diff options
-rw-r--r-- | etc/inc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/profile-a-l/cola.profile | 10 | ||||
-rw-r--r-- | etc/profile-a-l/git-cola.profile | 29 | ||||
-rw-r--r-- | etc/profile-m-z/twitch.profile | 36 | ||||
-rw-r--r-- | etc/profile-m-z/youtube.profile | 37 | ||||
-rw-r--r-- | etc/profile-m-z/youtubemusic-nativefier.profile | 38 | ||||
-rw-r--r-- | etc/profile-m-z/ytmdesktop.profile | 39 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 5 |
8 files changed, 192 insertions, 6 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index e22a9ae3a..c7206686c 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -135,9 +135,11 @@ blacklist ${HOME}/.config/Slack | |||
135 | blacklist ${HOME}/.config/Standard Notes | 135 | blacklist ${HOME}/.config/Standard Notes |
136 | blacklist ${HOME}/.config/SubDownloader | 136 | blacklist ${HOME}/.config/SubDownloader |
137 | blacklist ${HOME}/.config/Thunar | 137 | blacklist ${HOME}/.config/Thunar |
138 | blacklist ${HOME}/.config/Twitch | ||
138 | blacklist ${HOME}/.config/Unknown Organization | 139 | blacklist ${HOME}/.config/Unknown Organization |
139 | blacklist ${HOME}/.config/VirtualBox | 140 | blacklist ${HOME}/.config/VirtualBox |
140 | blacklist ${HOME}/.config/Wire | 141 | blacklist ${HOME}/.config/Wire |
142 | blacklist ${HOME}/.config/Youtube | ||
141 | blacklist ${HOME}/.config/Zeal | 143 | blacklist ${HOME}/.config/Zeal |
142 | blacklist ${HOME}/.config/ZeGrapher Project | 144 | blacklist ${HOME}/.config/ZeGrapher Project |
143 | blacklist ${HOME}/.config/abiword | 145 | blacklist ${HOME}/.config/abiword |
@@ -410,6 +412,8 @@ blacklist ${HOME}/.config/yandex-browser | |||
410 | blacklist ${HOME}/.config/yandex-browser-beta | 412 | blacklist ${HOME}/.config/yandex-browser-beta |
411 | blacklist ${HOME}/.config/yelp | 413 | blacklist ${HOME}/.config/yelp |
412 | blacklist ${HOME}/.config/youtube-dl | 414 | blacklist ${HOME}/.config/youtube-dl |
415 | blacklist ${HOME}/.config/youtubemusic-nativefier-040164 | ||
416 | blacklist ${HOME}/.config/youtube-music-desktop-app | ||
413 | blacklist ${HOME}/.config/youtube-viewer | 417 | blacklist ${HOME}/.config/youtube-viewer |
414 | blacklist ${HOME}/.config/zathura | 418 | blacklist ${HOME}/.config/zathura |
415 | blacklist ${HOME}/.config/zoomus.conf | 419 | blacklist ${HOME}/.config/zoomus.conf |
diff --git a/etc/profile-a-l/cola.profile b/etc/profile-a-l/cola.profile new file mode 100644 index 000000000..e5debfd82 --- /dev/null +++ b/etc/profile-a-l/cola.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | # Firejail profile for cola | ||
2 | # Description: Linux native frontend for Git,alternative call for git-cola | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include cola.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | # Redirect | ||
10 | include git-cola.profile \ No newline at end of file | ||
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 30e80f519..4708078dd 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.gitconfig | |||
12 | noblacklist ${HOME}/.git-credentials | 12 | noblacklist ${HOME}/.git-credentials |
13 | noblacklist ${HOME}/.gnupg | 13 | noblacklist ${HOME}/.gnupg |
14 | noblacklist ${HOME}/.ssh | 14 | noblacklist ${HOME}/.ssh |
15 | noblacklist ${HOME}/.subversion | ||
15 | noblacklist ${HOME}/.config/git | 16 | noblacklist ${HOME}/.config/git |
16 | noblacklist ${HOME}/.config/git-cola | 17 | noblacklist ${HOME}/.config/git-cola |
17 | # Put your editor,diff viewer config path below and uncomment to load settings | 18 | # Put your editor,diff viewer config path below and uncomment to load settings |
@@ -28,7 +29,19 @@ include disable-passwdmgr.inc | |||
28 | include disable-programs.inc | 29 | include disable-programs.inc |
29 | include disable-xdg.inc | 30 | include disable-xdg.inc |
30 | 31 | ||
32 | whitelist ${RUNUSER}/gnupg | ||
33 | whitelist ${RUNUSER}/keyring | ||
34 | # Whitelist your editor, diff viewer, gnupg path below in /usr/share/ | ||
35 | whitelist /usr/share/git | ||
36 | whitelist /usr/share/git-cola | ||
