Add new profile: gist (#3061)

* Create gist.profile * Add gist config to disable-programs.inc * Add gist to firecfg.config * Update RELNOTES * Update README.md
author: glitsj16 <glitsj16@users.noreply.github.com> 2019-11-25 17:05:58 +0000
committer: GitHub <noreply@github.com> 2019-11-25 17:05:58 +0000
commit: f46f2a89d2b4c9aea974c26cee2c1a36edd235b1 (patch)
tree: 493751cc52612b6ed4e4be137ec5c31b77bb1e61
parent: blacklist gksu, gksudo, kdesudo (diff)
download: firejail-f46f2a89d2b4c9aea974c26cee2c1a36edd235b1.tar.gz
firejail-f46f2a89d2b4c9aea974c26cee2c1a36edd235b1.tar.zst
firejail-f46f2a89d2b4c9aea974c26cee2c1a36edd235b1.zip
5 files changed, 60 insertions, 2 deletions
diff --git a/README.md b/README.md
index 94bf09c07..e470e418c 100644
--- a/README.md
+++ b/README.md
@@ -122,4 +122,4 @@ gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformul
 pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump,
 mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt,
 gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop, ar,
-gnome-latex, pngquant, kalgebra, kalgebramobile, signal-cli, amuled, kfind, profanity, audio-recorder, cameramonitor, ddgtk, drawio, electron-mail, gmpc, unf
+gnome-latex, pngquant, kalgebra, kalgebramobile, signal-cli, amuled, kfind, profanity, audio-recorder, cameramonitor, ddgtk, drawio, electron-mail, gmpc, unf, gist
diff --git a/RELNOTES b/RELNOTES
index 9cdb71961..b9d974c25 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -24,7 +24,7 @@ firejail (0.9.61) baseline; urgency=low
  * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra
  * new profiles: kalgebramobile, signal-cli, amuled, kfind, profanity
  * new profiles: audio-recorder, cameramonitor, ddgtk, drawio, unf, gmpc
-  * new profiles: electron-mail
+  * new profiles: electron-mail, gist
 -- netblue30 <netblue30@yahoo.com>  Sat, 1 Jun 2019 08:00:00 -0500
 firejail (0.9.60) baseline; urgency=low
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index c7638ec17..cb5da5c8d 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -364,6 +364,7 @@ blacklist ${HOME}/.freecol
 blacklist ${HOME}/.freemind
 blacklist ${HOME}/.frozen-bubble
 blacklist ${HOME}/.gimp*
+blacklist ${HOME}/.gist
 blacklist ${HOME}/.gitconfig
 blacklist ${HOME}/.gnome/gnome-schedule
 blacklist ${HOME}/.googleearth/Cache
diff --git a/etc/gist.profile b/etc/gist.profile
new file mode 100644
index 000000000..9544ad499
--- /dev/null
+++ b/etc/gist.profile
@@ -0,0 +1,56 @@
+# Firejail profile for gist
+# Description: Potentially the best command line gister
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include gist.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.gist
+# Allow ruby (blacklisted by disable-interpreters.inc)
+include allow-ruby.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.gist
+whitelist ${HOME}/.gist
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-etc alternatives
+private-tmp
+memory-deny-write-execute
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 0326156a1..f0e31bd38 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -232,6 +232,7 @@ ghostwriter
 gimp
 gimp-2.10
 gimp-2.8
+gist
 gitg
 github-desktop
 gitter
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-11-25 17:05:58 +0000
committer	GitHub <noreply@github.com>	2019-11-25 17:05:58 +0000
commit	f46f2a89d2b4c9aea974c26cee2c1a36edd235b1 (patch)
tree	493751cc52612b6ed4e4be137ec5c31b77bb1e61
parent	blacklist gksu, gksudo, kdesudo (diff)
download	firejail-f46f2a89d2b4c9aea974c26cee2c1a36edd235b1.tar.gz firejail-f46f2a89d2b4c9aea974c26cee2c1a36edd235b1.tar.zst firejail-f46f2a89d2b4c9aea974c26cee2c1a36edd235b1.zip

