diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | etc/feh.profile | 13 | ||||
-rw-r--r-- | etc/ranger.profile | 13 | ||||
-rw-r--r-- | etc/zathura.profile | 19 | ||||
-rw-r--r-- | platform/debian/conffiles | 19 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 17 |
6 files changed, 67 insertions, 16 deletions
@@ -88,5 +88,5 @@ x11 xpra, x11 xephyr, x11 block, allusers, join-or-start | |||
88 | 88 | ||
89 | ## New profiles | 89 | ## New profiles |
90 | 90 | ||
91 | qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape | 91 | qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape, feh, ranger, zathura |
92 | 92 | ||
diff --git a/etc/feh.profile b/etc/feh.profile new file mode 100644 index 000000000..ba8f32f44 --- /dev/null +++ b/etc/feh.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | # feh image viewer profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | netfilter | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | nosound | ||
12 | protocol unix | ||
13 | seccomp | ||
diff --git a/etc/ranger.profile b/etc/ranger.profile new file mode 100644 index 000000000..775098d91 --- /dev/null +++ b/etc/ranger.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | # ranger file manager profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | netfilter | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | protocol unix | ||
12 | seccomp | ||
13 | nosound | ||
diff --git a/etc/zathura.profile b/etc/zathura.profile new file mode 100644 index 000000000..99d9a1a90 --- /dev/null +++ b/etc/zathura.profile | |||
@@ -0,0 +1,19 @@ | |||
1 | # zathura document viewer profile | ||
2 | # noblacklist ~/.config/zathura | ||
3 | # noblacklist ~/.local/share/zathura | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | seccomp | ||
11 | protocol unix | ||
12 | netfilter | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | nosound | ||
16 | |||
17 | #net none | ||
18 | shell none | ||
19 | #private-etc X11 | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index fb6c18b36..af8e74ba8 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -30,12 +30,14 @@ | |||
30 | /etc/firejail/disable-programs.inc | 30 | /etc/firejail/disable-programs.inc |
31 | /etc/firejail/dnscrypt-proxy.profile | 31 | /etc/firejail/dnscrypt-proxy.profile |
32 | /etc/firejail/dnsmasq.profile | 32 | /etc/firejail/dnsmasq.profile |
33 | /etc/firejail/dosbox.profile | ||
33 | /etc/firejail/dropbox.profile | 34 | /etc/firejail/dropbox.profile |
34 | /etc/firejail/empathy.profile | 35 | /etc/firejail/empathy.profile |
35 | /etc/firejail/eom.profile | 36 | /etc/firejail/eom.profile |
36 | /etc/firejail/epiphany.profile | 37 | /etc/firejail/epiphany.profile |
37 | /etc/firejail/evince.profile | 38 | /etc/firejail/evince.profile |
38 | /etc/firejail/fbreader.profile | 39 | /etc/firejail/fbreader.profile |
40 | /etc/firejail/feh.profile | ||
39 | /etc/firejail/file.profile | 41 | /etc/firejail/file.profile |
40 | /etc/firejail/filezilla.profile | 42 | /etc/firejail/filezilla.profile |
41 | /etc/firejail/firefox-esr.profile | 43 | /etc/firejail/firefox-esr.profile |
@@ -44,6 +46,7 @@ | |||
44 | /etc/firejail/flashpeak-slimjet.profile | 46 | /etc/firejail/flashpeak-slimjet.profile |
45 | /etc/firejail/franz.profile | 47 | /etc/firejail/franz.profile |
46 | /etc/firejail/gajim.profile | 48 | /etc/firejail/gajim.profile |
49 | /etc/firejail/gimp.profile | ||
