Add a profile for pragha

+ add code-oss to firecfg + potential fix for https://github.com/netblue30/firejail/issues/2051#issuecomment-470665213
author: Tad <tad@spotco.us> 2019-03-07 16:48:53 -0500
committer: Tad <tad@spotco.us> 2019-03-07 16:48:53 -0500
commit: 2dbbb92d936935f6edcd12345461d152ea7b5dc4 (patch)
tree: f9e0416a746fd0db134c239953e1989014479ec1 /etc
parent: merges (diff)
download: firejail-2dbbb92d936935f6edcd12345461d152ea7b5dc4.tar.gz
firejail-2dbbb92d936935f6edcd12345461d152ea7b5dc4.tar.zst
firejail-2dbbb92d936935f6edcd12345461d152ea7b5dc4.zip
3 files changed, 41 insertions, 1 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 54b10acc4..971e00f18 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -239,6 +239,7 @@ blacklist ${HOME}/.config/pitivi
 blacklist ${HOME}/.config/pix
 blacklist ${HOME}/.config/pluma
 blacklist ${HOME}/.config/ppsspp
+blacklist ${HOME}/.config/pragha
 blacklist ${HOME}/.config/psi+
 blacklist ${HOME}/.config/qBittorrent
 blacklist ${HOME}/.config/qBittorrentrc
diff --git a/etc/pragha.profile b/etc/pragha.profile
new file mode 100644
index 000000000..a595caee9
--- /dev/null
+++ b/etc/pragha.profile
@@ -0,0 +1,39 @@
+# Firejail profile for pragha
+# Description: A lightweight GTK music player
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pragha.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/pragha
+noblacklist ${MUSIC}
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-var-common.inc
+caps.drop all
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+private-dev
+private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile
index e974e4304..3953de614 100644
--- a/etc/wire-desktop.profile
+++ b/etc/wire-desktop.profile
@@ -35,7 +35,7 @@ shell none
 # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"
 disable-mnt
-private-bin wire-desktop
+private-bin wire-desktop,bash,sh,env,electron
 private-dev
 private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies
 private-tmp
author	Tad <tad@spotco.us>	2019-03-07 16:48:53 -0500
committer	Tad <tad@spotco.us>	2019-03-07 16:48:53 -0500
commit	2dbbb92d936935f6edcd12345461d152ea7b5dc4 (patch)
tree	f9e0416a746fd0db134c239953e1989014479ec1 /etc
parent	merges (diff)
download	firejail-2dbbb92d936935f6edcd12345461d152ea7b5dc4.tar.gz firejail-2dbbb92d936935f6edcd12345461d152ea7b5dc4.tar.zst firejail-2dbbb92d936935f6edcd12345461d152ea7b5dc4.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 54b10acc4..971e00f18 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -239,6 +239,7 @@ blacklist ${HOME}/.config/pitivi
239	blacklist ${HOME}/.config/pix	239	blacklist ${HOME}/.config/pix
240	blacklist ${HOME}/.config/pluma	240	blacklist ${HOME}/.config/pluma
241	blacklist ${HOME}/.config/ppsspp	241	blacklist ${HOME}/.config/ppsspp
		242	blacklist ${HOME}/.config/pragha
242	blacklist ${HOME}/.config/psi+	243	blacklist ${HOME}/.config/psi+
243	blacklist ${HOME}/.config/qBittorrent	244	blacklist ${HOME}/.config/qBittorrent
244	blacklist ${HOME}/.config/qBittorrentrc	245	blacklist ${HOME}/.config/qBittorrentrc


diff --git a/etc/pragha.profile b/etc/pragha.profile new file mode 100644 index 000000000..a595caee9 --- /dev/null +++ b/etc/pragha.profile
@@ -0,0 +1,39 @@
		1	# Firejail profile for pragha
		2	# Description: A lightweight GTK music player
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include pragha.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/pragha
		10	noblacklist ${MUSIC}
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	include whitelist-var-common.inc
		20
		21	caps.drop all
		22	netfilter
		23	no3d
		24	nogroups
		25	nonewprivs
		26	noroot
		27	notv
		28	nou2f
		29	novideo
		30	protocol unix,inet,inet6
		31	seccomp
		32	shell none
		33
		34	private-dev
		35	private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id
		36	private-tmp
		37
		38	noexec ${HOME}
		39	noexec /tmp


diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index e974e4304..3953de614 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile
@@ -35,7 +35,7 @@ shell none
35	# it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"	35	# it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"
36		36
37	disable-mnt	37	disable-mnt
38	private-bin wire-desktop	38	private-bin wire-desktop,bash,sh,env,electron
39	private-dev	39	private-dev
40	private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies	40	private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies
41	private-tmp	41	private-tmp