diff options
-rw-r--r-- | README.md | 3 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/cvlc.profile | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/konversation.profile | 3 | ||||
-rw-r--r-- | etc/musescore.profile | 30 | ||||
-rw-r--r-- | etc/skanlite.profile | 9 | ||||
-rw-r--r-- | etc/tracker.profile | 1 | ||||
-rw-r--r-- | etc/tuxguitar.profile | 1 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
11 files changed, 50 insertions, 7 deletions
@@ -207,4 +207,5 @@ curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, s | |||
207 | IntelliJ IDEA, Android Studio, electron, riot-web, | 207 | IntelliJ IDEA, Android Studio, electron, riot-web, |
208 | Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux, | 208 | Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux, |
209 | telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, hashcat, obs, picard, | 209 | telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, hashcat, obs, picard, |
210 | remmina, sdat2img, soundconverter, sqlitebrowse, truecraft, gnome-twitch | 210 | remmina, sdat2img, soundconverter, sqlitebrowse, truecraft, gnome-twitch, tuxguitar, |
211 | musescore | ||
@@ -19,7 +19,7 @@ firejail (0.9.49) baseline; urgency=low | |||
19 | * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux | 19 | * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux |
20 | * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, | 20 | * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, |
21 | * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter, sqlitebrowse, | 21 | * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter, sqlitebrowse, |
22 | * new profiles: truecraft, gnome-twitch | 22 | * new profiles: truecraft, gnome-twitch, tuxguitar, musescore |
23 | * bugfixes | 23 | * bugfixes |
24 | -- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 20:00:00 -0500 | 24 | -- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 20:00:00 -0500 |
25 | 25 | ||
diff --git a/etc/cvlc.profile b/etc/cvlc.profile index ee1346617..460966321 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile | |||
@@ -14,11 +14,9 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
18 | nogroups | 17 | nogroups |
19 | nonewprivs | 18 | nonewprivs |
20 | noroot | 19 | noroot |
21 | notv | ||
22 | protocol unix,inet,inet6,netlink | 20 | protocol unix,inet,inet6,netlink |
23 | seccomp | 21 | seccomp |
24 | shell none | 22 | shell none |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a54d2a739..7b0e6e9eb 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -44,6 +44,8 @@ blacklist ${HOME}/.config/Luminance | |||
44 | blacklist ${HOME}/.config/Meltytech | 44 | blacklist ${HOME}/.config/Meltytech |
45 | blacklist ${HOME}/.config/Mousepad | 45 | blacklist ${HOME}/.config/Mousepad |
46 | blacklist ${HOME}/.config/Mumble | 46 | blacklist ${HOME}/.config/Mumble |
47 | blacklist ${HOME}/.config/MusE | ||
48 | blacklist ${HOME}/.config/MuseScore | ||
47 | blacklist ${HOME}/.config/Nylas Mail | 49 | blacklist ${HOME}/.config/Nylas Mail |
48 | blacklist ${HOME}/.config/Qlipper | 50 | blacklist ${HOME}/.config/Qlipper |
49 | blacklist ${HOME}/.config/QuiteRss | 51 | blacklist ${HOME}/.config/QuiteRss |
@@ -274,6 +276,8 @@ blacklist ${HOME}/.local/share/caja-python | |||
274 | blacklist ${HOME}/.local/share/cdprojektred | 276 | blacklist ${HOME}/.local/share/cdprojektred |
275 | blacklist ${HOME}/.local/share/clipit | 277 | blacklist ${HOME}/.local/share/clipit |
276 | blacklist ${HOME}/.local/share/data/Mumble | 278 | blacklist ${HOME}/.local/share/data/Mumble |
279 | blacklist ${HOME}/.local/share/data/MusE | ||
280 | blacklist ${HOME}/.local/share/data/MuseScore | ||
277 | blacklist ${HOME}/.local/share/dino | 281 | blacklist ${HOME}/.local/share/dino |
278 | blacklist ${HOME}/.local/share/dolphin | 282 | blacklist ${HOME}/.local/share/dolphin |