37 | whitelist /usr/share/git-core | ||
38 | whitelist /usr/share/git-gui | ||
39 | whitelist /usr/share/gitk | ||
40 | whitelist /usr/share/gitweb | ||
41 | whitelist /usr/share/gnupg | ||
42 | whitelist /usr/share/gnupg2 | ||
31 | include whitelist-runuser-common.inc | 43 | include whitelist-runuser-common.inc |
44 | include whitelist-usr-share-common.inc | ||
32 | include whitelist-var-common.inc | 45 | include whitelist-var-common.inc |
33 | 46 | ||
34 | apparmor | 47 | apparmor |
@@ -49,18 +62,22 @@ seccomp | |||
49 | shell none | 62 | shell none |
50 | tracelog | 63 | tracelog |
51 | 64 | ||
52 | # private-bin atom,bash,colordiff,emacs,fldiff,geany,gedit,git,git gui,git-cola,git-dag,gitk,gpg,gvim,leafpad,meld,mousepad,nano,notepadqq,python*,sh,ssh,vim,vimdiff,which,xed | 65 | # Add your own diff viewer,editor,pinentry program |
66 | # pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg | ||
67 | private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed | ||
53 | private-cache | 68 | private-cache |
54 | private-dev | 69 | private-dev |
55 | # Comment if you sign commits with GPG | 70 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg |
56 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,X11,xdg | ||
57 | private-tmp | 71 | private-tmp |
72 | writable-run-user | ||
58 | 73 | ||
59 | dbus-user filter | 74 | # Breaks meld as diff viewer |
75 | # dbus-user filter | ||
60 | # Uncomment if you need keyring access | 76 | # Uncomment if you need keyring access |
61 | # dbus-user.talk org.freedesktop.secrets | 77 | # dbus-user.talk org.freedesktop.secrets |
62 | dbus-system none | 78 | dbus-system none |
63 | 79 | ||
64 | read-only ${HOME}/.ssh | ||
65 | read-only ${HOME}/.gnupg | ||
66 | read-only ${HOME}/.git-credentials | 80 | read-only ${HOME}/.git-credentials |
81 | |||
82 | # Comment if you need to allow hosts | ||
83 | read-only ${HOME}/.ssh | ||
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile new file mode 100644 index 000000000..3c50344f1 --- /dev/null +++ b/etc/profile-m-z/twitch.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for twitch | ||
2 | # Description: Unofficial electron based desktop warpper for Twitch | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include twitch.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/Twitch | ||
10 | |||
11 | include disable-devel.inc | ||
12 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | ||
14 | include disable-shell.inc | ||
15 | include disable-xdg.inc | ||
16 | |||
17 | mkdir ${HOME}/.config/Twitch | ||
18 | whitelist ${HOME}/.config/Twitch | ||
19 | include whitelist-common.inc | ||
20 | include whitelist-runuser-common.inc | ||
21 | include whitelist-usr-share-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
24 | seccomp !chroot | ||
25 | shell none | ||
26 | |||
27 | disable-mnt | ||
28 | private-bin twitch | ||
29 | private-cache | ||
30 | private-dev | ||
31 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | ||
32 | private-opt Twitch | ||
33 | private-tmp | ||
34 | |||
35 | # Redirect | ||
36 | include electron.profile | ||
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile new file mode 100644 index 000000000..a6c7750a9 --- /dev/null +++ b/etc/profile-m-z/youtube.profile | |||
@@ -0,0 +1,37 @@ | |||
1 | # Firejail profile for youtube | ||
2 | # Description: Unofficial electron based desktop warpper for YouTube | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include youtube.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/Youtube | ||
10 | |||
11 | include disable-devel.inc | ||
12 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | ||
14 | include disable-shell.inc | ||
15 | include disable-xdg.inc | ||
16 | |||
17 | mkdir ${HOME}/.config/Youtube | ||
18 | whitelist ${HOME}/.config/Youtube | ||
19 | include whitelist-common.inc | ||
20 | include whitelist-runuser-common.inc | ||
21 | include whitelist-usr-share-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
24 | novideo | ||
25 | seccomp !chroot | ||
26 | shell none | ||
27 | |||
