Merge pull request #4230 from Kishore96in/neochat_profile

New profile for neochat
author: netblue30 <netblue30@protonmail.com> 2021-05-04 10:30:34 -0500
committer: GitHub <noreply@github.com> 2021-05-04 10:30:34 -0500
commit: ea9d17b2e2a2aaac721cbe7df90857f66eae2142 (patch)
tree: a2751646d72350661d8e2e3b26c87376a49af935 /etc
parent: Merge pull request #4215 from brisad/master (diff)
parent: Correct name for local file. (diff)
download: firejail-ea9d17b2e2a2aaac721cbe7df90857f66eae2142.tar.gz
firejail-ea9d17b2e2a2aaac721cbe7df90857f66eae2142.tar.zst
firejail-ea9d17b2e2a2aaac721cbe7df90857f66eae2142.zip
3 files changed, 99 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 1e1734a9e..cbc8ef6d2 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -106,6 +106,7 @@ blacklist ${HOME}/.config/Gpredict
 blacklist ${HOME}/.config/INRIA
 blacklist ${HOME}/.config/InSilmaril
 blacklist ${HOME}/.config/Jitsi Meet
+blacklist ${HOME}/.config/KDE/neochat
 blacklist ${HOME}/.config/Kid3
 blacklist ${HOME}/.config/Kingsoft
 blacklist ${HOME}/.config/Loop_Hero
@@ -342,6 +343,8 @@ blacklist ${HOME}/.config/mypaint
 blacklist ${HOME}/.config/nano
 blacklist ${HOME}/.config/nautilus
 blacklist ${HOME}/.config/nemo
+blacklist ${HOME}/.config/neochatrc
+blacklist ${HOME}/.config/neochat.notifyrc
 blacklist ${HOME}/.config/neomutt
 blacklist ${HOME}/.config/netsurf
 blacklist ${HOME}/.config/newsbeuter
@@ -601,6 +604,7 @@ blacklist ${HOME}/.local/share/Empathy
 blacklist ${HOME}/.local/share/Enpass
 blacklist ${HOME}/.local/share/Flavio Tordini
 blacklist ${HOME}/.local/share/JetBrains
+blacklist ${HOME}/.local/share/KDE/neochat
 blacklist ${HOME}/.local/share/Kingsoft
 blacklist ${HOME}/.local/share/Mendeley Ltd.
 blacklist ${HOME}/.local/share/Mumble
@@ -993,6 +997,7 @@ blacklist ${HOME}/.cache/inkscape
 blacklist ${HOME}/.cache/inox
 blacklist ${HOME}/.cache/iridium
 blacklist ${HOME}/.cache/kcmshell5
+blacklist ${HOME}/.cache/KDE/neochat
 blacklist ${HOME}/.cache/kdenlive
 blacklist ${HOME}/.cache/keepassxc
 blacklist ${HOME}/.cache/kfind
diff --git a/etc/inc/whitelist-1793-workaround.inc b/etc/inc/whitelist-1793-workaround.inc
new file mode 100644
index 000000000..862837f12
--- /dev/null
+++ b/etc/inc/whitelist-1793-workaround.inc
@@ -0,0 +1,29 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include whitelist-1793-workaround.local
+# This works around bug 1793, and allows whitelisting to be used for some KDE applications.
+noblacklist ${HOME}/.config/ibus
+noblacklist ${HOME}/.config/mimeapps.list
+noblacklist ${HOME}/.config/pkcs11
+noblacklist ${HOME}/.config/user-dirs.dirs
+noblacklist ${HOME}/.config/user-dirs.locale
+noblacklist ${HOME}/.config/dconf
+noblacklist ${HOME}/.config/fontconfig
+noblacklist ${HOME}/.config/gtk-2.0
+noblacklist ${HOME}/.config/gtk-3.0
+noblacklist ${HOME}/.config/gtk-4.0
+noblacklist ${HOME}/.config/gtkrc
+noblacklist ${HOME}/.config/gtkrc-2.0
+noblacklist ${HOME}/.config/Kvantum
+noblacklist ${HOME}/.config/Trolltech.conf
+noblacklist ${HOME}/.config/QtProject.conf
+noblacklist ${HOME}/.config/kdeglobals
+noblacklist ${HOME}/.config/kio_httprc
+noblacklist ${HOME}/.config/kioslaverc
+noblacklist ${HOME}/.config/ksslcablacklist
+noblacklist ${HOME}/.config/qt5ct
+noblacklist ${HOME}/.config/qtcurve
+blacklist ${HOME}/.config/*
+whitelist ${HOME}/.config
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile
new file mode 100644
index 000000000..9185574b7
--- /dev/null
+++ b/etc/profile-m-z/neochat.profile
