diff options
-rw-r--r-- | README | 3 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/kdenlive.profile | 2 | ||||
-rw-r--r-- | etc/ocenaudio.profile | 50 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 | ||||
-rw-r--r-- | src/firecfg/main.c | 17 | ||||
-rw-r--r-- | src/firecfg/sound.c | 7 | ||||
-rw-r--r-- | src/man/firecfg.txt | 5 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 |
11 files changed, 83 insertions, 9 deletions
@@ -518,6 +518,8 @@ rogshdo (https://github.com/rogshdo) | |||
518 | - BitlBee profile | 518 | - BitlBee profile |
519 | Ruan (https://github.com/ruany) | 519 | Ruan (https://github.com/ruany) |
520 | - fixed hexchat profile | 520 | - fixed hexchat profile |
521 | rusty-snake (https://github.com/rusty-snake) | ||
522 | - fixed kdenlive profile | ||
521 | Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) | 523 | Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) |
522 | - fixed ktorrent profile | 524 | - fixed ktorrent profile |
523 | sarneaud (https://github.com/sarneaud) | 525 | sarneaud (https://github.com/sarneaud) |
@@ -684,6 +686,7 @@ veloute (https://github.com/veloute) | |||
684 | - added flameshot profile | 686 | - added flameshot profile |
685 | - added jdownloader profile | 687 | - added jdownloader profile |
686 | - fixed discord profile | 688 | - fixed discord profile |
689 | - fixes for various profiles | ||
687 | Vincent43 (https://github.com/Vincent43) | 690 | Vincent43 (https://github.com/Vincent43) |
688 | - apparmor enhancements | 691 | - apparmor enhancements |
689 | vismir2 (https://github.com/vismir2) | 692 | vismir2 (https://github.com/vismir2) |
@@ -148,4 +148,4 @@ QMediathekView, aria2c, Authenticator, checkbashisms, devilspie, devilspie2, eas | |||
148 | bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep, | 148 | bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep, |
149 | lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore, | 149 | lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore, |
150 | lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui, mencoder, gnome-pie, | 150 | lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui, mencoder, gnome-pie, |
151 | masterpdfeditor, QOwnNotes, aisleriot, Mendeley, feedreader | 151 | masterpdfeditor, QOwnNotes, aisleriot, Mendeley, feedreader, ocenaudio |
@@ -11,7 +11,7 @@ firejail (0.9.56.1) baseline; urgency=low | |||
11 | * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh | 11 | * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh |
12 | * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie | 12 | * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie |
13 | * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley | 13 | * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley |
14 | * new profiles: feedreader | 14 | * new profiles: feedreader, ocenaudio |
15 | -- netblue30 <netblue30@yahoo.com> Thu, 11 Oct 2018 08:00:00 -0500 | 15 | -- netblue30 <netblue30@yahoo.com> Thu, 11 Oct 2018 08:00:00 -0500 |
16 | 16 | ||
17 | firejail (0.9.56) baseline; urgency=low | 17 | firejail (0.9.56) baseline; urgency=low |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 796af28f0..7e9d7be80 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -447,6 +447,7 @@ blacklist ${HOME}/.local/share/nautilus-python | |||
447 | blacklist ${HOME}/.local/share/nemo | 447 | blacklist ${HOME}/.local/share/nemo |
448 | blacklist ${HOME}/.local/share/nemo-python | 448 | blacklist ${HOME}/.local/share/nemo-python |
449 | blacklist ${HOME}/.local/share/notes | 449 | blacklist ${HOME}/.local/share/notes |
450 | blacklist ${HOME}/.local/share/ocenaudio | ||
450 | blacklist ${HOME}/.local/share/okular | 451 | blacklist ${HOME}/.local/share/okular |
451 | blacklist ${HOME}/.local/share/orage | 452 | blacklist ${HOME}/.local/share/orage |
452 | blacklist ${HOME}/.local/share/org.kde.gwenview | 453 | blacklist ${HOME}/.local/share/org.kde.gwenview |
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index 2ef44bc7f..f7b5c89b3 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile | |||
@@ -30,7 +30,7 @@ protocol unix,netlink | |||
30 | seccomp | 30 | seccomp |
31 | shell none | 31 | shell none |
32 | 32 | ||
