Merge branch 'master' of https://github.com/netblue30/firejail

author: smitsohu <smitsohu@gmail.com> 2021-06-11 12:31:54 +0200
committer: smitsohu <smitsohu@gmail.com> 2021-06-11 12:31:54 +0200
commit: e8dab962c97623c1211cc4bcdb2d60de27697023 (patch)
tree: 4b297790d9e7b5adeea5d5f7e4cf704a9ed1df4b
parent: follow-up (diff)
parent: mcomix profile creation (#4338) (diff)
download: firejail-e8dab962c97623c1211cc4bcdb2d60de27697023.tar.gz
firejail-e8dab962c97623c1211cc4bcdb2d60de27697023.tar.zst
firejail-e8dab962c97623c1211cc4bcdb2d60de27697023.zip
2 files changed, 75 insertions, 0 deletions
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile
new file mode 100644
index 000000000..fcd1e24e5
--- /dev/null
+++ b/etc/profile-m-z/mcomix.profile
@@ -0,0 +1,74 @@
+# Firejail profile for mcomix
+# Description: A comic book and manga viewer in python
+# This file is overwritten after every install/update
+# Persistent local customizations
+include mcomix.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/mcomix
+noblacklist ${HOME}/.local/share/mcomix
+noblacklist ${DOCUMENTS}
+# Allow /bin/sh (blacklisted by disable-shell.inc)
+include allow-bin-sh.inc
+# Allow python (blacklisted by disable-interpreters.inc)
+# mcomix <= 1.2 uses python2
+include allow-python2.inc
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/mcomix
+mkdir ${HOME}/.local/share/mcomix
+whitelist /usr/share/mcomix
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+include whitelist-runuser-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+# mcomix <= 1.2 uses python2
+private-bin 7z,lha,mcomix,mutool,python*,rar,sh,unrar,unzip
+private-cache
+private-dev
+# mcomix <= 1.2 uses gtk-2.0
+private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,X11,xdg
+private-tmp
+dbus-user none
+dbus-system none
+read-only ${HOME}
+read-write ${HOME}/.config/mcomix
+read-write ${HOME}/.local/share/mcomix
+#to allow ${HOME}/.local/share/recently-used.xbel
+read-write ${HOME}/.local/share
+# used by mcomix <= 1.2, tip, make a symbolic link to .cache/thumbnails
+read-write ${HOME}/.thumbnails
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index b6c0b526e..f23488e20 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -494,6 +494,7 @@ mathematica
 matrix-mirage
 mattermost-desktop
 mcabber
+mcomix
 mediainfo
 mediathekview
 megaglest
author	smitsohu <smitsohu@gmail.com>	2021-06-11 12:31:54 +0200
committer	smitsohu <smitsohu@gmail.com>	2021-06-11 12:31:54 +0200
commit	e8dab962c97623c1211cc4bcdb2d60de27697023 (patch)
tree	4b297790d9e7b5adeea5d5f7e4cf704a9ed1df4b
parent	follow-up (diff)
parent	mcomix profile creation (#4338) (diff)
download	firejail-e8dab962c97623c1211cc4bcdb2d60de27697023.tar.gz firejail-e8dab962c97623c1211cc4bcdb2d60de27697023.tar.zst firejail-e8dab962c97623c1211cc4bcdb2d60de27697023.zip

diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile new file mode 100644 index 000000000..fcd1e24e5 --- /dev/null +++ b/etc/profile-m-z/mcomix.profile
@@ -0,0 +1,74 @@
		1	# Firejail profile for mcomix
		2	# Description: A comic book and manga viewer in python
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include mcomix.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/mcomix
		10	noblacklist ${HOME}/.local/share/mcomix
		11	noblacklist ${DOCUMENTS}
		12
		13	# Allow /bin/sh (blacklisted by disable-shell.inc)
		14	include allow-bin-sh.inc
		15
		16	# Allow python (blacklisted by disable-interpreters.inc)
		17	# mcomix <= 1.2 uses python2
		18	include allow-python2.inc
		19	include allow-python3.inc
		20
		21	include disable-common.inc
		22	include disable-devel.inc
		23	include disable-exec.inc
		24	include disable-interpreters.inc
		25	include disable-passwdmgr.inc
		26	include disable-programs.inc
		27	include disable-shell.inc
		28	include disable-write-mnt.inc
		29	include disable-xdg.inc
		30
		31	mkdir ${HOME}/.config/mcomix
		32	mkdir ${HOME}/.local/share/mcomix
		33	whitelist /usr/share/mcomix
		34	include whitelist-usr-share-common.inc
		35	include whitelist-var-common.inc
		36	include whitelist-runuser-common.inc
		37
		38	apparmor
		39	caps.drop all
		40	machine-id
		41	net none
		42	nodvd
		43	nogroups
		44	noinput
		45	nonewprivs
		46	noroot
		47	nosound
		48	notv
		49	nou2f
		50	novideo
		51	protocol unix
		52	seccomp
		53	seccomp.block-secondary
		54	shell none
		55	tracelog
		56
		57	# mcomix <= 1.2 uses python2
		58	private-bin 7z,lha,mcomix,mutool,python*,rar,sh,unrar,unzip
		59	private-cache
		60	private-dev
		61	# mcomix <= 1.2 uses gtk-2.0
		62	private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,X11,xdg
		63	private-tmp
		64
		65	dbus-user none
		66	dbus-system none
		67
		68	read-only ${HOME}
		69	read-write ${HOME}/.config/mcomix
		70	read-write ${HOME}/.local/share/mcomix
		71	#to allow ${HOME}/.local/share/recently-used.xbel
		72	read-write ${HOME}/.local/share
		73	# used by mcomix <= 1.2, tip, make a symbolic link to .cache/thumbnails
		74	read-write ${HOME}/.thumbnails


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index b6c0b526e..f23488e20 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -494,6 +494,7 @@ mathematica
494	matrix-mirage	494	matrix-mirage
495	mattermost-desktop	495	mattermost-desktop
496	mcabber	496	mcabber
		497	mcomix
497	mediainfo	498	mediainfo
498	mediathekview	499	mediathekview
499	megaglest	500	megaglest