add kopete profile

author: smitsohu <smitsohu@gmail.com> 2017-10-29 20:18:36 +0100
committer: smitsohu <smitsohu@gmail.com> 2017-10-29 20:18:36 +0100
commit: 44adaf47214a6d1c290fca390c73fc0b9560f660 (patch)
tree: 8a84d003c346014523edeeff8ea39bce3977f607 /etc
parent: fix and harden various profiles (diff)
download: firejail-44adaf47214a6d1c290fca390c73fc0b9560f660.tar.gz
firejail-44adaf47214a6d1c290fca390c73fc0b9560f660.tar.zst
firejail-44adaf47214a6d1c290fca390c73fc0b9560f660.zip
2 files changed, 46 insertions, 8 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 0e5400dd6..9bfef1f5e 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -233,6 +233,7 @@ blacklist ${HOME}/.kde/share/apps/kcookiejar
 blacklist ${HOME}/.kde/share/apps/khtml
 blacklist ${HOME}/.kde/share/apps/konqsidebartng
 blacklist ${HOME}/.kde/share/apps/konqueror
+blacklist ${HOME}/.kde/share/apps/kopete
 blacklist ${HOME}/.kde/share/apps/okular
 blacklist ${HOME}/.kde/share/config/baloofilerc
 blacklist ${HOME}/.kde/share/config/baloorc
@@ -244,28 +245,31 @@ blacklist ${HOME}/.kde/share/config/khtmlrc
 blacklist ${HOME}/.kde/share/config/konq_history
 blacklist ${HOME}/.kde/share/config/konqsidebartngrc
 blacklist ${HOME}/.kde/share/config/konquerorrc
+blacklist ${HOME}/.kde/share/config/kopeterc
 blacklist ${HOME}/.kde/share/config/ktorrentrc
 blacklist ${HOME}/.kde/share/config/okularpartrc
 blacklist ${HOME}/.kde/share/config/okularrc
-blacklist ${HOME}/.kde4/share/config/baloorc
+blacklist ${HOME}/.kde4/share/apps/gwenview
-blacklist ${HOME}/.kde4/share/config/baloofilerc
+blacklist ${HOME}/.kde4/share/apps/kcookiejar
-blacklist ${HOME}/.kde4/share/apps/okular
+blacklist ${HOME}/.kde4/share/apps/khtml
 blacklist ${HOME}/.kde4/share/apps/konqueror
 blacklist ${HOME}/.kde4/share/apps/konqsidebartng
-blacklist ${HOME}/.kde4/share/apps/khtml
+blacklist ${HOME}/.kde4/share/apps/kopete
-blacklist ${HOME}/.kde4/share/apps/kcookiejar
+blacklist ${HOME}/.kde4/share/apps/okular
+blacklist ${HOME}/.kde4/share/config/baloorc
+blacklist ${HOME}/.kde4/share/config/baloofilerc
 blacklist ${HOME}/.kde4/share/config/digikam
-blacklist ${HOME}/.kde4/share/apps/gwenview
+blacklist ${HOME}/.kde4/share/config/gwenviewrc
+blacklist ${HOME}/.kde4/share/config/k3brc
 blacklist ${HOME}/.kde4/share/config/kcookiejarrc
 blacklist ${HOME}/.kde4/share/config/khtmlrc
 blacklist ${HOME}/.kde4/share/config/konq_history
 blacklist ${HOME}/.kde4/share/config/konqsidebartngrc
 blacklist ${HOME}/.kde4/share/config/konquerorrc
+blacklist ${HOME}/.kde4/share/config/kopeterc
 blacklist ${HOME}/.kde4/share/config/okularpartrc
 blacklist ${HOME}/.kde4/share/config/okularrc
 blacklist ${HOME}/.kde4/share/config/ktorrentrc
-blacklist ${HOME}/.kde4/share/config/gwenviewrc
-blacklist ${HOME}/.kde4/share/config/k3brc
 blacklist ${HOME}/.killingfloor
 blacklist ${HOME}/.kino-history
 blacklist ${HOME}/.kinorc
diff --git a/etc/kopete.profile b/etc/kopete.profile
new file mode 100644
index 000000000..3e943c162
--- /dev/null
+++ b/etc/kopete.profile
@@ -0,0 +1,34 @@
+# Firejail profile for kopete
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/kopete.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ~/.kde/share/apps/kopete
+noblacklist ~/.kde/share/config/kopeterc
+noblacklist ~/.kde4/share/apps/kopete
+noblacklist ~/.kde4/share/config/kopeterc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6,netlink
+seccomp
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	smitsohu <smitsohu@gmail.com>	2017-10-29 20:18:36 +0100
committer	smitsohu <smitsohu@gmail.com>	2017-10-29 20:18:36 +0100
commit	44adaf47214a6d1c290fca390c73fc0b9560f660 (patch)
tree	8a84d003c346014523edeeff8ea39bce3977f607 /etc
parent	fix and harden various profiles (diff)
download	firejail-44adaf47214a6d1c290fca390c73fc0b9560f660.tar.gz firejail-44adaf47214a6d1c290fca390c73fc0b9560f660.tar.zst firejail-44adaf47214a6d1c290fca390c73fc0b9560f660.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0e5400dd6..9bfef1f5e 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -233,6 +233,7 @@ blacklist ${HOME}/.kde/share/apps/kcookiejar
233	blacklist ${HOME}/.kde/share/apps/khtml	233	blacklist ${HOME}/.kde/share/apps/khtml
234	blacklist ${HOME}/.kde/share/apps/konqsidebartng	234	blacklist ${HOME}/.kde/share/apps/konqsidebartng
