Aisleriot fixes + add profile for FeedReader

author: Tad <tad@spotco.us> 2018-11-22 13:50:48 -0500
committer: Tad <tad@spotco.us> 2018-11-22 13:50:48 -0500
commit: cc898c19023a9aea92bc7e863f8fd46600d27598 (patch)
tree: 8dcaab722a48b4fe44ddd2b4e7f9c02116d528b0 /etc
parent: playonlinux.profile: allow python (diff)
download: firejail-cc898c19023a9aea92bc7e863f8fd46600d27598.tar.gz
firejail-cc898c19023a9aea92bc7e863f8fd46600d27598.tar.zst
firejail-cc898c19023a9aea92bc7e863f8fd46600d27598.zip
3 files changed, 51 insertions, 8 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 4ef0f2f53..796af28f0 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -408,6 +408,7 @@ blacklist ${HOME}/.local/share/dolphin
 blacklist ${HOME}/.local/share/emailidentities
 blacklist ${HOME}/.local/share/epiphany
 blacklist ${HOME}/.local/share/evolution
+blacklist ${HOME}/.local/share/feedreader
 blacklist ${HOME}/.local/share/feral-interactive
 blacklist ${HOME}/.local/share/gajim
 blacklist ${HOME}/.local/share/geary
@@ -568,6 +569,7 @@ blacklist ${HOME}/.cache/dolphin
 blacklist ${HOME}/.cache/epiphany
 blacklist ${HOME}/.cache/evolution
 blacklist ${HOME}/.cache/falkon
+blacklist ${HOME}/.cache/feedreader
 blacklist ${HOME}/.cache/fossamail
 blacklist ${HOME}/.cache/gajim
 blacklist ${HOME}/.cache/geeqie
diff --git a/etc/feedreader.profile b/etc/feedreader.profile
new file mode 100644
index 000000000..44ed475bc
--- /dev/null
+++ b/etc/feedreader.profile
@@ -0,0 +1,45 @@
+# Firejail profile for feedreader
+# Description: RSS client
+# This file is overwritten after every install/update
+# Persistent local customizations
+include feedreader.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/feedreader
+noblacklist ${HOME}/.local/share/feedreader
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+mkdir ${HOME}/.cache/feedreader
+mkdir ${HOME}/.local/share/feedreader
+whitelist ${HOME}/.cache/feedreader
+whitelist ${HOME}/.local/share/feedreader
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+netfilter
+# no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+# nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/sol.profile b/etc/sol.profile
index c0ad3c739..e5a356f68 100644
--- a/etc/sol.profile
+++ b/etc/sol.profile
@@ -15,13 +15,12 @@ include disable-xdg.inc
 # all necessary files in $HOME are in whitelist-common.inc
 include whitelist-common.inc
 include whitelist-var-common.inc
-net none
 caps.drop all
-# ipc-namespace
+ipc-namespace
-# netfilter
+net none
 # no3d
-# nodbus
+nodbus
 nodvd
 nogroups
 nonewprivs
@@ -35,12 +34,9 @@ seccomp
 shell none
 disable-mnt
-# private
 private-bin sol
-# private-cache
+private-cache
 private-dev
-# private-etc none
-# private-lib
 private-tmp
 memory-deny-write-execute
author	Tad <tad@spotco.us>	2018-11-22 13:50:48 -0500
committer	Tad <tad@spotco.us>	2018-11-22 13:50:48 -0500
commit	cc898c19023a9aea92bc7e863f8fd46600d27598 (patch)
tree	8dcaab722a48b4fe44ddd2b4e7f9c02116d528b0 /etc
parent	playonlinux.profile: allow python (diff)
download	firejail-cc898c19023a9aea92bc7e863f8fd46600d27598.tar.gz firejail-cc898c19023a9aea92bc7e863f8fd46600d27598.tar.zst firejail-cc898c19023a9aea92bc7e863f8fd46600d27598.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 4ef0f2f53..796af28f0 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -408,6 +408,7 @@ blacklist ${HOME}/.local/share/dolphin
408	blacklist ${HOME}/.local/share/emailidentities	408	blacklist ${HOME}/.local/share/emailidentities
409	blacklist ${HOME}/.local/share/epiphany	409	blacklist ${HOME}/.local/share/epiphany
410	blacklist ${HOME}/.local/share/evolution	410	blacklist ${HOME}/.local/share/evolution
		411	blacklist ${HOME}/.local/share/feedreader
411	blacklist ${HOME}/.local/share/feral-interactive	412	blacklist ${HOME}/.local/share/feral-interactive
412	blacklist ${HOME}/.local/share/gajim	413	blacklist ${HOME}/.local/share/gajim
413	blacklist ${HOME}/.local/share/geary	414	blacklist ${HOME}/.local/share/geary
@@ -568,6 +569,7 @@ blacklist ${HOME}/.cache/dolphin
568	blacklist ${HOME}/.cache/epiphany	569	blacklist ${HOME}/.cache/epiphany
569	blacklist ${HOME}/.cache/evolution	570	blacklist ${HOME}/.cache/evolution
570	blacklist ${HOME}/.cache/falkon	571	blacklist ${HOME}/.cache/falkon
		572	blacklist ${HOME}/.cache/feedreader
571	blacklist ${HOME}/.cache/fossamail	573	blacklist ${HOME}/.cache/fossamail
572	blacklist ${HOME}/.cache/gajim	574	blacklist ${HOME}/.cache/gajim
573	blacklist ${HOME}/.cache/geeqie	575	blacklist ${HOME}/.cache/geeqie


