diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-05-02 00:15:12 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-05-02 00:15:12 +0000 |
commit | 7734a60d6fa12b22f179fe502d4bec70dba6d243 (patch) | |
tree | 57f8f69d6079ab42bf0f00c5341661d7d976e0d5 /etc | |
parent | Comment fixes (#2674) (diff) | |
download | firejail-7734a60d6fa12b22f179fe502d4bec70dba6d243.tar.gz firejail-7734a60d6fa12b22f179fe502d4bec70dba6d243.tar.zst firejail-7734a60d6fa12b22f179fe502d4bec70dba6d243.zip |
Support Enpass v6 (#2672)
* Refactor enpass profile
Upstream enpass version 6 needs profile adjustments. These are integrated into the refactored profile without dropping support for older versions.
* Support newer Enpass in disable-programs.inc
* Re-add no3d and move whitelist lines in enpass.profile
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/enpass.profile | 22 |
2 files changed, 22 insertions, 4 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index f0d6611ad..3b540b8a2 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -100,6 +100,7 @@ blacklist ${HOME}/.config/Rambox | |||
100 | blacklist ${HOME}/.config/Riot | 100 | blacklist ${HOME}/.config/Riot |
101 | blacklist ${HOME}/.config/Rocket.Chat | 101 | blacklist ${HOME}/.config/Rocket.Chat |
102 | blacklist ${HOME}/.config/Signal | 102 | blacklist ${HOME}/.config/Signal |
103 | blacklist ${HOME}/.config/Sinew Software Systems | ||
103 | blacklist ${HOME}/.config/Slack | 104 | blacklist ${HOME}/.config/Slack |
104 | blacklist ${HOME}/.config/Standard Notes | 105 | blacklist ${HOME}/.config/Standard Notes |
105 | blacklist ${HOME}/.config/SubDownloader | 106 | blacklist ${HOME}/.config/SubDownloader |
@@ -261,6 +262,7 @@ blacklist ${HOME}/.config/redshift.conf | |||
261 | blacklist ${HOME}/.config/remmina | 262 | blacklist ${HOME}/.config/remmina |
262 | blacklist ${HOME}/.config/ristretto | 263 | blacklist ${HOME}/.config/ristretto |
263 | blacklist ${HOME}/.config/scribus | 264 | blacklist ${HOME}/.config/scribus |
265 | blacklist ${HOME}/.config/sinew.in | ||
264 | blacklist ${HOME}/.config/skypeforlinux | 266 | blacklist ${HOME}/.config/skypeforlinux |
265 | blacklist ${HOME}/.config/slimjet | 267 | blacklist ${HOME}/.config/slimjet |
266 | blacklist ${HOME}/.config/smplayer | 268 | blacklist ${HOME}/.config/smplayer |
@@ -428,6 +430,7 @@ blacklist ${HOME}/.local/share/0ad | |||
428 | blacklist ${HOME}/.local/share/3909/PapersPlease | 430 | blacklist ${HOME}/.local/share/3909/PapersPlease |
429 | blacklist ${HOME}/.local/share/Anki2 | 431 | blacklist ${HOME}/.local/share/Anki2 |
430 | blacklist ${HOME}/.local/share/Empathy | 432 | blacklist ${HOME}/.local/share/Empathy |
433 | blacklist ${HOME}/.local/share/Enpass | ||
431 | blacklist ${HOME}/.local/share/JetBrains | 434 | blacklist ${HOME}/.local/share/JetBrains |
432 | blacklist ${HOME}/.local/share/Mendeley Ltd. | 435 | blacklist ${HOME}/.local/share/Mendeley Ltd. |
433 | blacklist ${HOME}/.local/share/Mumble | 436 | blacklist ${HOME}/.local/share/Mumble |
@@ -633,6 +636,7 @@ blacklist ${HOME}/.cache/8pecxstudios | |||
633 | blacklist ${HOME}/.cache/Authenticator | 636 | blacklist ${HOME}/.cache/Authenticator |
634 | blacklist ${HOME}/.cache/Clementine | 637 | blacklist ${HOME}/.cache/Clementine |
635 | blacklist ${HOME}/.cache/Enox | 638 | blacklist ${HOME}/.cache/Enox |
639 | blacklist ${HOME}/.cache/Enpass | ||
636 | blacklist ${HOME}/.cache/Franz | 640 | blacklist ${HOME}/.cache/Franz |
637 | blacklist ${HOME}/.cache/INRIA | 641 | blacklist ${HOME}/.cache/INRIA |
638 | blacklist ${HOME}/.cache/MusicBrainz | 642 | blacklist ${HOME}/.cache/MusicBrainz |
diff --git a/etc/enpass.profile b/etc/enpass.profile index 284b9259d..b337c721d 100644 --- a/etc/enpass.profile +++ b/etc/enpass.profile | |||
@@ -6,7 +6,10 @@ include enpass.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Enpass | ||
10 | noblacklist ${HOME}/.config/sinew.in | ||
9 | noblacklist ${HOME}/.config/Sinew Software Systems | 11 | noblacklist ${HOME}/.config/Sinew Software Systems |
12 | noblacklist ${HOME}/.local/share/Enpass | ||
10 | noblacklist ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
11 | 14 | ||
12 | include disable-common.inc | 15 | include disable-common.inc |
@@ -17,11 +20,21 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 20 | include disable-programs.inc |
18 | include disable-xdg.inc | 21 | include disable-xdg.inc |
19 | 22 | ||
23 | whitelist ${HOME}/.cache/Enpass | ||
24 | whitelist ${HOME}/.config/sinew.in | ||
25 | whitelist ${HOME}/.config/Sinew Software Systems | ||
26 | whitelist ${HOME}/.local/share/Enpass | ||
27 | whitelist ${DOCUMENTS} | ||
28 | |||
20 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
21 | 30 | ||
31 | # machine-id and nosound break audio notification functionality | ||
32 | # comment both if you need that functionality or put 'ignore machine-id' | ||
33 | # and 'ignore nosound' in your enpass.local | ||
34 | |||
22 | caps.drop all | 35 | caps.drop all |
23 | machine-id | 36 | machine-id |
24 | net none | 37 | netfilter |
25 | no3d | 38 | no3d |
26 | nodvd | 39 | nodvd |
27 | nogroups | 40 | nogroups |
@@ -31,14 +44,15 @@ nosound | |||
31 | notv | 44 | notv |
32 | nou2f | 45 | nou2f |
33 | novideo | 46 | novideo |
34 | protocol unix | 47 | protocol unix,inet,inet6,netlink |
35 | seccomp | 48 | seccomp |
36 | shell none | 49 | shell none |
37 | tracelog | 50 | tracelog |
38 | 51 | ||
39 | private-bin sh,readlink,dirname | 52 | private-bin dirname,Enpass,importer_enpass,sh,readlink |
53 | ?HAS_APPIMAGE: ignore private-dev | ||
40 | private-dev | 54 | private-dev |
41 | private-opt Enpass | 55 | private-opt Enpass |
42 | private-tmp | 56 | private-tmp |
43 | 57 | ||
44 | memory-deny-write-execute | 58 | #memory-deny-write-execute - breaks on Arch |