diff options
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | etc/cmus.profile | 18 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 |
5 files changed, 22 insertions, 1 deletions
diff --git a/Makefile.in b/Makefile.in index c9e2e54f8..581402283 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -158,6 +158,7 @@ realinstall: | |||
158 | install -c -m 0644 .etc/ssh.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 158 | install -c -m 0644 .etc/ssh.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
159 | install -c -m 0644 .etc/openbox.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 159 | install -c -m 0644 .etc/openbox.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
160 | install -c -m 0644 .etc/dillo.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 160 | install -c -m 0644 .etc/dillo.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
161 | install -c -m 0644 .etc/cmus.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
161 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 162 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
162 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 163 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
163 | rm -fr .etc | 164 | rm -fr .etc |
@@ -99,6 +99,7 @@ avoidr (https://github.com/avoidr) | |||
99 | - blacklist ncat, manpage fixes, | 99 | - blacklist ncat, manpage fixes, |
100 | - hostname support in profile file | 100 | - hostname support in profile file |
101 | - Google Chrome profile rework | 101 | - Google Chrome profile rework |
102 | - added cmus profile | ||
102 | Bruno Nova (https://github.com/brunonova) | 103 | Bruno Nova (https://github.com/brunonova) |
103 | - whitelist fix | 104 | - whitelist fix |
104 | - bash arguments fix | 105 | - bash arguments fix |
@@ -283,5 +283,5 @@ $ man firejail-profile | |||
283 | 283 | ||
284 | ## New security profiles | 284 | ## New security profiles |
285 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, | 285 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, |
286 | OpenSSH client, OpenBox window manager, Dillo. | 286 | OpenSSH client, OpenBox window manager, Dillo, cmus. |
287 | 287 | ||
diff --git a/etc/cmus.profile b/etc/cmus.profile new file mode 100644 index 000000000..bfefd3100 --- /dev/null +++ b/etc/cmus.profile | |||
@@ -0,0 +1,18 @@ | |||
1 | # cmus profile | ||
2 | noblacklist ${HOME}/.config/cmus | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | seccomp | ||
11 | protocol unix,inet,inet6 | ||
12 | netfilter | ||
13 | noroot | ||
14 | |||
15 | private-bin cmus | ||
16 | private-etc group | ||
17 | shell none | ||
18 | noroot | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 4137f247d..aef20ed1f 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -78,3 +78,4 @@ | |||
78 | /etc/firejail/disable-programs.inc | 78 | /etc/firejail/disable-programs.inc |
79 | /etc/firejail/disable-passwdmgr.inc | 79 | /etc/firejail/disable-passwdmgr.inc |
80 | /etc/firejail/dillo.profile | 80 | /etc/firejail/dillo.profile |
81 | /etc/firejail/cmus.profile | ||