Merge pull request #4681 from jmetrius/openstego-profile

Add OpenStego profile
author: netblue30 <netblue30@protonmail.com> 2021-11-13 12:19:09 +0000
committer: GitHub <noreply@github.com> 2021-11-13 12:19:09 +0000
commit: 92307735bd07ad3d677429aa04795209204102ec (patch)
tree: e908ed688db35e0cdade9c5fd4cb5add48d7ddf7 /etc
parent: Merge pull request #4679 from pirate486743186/patch-3 (diff)
parent: implement review suggestions (diff)
download: firejail-92307735bd07ad3d677429aa04795209204102ec.tar.gz
firejail-92307735bd07ad3d677429aa04795209204102ec.tar.zst
firejail-92307735bd07ad3d677429aa04795209204102ec.zip
2 files changed, 59 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index e78f15e10..254d05e8e 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -1120,6 +1120,7 @@ blacklist ${HOME}/TeamSpeak3-Client-linux_x86
 blacklist ${HOME}/hyperrogue.ini
 blacklist ${HOME}/i2p
 blacklist ${HOME}/mps
+blacklist ${HOME}/openstego.ini
 blacklist ${HOME}/wallet.dat
 blacklist ${HOME}/yt-dlp.conf
 blacklist ${RUNUSER}/*firefox*
diff --git a/etc/profile-m-z/openstego.profile b/etc/profile-m-z/openstego.profile
new file mode 100644
index 000000000..f6622b38d
--- /dev/null
+++ b/etc/profile-m-z/openstego.profile
@@ -0,0 +1,58 @@
+# Firejail profile for OpenStego
+# Description: Steganography application that provides data hiding and watermarking functionality
+# This file is overwritten after every install/update
+# Persistent local customizations
+include openstego.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/openstego.ini
+# Allow java (blacklisted by disable-devel.inc)
+include allow-java.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+mkfile ${HOME}/openstego.ini
+whitelist ${HOME}/openstego.ini
+whitelist ${HOME}/.java
+whitelist ${PICTURES}
+whitelist ${DOCUMENTS}
+whitelist ${DESKTOP}
+whitelist /usr/share/java
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+caps.drop all
+machine-id
+net none
+no3d
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin bash,dirname,openstego,readlink,sh
+private-cache
+private-dev
+private-tmp
+dbus-user none
+dbus-system none
author	netblue30 <netblue30@protonmail.com>	2021-11-13 12:19:09 +0000
committer	GitHub <noreply@github.com>	2021-11-13 12:19:09 +0000
commit	92307735bd07ad3d677429aa04795209204102ec (patch)
tree	e908ed688db35e0cdade9c5fd4cb5add48d7ddf7 /etc
parent	Merge pull request #4679 from pirate486743186/patch-3 (diff)
parent	implement review suggestions (diff)
download	firejail-92307735bd07ad3d677429aa04795209204102ec.tar.gz firejail-92307735bd07ad3d677429aa04795209204102ec.tar.zst firejail-92307735bd07ad3d677429aa04795209204102ec.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index e78f15e10..254d05e8e 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -1120,6 +1120,7 @@ blacklist ${HOME}/TeamSpeak3-Client-linux_x86
1120	blacklist ${HOME}/hyperrogue.ini	1120	blacklist ${HOME}/hyperrogue.ini
1121	blacklist ${HOME}/i2p	1121	blacklist ${HOME}/i2p
1122	blacklist ${HOME}/mps	1122	blacklist ${HOME}/mps
		1123	blacklist ${HOME}/openstego.ini
1123	blacklist ${HOME}/wallet.dat	1124	blacklist ${HOME}/wallet.dat
1124	blacklist ${HOME}/yt-dlp.conf	1125	blacklist ${HOME}/yt-dlp.conf
1125	blacklist ${RUNUSER}/firefox	1126	blacklist ${RUNUSER}/firefox


diff --git a/etc/profile-m-z/openstego.profile b/etc/profile-m-z/openstego.profile new file mode 100644 index 000000000..f6622b38d --- /dev/null +++ b/etc/profile-m-z/openstego.profile
@@ -0,0 +1,58 @@
		1	# Firejail profile for OpenStego
		2	# Description: Steganography application that provides data hiding and watermarking functionality
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include openstego.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/openstego.ini
		10
		11	# Allow java (blacklisted by disable-devel.inc)
		12	include allow-java.inc
		13
		14	include disable-common.inc
		15	include disable-devel.inc
		16	include disable-exec.inc
		17	include disable-interpreters.inc
		18	include disable-proc.inc
		19	include disable-programs.inc
		20
		21	mkfile ${HOME}/openstego.ini
		22	whitelist ${HOME}/openstego.ini
		23	whitelist ${HOME}/.java
		24	whitelist ${PICTURES}
		25	whitelist ${DOCUMENTS}
		26	whitelist ${DESKTOP}
		27	whitelist /usr/share/java
		28	include whitelist-common.inc
		29	include whitelist-run-common.inc
		30	include whitelist-runuser-common.inc
		31	include whitelist-usr-share-common.inc
		32	include whitelist-var-common.inc
		33
		34	caps.drop all
		35	machine-id
		36	net none
		37	no3d
		38	nogroups
		39	noinput
		40	nonewprivs
		41	noroot
		42	nosound
		43	notv
		44	nou2f
		45	novideo
		46	seccomp
		47	seccomp.block-secondary
		48	shell none
		49	tracelog
		50
		51	disable-mnt
		52	private-bin bash,dirname,openstego,readlink,sh
		53	private-cache
		54	private-dev
		55	private-tmp
		56
		57	dbus-user none
		58	dbus-system none