235	blacklist ${HOME}/.kde/share/apps/konqueror	235	blacklist ${HOME}/.kde/share/apps/konqueror
		236	blacklist ${HOME}/.kde/share/apps/kopete
236	blacklist ${HOME}/.kde/share/apps/okular	237	blacklist ${HOME}/.kde/share/apps/okular
237	blacklist ${HOME}/.kde/share/config/baloofilerc	238	blacklist ${HOME}/.kde/share/config/baloofilerc
238	blacklist ${HOME}/.kde/share/config/baloorc	239	blacklist ${HOME}/.kde/share/config/baloorc
@@ -244,28 +245,31 @@ blacklist ${HOME}/.kde/share/config/khtmlrc
244	blacklist ${HOME}/.kde/share/config/konq_history	245	blacklist ${HOME}/.kde/share/config/konq_history
245	blacklist ${HOME}/.kde/share/config/konqsidebartngrc	246	blacklist ${HOME}/.kde/share/config/konqsidebartngrc
246	blacklist ${HOME}/.kde/share/config/konquerorrc	247	blacklist ${HOME}/.kde/share/config/konquerorrc
		248	blacklist ${HOME}/.kde/share/config/kopeterc
247	blacklist ${HOME}/.kde/share/config/ktorrentrc	249	blacklist ${HOME}/.kde/share/config/ktorrentrc
248	blacklist ${HOME}/.kde/share/config/okularpartrc	250	blacklist ${HOME}/.kde/share/config/okularpartrc
249	blacklist ${HOME}/.kde/share/config/okularrc	251	blacklist ${HOME}/.kde/share/config/okularrc
250	blacklist ${HOME}/.kde4/share/config/baloorc	252	blacklist ${HOME}/.kde4/share/apps/gwenview
251	blacklist ${HOME}/.kde4/share/config/baloofilerc	253	blacklist ${HOME}/.kde4/share/apps/kcookiejar
252	blacklist ${HOME}/.kde4/share/apps/okular	254	blacklist ${HOME}/.kde4/share/apps/khtml
253	blacklist ${HOME}/.kde4/share/apps/konqueror	255	blacklist ${HOME}/.kde4/share/apps/konqueror
254	blacklist ${HOME}/.kde4/share/apps/konqsidebartng	256	blacklist ${HOME}/.kde4/share/apps/konqsidebartng
255	blacklist ${HOME}/.kde4/share/apps/khtml	257	blacklist ${HOME}/.kde4/share/apps/kopete
256	blacklist ${HOME}/.kde4/share/apps/kcookiejar	258	blacklist ${HOME}/.kde4/share/apps/okular
		259	blacklist ${HOME}/.kde4/share/config/baloorc
		260	blacklist ${HOME}/.kde4/share/config/baloofilerc
257	blacklist ${HOME}/.kde4/share/config/digikam	261	blacklist ${HOME}/.kde4/share/config/digikam
258	blacklist ${HOME}/.kde4/share/apps/gwenview	262	blacklist ${HOME}/.kde4/share/config/gwenviewrc
		263	blacklist ${HOME}/.kde4/share/config/k3brc
259	blacklist ${HOME}/.kde4/share/config/kcookiejarrc	264	blacklist ${HOME}/.kde4/share/config/kcookiejarrc
260	blacklist ${HOME}/.kde4/share/config/khtmlrc	265	blacklist ${HOME}/.kde4/share/config/khtmlrc
261	blacklist ${HOME}/.kde4/share/config/konq_history	266	blacklist ${HOME}/.kde4/share/config/konq_history
262	blacklist ${HOME}/.kde4/share/config/konqsidebartngrc	267	blacklist ${HOME}/.kde4/share/config/konqsidebartngrc
263	blacklist ${HOME}/.kde4/share/config/konquerorrc	268	blacklist ${HOME}/.kde4/share/config/konquerorrc
		269	blacklist ${HOME}/.kde4/share/config/kopeterc
264	blacklist ${HOME}/.kde4/share/config/okularpartrc	270	blacklist ${HOME}/.kde4/share/config/okularpartrc
265	blacklist ${HOME}/.kde4/share/config/okularrc	271	blacklist ${HOME}/.kde4/share/config/okularrc
266	blacklist ${HOME}/.kde4/share/config/ktorrentrc	272	blacklist ${HOME}/.kde4/share/config/ktorrentrc
267	blacklist ${HOME}/.kde4/share/config/gwenviewrc
268	blacklist ${HOME}/.kde4/share/config/k3brc
269	blacklist ${HOME}/.killingfloor	273	blacklist ${HOME}/.killingfloor
270	blacklist ${HOME}/.kino-history	274	blacklist ${HOME}/.kino-history
271	blacklist ${HOME}/.kinorc	275	blacklist ${HOME}/.kinorc


diff --git a/etc/kopete.profile b/etc/kopete.profile new file mode 100644 index 000000000..3e943c162 --- /dev/null +++ b/etc/kopete.profile
@@ -0,0 +1,34 @@
		1	# Firejail profile for kopete
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/kopete.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	noblacklist ~/.kde/share/apps/kopete
		9	noblacklist ~/.kde/share/config/kopeterc
		10	noblacklist ~/.kde4/share/apps/kopete
		11	noblacklist ~/.kde4/share/config/kopeterc
		12
		13	include /etc/firejail/disable-common.inc
		14	include /etc/firejail/disable-devel.inc
		15	include /etc/firejail/disable-passwdmgr.inc
		16	include /etc/firejail/disable-programs.inc
		17
		18	include /etc/firejail/whitelist-var-common.inc
		19
		20	caps.drop all
		21	netfilter
		22	nodvd
		23	nogroups
		24	nonewprivs
		25	noroot
		26	notv
		27	protocol unix,inet,inet6,netlink
		28	seccomp
		29
		30	private-dev
		31	private-tmp
		32
		33	noexec ${HOME}
		34	noexec /tmp