28 | disable-mnt | ||
29 | private-bin youtube | ||
30 | private-cache | ||
31 | private-dev | ||
32 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | ||
33 | private-opt Youtube | ||
34 | private-tmp | ||
35 | |||
36 | # Redirect | ||
37 | include electron.profile | ||
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile new file mode 100644 index 000000000..3a94a5707 --- /dev/null +++ b/etc/profile-m-z/youtubemusic-nativefier.profile | |||
@@ -0,0 +1,38 @@ | |||
1 | # Firejail profile for youtubemusic-nativefier | ||
2 | # Description: Unofficial electron based desktop warpper for YouTube Music | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include youtube.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/youtubemusic-nativefier-040164 | ||
10 | |||
11 | include disable-devel.inc | ||
12 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | ||
14 | include disable-shell.inc | ||
15 | include disable-xdg.inc | ||
16 | |||
17 | mkdir ${HOME}/.config/youtubemusic-nativefier-040164 | ||
18 | whitelist ${HOME}/.config/youtubemusic-nativefier-040164 | ||
19 | include whitelist-common.inc | ||
20 | include whitelist-runuser-common.inc | ||
21 | include whitelist-usr-share-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
24 | nou2f | ||
25 | novideo | ||
26 | seccomp !chroot | ||
27 | shell none | ||
28 | |||
29 | disable-mnt | ||
30 | private-bin youtubemusic-nativefier | ||
31 | private-cache | ||
32 | private-dev | ||
33 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | ||
34 | private-opt youtubemusic-nativefier | ||
35 | private-tmp | ||
36 | |||
37 | # Redirect | ||
38 | include electron.profile | ||
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile new file mode 100644 index 000000000..5c37b838b --- /dev/null +++ b/etc/profile-m-z/ytmdesktop.profile | |||
@@ -0,0 +1,39 @@ | |||
1 | # Firejail profile for ytmdesktop | ||
2 | # Description: Unofficial electron based desktop warpper for YouTube Music | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include youtube.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | ignore dbus-user none | ||
10 | |||
11 | noblacklist ${HOME}/.config/youtube-music-desktop-app | ||
12 | |||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-xdg.inc | ||
17 | |||
18 | mkdir ${HOME}/.config/youtube-music-desktop-app | ||
19 | whitelist ${HOME}/.config/youtube-music-desktop-app | ||
20 | include whitelist-common.inc | ||
21 | include whitelist-runuser-common.inc | ||
22 | include whitelist-usr-share-common.inc | ||
23 | include whitelist-var-common.inc | ||
24 | |||
25 | nou2f | ||
26 | novideo | ||
27 | seccomp !chroot | ||
28 | shell none | ||
29 | |||
30 | disable-mnt | ||
31 | # private-bin env,ytmdesktop | ||
32 | private-cache | ||
33 | private-dev | ||
34 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | ||
35 | # private-opt | ||
36 | private-tmp | ||
37 | |||
38 | # Redirect | ||
39 | include electron.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 5e0ca8de4..3eb33908d 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -136,6 +136,7 @@ clocks | |||
136 | cmus | 136 | cmus |
137 | code | 137 | code |
138 | code-oss | 138 | code-oss |
139 | cola | ||
139 | com.github.dahenson.agenda | 140 | com.github.dahenson.agenda |
140 | com.github.johnfactotum.Foliate | 141 | com.github.johnfactotum.Foliate |
141 | com.gitlab.newsflash | 142 | com.gitlab.newsflash |
@@ -755,6 +756,7 @@ truecraft | |||
755 | tshark | 756 | tshark |
756 | tuxguitar | 757 | tuxguitar |
757 | tvbrowser | 758 | tvbrowser |
759 | twitch | ||
758 | udiskie | 760 | udiskie |
759 | uefitool | 761 | uefitool |
760 | uget-gtk | 762 | uget-gtk |
@@ -832,8 +834,11 @@ xreader-thumbnailer | |||
832 | xviewer | 834 | xviewer |
833 | yandex-browser | 835 | yandex-browser |
834 | yelp | 836 | yelp |
837 | youtube | ||
835 | youtube-dl | 838 | youtube-dl |
836 | youtube-viewer | 839 | youtube-viewer |
840 | youtubemusic-nativefier | ||
841 | ytmdesktop | ||
837 | zaproxy | 842 | zaproxy |
838 | zart | 843 | zart |
839 | zathura | 844 | zathura |