Merge pull request #4098 from tredondo/master

Create bcompare.profile
author: netblue30 <netblue30@protonmail.com> 2021-03-19 07:32:50 -0500
committer: GitHub <noreply@github.com> 2021-03-19 07:32:50 -0500
commit: a7acaa6eabefc759193bc14c60b44921a8a38731 (patch)
tree: 8edf6ac359c1cf66b510d63f51e21bed400a141b /etc
parent: Fix ordering private-etc (diff)
parent: Uncomment nodvd, reuse "uncomment next" msg (diff)
download: firejail-a7acaa6eabefc759193bc14c60b44921a8a38731.tar.gz
firejail-a7acaa6eabefc759193bc14c60b44921a8a38731.tar.zst
firejail-a7acaa6eabefc759193bc14c60b44921a8a38731.zip
2 files changed, 63 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 72fc13103..ca3fcd216 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -166,6 +166,7 @@ blacklist ${HOME}/.config/aweather
 blacklist ${HOME}/.config/backintime
 blacklist ${HOME}/.config/baloofilerc
 blacklist ${HOME}/.config/baloorc
+blacklist ${HOME}/.config/bcompare
 blacklist ${HOME}/.config/blender
 blacklist ${HOME}/.config/bless
 blacklist ${HOME}/.config/bnox
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile
new file mode 100644
index 000000000..178e2dc9f
--- /dev/null
+++ b/etc/profile-a-l/bcompare.profile
@@ -0,0 +1,62 @@
+# Firejail profile for Beyond Compare by Scooter Software
+# Description: directory and file compare utility
+# Disables the network, which only impacts checking for updates.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include bcompare.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/bcompare
+# In case the user decides to include disable-programs.inc, still allow
+# KDE's Gwenview to view images via right click -> Open With -> Associated Application
+noblacklist ${HOME}/.config/gwenviewrc
+# Uncomment the next line (or put it into your bcompare.local) if you don't need to compare files in disable-common.inc
+#include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+# Uncomment the next line (or put it into your bcompare.local) if you don't need to compare files in disable-programs.inc
+#include disable-programs.inc
+# Uncommenting this breaks launch
+# include disable-shell.inc
+include disable-write-mnt.inc
+# Don't disable ${DOCUMENTS}, ${MUSIC}, ${PICTURES}, ${VIDEOS}
+# include disable-xdg.inc
+# include whitelist-common.inc
+# include whitelist-runuser-common.inc
+# include whitelist-usr-share-common.inc
+# include whitelist-var-common.inc
+apparmor
+caps.drop all
+# Uncommenting might break Pulse Audio
+#machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+# Allow applications launched on sound files to play them
+#nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+private-cache
+private-dev
+# see /usr/share/doc/firejail/profile.template for more common private-etc paths.
+# private-etc alternatives,fonts,machine-id
+# Necessary because of the `include disable-exec.inc` line. Prevents error "Error fstat: fs.c:504 fs_remount_simple: Transport endpoint is not connected ... cannot sync with peer: unexpected EOF Peer [...] unexpectedly exited with status 1"
+private-tmp
+dbus-user none
+dbus-system none
author	netblue30 <netblue30@protonmail.com>	2021-03-19 07:32:50 -0500
committer	GitHub <noreply@github.com>	2021-03-19 07:32:50 -0500
commit	a7acaa6eabefc759193bc14c60b44921a8a38731 (patch)
tree	8edf6ac359c1cf66b510d63f51e21bed400a141b /etc
parent	Fix ordering private-etc (diff)
parent	Uncomment nodvd, reuse "uncomment next" msg (diff)
download	firejail-a7acaa6eabefc759193bc14c60b44921a8a38731.tar.gz firejail-a7acaa6eabefc759193bc14c60b44921a8a38731.tar.zst firejail-a7acaa6eabefc759193bc14c60b44921a8a38731.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 72fc13103..ca3fcd216 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -166,6 +166,7 @@ blacklist ${HOME}/.config/aweather
166	blacklist ${HOME}/.config/backintime	166	blacklist ${HOME}/.config/backintime
167	blacklist ${HOME}/.config/baloofilerc	167	blacklist ${HOME}/.config/baloofilerc
168	blacklist ${HOME}/.config/baloorc	168	blacklist ${HOME}/.config/baloorc
		169	blacklist ${HOME}/.config/bcompare
169	blacklist ${HOME}/.config/blender	170	blacklist ${HOME}/.config/blender
170	blacklist ${HOME}/.config/bless	171	blacklist ${HOME}/.config/bless
171	blacklist ${HOME}/.config/bnox	172	blacklist ${HOME}/.config/bnox


diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile new file mode 100644 index 000000000..178e2dc9f --- /dev/null +++ b/etc/profile-a-l/bcompare.profile
@@ -0,0 +1,62 @@
		1	# Firejail profile for Beyond Compare by Scooter Software
		2	# Description: directory and file compare utility
		3	# Disables the network, which only impacts checking for updates.
		4	# This file is overwritten after every install/update
		5	# Persistent local customizations
		6	include bcompare.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	noblacklist ${HOME}/.config/bcompare
		11	# In case the user decides to include disable-programs.inc, still allow
		12	# KDE's Gwenview to view images via right click -> Open With -> Associated Application
		13	noblacklist ${HOME}/.config/gwenviewrc
		14
		15	# Uncomment the next line (or put it into your bcompare.local) if you don't need to compare files in disable-common.inc
		16	#include disable-common.inc
		17	include disable-devel.inc
		18	include disable-exec.inc
		19	include disable-interpreters.inc
		20	include disable-passwdmgr.inc
		21	# Uncomment the next line (or put it into your bcompare.local) if you don't need to compare files in disable-programs.inc
		22	#include disable-programs.inc
		23	# Uncommenting this breaks launch
		24	# include disable-shell.inc
		25	include disable-write-mnt.inc
		26	# Don't disable ${DOCUMENTS}, ${MUSIC}, ${PICTURES}, ${VIDEOS}
		27	# include disable-xdg.inc
		28
		29	# include whitelist-common.inc
		30	# include whitelist-runuser-common.inc
		31	# include whitelist-usr-share-common.inc
		32	# include whitelist-var-common.inc
		33
		34	apparmor
		35	caps.drop all
		36	# Uncommenting might break Pulse Audio
		37	#machine-id
		38	net none
		39	no3d
		40	nodvd
		41	nogroups
		42	nonewprivs
		43	noroot
		44	# Allow applications launched on sound files to play them
		45	#nosound
		46	notv
		47	nou2f
		48	novideo
		49	protocol unix
		50	seccomp
		51	shell none
		52	tracelog
		53
		54	private-cache
		55	private-dev
		56	# see /usr/share/doc/firejail/profile.template for more common private-etc paths.
		57	# private-etc alternatives,fonts,machine-id
		58	# Necessary because of the `include disable-exec.inc` line. Prevents error "Error fstat: fs.c:504 fs_remount_simple: Transport endpoint is not connected ... cannot sync with peer: unexpected EOF Peer [...] unexpectedly exited with status 1"
		59	private-tmp
		60
		61	dbus-user none
		62	dbus-system none