@@ -0,0 +1,65 @@
+# Firejail profile for neochat
+# Description: Matrix Client
+# This file is overwritten after every install/update
+# Persistent local customizations
+include neochat.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/KDE/neochat
+noblacklist ${HOME}/.config/KDE
+noblacklist ${HOME}/.config/KDE/neochat
+noblacklist ${HOME}/.config/neochatrc
+noblacklist ${HOME}/.config/neochat.notifyrc
+noblacklist ${HOME}/.local/share/KDE/neochat
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/KDE/neochat
+mkdir ${HOME}/.local/share/KDE/neochat
+whitelist ${HOME}/.cache/KDE/neochat
+whitelist ${HOME}/.local/share/KDE/neochat
+whitelist ${DOWNLOADS}
+include whitelist-1793-workaround.inc
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin neochat
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,dbus-1,fonts,host.conf,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg
+private-tmp
+dbus-user filter
+dbus-user.own org.kde.neochat
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.kde.StatusNotifierWatcher
+dbus-user.talk org.kde.kwalletd5
+dbus-system none
author	netblue30 <netblue30@protonmail.com>	2021-05-04 10:30:34 -0500
committer	GitHub <noreply@github.com>	2021-05-04 10:30:34 -0500
commit	ea9d17b2e2a2aaac721cbe7df90857f66eae2142 (patch)
tree	a2751646d72350661d8e2e3b26c87376a49af935 /etc
parent	Merge pull request #4215 from brisad/master (diff)
parent	Correct name for local file. (diff)
download	firejail-ea9d17b2e2a2aaac721cbe7df90857f66eae2142.tar.gz firejail-ea9d17b2e2a2aaac721cbe7df90857f66eae2142.tar.zst firejail-ea9d17b2e2a2aaac721cbe7df90857f66eae2142.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 1e1734a9e..cbc8ef6d2 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -106,6 +106,7 @@ blacklist ${HOME}/.config/Gpredict
106	blacklist ${HOME}/.config/INRIA	106	blacklist ${HOME}/.config/INRIA
107	blacklist ${HOME}/.config/InSilmaril	107	blacklist ${HOME}/.config/InSilmaril
108	blacklist ${HOME}/.config/Jitsi Meet	108	blacklist ${HOME}/.config/Jitsi Meet
		109	blacklist ${HOME}/.config/KDE/neochat
109	blacklist ${HOME}/.config/Kid3	110	blacklist ${HOME}/.config/Kid3
110	blacklist ${HOME}/.config/Kingsoft	111	blacklist ${HOME}/.config/Kingsoft
111	blacklist ${HOME}/.config/Loop_Hero	112	blacklist ${HOME}/.config/Loop_Hero
@@ -342,6 +343,8 @@ blacklist ${HOME}/.config/mypaint
342	blacklist ${HOME}/.config/nano	343	blacklist ${HOME}/.config/nano
343	blacklist ${HOME}/.config/nautilus	344	blacklist ${HOME}/.config/nautilus
344	blacklist ${HOME}/.config/nemo	345	blacklist ${HOME}/.config/nemo
		346	blacklist ${HOME}/.config/neochatrc
		347	blacklist ${HOME}/.config/neochat.notifyrc
345	blacklist ${HOME}/.config/neomutt	348	blacklist ${HOME}/.config/neomutt
346	blacklist ${HOME}/.config/netsurf	349	blacklist ${HOME}/.config/netsurf
347	blacklist ${HOME}/.config/newsbeuter	350	blacklist ${HOME}/.config/newsbeuter
@@ -601,6 +604,7 @@ blacklist ${HOME}/.local/share/Empathy
601	blacklist ${HOME}/.local/share/Enpass	604	blacklist ${HOME}/.local/share/Enpass
602	blacklist ${HOME}/.local/share/Flavio Tordini	605	blacklist ${HOME}/.local/share/Flavio Tordini
603	blacklist ${HOME}/.local/share/JetBrains	606	blacklist ${HOME}/.local/share/JetBrains
		607	blacklist ${HOME}/.local/share/KDE/neochat
604	blacklist ${HOME}/.local/share/Kingsoft	608	blacklist ${HOME}/.local/share/Kingsoft
605	blacklist ${HOME}/.local/share/Mendeley Ltd.	609	blacklist ${HOME}/.local/share/Mendeley Ltd.
