diff options
author | netblue30 <netblue30@protonmail.com> | 2023-02-14 09:17:00 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-02-14 09:17:00 -0500 |
commit | df6ea884f1d6d971f160cad98ede4047478e8f4e (patch) | |
tree | 24dbf91cebf0c8637e964171550271395580aacb | |
parent | Merge pull request #5653 from slowpeek/master (diff) | |
download | firejail-df6ea884f.tar.gz firejail-df6ea884f.tar.zst firejail-df6ea884f.zip |
merges, disable sort.py in profile checks temporarely, two more private-etc profiles
-rw-r--r-- | .github/workflows/profile-checks.yml | 4 | ||||
-rw-r--r-- | README | 3 | ||||
-rw-r--r-- | etc/profile-a-l/dosbox.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/etr.profile | 1 | ||||
-rw-r--r-- | src/include/etc_groups.h | 3 |
5 files changed, 9 insertions, 3 deletions
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index 66bba61f5..ad4f86b53 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
@@ -34,8 +34,8 @@ jobs: | |||
34 | github.com:443 | 34 | github.com:443 |
35 | 35 | ||
36 | - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c | 36 | - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c |
37 | - name: sort.py | 37 | # - name: sort.py |
38 | run: ./ci/check/profiles/sort.py etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile | 38 | # run: ./ci/check/profiles/sort.py etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile |
39 | # Currently broken (see #5610) | 39 | # Currently broken (see #5610) |
40 | # - name: private-etc-always-required.sh | 40 | # - name: private-etc-always-required.sh |
41 | # run: ./ci/check/profiles/private-etc-always-required.sh etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile | 41 | # run: ./ci/check/profiles/private-etc-always-required.sh etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile |
@@ -774,6 +774,8 @@ Neo00001 (https://github.com/Neo00001) | |||
774 | - update telegram profile | 774 | - update telegram profile |
775 | - add spectacle profile | 775 | - add spectacle profile |
776 | - add kdiff3 profile | 776 | - add kdiff3 profile |
777 | netcarver (https://github.com/netcarver) | ||
778 | - prevent access to LUKS keyfile | ||
777 | NetSysFire (https://github.com/NetSysFire) | 779 | NetSysFire (https://github.com/NetSysFire) |
778 | - update weechat profile | 780 | - update weechat profile |
779 | - update megaglest profile | 781 | - update megaglest profile |
@@ -996,6 +998,7 @@ slowpeek (https://github.com/slowpeek) | |||
996 | - allow access to avahi-daemon in apparmor/firejail-default | 998 | - allow access to avahi-daemon in apparmor/firejail-default |
997 | - make appimage examples consistent with --appimage option short description | 999 | - make appimage examples consistent with --appimage option short description |
998 | - blacklist google-drive-ocamlfuse config | 1000 | - blacklist google-drive-ocamlfuse config |
1001 | - blacklist sendgmail config | ||
999 | smitsohu (https://github.com/smitsohu) | 1002 | smitsohu (https://github.com/smitsohu) |
1000 | - read-only kde4 services directory | 1003 | - read-only kde4 services directory |
1001 | - enhanced mediathekview profile | 1004 | - enhanced mediathekview profile |
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile index 1edbb7ca0..882709808 100644 --- a/etc/profile-a-l/dosbox.profile +++ b/etc/profile-a-l/dosbox.profile | |||
@@ -37,6 +37,7 @@ tracelog | |||
37 | 37 | ||
38 | private-bin dosbox | 38 | private-bin dosbox |
39 | private-dev | 39 | private-dev |
40 | private-etc @games | ||
40 | private-tmp | 41 | private-tmp |
41 | 42 | ||
42 | dbus-user none | 43 | dbus-user none |
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index 7d27f12c9..5b9892af3 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile | |||
@@ -49,6 +49,7 @@ private-bin etr | |||
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | # private-etc alternatives,drirc,machine-id,openal,passwd | 51 | # private-etc alternatives,drirc,machine-id,openal,passwd |
52 | private-etc @games,@x11 | ||
52 | private-tmp | 53 | private-tmp |
53 | 54 | ||
54 | dbus-user none | 55 | dbus-user none |
diff --git a/src/include/etc_groups.h b/src/include/etc_groups.h index d1182a33d..dca767934 100644 --- a/src/include/etc_groups.h +++ b/src/include/etc_groups.h | |||
@@ -75,7 +75,8 @@ static char *etc_group_sound[] = { | |||
75 | static char *etc_group_tls_ca[] = { | 75 | static char *etc_group_tls_ca[] = { |
76 | "ca-certificates", | 76 | "ca-certificates", |
77 | "crypto-policies", | 77 | "crypto-policies", |
78 | "gcrypt", // GNU crypto library (GPG) | 78 | "gcrypt", // GNU crypto library - contains hardware config for various encryption schemes |
79 | // and random number generators. The file is not installed by Debian. | ||
79 | "pki", | 80 | "pki", |
80 | "ssl", | 81 | "ssl", |
81 | NULL | 82 | NULL |