diff options
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-passwdmgr.inc | 12 | ||||
-rw-r--r-- | etc/keepassxc.profile | 29 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
7 files changed, 42 insertions, 7 deletions
@@ -96,6 +96,8 @@ BogDan Vatra (https://github.com/bog-dan-ro) | |||
96 | Bruno Nova (https://github.com/brunonova) | 96 | Bruno Nova (https://github.com/brunonova) |
97 | - whitelist fix | 97 | - whitelist fix |
98 | - bash arguments fix | 98 | - bash arguments fix |
99 | BytesTuner (https://github.com/BytesTuner) | ||
100 | - provided keepassxc profile | ||
99 | Cat (https://github.com/ecat3) | 101 | Cat (https://github.com/ecat3) |
100 | - prevent tmux connecting to an existing session | 102 | - prevent tmux connecting to an existing session |
101 | creideiki (https://github.com/creideiki) | 103 | creideiki (https://github.com/creideiki) |
@@ -195,4 +195,4 @@ goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nau | |||
195 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, | 195 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, |
196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, | 196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, |
197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, | 197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, |
198 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview | 198 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc |
@@ -41,7 +41,7 @@ firejail (0.9.45) baseline; urgency=low | |||
41 | * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, | 41 | * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, |
42 | * new profies: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, | 42 | * new profies: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, |
43 | * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa | 43 | * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa |
44 | * new profiles: Scribus, mousepad, gpicview | 44 | * new profiles: Scribus, mousepad, gpicview, keepassxc |
45 | * bugfixes | 45 | * bugfixes |
46 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 | 46 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 |
47 | 47 | ||
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index b5260e897..a61516771 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc | |||
@@ -2,10 +2,12 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/disable-passwdmgr.local | 3 | include /etc/firejail/disable-passwdmgr.local |
4 | 4 | ||
5 | blacklist ${HOME}/.lastpass | 5 | blacklist ${HOME}/.config/KeePass |
6 | blacklist ${HOME}/.keepassx | 6 | blacklist ${HOME}/.config/keepass |
7 | blacklist ${HOME}/.config/keepassx | ||
8 | blacklist ${HOME}/.config/keepassxc | ||
7 | blacklist ${HOME}/.keepass | 9 | blacklist ${HOME}/.keepass |
10 | blacklist ${HOME}/.keepassx | ||
11 | blacklist ${HOME}/.keepassxc | ||
12 | blacklist ${HOME}/.lastpass | ||
8 | blacklist ${HOME}/.password-store | 13 | blacklist ${HOME}/.password-store |
9 | blacklist ${HOME}/.config/keepassx | ||
10 | blacklist ${HOME}/.config/keepass | ||
11 | blacklist ${HOME}/.config/KeePass | ||
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile new file mode 100644 index 000000000..b11a0cc5d --- /dev/null +++ b/etc/keepassxc.profile | |||
@@ -0,0 +1,29 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/keepassxc.local | ||
4 | |||
5 | # Firejail profile for KeepassXC | ||
6 | noblacklist ${HOME}/.config/keepassxc | ||
7 | noblacklist ${HOME}/.keepassxc | ||
8 | noblacklist ${HOME}/.*kdbx | ||
9 | noblacklist ${HOME}/.*kdb | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | include /etc/firejail/disable-devel.inc | ||
14 | include /etc/firejail/disable-passwdmgr.inc | ||
15 | |||
16 | caps.drop all | ||
17 | net none | ||
18 | nogroups | ||
19 | nonewprivs | ||
20 | noroot | ||
21 | nosound | ||
22 | #protocol unix | ||
23 | seccomp | ||
24 | shell none | ||
25 | |||
26 | private-bin keepassxc | ||
27 | #private-etc fonts | ||
28 | #private-dev | ||
29 | private-tmp | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index a31f13200..414d1bb93 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -113,6 +113,7 @@ | |||
113 | /etc/firejail/keepass2.profile | 113 | /etc/firejail/keepass2.profile |
114 | /etc/firejail/keepassx.profile | 114 | /etc/firejail/keepassx.profile |
115 | /etc/firejail/keepassx2.profile | 115 | /etc/firejail/keepassx2.profile |
116 | /etc/firejail/keepassxc.profile | ||
116 | /etc/firejail/kmail.profile | 117 | /etc/firejail/kmail.profile |
117 | /etc/firejail/konversation.profile | 118 | /etc/firejail/konversation.profile |
118 | /etc/firejail/less.profile | 119 | /etc/firejail/less.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 5bfd94736..d85d751f4 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -193,6 +193,7 @@ keepass | |||
193 | keepass2 | 193 | keepass2 |
194 | keepassx | 194 | keepassx |
195 | keepassx2 | 195 | keepassx2 |
196 | keepassxc | ||
196 | mousepad | 197 | mousepad |
197 | pluma | 198 | pluma |
198 | Thunar | 199 | Thunar |