aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md2
-rw-r--r--RELNOTES4
-rw-r--r--etc/inc/disable-programs.inc1
-rw-r--r--etc/profile-a-l/apostrophe.profile69
-rw-r--r--etc/profile-a-l/emacs.profile7
-rw-r--r--etc/profile-a-l/file-roller.profile2
-rw-r--r--etc/profile-m-z/quadrapassel.profile20
-rw-r--r--etc/profile-m-z/yelp.profile2
-rw-r--r--src/firecfg/firecfg.config2
9 files changed, 103 insertions, 6 deletions
diff --git a/README.md b/README.md
index 96df50575..bc36d246f 100644
--- a/README.md
+++ b/README.md
@@ -196,4 +196,4 @@ gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnom
196penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword, 196penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword,
197four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars, 197four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars,
198hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers, 198hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers,
199seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime 199seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im
diff --git a/RELNOTES b/RELNOTES
index 9f97f8ab1..172850c7c 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -10,9 +10,11 @@ firejail (0.9.63) baseline; urgency=low
10 With this version Nodbus is deprecated, in favor of dbus-user none and 10 With this version Nodbus is deprecated, in favor of dbus-user none and
11 dbus-system none and will be removed in a future version. 11 dbus-system none and will be removed in a future version.
12 * DHCP client support 12 * DHCP client support
13 * firecfg only fix dektop-files if started with sudo
13 * SELinux labeling support 14 * SELinux labeling support
14 * custom 32-bit seccomp filter support 15 * custom 32-bit seccomp filter support
15 * restrict ${RUNUSER} in several profiles 16 * restrict ${RUNUSER} in several profiles
17 * blacklist shells such as bash in several profiles
16 * whitelist globbing 18 * whitelist globbing
17 * mkdir and mkfile support for /run/user directory 19 * mkdir and mkfile support for /run/user directory
18 * new condition: HAS_NOSOUND 20 * new condition: HAS_NOSOUND
@@ -33,7 +35,7 @@ firejail (0.9.63) baseline; urgency=low
33 * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers 35 * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers
34 * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski 36 * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski
35 * new profiles: swell-foop, fdns, five-or-more, steam-runtime, jitsi-meet-desktop 37 * new profiles: swell-foop, fdns, five-or-more, steam-runtime, jitsi-meet-desktop
36 * new profiles: nicotine, plv, mocp 38 * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im
37 -- netblue30 <netblue30@yahoo.com> Tue, 21 Apr 2020 08:00:00 -0500 39 -- netblue30 <netblue30@yahoo.com> Tue, 21 Apr 2020 08:00:00 -0500
38 40
39firejail (0.9.62) baseline; urgency=low 41firejail (0.9.62) baseline; urgency=low
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 32228b8f2..43c8292e0 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -636,6 +636,7 @@ blacklist ${HOME}/.local/share/pix
636blacklist ${HOME}/.local/share/plasma_notes 636blacklist ${HOME}/.local/share/plasma_notes
637blacklist ${HOME}/.local/share/profanity 637blacklist ${HOME}/.local/share/profanity
638blacklist ${HOME}/.local/share/psi+ 638blacklist ${HOME}/.local/share/psi+
639blacklist ${HOME}/.local/share/quadrapassel
639blacklist ${HOME}/.local/share/qpdfview 640blacklist ${HOME}/.local/share/qpdfview
640blacklist ${HOME}/.local/share/qutebrowser 641blacklist ${HOME}/.local/share/qutebrowser
641blacklist ${HOME}/.local/share/remmina 642blacklist ${HOME}/.local/share/remmina
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile
new file mode 100644
index 000000000..5dfe034e0
--- /dev/null
+++ b/etc/profile-a-l/apostrophe.profile
@@ -0,0 +1,69 @@
1# Firejail profile for apostrophe
2# Description: Distraction free Markdown editor for GNU/Linux made with GTK+
3# This file is overwritten after every install/update
4# Persistent local customizations
5include apostrophe.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${DOCUMENTS}
10noblacklist ${PICTURES}
11
12# Allow python (blacklisted by disable-interpreters.inc)
13include allow-python3.inc
14
15include disable-common.inc
16include disable-devel.inc
17include disable-exec.inc
18include disable-interpreters.inc
19include disable-passwdmgr.inc
20include disable-programs.inc