279 | blacklist ${HOME}/.local/share/epiphany | 283 | blacklist ${HOME}/.local/share/epiphany |
diff --git a/etc/konversation.profile b/etc/konversation.profile index 8bc263d4d..212aa8817 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile | |||
@@ -15,9 +15,12 @@ caps.drop all | |||
15 | netfilter | 15 | netfilter |
16 | nodvd | 16 | nodvd |
17 | nogroups | 17 | nogroups |
18 | nonewprivs | ||
18 | noroot | 19 | noroot |
19 | notv | 20 | notv |
21 | novideo | ||
20 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
21 | seccomp | 23 | seccomp |
24 | tracelog | ||
22 | 25 | ||
23 | private-tmp | 26 | private-tmp |
diff --git a/etc/musescore.profile b/etc/musescore.profile new file mode 100644 index 000000000..bd00bea69 --- /dev/null +++ b/etc/musescore.profile | |||
@@ -0,0 +1,30 @@ | |||
1 | # Firejail profile for musescore | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/musescore.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ~/.config/MusE | ||
9 | noblacklist ~/.config/MuseScore | ||
10 | noblacklist ~/.local/share/data/MusE | ||
11 | noblacklist ~/.local/share/data/MuseScore | ||
12 | |||
13 | caps.drop all | ||
14 | netfilter | ||
15 | no3d | ||
16 | nodvd | ||
17 | nonewprivs | ||
18 | noroot | ||
19 | notv | ||
20 | novideo | ||
21 | protocol unix,inet,inet6 | ||
22 | seccomp | ||
23 | shell none | ||
24 | tracelog | ||
25 | |||
26 | # private-bin musescore,mscore | ||
27 | private-tmp | ||
28 | |||
29 | noexec ${HOME} | ||
30 | noexec /tmp | ||
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 0338bc452..1d590a142 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | # net none | ||
15 | netfilter | 16 | netfilter |
16 | nodvd | 17 | nodvd |
17 | nogroups | 18 | nogroups |
@@ -19,11 +20,13 @@ nonewprivs | |||
19 | noroot | 20 | noroot |
20 | nosound | 21 | nosound |
21 | notv | 22 | notv |
22 | # protocol unix,inet,inet6 | 23 | novideo |
23 | seccomp | 24 | protocol unix,netlink |
25 | # skanlite makes ioperm system calls, which are blacklisted by default. | ||
26 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | ||
24 | shell none | 27 | shell none |
25 | 28 | ||
26 | # private-bin skanlite | 29 | # private-bin skanlite,kbuildsycoca4 |
27 | # private-dev | 30 | # private-dev |
28 | # private-etc | 31 | # private-etc |
29 | # private-tmp | 32 | # private-tmp |
diff --git a/etc/tracker.profile b/etc/tracker.profile index ded2ae2e5..f3dfb2d4e 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile | |||
@@ -23,6 +23,7 @@ nonewprivs | |||
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | notv | 25 | notv |
26 | novideo | ||
26 | protocol unix | 27 | protocol unix |
27 | seccomp | 28 | seccomp |
28 | shell none | 29 | shell none |
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index ddbcce3f6..5b6a257f6 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | ||
17 | no3d | 18 | no3d |
18 | nodvd | 19 | nodvd |
19 | nonewprivs | 20 | nonewprivs |
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index d11f473ed..6473c6fef 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -216,6 +216,7 @@ | |||
216 | /etc/firejail/mumble.profile | 216 | /etc/firejail/mumble.profile |
217 | /etc/firejail/mupdf.profile | 217 | /etc/firejail/mupdf.profile |
218 | /etc/firejail/mupen64plus.profile | 218 | /etc/firejail/mupen64plus.profile |
219 | /etc/firejail/musescore.profile | ||
219 | /etc/firejail/mutt.profile | 220 | /etc/firejail/mutt.profile |
220 | /etc/firejail/nautilus.profile | 221 | /etc/firejail/nautilus.profile |
221 | /etc/firejail/nemo.profile | 222 | /etc/firejail/nemo.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index d66b026b0..15e95b9a7 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -193,6 +193,7 @@ multimc5 | |||
193 | mumble | 193 | mumble |
194 | mupdf | 194 | mupdf |
195 | mupen64plus | 195 | mupen64plus |
196 | musescore | ||
196 | mutt | 197 | mutt |
197 | nautilus | 198 | nautilus |
198 | netsurf | 199 | netsurf |