33 | private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper | 33 | private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper,mlt-melt |
34 | private-dev | 34 | private-dev |
35 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg,X11 | 35 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg,X11 |
36 | 36 | ||
diff --git a/etc/ocenaudio.profile b/etc/ocenaudio.profile new file mode 100644 index 000000000..9b11e90f6 --- /dev/null +++ b/etc/ocenaudio.profile | |||
@@ -0,0 +1,50 @@ | |||
1 | # Firejail profile for ocenaudio | ||
2 | # Description: Cross-platform, easy to use, fast and functional audio editor | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include ocenaudio.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.local/share/ocenaudio | ||
10 | noblacklist ${DOCUMENTS} | ||
11 | noblacklist ${MUSIC} | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | ||
18 | include disable-xdg.inc | ||
19 | |||
20 | apparmor | ||
21 | caps.drop all | ||
22 | ipc-namespace | ||
23 | net none | ||
24 | no3d | ||
25 | # nodbus - breaks preferences, comment when needed | ||
26 | nodbus | ||
27 | nodvd | ||
28 | nogroups | ||
29 | nonewprivs | ||
30 | noroot | ||
31 | notv | ||
32 | nou2f | ||
33 | novideo | ||
34 | protocol unix | ||
35 | seccomp | ||
36 | shell none | ||
37 | tracelog | ||
38 | |||
39 | # disable-mnt | ||
40 | # private | ||
41 | private-bin ocenaudio | ||
42 | private-cache | ||
43 | private-dev | ||
44 | private-etc asound.conf,fonts,pulse | ||
45 | # private-lib | ||
46 | private-tmp | ||
47 | |||
48 | # memory-deny-write-execute - breaks on Arch | ||
49 | noexec ${HOME} | ||
50 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index fcc1d04d4..c26ac278f 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -314,6 +314,7 @@ nheko | |||
314 | nitroshare | 314 | nitroshare |
315 | nylas | 315 | nylas |
316 | obs | 316 | obs |
317 | ocenaudio | ||
317 | odt2txt | 318 | odt2txt |
318 | okular | 319 | okular |
319 | onionshare-gui | 320 | onionshare-gui |
diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 84f6a5f77..96ae37bd0 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c | |||
@@ -66,6 +66,7 @@ static void usage(void) { | |||
66 | static void list(void) { | 66 | static void list(void) { |
67 | DIR *dir = opendir(arg_bindir); | 67 | DIR *dir = opendir(arg_bindir); |
68 | if (!dir) { | 68 | if (!dir) { |
69 | perror("opendir"); | ||
69 | fprintf(stderr, "Error: cannot open %s directory\n", arg_bindir); | 70 | fprintf(stderr, "Error: cannot open %s directory\n", arg_bindir); |
70 | exit(1); | 71 | exit(1); |
71 | } | 72 | } |
@@ -103,6 +104,7 @@ static void clean(void) { | |||
103 | 104 | ||
104 | DIR *dir = opendir(arg_bindir); | 105 | DIR *dir = opendir(arg_bindir); |
105 | if (!dir) { | 106 | if (!dir) { |
107 | perror("opendir"); | ||
106 | fprintf(stderr, "Error: cannot open %s directory\n", arg_bindir); | 108 | fprintf(stderr, "Error: cannot open %s directory\n", arg_bindir); |
107 | exit(1); | 109 | exit(1); |
108 | } | 110 | } |
@@ -182,6 +184,7 @@ static void set_links_firecfg(void) { | |||
182 | // parse /usr/lib/firejail/firecfg.cfg file | 184 | // parse /usr/lib/firejail/firecfg.cfg file |
183 | FILE *fp = fopen(cfgfile, "r"); | 185 | FILE *fp = fopen(cfgfile, "r"); |
184 | if (!fp) { | 186 | if (!fp) { |
187 | perror("fopen"); | ||
185 | fprintf(stderr, "Error: cannot open %s\n", cfgfile); | 188 | fprintf(stderr, "Error: cannot open %s\n", cfgfile); |
186 | exit(1); | 189 | exit(1); |
187 | } | 190 | } |
@@ -247,7 +250,8 @@ static void set_links_homedir(const char *homedir) { | |||
247 | 250 | ||
248 | DIR *dir = opendir(dirname); | 251 | DIR *dir = opendir(dirname); |
249 | if (!dir) { | 252 | if (!dir) { |
250 | fprintf(stderr, "Error: cannot open ~/.config/firejail directory\n"); | 253 | perror("opendir"); |
254 | fprintf(stderr, "Error: cannot open %s directory\n", dirname); | ||
251 | free(dirname); | 255 | free(dirname); |
252 | return; | 256 | return; |
253 | } | 257 | } |
@@ -337,7 +341,12 @@ int main(int argc, char **argv) { | |||
337 | 341 | ||
338 | // exit if the directory does not exist, or if we don't have access to it | 342 | // exit if the directory does not exist, or if we don't have access to it |
