Add VS Code profile - see request in #1139

author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2018-03-03 23:24:50 -0600
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2018-03-03 23:24:50 -0600
commit: f6502ebf237a54a9914c80f386f321772f0e8063 (patch)
tree: 695b98fd0f9ae82b37be083ccf89ef60c0b6c7c9
parent: Add netlink to protocol list and drop chroot from seccomp filter - should fix... (diff)
download: firejail-f6502ebf237a54a9914c80f386f321772f0e8063.tar.gz
firejail-f6502ebf237a54a9914c80f386f321772f0e8063.tar.zst
firejail-f6502ebf237a54a9914c80f386f321772f0e8063.zip
5 files changed, 41 insertions, 2 deletions
diff --git a/README.md b/README.md
index 2fe11be06..fe3a4f1f5 100644
--- a/README.md
+++ b/README.md
@@ -244,4 +244,4 @@ firefox-common-addons.inc in firefox-common.profile.
 Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,
 pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,
-tilp, vivaldi-snapshot, bitcoin-qt
+tilp, vivaldi-snapshot, bitcoin-qt, VS Code
diff --git a/RELNOTES b/RELNOTES
index 3868da924..b05d88e2d 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -25,7 +25,7 @@ firejail (0.9.53) baseline; urgency=low
  * private-tmp support for overlay and chroot sandboxes
  * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,
  * new profiles: discord-canary, pycharm-community, pycharm-professional,
-  * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine,
+  * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code
 -- netblue30 <netblue30@yahoo.com>  Thu, 1 Mar 2018 08:00:00 -0500
 firejail (0.9.52) baseline; urgency=low
diff --git a/etc/code.profile b/etc/code.profile
new file mode 100644
index 000000000..af7d379ed
--- /dev/null
+++ b/etc/code.profile
@@ -0,0 +1,36 @@
+# Firejail profile for Visual Studio Code
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/code.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.vscode
+noblacklist ${HOME}/.config/Code
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+net none
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+private-dev
+private-tmp
+# Disabling noexec ${HOME} for now since it will
+# probably interfere with running some programmes
+# in VS Code
+# noexec ${HOME}
+noexec /tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index b20500734..ac6f3fe1f 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -40,6 +40,7 @@ blacklist ${HOME}/.config/Atom
 blacklist ${HOME}/.config/Audaciousrc
 blacklist ${HOME}/.config/Brackets
 blacklist ${HOME}/.config/Clementine
+blacklist ${HOME}/.config/Code
 blacklist ${HOME}/.config/Cryptocat
 blacklist ${HOME}/.config/Franz
 blacklist ${HOME}/.config/FreeCAD
@@ -460,6 +461,7 @@ blacklist ${HOME}/.tuxguitar*
 blacklist ${HOME}/.unknown-horizons
 blacklist ${HOME}/.viking
 blacklist ${HOME}/.viking-maps
+blacklist ${HOME}/.vscode
 blacklist ${HOME}/.vst
 blacklist ${HOME}/.w3m
 blacklist ${HOME}/.warzone2100-3.*
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 82da8e32b..8d5f2066f 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -72,6 +72,7 @@ clementine
 clipit
 cliqz
 cmus
+code
 conkeror
 conky
 corebird
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2018-03-03 23:24:50 -0600
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2018-03-03 23:24:50 -0600
commit	f6502ebf237a54a9914c80f386f321772f0e8063 (patch)
tree	695b98fd0f9ae82b37be083ccf89ef60c0b6c7c9
parent	Add netlink to protocol list and drop chroot from seccomp filter - should fix... (diff)
download	firejail-f6502ebf237a54a9914c80f386f321772f0e8063.tar.gz firejail-f6502ebf237a54a9914c80f386f321772f0e8063.tar.zst firejail-f6502ebf237a54a9914c80f386f321772f0e8063.zip

diff --git a/README.md b/README.md index 2fe11be06..fe3a4f1f5 100644 --- a/README.md +++ b/README.md
@@ -244,4 +244,4 @@ firefox-common-addons.inc in firefox-common.profile.
244		244
245	Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,	245	Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,
246	pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,	246	pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,
247	tilp, vivaldi-snapshot, bitcoin-qt	247	tilp, vivaldi-snapshot, bitcoin-qt, VS Code


diff --git a/RELNOTES b/RELNOTES index 3868da924..b05d88e2d 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -25,7 +25,7 @@ firejail (0.9.53) baseline; urgency=low
25	* private-tmp support for overlay and chroot sandboxes	25	* private-tmp support for overlay and chroot sandboxes
26	* new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,	26	* new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,
27	* new profiles: discord-canary, pycharm-community, pycharm-professional,	27	* new profiles: discord-canary, pycharm-community, pycharm-professional,
28	* new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine,	28	* new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code
29	-- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500	29	-- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500
30		30
31	firejail (0.9.52) baseline; urgency=low	31	firejail (0.9.52) baseline; urgency=low


diff --git a/etc/code.profile b/etc/code.profile new file mode 100644 index 000000000..af7d379ed --- /dev/null +++ b/etc/code.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for Visual Studio Code
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/code.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	noblacklist ${HOME}/.vscode
		9	noblacklist ${HOME}/.config/Code
		10
		11	include /etc/firejail/disable-common.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13	include /etc/firejail/disable-programs.inc
		14
		15	caps.drop all
		16	net none
		17	netfilter
		18	nodvd
		19	nogroups
		20	nonewprivs
		21	noroot
		22	nosound
		23	notv
		24	novideo
		25	protocol unix,inet,inet6,netlink
		26	seccomp
		27	shell none
		28
		29	private-dev
		30	private-tmp
		31
		32	# Disabling noexec ${HOME} for now since it will
		33	# probably interfere with running some programmes
		34	# in VS Code
		35	# noexec ${HOME}
		36	noexec /tmp


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index b20500734..ac6f3fe1f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -40,6 +40,7 @@ blacklist ${HOME}/.config/Atom
40	blacklist ${HOME}/.config/Audaciousrc	40	blacklist ${HOME}/.config/Audaciousrc
41	blacklist ${HOME}/.config/Brackets	41	blacklist ${HOME}/.config/Brackets
42	blacklist ${HOME}/.config/Clementine	42	blacklist ${HOME}/.config/Clementine
		43	blacklist ${HOME}/.config/Code
43	blacklist ${HOME}/.config/Cryptocat	44	blacklist ${HOME}/.config/Cryptocat
44	blacklist ${HOME}/.config/Franz	45	blacklist ${HOME}/.config/Franz
45	blacklist ${HOME}/.config/FreeCAD	46	blacklist ${HOME}/.config/FreeCAD
@@ -460,6 +461,7 @@ blacklist ${HOME}/.tuxguitar*
460	blacklist ${HOME}/.unknown-horizons	461	blacklist ${HOME}/.unknown-horizons
461	blacklist ${HOME}/.viking	462	blacklist ${HOME}/.viking
462	blacklist ${HOME}/.viking-maps	463	blacklist ${HOME}/.viking-maps
		464	blacklist ${HOME}/.vscode
463	blacklist ${HOME}/.vst	465	blacklist ${HOME}/.vst
464	blacklist ${HOME}/.w3m	466	blacklist ${HOME}/.w3m
465	blacklist ${HOME}/.warzone2100-3.*	467	blacklist ${HOME}/.warzone2100-3.*


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 82da8e32b..8d5f2066f 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -72,6 +72,7 @@ clementine
72	clipit	72	clipit
73	cliqz	73	cliqz
74	cmus	74	cmus
		75	code
75	conkeror	76	conkeror
76	conky	77	conky
77	corebird	78	corebird