harden peek; update README.md; add gnome-sound-…

…recorder to firecfg.config
author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-10-23 14:06:37 +0200
committer: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-10-23 14:06:37 +0200
commit: 582ae38e811a7a768d2cfbcf93e711ebbc984e07 (patch)
tree: f290de320d79ced20ee3e194e91e12cab0d0baea /etc/profile-m-z
parent: Merge pull request #3683 from jmetrius/vlc-aacs-fix (diff)
download: firejail-582ae38e811a7a768d2cfbcf93e711ebbc984e07.tar.gz
firejail-582ae38e811a7a768d2cfbcf93e711ebbc984e07.tar.zst
firejail-582ae38e811a7a768d2cfbcf93e711ebbc984e07.zip
1 files changed, 21 insertions, 3 deletions
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile
index 66fdd6496..28a7da404 100644
--- a/etc/profile-m-z/peek.profile
+++ b/etc/profile-m-z/peek.profile
@@ -17,7 +17,18 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+#mkdir ${HOME}/.cache/peek
+#whitelist ${HOME}/.cache/peek
+#whitelist ${PICTURES}
+#whitelist ${VIDEOS}
+#include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
+machine-id
 net none
 no3d
 nodvd
@@ -31,13 +42,20 @@ novideo
 protocol unix
 seccomp
 shell none
+tracelog
-# private-bin breaks gif mode, mp4 and webm mode work fine however
+disable-mnt
-# private-bin convert,ffmpeg,peek
+private-bin bash,convert,ffmpeg,firejail,fish,peek,sh,which,zsh
 private-dev
+private-etc dconf,firejail,fonts,gtk-3.0,login.defs,pango,passwd,X11
 private-tmp
-dbus-user none
+dbus-user filter
+dbus-user.own com.uploadedlobster.peek
+dbus-user.talk ca.desrt.dconf
+dbus-user.talk org.freedesktop.FileManager1
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.gnome.Shell.Screencast
 dbus-system none
 memory-deny-write-execute
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-10-23 14:06:37 +0200
committer	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-10-23 14:06:37 +0200
commit	582ae38e811a7a768d2cfbcf93e711ebbc984e07 (patch)
tree	f290de320d79ced20ee3e194e91e12cab0d0baea /etc/profile-m-z
parent	Merge pull request #3683 from jmetrius/vlc-aacs-fix (diff)
download	firejail-582ae38e811a7a768d2cfbcf93e711ebbc984e07.tar.gz firejail-582ae38e811a7a768d2cfbcf93e711ebbc984e07.tar.zst firejail-582ae38e811a7a768d2cfbcf93e711ebbc984e07.zip

diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile index 66fdd6496..28a7da404 100644 --- a/etc/profile-m-z/peek.profile +++ b/etc/profile-m-z/peek.profile
@@ -17,7 +17,18 @@ include disable-passwdmgr.inc
17	include disable-programs.inc	17	include disable-programs.inc
18	include disable-xdg.inc	18	include disable-xdg.inc
19		19
		20	#mkdir ${HOME}/.cache/peek
		21	#whitelist ${HOME}/.cache/peek
		22	#whitelist ${PICTURES}
		23	#whitelist ${VIDEOS}
		24	#include whitelist-common.inc
		25	include whitelist-runuser-common.inc
		26	include whitelist-usr-share-common.inc
		27	include whitelist-var-common.inc
		28
		29	apparmor
20	caps.drop all	30	caps.drop all
		31	machine-id
21	net none	32	net none
22	no3d	33	no3d
23	nodvd	34	nodvd
@@ -31,13 +42,20 @@ novideo
31	protocol unix	42	protocol unix
32	seccomp	43	seccomp
33	shell none	44	shell none
		45	tracelog
34		46
35	# private-bin breaks gif mode, mp4 and webm mode work fine however	47	disable-mnt
36	# private-bin convert,ffmpeg,peek	48	private-bin bash,convert,ffmpeg,firejail,fish,peek,sh,which,zsh
37	private-dev	49	private-dev
		50	private-etc dconf,firejail,fonts,gtk-3.0,login.defs,pango,passwd,X11
38	private-tmp	51	private-tmp
39		52
40	dbus-user none	53	dbus-user filter
		54	dbus-user.own com.uploadedlobster.peek
		55	dbus-user.talk ca.desrt.dconf
		56	dbus-user.talk org.freedesktop.FileManager1
		57	dbus-user.talk org.freedesktop.Notifications
		58	dbus-user.talk org.gnome.Shell.Screencast
41	dbus-system none	59	dbus-system none
42		60
43	memory-deny-write-execute	61	memory-deny-write-execute