21include disable-shell.inc
22include disable-xdg.inc
23
24whitelist /usr/share/apostrophe
25include whitelist-runuser-common.inc
26include whitelist-usr-share-common.inc
27include whitelist-var-common.inc
28
29apparmor
30caps.drop all
31machine-id
32net none
33no3d
34nodvd
35nogroups
36nonewprivs
37noroot
38nosound
39notv
40nou2f
41novideo
42protocol unix
43seccomp
44shell none
45tracelog
46
47disable-mnt
48private-bin apostrophe,python3*
49private-cache
50private-dev
51private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11
52# private-etc templates (see also #1734, #2093)
53# Common: alternatives,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg
54# Extra: magic,magic.mgc,passwd,group
55# Networking: ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf,hosts,host.conf,hostname,protocols,services,rpc
56# Extra: proxychains.conf,gai.conf
57# Sound: alsa,asound.conf,pulse,machine-id
58# GUI: fonts,pango,X11
59# GTK: dconf,gconf,gtk-2.0,gtk-3.0
60# Qt: Trolltech.conf
61# KDE: kde4rc,kde5rc
62# 3D: drirc,glvnd,bumblebee,nvidia
63# D-Bus: dbus-1,machine-id
64private-tmp
65
66dbus-user filter
67dbus-user.own org.gnome.gitlab.somas.Apostrophe
68dbus-user.talk ca.desrt.dconf
69dbus-system none
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile
index de4ea97a4..226237b5b 100644
--- a/etc/profile-a-l/emacs.profile
+++ b/etc/profile-a-l/emacs.profile
@@ -19,10 +19,6 @@ include disable-common.inc
19include disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21 21
22# Comment out if you want an immutable configuration
23read-write ${HOME}/.emacs
24read-write ${HOME}/.emacs.d
25
26caps.drop all 22caps.drop all
27netfilter 23netfilter
28nodvd 24nodvd
@@ -33,3 +29,6 @@ notv
33novideo 29novideo
34protocol unix,inet,inet6 30protocol unix,inet,inet6
35seccomp 31seccomp
32
33read-write ${HOME}/.emacs
34read-write ${HOME}/.emacs.d
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile
index 70dd030ee..745b8b8e9 100644
--- a/etc/profile-a-l/file-roller.profile
+++ b/etc/profile-a-l/file-roller.profile
@@ -42,3 +42,5 @@ private-cache
42private-dev 42private-dev
43private-etc dconf,fonts,gtk-3.0,xdg 43private-etc dconf,fonts,gtk-3.0,xdg
44# private-tmp 44# private-tmp
45
46dbus-system none
diff --git a/etc/profile-m-z/quadrapassel.profile b/etc/profile-m-z/quadrapassel.profile
new file mode 100644
index 000000000..91e0d9d0d
--- /dev/null
+++ b/etc/profile-m-z/quadrapassel.profile
@@ -0,0 +1,20 @@
1# Firejail profile for quadrapassel
2# Description: Tetris-like game for GNOME
3# This file is overwritten after every install/update
4# Persistent local customizations
5include quadrapassel.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.local/share/quadrapassel
10
11mkdir ${HOME}/.local/share/quadrapassel
12whitelist ${HOME}/.local/share/quadrapassel
13whitelist /usr/share/quadrapassel
14
15private-bin quadrapassel
16
17dbus-user.own org.gnome.Quadrapassel
18
19# Redirect
20include gnome_games-common.profile
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile
index f643cf252..fd95ceb04 100644
--- a/etc/profile-m-z/yelp.profile
+++ b/etc/profile-m-z/yelp.profile
@@ -51,6 +51,8 @@ private-dev
51private-etc alsa,alternatives,asound.conf,crypto-policies,cups,dconf,drirc,fonts,gcrypt,gtk-3.0,machine-id,openal,os-release,pulse,sgml,xml 51private-etc alsa,alternatives,asound.conf,crypto-policies,cups,dconf,drirc,fonts,gcrypt,gtk-3.0,machine-id,openal,os-release,pulse,sgml,xml
52private-tmp 52private-tmp
53 53
54dbus-system none
55
54# read-only ${HOME} breaks some not necesarry featrues, comment it if 56# read-only ${HOME} breaks some not necesarry featrues, comment it if
55# you need them or put 'ignore read-only ${HOME}' into your yelp.local. 57# you need them or put 'ignore read-only ${HOME}' into your yelp.local.
56# broken features: 58# broken features:
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 43777da03..435dc8222 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -38,6 +38,7 @@ amule
38amuled 38amuled
39android-studio 39android-studio
40anydesk 40anydesk
41apostrophe
41apktool 42apktool
42# ar - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) 43# ar - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095)
43arch-audit 44arch-audit
@@ -572,6 +573,7 @@ qmmp
572qpdfview 573qpdfview
573qt-faststart 574qt-faststart
574qtox 575qtox
576quadrapassel
575quassel 577quassel
576quiterss 578quiterss
577qupzilla 579qupzilla
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-06 02:22:48 +0000