606	blacklist ${HOME}/.local/share/Mumble	610	blacklist ${HOME}/.local/share/Mumble
@@ -993,6 +997,7 @@ blacklist ${HOME}/.cache/inkscape
993	blacklist ${HOME}/.cache/inox	997	blacklist ${HOME}/.cache/inox
994	blacklist ${HOME}/.cache/iridium	998	blacklist ${HOME}/.cache/iridium
995	blacklist ${HOME}/.cache/kcmshell5	999	blacklist ${HOME}/.cache/kcmshell5
		1000	blacklist ${HOME}/.cache/KDE/neochat
996	blacklist ${HOME}/.cache/kdenlive	1001	blacklist ${HOME}/.cache/kdenlive
997	blacklist ${HOME}/.cache/keepassxc	1002	blacklist ${HOME}/.cache/keepassxc
998	blacklist ${HOME}/.cache/kfind	1003	blacklist ${HOME}/.cache/kfind


diff --git a/etc/inc/whitelist-1793-workaround.inc b/etc/inc/whitelist-1793-workaround.inc new file mode 100644 index 000000000..862837f12 --- /dev/null +++ b/etc/inc/whitelist-1793-workaround.inc
@@ -0,0 +1,29 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include whitelist-1793-workaround.local
		4	# This works around bug 1793, and allows whitelisting to be used for some KDE applications.
		5
		6	noblacklist ${HOME}/.config/ibus
		7	noblacklist ${HOME}/.config/mimeapps.list
		8	noblacklist ${HOME}/.config/pkcs11
		9	noblacklist ${HOME}/.config/user-dirs.dirs
		10	noblacklist ${HOME}/.config/user-dirs.locale
		11	noblacklist ${HOME}/.config/dconf
		12	noblacklist ${HOME}/.config/fontconfig
		13	noblacklist ${HOME}/.config/gtk-2.0
		14	noblacklist ${HOME}/.config/gtk-3.0
		15	noblacklist ${HOME}/.config/gtk-4.0
		16	noblacklist ${HOME}/.config/gtkrc
		17	noblacklist ${HOME}/.config/gtkrc-2.0
		18	noblacklist ${HOME}/.config/Kvantum
		19	noblacklist ${HOME}/.config/Trolltech.conf
		20	noblacklist ${HOME}/.config/QtProject.conf
		21	noblacklist ${HOME}/.config/kdeglobals
		22	noblacklist ${HOME}/.config/kio_httprc
		23	noblacklist ${HOME}/.config/kioslaverc
		24	noblacklist ${HOME}/.config/ksslcablacklist
		25	noblacklist ${HOME}/.config/qt5ct
		26	noblacklist ${HOME}/.config/qtcurve
		27
		28	blacklist ${HOME}/.config/*
		29	whitelist ${HOME}/.config


diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile new file mode 100644 index 000000000..9185574b7 --- /dev/null +++ b/etc/profile-m-z/neochat.profile
@@ -0,0 +1,65 @@
		1	# Firejail profile for neochat
		2	# Description: Matrix Client
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include neochat.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.cache/KDE/neochat
		10	noblacklist ${HOME}/.config/KDE
		11	noblacklist ${HOME}/.config/KDE/neochat
		12	noblacklist ${HOME}/.config/neochatrc
		13	noblacklist ${HOME}/.config/neochat.notifyrc
		14	noblacklist ${HOME}/.local/share/KDE/neochat
		15
		16	include disable-common.inc
		17	include disable-devel.inc
		18	include disable-exec.inc
		19	include disable-interpreters.inc
		20	include disable-passwdmgr.inc
		21	include disable-programs.inc
		22	include disable-shell.inc
		23	include disable-xdg.inc
		24
		25	mkdir ${HOME}/.cache/KDE/neochat
		26	mkdir ${HOME}/.local/share/KDE/neochat
		27	whitelist ${HOME}/.cache/KDE/neochat
		28	whitelist ${HOME}/.local/share/KDE/neochat
		29	whitelist ${DOWNLOADS}
		30	include whitelist-1793-workaround.inc
		31	include whitelist-common.inc
		32	include whitelist-runuser-common.inc
		33	include whitelist-usr-share-common.inc
		34	include whitelist-var-common.inc
		35
		36	apparmor
		37	caps.drop all
		38	machine-id
		39	netfilter
		40	nodvd
		41	nogroups
		42	nonewprivs
		43	noroot
		44	nosound
		45	notv
		46	nou2f
		47	novideo
		48	protocol unix,inet,inet6
		49	seccomp
		50	seccomp.block-secondary
		51	shell none
		52	tracelog
		53
		54	disable-mnt
		55	private-bin neochat
		56	private-dev
		57	private-etc alternatives,ca-certificates,crypto-policies,dbus-1,fonts,host.conf,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg
		58	private-tmp
		59
		60	dbus-user filter
		61	dbus-user.own org.kde.neochat
		62	dbus-user.talk org.freedesktop.Notifications
		63	dbus-user.talk org.kde.StatusNotifierWatcher
		64	dbus-user.talk org.kde.kwalletd5
		65	dbus-system none