13	include /etc/firejail/disable-common.inc
		14	include /etc/firejail/disable-devel.inc
		15	include /etc/firejail/disable-interpreters.inc
		16	include /etc/firejail/disable-programs.inc
		17
		18	mkdir ${HOME}/.pki
		19	whitelist ${DOWNLOADS}
		20	whitelist ${HOME}/.pki
		21	include /etc/firejail/whitelist-common.inc
		22	include /etc/firejail/whitelist-var-common.inc
		23
		24	caps.drop all
		25	# ipc-namespace
		26	# machine-id breaks pulse audio; it should work fine in setups where sound is not required
		27	#machine-id
		28	netfilter
		29	# no3d
		30	nodbus
		31	nodvd
		32	nogroups
		33	nonewprivs
		34	noroot
		35	notv
		36	protocol unix,inet,inet6
		37	seccomp
		38	shell none
		39
		40	disable-mnt
		41	# private-bin min
		42	private-cache
		43	private-dev
		44	# private-etc below works fine on most distributions. There are some problems on CentOS.
		45	private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache
		46	private-tmp
		47
		48	# memory-deny-write-execute
		49	noexec ${HOME}
		50	noexec /tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 542812624..2190f133d 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -280,6 +280,7 @@ mediainfo
280	mediathekview	280	mediathekview
281	meld	281	meld
282	midori	282	midori
		283	min
283	minetest	284	minetest
284	mousepad	285	mousepad
285	mplayer	286	mplayer