diff --git a/etc/feedreader.profile b/etc/feedreader.profile new file mode 100644 index 000000000..44ed475bc --- /dev/null +++ b/etc/feedreader.profile
@@ -0,0 +1,45 @@
		1	# Firejail profile for feedreader
		2	# Description: RSS client
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include feedreader.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.cache/feedreader
		10	noblacklist ${HOME}/.local/share/feedreader
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17
		18	mkdir ${HOME}/.cache/feedreader
		19	mkdir ${HOME}/.local/share/feedreader
		20	whitelist ${HOME}/.cache/feedreader
		21	whitelist ${HOME}/.local/share/feedreader
		22	include whitelist-common.inc
		23	include whitelist-var-common.inc
		24
		25	caps.drop all
		26	netfilter
		27	# no3d
		28	nodvd
		29	nogroups
		30	nonewprivs
		31	noroot
		32	# nosound
		33	notv
		34	nou2f
		35	novideo
		36	protocol unix,inet,inet6
		37	seccomp
		38	shell none
		39
		40	disable-mnt
		41	private-dev
		42	private-tmp
		43
		44	noexec ${HOME}
		45	noexec /tmp


diff --git a/etc/sol.profile b/etc/sol.profile index c0ad3c739..e5a356f68 100644 --- a/etc/sol.profile +++ b/etc/sol.profile
@@ -15,13 +15,12 @@ include disable-xdg.inc
15	# all necessary files in $HOME are in whitelist-common.inc	15	# all necessary files in $HOME are in whitelist-common.inc
16	include whitelist-common.inc	16	include whitelist-common.inc
17	include whitelist-var-common.inc	17	include whitelist-var-common.inc
18	net none
19		18
20	caps.drop all	19	caps.drop all
21	# ipc-namespace	20	ipc-namespace
22	# netfilter	21	net none
23	# no3d	22	# no3d
24	# nodbus	23	nodbus
25	nodvd	24	nodvd
26	nogroups	25	nogroups
27	nonewprivs	26	nonewprivs
@@ -35,12 +34,9 @@ seccomp
35	shell none	34	shell none
36		35
37	disable-mnt	36	disable-mnt
38	# private
39	private-bin sol	37	private-bin sol
40	# private-cache	38	private-cache
41	private-dev	39	private-dev
42	# private-etc none
43	# private-lib
44	private-tmp	40	private-tmp
45		41
46	memory-deny-write-execute	42	memory-deny-write-execute