Merge branch 'master' of https://github.com/netblue30/firejail

author: startx2017 <vradu.startx@yandex.com> 2018-01-15 08:28:47 -0500
committer: startx2017 <vradu.startx@yandex.com> 2018-01-15 08:28:47 -0500
commit: 73d49c638fa51ba56b01605e7079c8e0556e755b (patch)
tree: cf02716c4ad722255d3e7987ab4e2c01143d92e9 /etc
parent: move copyright statement to 2018 (diff)
parent: Fix #1724, Tor browser not working on Ubuntu and Fedora (diff)
download: firejail-73d49c638fa51ba56b01605e7079c8e0556e755b.tar.gz
firejail-73d49c638fa51ba56b01605e7079c8e0556e755b.tar.zst
firejail-73d49c638fa51ba56b01605e7079c8e0556e755b.zip
4 files changed, 47 insertions, 1 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index e6d425df2..667c209ed 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -155,6 +155,7 @@ blacklist ${HOME}/.config/netsurf
 blacklist ${HOME}/.config/nheko
 blacklist ${HOME}/.config/okularpartrc
 blacklist ${HOME}/.config/okularrc
+blacklist ${HOME}/.config/onionshare
 blacklist ${HOME}/.config/opera
 blacklist ${HOME}/.config/opera-beta
 blacklist ${HOME}/.config/orage
diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile
new file mode 100644
index 000000000..f7a69fa94
--- /dev/null
+++ b/etc/ideaIC.profile
@@ -0,0 +1,10 @@
+# Firejail profile for ideaIC
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/ideaIC.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+# Redirect
+include /etc/firejail/idea.sh.profile
diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile
new file mode 100644
index 000000000..7220f7e1c
--- /dev/null
+++ b/etc/onionshare-gui.profile
@@ -0,0 +1,35 @@
+# Firejail profile for onionshare-gui
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/onionshare-gui.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.config/onionshare
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+private-dev
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 51a5d7735..49b083919 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -33,7 +33,7 @@ tracelog
 disable-mnt
 private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher
 private-dev
-private-etc fonts
+private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates
 private-tmp
 noexec /tmp
author	startx2017 <vradu.startx@yandex.com>	2018-01-15 08:28:47 -0500
committer	startx2017 <vradu.startx@yandex.com>	2018-01-15 08:28:47 -0500
commit	73d49c638fa51ba56b01605e7079c8e0556e755b (patch)
tree	cf02716c4ad722255d3e7987ab4e2c01143d92e9 /etc
parent	move copyright statement to 2018 (diff)
parent	Fix #1724, Tor browser not working on Ubuntu and Fedora (diff)
download	firejail-73d49c638fa51ba56b01605e7079c8e0556e755b.tar.gz firejail-73d49c638fa51ba56b01605e7079c8e0556e755b.tar.zst firejail-73d49c638fa51ba56b01605e7079c8e0556e755b.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e6d425df2..667c209ed 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -155,6 +155,7 @@ blacklist ${HOME}/.config/netsurf
155	blacklist ${HOME}/.config/nheko	155	blacklist ${HOME}/.config/nheko
156	blacklist ${HOME}/.config/okularpartrc	156	blacklist ${HOME}/.config/okularpartrc
157	blacklist ${HOME}/.config/okularrc	157	blacklist ${HOME}/.config/okularrc
		158	blacklist ${HOME}/.config/onionshare
158	blacklist ${HOME}/.config/opera	159	blacklist ${HOME}/.config/opera
159	blacklist ${HOME}/.config/opera-beta	160	blacklist ${HOME}/.config/opera-beta
160	blacklist ${HOME}/.config/orage	161	blacklist ${HOME}/.config/orage


diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile new file mode 100644 index 000000000..f7a69fa94 --- /dev/null +++ b/etc/ideaIC.profile
@@ -0,0 +1,10 @@
		1	# Firejail profile for ideaIC
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/ideaIC.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8
		9	# Redirect
		10	include /etc/firejail/idea.sh.profile


diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile new file mode 100644 index 000000000..7220f7e1c --- /dev/null +++ b/etc/onionshare-gui.profile
@@ -0,0 +1,35 @@
		1	# Firejail profile for onionshare-gui
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/onionshare-gui.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	noblacklist ${HOME}/.config/onionshare
		9
		10	include /etc/firejail/disable-common.inc
		11	include /etc/firejail/disable-devel.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13	include /etc/firejail/disable-programs.inc
		14
		15	caps.drop all
		16	ipc-namespace
		17	netfilter
		18	no3d
		19	nodvd
		20	nogroups
		21	nonewprivs
		22	noroot
		23	nosound
		24	notv
		25	novideo
		26	protocol unix,inet,inet6
		27	seccomp
		28	shell none
		29
		30	private-dev
		31	private-tmp
		32
		33	memory-deny-write-execute
		34	noexec ${HOME}
		35	noexec /tmp


diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 51a5d7735..49b083919 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile
@@ -33,7 +33,7 @@ tracelog
33	disable-mnt	33	disable-mnt
34	private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher	34	private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher
35	private-dev	35	private-dev
36	private-etc fonts	36	private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates
37	private-tmp	37	private-tmp
38		38
39	noexec /tmp	39	noexec /tmp