added luminance-hdr and synfigstudio profiles

author: netblue30 <netblue30@yahoo.com> 2016-09-30 09:33:45 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-09-30 09:33:45 -0400
commit: e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc (patch)
tree: 46b9b3aed144e134aa42e8dfa0c048caad744476
parent: Merge pull request #822 from manevich/xauthority-link (diff)
download: firejail-e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc.tar.gz
firejail-e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc.tar.zst
firejail-e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc.zip
7 files changed, 49 insertions, 2 deletions
diff --git a/README.md b/README.md
index 05cfd3b11..e98f8ad21 100644
--- a/README.md
+++ b/README.md
@@ -88,5 +88,5 @@ x11 xpra, x11 xephyr, x11 block, allusers, join-or-start
 ## New profiles
-qpdfview, mupdf
+qpdfview, mupdf, Luminance HDR, Synfig Studio
diff --git a/RELNOTES b/RELNOTES
index 9b746e229..f09c628e1 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -13,7 +13,7 @@ firejail (0.9.43) baseline; urgency=low
  * feature: blocking x11 (--x11=block)
  * feature: disable 3D hardware acceleration (--no3d)
  * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
-  * new profiles: qpdfview, mupdf
+  * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio
  * bugfixes
 -- netblue30 <netblue30@yahoo.com>  Fri, 9 Sept 2016 08:00:00 -0500
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 54c53e794..8566ea0c5 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -27,6 +27,9 @@ blacklist ${HOME}/.kde/share/config/okularpartrc
 blacklist ${HOME}/.kde/share/apps/gwenview
 blacklist ${HOME}/.kde/share/config/gwenviewrc
 blacklist ${HOME}/.config/qpdfview
+blacklist ${HOME}/.config/Luminance
+blacklist ${HOME}/.config/synfig
+blacklist ${HOME}/.synfig
 # Media players
 blacklist ${HOME}/.config/cmus
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile
new file mode 100644
index 000000000..e9207fba3
--- /dev/null
+++ b/etc/luminance-hdr.profile
@@ -0,0 +1,23 @@
+# luminance-hdr
+noblacklist ${HOME}/.config/Luminance
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+netfilter
+protocol unix
+nonewprivs
+noroot
+seccomp
+shell none
+tracelog
+private-tmp
+private-dev
+noexec ${HOME}
+noexec /tmp
+nogroups
+nosound
+ipc-namespace
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
new file mode 100644
index 000000000..d46467b99
--- /dev/null
+++ b/etc/synfigstudio.profile
@@ -0,0 +1,17 @@
+# synfigstudio
+noblacklist ${HOME}/.config/synfig
+noblacklist ${HOME}/.synfig
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix
+seccomp
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 0c494c042..86f5564fd 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -145,4 +145,6 @@
 /etc/firejail/dosbox.profile
 /etc/firejail/mupdf.profile
 /etc/firejail/qpdfview.profile
+/etc/firejail/luminance-hdr.profile
+/etc/firejail/synfigstudio.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index ca28d025b..2fec8ef90 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -130,6 +130,8 @@ pix
 xreader
 mupdf
 qpdfview
+luminance-hdr
+synfigstudio
 # other
 ssh
author	netblue30 <netblue30@yahoo.com>	2016-09-30 09:33:45 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-09-30 09:33:45 -0400
commit	e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc (patch)
tree	46b9b3aed144e134aa42e8dfa0c048caad744476
parent	Merge pull request #822 from manevich/xauthority-link (diff)
download	firejail-e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc.tar.gz firejail-e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc.tar.zst firejail-e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc.zip

diff --git a/README.md b/README.md index 05cfd3b11..e98f8ad21 100644 --- a/README.md +++ b/README.md
@@ -88,5 +88,5 @@ x11 xpra, x11 xephyr, x11 block, allusers, join-or-start
88		88
89	## New profiles	89	## New profiles
90		90
91	qpdfview, mupdf	91	qpdfview, mupdf, Luminance HDR, Synfig Studio
92		92


diff --git a/RELNOTES b/RELNOTES index 9b746e229..f09c628e1 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -13,7 +13,7 @@ firejail (0.9.43) baseline; urgency=low
13	* feature: blocking x11 (--x11=block)	13	* feature: blocking x11 (--x11=block)
14	* feature: disable 3D hardware acceleration (--no3d)	14	* feature: disable 3D hardware acceleration (--no3d)
15	* feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands	15	* feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
16	* new profiles: qpdfview, mupdf	16	* new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio
17	* bugfixes	17	* bugfixes
18	-- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500	18	-- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500
19		19


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 54c53e794..8566ea0c5 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -27,6 +27,9 @@ blacklist ${HOME}/.kde/share/config/okularpartrc
27	blacklist ${HOME}/.kde/share/apps/gwenview	27	blacklist ${HOME}/.kde/share/apps/gwenview
28	blacklist ${HOME}/.kde/share/config/gwenviewrc	28	blacklist ${HOME}/.kde/share/config/gwenviewrc
29	blacklist ${HOME}/.config/qpdfview	29	blacklist ${HOME}/.config/qpdfview
		30	blacklist ${HOME}/.config/Luminance
		31	blacklist ${HOME}/.config/synfig
		32	blacklist ${HOME}/.synfig
30		33
31	# Media players	34	# Media players
32	blacklist ${HOME}/.config/cmus	35	blacklist ${HOME}/.config/cmus


diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile new file mode 100644 index 000000000..e9207fba3 --- /dev/null +++ b/etc/luminance-hdr.profile
@@ -0,0 +1,23 @@
		1	# luminance-hdr
		2	noblacklist ${HOME}/.config/Luminance
		3	include /etc/firejail/disable-common.inc
		4	include /etc/firejail/disable-programs.inc
		5	include /etc/firejail/disable-passwdmgr.inc
		6	include /etc/firejail/disable-devel.inc
		7
		8
		9	caps.drop all
		10	netfilter
		11	protocol unix
		12	nonewprivs
		13	noroot
		14	seccomp
		15	shell none
		16	tracelog
		17	private-tmp
		18	private-dev
		19	noexec ${HOME}
		20	noexec /tmp
		21	nogroups
		22	nosound
		23	ipc-namespace


diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile new file mode 100644 index 000000000..d46467b99 --- /dev/null +++ b/etc/synfigstudio.profile
@@ -0,0 +1,17 @@
		1	# synfigstudio
		2	noblacklist ${HOME}/.config/synfig
		3	noblacklist ${HOME}/.synfig
		4	include /etc/firejail/disable-common.inc
		5	include /etc/firejail/disable-programs.inc
		6	include /etc/firejail/disable-passwdmgr.inc
		7
		8	caps.drop all
		9	netfilter
		10	nonewprivs
		11	noroot
		12	protocol unix
		13	seccomp
		14	private-dev
		15	private-tmp
		16	noexec ${HOME}
		17	noexec /tmp


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 0c494c042..86f5564fd 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -145,4 +145,6 @@
145	/etc/firejail/dosbox.profile	145	/etc/firejail/dosbox.profile
146	/etc/firejail/mupdf.profile	146	/etc/firejail/mupdf.profile
147	/etc/firejail/qpdfview.profile	147	/etc/firejail/qpdfview.profile
		148	/etc/firejail/luminance-hdr.profile
		149	/etc/firejail/synfigstudio.profile
148		150


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index ca28d025b..2fec8ef90 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -130,6 +130,8 @@ pix
130	xreader	130	xreader
131	mupdf	131	mupdf
132	qpdfview	132	qpdfview
		133	luminance-hdr
		134	synfigstudio
133		135
134	# other	136	# other
135	ssh	137	ssh