339 | if (access(arg_bindir, R_OK | W_OK | X_OK)) { | 343 | if (access(arg_bindir, R_OK | W_OK | X_OK)) { |
340 | fprintf(stderr, "Error: directory %s not found\n", arg_bindir); | 344 | if (errno == EACCES) |
345 | fprintf(stderr, "Error: cannot access directory %s: full permissions required\n", arg_bindir); | ||
346 | else { | ||
347 | perror("access"); | ||
348 | fprintf(stderr, "Error: cannot access directory %s\n", arg_bindir); | ||
349 | } | ||
341 | exit(1); | 350 | exit(1); |
342 | } | 351 | } |
343 | } | 352 | } |
@@ -407,6 +416,7 @@ int main(int argc, char **argv) { | |||
407 | } | 416 | } |
408 | else if (bindir_set == 0) { | 417 | else if (bindir_set == 0) { |
409 | // create /usr/local directory if it doesn't exist (Solus distro) | 418 | // create /usr/local directory if it doesn't exist (Solus distro) |
419 | mode_t orig_umask = umask(022); // temporarily set the umask | ||
410 | struct stat s; | 420 | struct stat s; |
411 | if (stat("/usr/local", &s) != 0) { | 421 | if (stat("/usr/local", &s) != 0) { |
412 | printf("Creating /usr/local directory\n"); | 422 | printf("Creating /usr/local directory\n"); |
@@ -417,13 +427,14 @@ int main(int argc, char **argv) { | |||
417 | } | 427 | } |
418 | } | 428 | } |
419 | if (stat(arg_bindir, &s) != 0) { | 429 | if (stat(arg_bindir, &s) != 0) { |
420 | printf("Creating /usr/local directory\n"); | 430 | printf("Creating %s directory\n", arg_bindir); |
421 | int rv = mkdir(arg_bindir, 0755); | 431 | int rv = mkdir(arg_bindir, 0755); |
422 | if (rv != 0) { | 432 | if (rv != 0) { |
423 | fprintf(stderr, "Error: cannot create %s directory\n", arg_bindir); | 433 | fprintf(stderr, "Error: cannot create %s directory\n", arg_bindir); |
424 | return 1; | 434 | return 1; |
425 | } | 435 | } |
426 | } | 436 | } |
437 | umask(orig_umask); | ||
427 | } | 438 | } |
428 | 439 | ||
429 | // clear all symlinks | 440 | // clear all symlinks |
diff --git a/src/firecfg/sound.c b/src/firecfg/sound.c index a4151e405..38b43af62 100644 --- a/src/firecfg/sound.c +++ b/src/firecfg/sound.c | |||
@@ -41,10 +41,13 @@ void sound(void) { | |||
41 | char *fname; | 41 | char *fname; |
42 | if (asprintf(&fname, "%s/.config/pulse/client.conf", home) == -1) | 42 | if (asprintf(&fname, "%s/.config/pulse/client.conf", home) == -1) |
43 | errExit("asprintf"); | 43 | errExit("asprintf"); |
44 | printf("Writing file %s\n", fname); | ||
44 | FILE *fpout = fopen(fname, "w"); | 45 | FILE *fpout = fopen(fname, "w"); |
45 | free(fname); | 46 | if (!fpout) { |
46 | if (!fpout) | 47 | perror("fopen"); |
47 | goto errexit; | 48 | goto errexit; |
49 | } | ||
50 | free(fname); | ||
48 | 51 | ||
49 | // copy default config | 52 | // copy default config |
50 | char buf[MAX_BUF]; | 53 | char buf[MAX_BUF]; |
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt index 80cb201d9..b418faa15 100644 --- a/src/man/firecfg.txt +++ b/src/man/firecfg.txt | |||
@@ -55,6 +55,11 @@ Example: | |||
55 | $ sudo firecfg --add-users dustin lucas mike eleven | 55 | $ sudo firecfg --add-users dustin lucas mike eleven |
56 | 56 | ||
57 | .TP | 57 | .TP |
58 | \fB\-\-bindir=directory | ||
59 | Create and search symbolic links in directory instead of the default location /user/local/bin. | ||
60 | Directory should precede /usr/bin and /bin in the PATH environment variable. | ||
61 | |||
62 | .TP | ||
58 | \fB\-\-clean | 63 | \fB\-\-clean |
59 | Remove all firejail symbolic links. | 64 | Remove all firejail symbolic links. |
60 | 65 | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 8898c6791..42495f52c 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -2484,7 +2484,7 @@ Globbing is the operation that expands a wildcard pattern into the list of pathn | |||
2484 | - '[' denotes a range of characters | 2484 | - '[' denotes a range of characters |
2485 | .br | 2485 | .br |
2486 | .TP | 2486 | .TP |
2487 | The gobing feature is implemented using glibc glob command. For more information on the wildcard syntax see man 7 glob. | 2487 | The globbing feature is implemented using glibc glob command. For more information on the wildcard syntax see man 7 glob. |
2488 | .br | 2488 | .br |
2489 | 2489 | ||
2490 | .br | 2490 | .br |