diff --git a/README.md b/README.md index 94bf09c07..e470e418c 100644 --- a/README.md +++ b/README.md
@@ -122,4 +122,4 @@ gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformul
122	pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump,	122	pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump,
123	mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt,	123	mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt,
124	gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop, ar,	124	gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop, ar,
125	gnome-latex, pngquant, kalgebra, kalgebramobile, signal-cli, amuled, kfind, profanity, audio-recorder, cameramonitor, ddgtk, drawio, electron-mail, gmpc, unf	125	gnome-latex, pngquant, kalgebra, kalgebramobile, signal-cli, amuled, kfind, profanity, audio-recorder, cameramonitor, ddgtk, drawio, electron-mail, gmpc, unf, gist


diff --git a/RELNOTES b/RELNOTES index 9cdb71961..b9d974c25 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -24,7 +24,7 @@ firejail (0.9.61) baseline; urgency=low
24	* new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra	24	* new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra
25	* new profiles: kalgebramobile, signal-cli, amuled, kfind, profanity	25	* new profiles: kalgebramobile, signal-cli, amuled, kfind, profanity
26	* new profiles: audio-recorder, cameramonitor, ddgtk, drawio, unf, gmpc	26	* new profiles: audio-recorder, cameramonitor, ddgtk, drawio, unf, gmpc
27	* new profiles: electron-mail	27	* new profiles: electron-mail, gist
28	-- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500	28	-- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500
29		29
30	firejail (0.9.60) baseline; urgency=low	30	firejail (0.9.60) baseline; urgency=low


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index c7638ec17..cb5da5c8d 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -364,6 +364,7 @@ blacklist ${HOME}/.freecol
364	blacklist ${HOME}/.freemind	364	blacklist ${HOME}/.freemind
365	blacklist ${HOME}/.frozen-bubble	365	blacklist ${HOME}/.frozen-bubble
366	blacklist ${HOME}/.gimp*	366	blacklist ${HOME}/.gimp*
		367	blacklist ${HOME}/.gist
367	blacklist ${HOME}/.gitconfig	368	blacklist ${HOME}/.gitconfig
368	blacklist ${HOME}/.gnome/gnome-schedule	369	blacklist ${HOME}/.gnome/gnome-schedule
369	blacklist ${HOME}/.googleearth/Cache	370	blacklist ${HOME}/.googleearth/Cache


diff --git a/etc/gist.profile b/etc/gist.profile new file mode 100644 index 000000000..9544ad499 --- /dev/null +++ b/etc/gist.profile
@@ -0,0 +1,56 @@
		1	# Firejail profile for gist
		2	# Description: Potentially the best command line gister
		3	# This file is overwritten after every install/update
		4	quiet
		5	# Persistent local customizations
		6	include gist.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	noblacklist ${HOME}/.gist
		11
		12	# Allow ruby (blacklisted by disable-interpreters.inc)
		13	include allow-ruby.inc
		14
		15	include disable-common.inc
		16	include disable-devel.inc
		17	include disable-exec.inc
		18	include disable-interpreters.inc
		19	include disable-passwdmgr.inc
		20	include disable-programs.inc
		21	include disable-xdg.inc
		22
		23	mkdir ${HOME}/.gist
		24	whitelist ${HOME}/.gist
		25	whitelist ${DOWNLOADS}
		26	include whitelist-common.inc
		27	include whitelist-usr-share-common.inc
		28	include whitelist-var-common.inc
		29
		30	apparmor
		31	caps.drop all
		32	ipc-namespace
		33	machine-id
		34	netfilter
		35	no3d
		36	nodbus
		37	nodvd
		38	nogroups
		39	nonewprivs
		40	noroot
		41	nosound
		42	notv
		43	nou2f
		44	novideo
		45	protocol unix,inet,inet6
		46	seccomp
		47	shell none
		48	tracelog
		49
		50	disable-mnt
		51	private-cache
		52	private-dev
		53	private-etc alternatives
		54	private-tmp
		55
		56	memory-deny-write-execute


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 0326156a1..f0e31bd38 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -232,6 +232,7 @@ ghostwriter
232	gimp	232	gimp
233	gimp-2.10	233	gimp-2.10
234	gimp-2.8	234	gimp-2.8
		235	gist
235	gitg	236	gitg
236	github-desktop	237	github-desktop
237	gitter	238	gitter