Merge pull request #872 from Fred-Barclay/extra-profiles

Extra profiles
author: netblue30 <netblue30@yahoo.com> 2016-10-26 09:08:58 -0400
committer: GitHub <noreply@github.com> 2016-10-26 09:08:58 -0400
commit: 33ee2da69f91d719f318a3c93cc3c2eaf5ce4e20 (patch)
tree: 2982f885d297ee3ea00b36bb1f6d67ed59ab0887 /etc
parent: fixes (diff)
parent: typo #2 (diff)
download: firejail-33ee2da69f91d719f318a3c93cc3c2eaf5ce4e20.tar.gz
firejail-33ee2da69f91d719f318a3c93cc3c2eaf5ce4e20.tar.zst
firejail-33ee2da69f91d719f318a3c93cc3c2eaf5ce4e20.zip
4 files changed, 53 insertions, 1 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index edd4ee374..6e22fe04d 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -7,6 +7,8 @@ blacklist ${HOME}/.wine
 blacklist ${HOME}/.Mathematica
 blacklist ${HOME}/.Wolfram Research
 blacklist ${HOME}/.stellarium
+blacklist ${HOME}/.sword
+blacklist ${HOME}/.xiphos
 blacklist ${HOME}/.config/Atom
 blacklist ${HOME}/.config/gthumb
 blacklist ${HOME}/.config/mupen64plus
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
index 0cc6c416b..801304c18 100644
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@@ -6,7 +6,6 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 # Whitelist
-mkdir ~/.config/Gpredict
 whitelist ~/.config/Gpredict
 caps.drop all
@@ -21,5 +20,6 @@ shell none
 tracelog
 private-bin gpredict
+private-etc fonts,resolv.conf
 private-dev
 private-tmp
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
new file mode 100644
index 000000000..ee19cee25
--- /dev/null
+++ b/etc/start-tor-browser.profile
@@ -0,0 +1,20 @@
+# Firejail profile for the Tor Brower Bundle
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-bin bash,grep,sed,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf
+private-etc fonts
+private-dev
+private-tmp
diff --git a/etc/xiphos.profile b/etc/xiphos.profile
new file mode 100644
index 000000000..b7fb6ecf3
--- /dev/null
+++ b/etc/xiphos.profile
@@ -0,0 +1,30 @@
+# Firejail profile for xiphos
+noblacklist ~/.sword
+noblacklist ~/.xiphos
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+blacklist ~/.bashrc
+blacklist ~/.Xauthority
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-bin xiphos
+private-etc fonts,resolv.conf,sword
+private-dev
+private-tmp
+whitelist ${HOME}/.sword
+whitelist ${HOME}/.xiphos
author	netblue30 <netblue30@yahoo.com>	2016-10-26 09:08:58 -0400
committer	GitHub <noreply@github.com>	2016-10-26 09:08:58 -0400
commit	33ee2da69f91d719f318a3c93cc3c2eaf5ce4e20 (patch)
tree	2982f885d297ee3ea00b36bb1f6d67ed59ab0887 /etc
parent	fixes (diff)
parent	typo #2 (diff)
download	firejail-33ee2da69f91d719f318a3c93cc3c2eaf5ce4e20.tar.gz firejail-33ee2da69f91d719f318a3c93cc3c2eaf5ce4e20.tar.zst firejail-33ee2da69f91d719f318a3c93cc3c2eaf5ce4e20.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index edd4ee374..6e22fe04d 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -7,6 +7,8 @@ blacklist ${HOME}/.wine
7	blacklist ${HOME}/.Mathematica	7	blacklist ${HOME}/.Mathematica
8	blacklist ${HOME}/.Wolfram Research	8	blacklist ${HOME}/.Wolfram Research
9	blacklist ${HOME}/.stellarium	9	blacklist ${HOME}/.stellarium
		10	blacklist ${HOME}/.sword
		11	blacklist ${HOME}/.xiphos
10	blacklist ${HOME}/.config/Atom	12	blacklist ${HOME}/.config/Atom
11	blacklist ${HOME}/.config/gthumb	13	blacklist ${HOME}/.config/gthumb
12	blacklist ${HOME}/.config/mupen64plus	14	blacklist ${HOME}/.config/mupen64plus


diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 0cc6c416b..801304c18 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile
@@ -6,7 +6,6 @@ include /etc/firejail/disable-passwdmgr.inc
6	include /etc/firejail/disable-programs.inc	6	include /etc/firejail/disable-programs.inc
7		7
8	# Whitelist	8	# Whitelist
9	mkdir ~/.config/Gpredict
10	whitelist ~/.config/Gpredict	9	whitelist ~/.config/Gpredict
11		10
12	caps.drop all	11	caps.drop all
@@ -21,5 +20,6 @@ shell none
21	tracelog	20	tracelog
22		21
23	private-bin gpredict	22	private-bin gpredict
		23	private-etc fonts,resolv.conf
24	private-dev	24	private-dev
25	private-tmp	25	private-tmp


diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile new file mode 100644 index 000000000..ee19cee25 --- /dev/null +++ b/etc/start-tor-browser.profile
@@ -0,0 +1,20 @@
		1	# Firejail profile for the Tor Brower Bundle
		2	include /etc/firejail/disable-common.inc
		3	include /etc/firejail/disable-devel.inc
		4	include /etc/firejail/disable-passwdmgr.inc
		5	include /etc/firejail/disable-programs.inc
		6
		7	caps.drop all
		8	netfilter
		9	nogroups
		10	nonewprivs
		11	noroot
		12	protocol unix,inet,inet6
		13	seccomp
		14	shell none
		15	tracelog
		16
		17	private-bin bash,grep,sed,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf
		18	private-etc fonts
		19	private-dev
		20	private-tmp


diff --git a/etc/xiphos.profile b/etc/xiphos.profile new file mode 100644 index 000000000..b7fb6ecf3 --- /dev/null +++ b/etc/xiphos.profile
@@ -0,0 +1,30 @@
		1	# Firejail profile for xiphos
		2	noblacklist ~/.sword
		3	noblacklist ~/.xiphos
		4
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-devel.inc
		7	include /etc/firejail/disable-passwdmgr.inc
		8	include /etc/firejail/disable-programs.inc
		9
		10	blacklist ~/.bashrc
		11	blacklist ~/.Xauthority
		12
		13	caps.drop all
		14	netfilter
		15	nogroups
		16	nonewprivs
		17	noroot
		18	nosound
		19	protocol unix,inet,inet6
		20	seccomp
		21	shell none
		22	tracelog
		23
		24	private-bin xiphos
		25	private-etc fonts,resolv.conf,sword
		26	private-dev
		27	private-tmp
		28
		29	whitelist ${HOME}/.sword
		30	whitelist ${HOME}/.xiphos