new profiles

author: netblue30 <netblue30@protonmail.com> 2021-05-20 08:21:45 -0400
committer: netblue30 <netblue30@protonmail.com> 2021-05-20 08:21:45 -0400
commit: eb30ce54e7a8a75db773a1bbe762a3abdf2ccc42 (patch)
tree: ad897bbb49cef1e4cfade7e97669c9149e78ceaa /etc
parent: jailtest -> jailcheck (#4268) (diff)
download: firejail-eb30ce54e7a8a75db773a1bbe762a3abdf2ccc42.tar.gz
firejail-eb30ce54e7a8a75db773a1bbe762a3abdf2ccc42.tar.zst
firejail-eb30ce54e7a8a75db773a1bbe762a3abdf2ccc42.zip
5 files changed, 165 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 90abe1d3e..fddd782c2 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -57,6 +57,7 @@ blacklist ${HOME}/.balsa
 blacklist ${HOME}/.bcast5
 blacklist ${HOME}/.bibletime
 blacklist ${HOME}/.bitcoin
+blacklist ${HOME}/.blobby
 blacklist ${HOME}/.bogofilter
 blacklist ${HOME}/.bzf
 blacklist ${HOME}/.cargo/advisory-db
@@ -109,6 +110,7 @@ blacklist ${HOME}/.config/Jitsi Meet
 blacklist ${HOME}/.config/KDE/neochat
 blacklist ${HOME}/.config/Kid3
 blacklist ${HOME}/.config/Kingsoft
+blacklist ${HOME}/.config/LibreCAD
 blacklist ${HOME}/.config/Loop_Hero
 blacklist ${HOME}/.config/Luminance
 blacklist ${HOME}/.config/LyX
@@ -494,6 +496,7 @@ blacklist ${HOME}/.freecol
 blacklist ${HOME}/.freemind
 blacklist ${HOME}/.frogatto
 blacklist ${HOME}/.frozen-bubble
+blacklist ${HOME}/.funnyboat
 blacklist ${HOME}/.gimp*
 blacklist ${HOME}/.gist
 blacklist ${HOME}/.gitconfig
@@ -606,6 +609,7 @@ blacklist ${HOME}/.local/share/Flavio Tordini
 blacklist ${HOME}/.local/share/JetBrains
 blacklist ${HOME}/.local/share/KDE/neochat
 blacklist ${HOME}/.local/share/Kingsoft
+blacklist ${HOME}/.local/share/LibreCAD
 blacklist ${HOME}/.local/share/Mendeley Ltd.
 blacklist ${HOME}/.local/share/Mumble
 blacklist ${HOME}/.local/share/Nextcloud
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile
new file mode 100644
index 000000000..9bb097b7e
--- /dev/null
+++ b/etc/profile-a-l/blobby.profile
@@ -0,0 +1,52 @@
+# Firejail profile for blobby
+# Persistent local customizations
+include blobby.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.blobby
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.blobby
+whitelist ${HOME}/.blobby
+include whitelist-common.inc
+whitelist /usr/share/blobby
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,netlink,
+netfilter
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin blobby,
+private-lib
+private-dev
+private-etc hosts,group,asound.conf,alsa,machine-id,pulse,drirc,login.defs,passwd,
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
index b970b0dfd..d44d419c1 100644
--- a/etc/profile-a-l/etr.profile
+++ b/etc/profile-a-l/etr.profile
@@ -20,6 +20,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.etr
 whitelist ${HOME}/.etr
 whitelist /usr/share/etr
+# Debian version
+whitelist /usr/share/games/etr
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile
new file mode 100644
index 000000000..e4d9b018e
--- /dev/null
+++ b/etc/profile-a-l/funnyboat.profile
@@ -0,0 +1,57 @@
+# Firejail profile for default
+# This file is overwritten after every install/update
+# Persistent local customizations
+include funnyboat.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.funnyboat
+include disable-common.inc
+include disable-devel.inc
+ignore noexec /dev/shm
+include disable-exec.inc
+include allow-python2.inc
+include allow-python3.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+# include disable-shell.inc
+include disable-write-mnt.inc
+include disable-xdg.inc
+mkdir ${HOME}/.funnyboat
+whitelist ${HOME}/.funnyboat
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+whitelist /usr/share/funnyboat
+# Debian:
+whitelist /usr/share/games/funnyboat
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+# tracelog
+disable-mnt
+private-cache
+private-dev
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile
new file mode 100644
index 000000000..431caf914
--- /dev/null
+++ b/etc/profile-a-l/librecad.profile
@@ -0,0 +1,50 @@
+# Firejail profile for librecad
+# Persistent local customizations
+include librecad.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/LibreCAD
+noblacklist ${HOME}/.local/share/LibreCAD
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+whitelist /usr/share/librecad
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+#nogroups
+#noinput
+nonewprivs
+noroot
+notv
+#nou2f
+novideo
+protocol unix,inet,inet6,
+netfilter
+seccomp
+shell none
+#tracelog
+#disable-mnt
+private-bin librecad,
+#private-lib
+private-dev
+# private-etc cups,drirc,fonts,xdg,passwd,
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
author	netblue30 <netblue30@protonmail.com>	2021-05-20 08:21:45 -0400
committer	netblue30 <netblue30@protonmail.com>	2021-05-20 08:21:45 -0400
commit	eb30ce54e7a8a75db773a1bbe762a3abdf2ccc42 (patch)
tree	ad897bbb49cef1e4cfade7e97669c9149e78ceaa /etc
parent	jailtest -> jailcheck (#4268) (diff)
download	firejail-eb30ce54e7a8a75db773a1bbe762a3abdf2ccc42.tar.gz firejail-eb30ce54e7a8a75db773a1bbe762a3abdf2ccc42.tar.zst firejail-eb30ce54e7a8a75db773a1bbe762a3abdf2ccc42.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 90abe1d3e..fddd782c2 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -57,6 +57,7 @@ blacklist ${HOME}/.balsa
57	blacklist ${HOME}/.bcast5	57	blacklist ${HOME}/.bcast5
58	blacklist ${HOME}/.bibletime	58	blacklist ${HOME}/.bibletime
59	blacklist ${HOME}/.bitcoin	59	blacklist ${HOME}/.bitcoin
		60	blacklist ${HOME}/.blobby
60	blacklist ${HOME}/.bogofilter	61	blacklist ${HOME}/.bogofilter
61	blacklist ${HOME}/.bzf	62	blacklist ${HOME}/.bzf
62	blacklist ${HOME}/.cargo/advisory-db	63	blacklist ${HOME}/.cargo/advisory-db
@@ -109,6 +110,7 @@ blacklist ${HOME}/.config/Jitsi Meet
109	blacklist ${HOME}/.config/KDE/neochat	110	blacklist ${HOME}/.config/KDE/neochat
110	blacklist ${HOME}/.config/Kid3	111	blacklist ${HOME}/.config/Kid3
111	blacklist ${HOME}/.config/Kingsoft	112	blacklist ${HOME}/.config/Kingsoft
		113	blacklist ${HOME}/.config/LibreCAD
112	blacklist ${HOME}/.config/Loop_Hero	114	blacklist ${HOME}/.config/Loop_Hero
113	blacklist ${HOME}/.config/Luminance	115	blacklist ${HOME}/.config/Luminance
114	blacklist ${HOME}/.config/LyX	116	blacklist ${HOME}/.config/LyX
@@ -494,6 +496,7 @@ blacklist ${HOME}/.freecol
494	blacklist ${HOME}/.freemind	496	blacklist ${HOME}/.freemind
495	blacklist ${HOME}/.frogatto	497	blacklist ${HOME}/.frogatto
496	blacklist ${HOME}/.frozen-bubble	498	blacklist ${HOME}/.frozen-bubble
		499	blacklist ${HOME}/.funnyboat
497	blacklist ${HOME}/.gimp*	500	blacklist ${HOME}/.gimp*
498	blacklist ${HOME}/.gist	501	blacklist ${HOME}/.gist
499	blacklist ${HOME}/.gitconfig	502	blacklist ${HOME}/.gitconfig
@@ -606,6 +609,7 @@ blacklist ${HOME}/.local/share/Flavio Tordini
606	blacklist ${HOME}/.local/share/JetBrains	609	blacklist ${HOME}/.local/share/JetBrains
607	blacklist ${HOME}/.local/share/KDE/neochat	610	blacklist ${HOME}/.local/share/KDE/neochat
608	blacklist ${HOME}/.local/share/Kingsoft	611	blacklist ${HOME}/.local/share/Kingsoft
		612	blacklist ${HOME}/.local/share/LibreCAD
609	blacklist ${HOME}/.local/share/Mendeley Ltd.	613	blacklist ${HOME}/.local/share/Mendeley Ltd.
610	blacklist ${HOME}/.local/share/Mumble	614	blacklist ${HOME}/.local/share/Mumble
611	blacklist ${HOME}/.local/share/Nextcloud	615	blacklist ${HOME}/.local/share/Nextcloud


diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile new file mode 100644 index 000000000..9bb097b7e --- /dev/null +++ b/etc/profile-a-l/blobby.profile
@@ -0,0 +1,52 @@
		1	# Firejail profile for blobby
		2	# Persistent local customizations
		3	include blobby.local
		4	# Persistent global definitions
		5	include globals.local
		6
		7	noblacklist ${HOME}/.blobby
		8
		9	include disable-common.inc
		10	include disable-devel.inc
		11	include disable-exec.inc
		12	include disable-interpreters.inc
		13	include disable-passwdmgr.inc
		14	include disable-programs.inc
		15	include disable-shell.inc
		16	include disable-xdg.inc
		17
		18	mkdir ${HOME}/.blobby
		19	whitelist ${HOME}/.blobby
		20	include whitelist-common.inc
		21	whitelist /usr/share/blobby
		22	include whitelist-usr-share-common.inc
		23	include whitelist-var-common.inc
		24
		25	apparmor
		26	caps.drop all
		27	ipc-namespace
		28	netfilter
		29	nodvd
		30	nogroups
		31	noinput
		32	nonewprivs
		33	noroot
		34	notv
		35	nou2f
		36	novideo
		37	protocol unix,inet,netlink,
		38	netfilter
		39	seccomp
		40	shell none
		41	tracelog
		42
		43	disable-mnt
		44	private-bin blobby,
		45	private-lib
		46	private-dev
		47	private-etc hosts,group,asound.conf,alsa,machine-id,pulse,drirc,login.defs,passwd,
		48	private-tmp
		49
		50	dbus-user none
		51	dbus-system none
		52	memory-deny-write-execute


diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index b970b0dfd..d44d419c1 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile
@@ -20,6 +20,8 @@ include disable-xdg.inc
20	mkdir ${HOME}/.etr	20	mkdir ${HOME}/.etr
21	whitelist ${HOME}/.etr	21	whitelist ${HOME}/.etr
22	whitelist /usr/share/etr	22	whitelist /usr/share/etr
		23	# Debian version
		24	whitelist /usr/share/games/etr
23	include whitelist-common.inc	25	include whitelist-common.inc
24	include whitelist-runuser-common.inc	26	include whitelist-runuser-common.inc
25	include whitelist-usr-share-common.inc	27	include whitelist-usr-share-common.inc


diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile new file mode 100644 index 000000000..e4d9b018e --- /dev/null +++ b/etc/profile-a-l/funnyboat.profile
@@ -0,0 +1,57 @@
		1	# Firejail profile for default
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include funnyboat.local
		5	# Persistent global definitions
		6	include globals.local
		7
		8	noblacklist ${HOME}/.funnyboat
		9
		10	include disable-common.inc
		11	include disable-devel.inc
		12	ignore noexec /dev/shm
		13	include disable-exec.inc
		14	include allow-python2.inc
		15	include allow-python3.inc
		16	include disable-interpreters.inc
		17	include disable-passwdmgr.inc
		18	include disable-programs.inc
		19	# include disable-shell.inc
		20	include disable-write-mnt.inc
		21	include disable-xdg.inc
		22
		23	mkdir ${HOME}/.funnyboat
		24	whitelist ${HOME}/.funnyboat
		25	include whitelist-common.inc
		26	include whitelist-runuser-common.inc
		27	whitelist /usr/share/funnyboat
		28	# Debian:
		29	whitelist /usr/share/games/funnyboat
		30	include whitelist-usr-share-common.inc
		31	include whitelist-var-common.inc
		32
		33	apparmor
		34	caps.drop all
		35	ipc-namespace
		36	netfilter
		37	nodvd
		38	nogroups
		39	noinput
		40	nonewprivs
		41	noroot
		42	notv
		43	novideo
		44	protocol unix,inet,inet6
		45	seccomp
		46	shell none
		47	# tracelog
		48
		49	disable-mnt
		50	private-cache
		51	private-dev
		52	private-tmp
		53
		54	dbus-user none
		55	dbus-system none
		56
		57	memory-deny-write-execute


diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile new file mode 100644 index 000000000..431caf914 --- /dev/null +++ b/etc/profile-a-l/librecad.profile
@@ -0,0 +1,50 @@
		1	# Firejail profile for librecad
		2	# Persistent local customizations
		3	include librecad.local
		4	# Persistent global definitions
		5	include globals.local
		6
		7	noblacklist ${HOME}/.config/LibreCAD
		8	noblacklist ${HOME}/.local/share/LibreCAD
		9
		10	include disable-common.inc
		11	include disable-devel.inc
		12	include disable-exec.inc
		13	include disable-interpreters.inc
		14	include disable-passwdmgr.inc
		15	include disable-programs.inc
		16	include disable-shell.inc
		17	include disable-xdg.inc
		18
		19	whitelist /usr/share/librecad
		20	include whitelist-usr-share-common.inc
		21	include whitelist-var-common.inc
		22
		23	apparmor
		24	caps.drop all
		25	ipc-namespace
		26	netfilter
		27	nodvd
		28	#nogroups
		29	#noinput
		30	nonewprivs
		31	noroot
		32	notv
		33	#nou2f
		34	novideo
		35	protocol unix,inet,inet6,
		36	netfilter
		37	seccomp
		38	shell none
		39	#tracelog
		40
		41	#disable-mnt
		42	private-bin librecad,
		43	#private-lib
		44	private-dev
		45	# private-etc cups,drirc,fonts,xdg,passwd,
		46	private-tmp
		47
		48	dbus-user none
		49	dbus-system none
		50	memory-deny-write-execute