diff options
-rw-r--r-- | README.md | 3 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/musescore.profile | 30 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 | ||||
-rwxr-xr-x | test/filters/filters.sh | 8 |
8 files changed, 46 insertions, 5 deletions
@@ -207,4 +207,5 @@ curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, s | |||
207 | IntelliJ IDEA, Android Studio, electron, riot-web, | 207 | IntelliJ IDEA, Android Studio, electron, riot-web, |
208 | Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux, | 208 | Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux, |
209 | telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, hashcat, obs, picard, | 209 | telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, hashcat, obs, picard, |
210 | remmina, sdat2img, soundconverter, sqlitebrowse, truecraft, gnome-twitch | 210 | remmina, sdat2img, soundconverter, sqlitebrowse, truecraft, gnome-twitch, tuxguitar, |
211 | musescore | ||
@@ -19,7 +19,7 @@ firejail (0.9.49) baseline; urgency=low | |||
19 | * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux | 19 | * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux |
20 | * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, | 20 | * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, |
21 | * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter, sqlitebrowse, | 21 | * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter, sqlitebrowse, |
22 | * new profiles: truecraft, gnome-twitch | 22 | * new profiles: truecraft, gnome-twitch, tuxguitar, musescore |
23 | * bugfixes | 23 | * bugfixes |
24 | -- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 20:00:00 -0500 | 24 | -- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 20:00:00 -0500 |
25 | 25 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a54d2a739..7b0e6e9eb 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -44,6 +44,8 @@ blacklist ${HOME}/.config/Luminance | |||
44 | blacklist ${HOME}/.config/Meltytech | 44 | blacklist ${HOME}/.config/Meltytech |
45 | blacklist ${HOME}/.config/Mousepad | 45 | blacklist ${HOME}/.config/Mousepad |
46 | blacklist ${HOME}/.config/Mumble | 46 | blacklist ${HOME}/.config/Mumble |
47 | blacklist ${HOME}/.config/MusE | ||
48 | blacklist ${HOME}/.config/MuseScore | ||
47 | blacklist ${HOME}/.config/Nylas Mail | 49 | blacklist ${HOME}/.config/Nylas Mail |
48 | blacklist ${HOME}/.config/Qlipper | 50 | blacklist ${HOME}/.config/Qlipper |
49 | blacklist ${HOME}/.config/QuiteRss | 51 | blacklist ${HOME}/.config/QuiteRss |
@@ -274,6 +276,8 @@ blacklist ${HOME}/.local/share/caja-python | |||
274 | blacklist ${HOME}/.local/share/cdprojektred | 276 | blacklist ${HOME}/.local/share/cdprojektred |
275 | blacklist ${HOME}/.local/share/clipit | 277 | blacklist ${HOME}/.local/share/clipit |
276 | blacklist ${HOME}/.local/share/data/Mumble | 278 | blacklist ${HOME}/.local/share/data/Mumble |
279 | blacklist ${HOME}/.local/share/data/MusE | ||
280 | blacklist ${HOME}/.local/share/data/MuseScore | ||
277 | blacklist ${HOME}/.local/share/dino | 281 | blacklist ${HOME}/.local/share/dino |
278 | blacklist ${HOME}/.local/share/dolphin | 282 | blacklist ${HOME}/.local/share/dolphin |
279 | blacklist ${HOME}/.local/share/epiphany | 283 | blacklist ${HOME}/.local/share/epiphany |
diff --git a/etc/musescore.profile b/etc/musescore.profile new file mode 100644 index 000000000..bd00bea69 --- /dev/null +++ b/etc/musescore.profile | |||
@@ -0,0 +1,30 @@ | |||
1 | # Firejail profile for musescore | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/musescore.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ~/.config/MusE | ||
9 | noblacklist ~/.config/MuseScore | ||
10 | noblacklist ~/.local/share/data/MusE | ||
11 | noblacklist ~/.local/share/data/MuseScore | ||
12 | |||
13 | caps.drop all | ||
14 | netfilter | ||
15 | no3d | ||
16 | nodvd | ||
17 | nonewprivs | ||
18 | noroot | ||
19 | notv | ||
20 | novideo | ||
21 | protocol unix,inet,inet6 | ||
22 | seccomp | ||
23 | shell none | ||
24 | tracelog | ||
25 | |||
26 | # private-bin musescore,mscore | ||
27 | private-tmp | ||
28 | |||
29 | noexec ${HOME} | ||
30 | noexec /tmp | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index d11f473ed..6473c6fef 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -216,6 +216,7 @@ | |||
216 | /etc/firejail/mumble.profile | 216 | /etc/firejail/mumble.profile |
217 | /etc/firejail/mupdf.profile | 217 | /etc/firejail/mupdf.profile |
218 | /etc/firejail/mupen64plus.profile | 218 | /etc/firejail/mupen64plus.profile |
219 | /etc/firejail/musescore.profile | ||
219 | /etc/firejail/mutt.profile | 220 | /etc/firejail/mutt.profile |
220 | /etc/firejail/nautilus.profile | 221 | /etc/firejail/nautilus.profile |
221 | /etc/firejail/nemo.profile | 222 | /etc/firejail/nemo.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index d66b026b0..15e95b9a7 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -193,6 +193,7 @@ multimc5 | |||
193 | mumble | 193 | mumble |
194 | mupdf | 194 | mupdf |
195 | mupen64plus | 195 | mupen64plus |
196 | musescore | ||
196 | mutt | 197 | mutt |
197 | nautilus | 198 | nautilus |
198 | netsurf | 199 | netsurf |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 8dd4ef8fa..e9b27f9e4 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -830,7 +830,7 @@ $ firejail \-\-net=none vlc | |||
830 | .br | 830 | .br |
831 | 831 | ||
832 | .br | 832 | .br |
833 | Note: \-\-net=none could crush the application on some platforms. | 833 | Note: \-\-net=none can crash the application on some platforms. |
834 | In these cases, it can be replaced with \-\-protocol=unix. | 834 | In these cases, it can be replaced with \-\-protocol=unix. |
835 | 835 | ||
836 | .TP | 836 | .TP |
diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 8f659237a..611580612 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh | |||
@@ -15,8 +15,12 @@ fi | |||
15 | 15 | ||
16 | export PATH="$PATH:/usr/lib/firejail" | 16 | export PATH="$PATH:/usr/lib/firejail" |
17 | 17 | ||
18 | echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)" | 18 | if [ "$(uname -m)" = "x86_64" ]; then |
19 | ./memwrexe.exp | 19 | echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)" |
20 | ./memwrexe.exp | ||
21 | else | ||
22 | echo "TESTING SKIP: memwrexe binary only running on x86_64." | ||
23 | fi | ||
20 | 24 | ||
21 | echo "TESTING: debug options (test/filters/debug.exp)" | 25 | echo "TESTING: debug options (test/filters/debug.exp)" |
22 | ./debug.exp | 26 | ./debug.exp |