Added gpredict, TBB, and xiphos

author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2016-10-25 12:23:23 -0500
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2016-10-25 12:23:23 -0500
commit: 7e20af49b10d716154b21d5b19abf3a312a31c7e (patch)
tree: 4bab1a86b12fd8429ca503fd324276447a82ced2 /etc
parent: fixes (diff)
download: firejail-7e20af49b10d716154b21d5b19abf3a312a31c7e.tar.gz
firejail-7e20af49b10d716154b21d5b19abf3a312a31c7e.tar.zst
firejail-7e20af49b10d716154b21d5b19abf3a312a31c7e.zip
3 files changed, 54 insertions, 4 deletions
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
index 0cc6c416b..f62bf11aa 100644
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@@ -6,20 +6,20 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 # Whitelist
-mkdir ~/.config/Gpredict
 whitelist ~/.config/Gpredict
 caps.drop all
 netfilter
-nogroups
 nonewprivs
+nogroups
 noroot
 nosound
 protocol unix,inet,inet6
 seccomp
-shell none
+#shell none
 tracelog
-private-bin gpredict
+#private-bin gpredict
+private-etc fonts,resolv.conf
 private-dev
 private-tmp
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
new file mode 100644
index 000000000..ee19cee25
--- /dev/null
+++ b/etc/start-tor-browser.profile
@@ -0,0 +1,20 @@
+# Firejail profile for the Tor Brower Bundle
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-bin bash,grep,sed,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf
+private-etc fonts
+private-dev
+private-tmp
diff --git a/etc/xiphos.profile b/etc/xiphos.profile
new file mode 100644
index 000000000..b7fb6ecf3
--- /dev/null
+++ b/etc/xiphos.profile
@@ -0,0 +1,30 @@
+# Firejail profile for xiphos
+noblacklist ~/.sword
+noblacklist ~/.xiphos
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+blacklist ~/.bashrc
+blacklist ~/.Xauthority
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-bin xiphos
+private-etc fonts,resolv.conf,sword
+private-dev
+private-tmp
+whitelist ${HOME}/.sword
+whitelist ${HOME}/.xiphos
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2016-10-25 12:23:23 -0500
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2016-10-25 12:23:23 -0500
commit	7e20af49b10d716154b21d5b19abf3a312a31c7e (patch)
tree	4bab1a86b12fd8429ca503fd324276447a82ced2 /etc
parent	fixes (diff)
download	firejail-7e20af49b10d716154b21d5b19abf3a312a31c7e.tar.gz firejail-7e20af49b10d716154b21d5b19abf3a312a31c7e.tar.zst firejail-7e20af49b10d716154b21d5b19abf3a312a31c7e.zip

diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 0cc6c416b..f62bf11aa 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile
@@ -6,20 +6,20 @@ include /etc/firejail/disable-passwdmgr.inc
6	include /etc/firejail/disable-programs.inc	6	include /etc/firejail/disable-programs.inc
7		7
8	# Whitelist	8	# Whitelist
9	mkdir ~/.config/Gpredict
10	whitelist ~/.config/Gpredict	9	whitelist ~/.config/Gpredict
11		10
12	caps.drop all	11	caps.drop all
13	netfilter	12	netfilter
14	nogroups
15	nonewprivs	13	nonewprivs
		14	nogroups
16	noroot	15	noroot
17	nosound	16	nosound
18	protocol unix,inet,inet6	17	protocol unix,inet,inet6
19	seccomp	18	seccomp
20	shell none	19	#shell none
21	tracelog	20	tracelog
22		21
23	private-bin gpredict	22	#private-bin gpredict
		23	private-etc fonts,resolv.conf
24	private-dev	24	private-dev
25	private-tmp	25	private-tmp


diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile new file mode 100644 index 000000000..ee19cee25 --- /dev/null +++ b/etc/start-tor-browser.profile
@@ -0,0 +1,20 @@
		1	# Firejail profile for the Tor Brower Bundle
		2	include /etc/firejail/disable-common.inc
		3	include /etc/firejail/disable-devel.inc
		4	include /etc/firejail/disable-passwdmgr.inc
		5	include /etc/firejail/disable-programs.inc
		6
		7	caps.drop all
		8	netfilter
		9	nogroups
		10	nonewprivs
		11	noroot
		12	protocol unix,inet,inet6
		13	seccomp
		14	shell none
		15	tracelog
		16
		17	private-bin bash,grep,sed,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf
		18	private-etc fonts
		19	private-dev
		20	private-tmp


diff --git a/etc/xiphos.profile b/etc/xiphos.profile new file mode 100644 index 000000000..b7fb6ecf3 --- /dev/null +++ b/etc/xiphos.profile
@@ -0,0 +1,30 @@
		1	# Firejail profile for xiphos
		2	noblacklist ~/.sword
		3	noblacklist ~/.xiphos
		4
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-devel.inc
		7	include /etc/firejail/disable-passwdmgr.inc
		8	include /etc/firejail/disable-programs.inc
		9
		10	blacklist ~/.bashrc
		11	blacklist ~/.Xauthority
		12
		13	caps.drop all
		14	netfilter
		15	nogroups
		16	nonewprivs
		17	noroot
		18	nosound
		19	protocol unix,inet,inet6
		20	seccomp
		21	shell none
		22	tracelog
		23
		24	private-bin xiphos
		25	private-etc fonts,resolv.conf,sword
		26	private-dev
		27	private-tmp
		28
		29	whitelist ${HOME}/.sword
		30	whitelist ${HOME}/.xiphos