47 | /etc/firejail/gitter.profile | 50 | /etc/firejail/gitter.profile |
48 | /etc/firejail/gnome-chess.profile | 51 | /etc/firejail/gnome-chess.profile |
49 | /etc/firejail/gnome-mplayer.profile | 52 | /etc/firejail/gnome-mplayer.profile |
@@ -62,6 +65,7 @@ | |||
62 | /etc/firejail/icecat.profile | 65 | /etc/firejail/icecat.profile |
63 | /etc/firejail/icedove.profile | 66 | /etc/firejail/icedove.profile |
64 | /etc/firejail/iceweasel.profile | 67 | /etc/firejail/iceweasel.profile |
68 | /etc/firejail/inkscape.profile | ||
65 | /etc/firejail/inox.profile | 69 | /etc/firejail/inox.profile |
66 | /etc/firejail/jitsi.profile | 70 | /etc/firejail/jitsi.profile |
67 | /etc/firejail/kmail.profile | 71 | /etc/firejail/kmail.profile |
@@ -77,11 +81,13 @@ | |||
77 | /etc/firejail/lomath.profile | 81 | /etc/firejail/lomath.profile |
78 | /etc/firejail/loweb.profile | 82 | /etc/firejail/loweb.profile |
79 | /etc/firejail/lowriter.profile | 83 | /etc/firejail/lowriter.profile |
84 | /etc/firejail/luminance-hdr.profile | ||
80 | /etc/firejail/lxterminal.profile | 85 | /etc/firejail/lxterminal.profile |
81 | /etc/firejail/mathematica.profile | 86 | /etc/firejail/mathematica.profile |
82 | /etc/firejail/mcabber.profile | 87 | /etc/firejail/mcabber.profile |
83 | /etc/firejail/midori.profile | 88 | /etc/firejail/midori.profile |
84 | /etc/firejail/mpv.profile | 89 | /etc/firejail/mpv.profile |
90 | /etc/firejail/mupdf.profile | ||
85 | /etc/firejail/mupen64plus.profile | 91 | /etc/firejail/mupen64plus.profile |
86 | /etc/firejail/netsurf.profile | 92 | /etc/firejail/netsurf.profile |
87 | /etc/firejail/nolocal.net | 93 | /etc/firejail/nolocal.net |
@@ -96,10 +102,12 @@ | |||
96 | /etc/firejail/polari.profile | 102 | /etc/firejail/polari.profile |
97 | /etc/firejail/psi-plus.profile | 103 | /etc/firejail/psi-plus.profile |
98 | /etc/firejail/qbittorrent.profile | 104 | /etc/firejail/qbittorrent.profile |
105 | /etc/firejail/qpdfview.profile | ||
99 | /etc/firejail/qtox.profile | 106 | /etc/firejail/qtox.profile |
100 | /etc/firejail/quassel.profile | 107 | /etc/firejail/quassel.profile |
101 | /etc/firejail/quiterss.profile | 108 | /etc/firejail/quiterss.profile |
102 | /etc/firejail/qutebrowser.profile | 109 | /etc/firejail/qutebrowser.profile |
110 | /etc/firejail/ranger.profile | ||
103 | /etc/firejail/rhythmbox.profile | 111 | /etc/firejail/rhythmbox.profile |
104 | /etc/firejail/rtorrent.profile | 112 | /etc/firejail/rtorrent.profile |
105 | /etc/firejail/seamonkey-bin.profile | 113 | /etc/firejail/seamonkey-bin.profile |
@@ -114,6 +122,8 @@ | |||
114 | /etc/firejail/ssh.profile | 122 | /etc/firejail/ssh.profile |
115 | /etc/firejail/steam.profile | 123 | /etc/firejail/steam.profile |
116 | /etc/firejail/stellarium.profile | 124 | /etc/firejail/stellarium.profile |
125 | /etc/firejail/strings.profile | ||
126 | /etc/firejail/synfigstudio.profile | ||
117 | /etc/firejail/tar.profile | 127 | /etc/firejail/tar.profile |
118 | /etc/firejail/telegram.profile | 128 | /etc/firejail/telegram.profile |
119 | /etc/firejail/thunderbird.profile | 129 | /etc/firejail/thunderbird.profile |
@@ -141,11 +151,4 @@ | |||
141 | /etc/firejail/xviewer.profile | 151 | /etc/firejail/xviewer.profile |
142 | /etc/firejail/xz.profile | 152 | /etc/firejail/xz.profile |
143 | /etc/firejail/xzdec.profile | 153 | /etc/firejail/xzdec.profile |
144 | /etc/firejail/strings.profile | 154 | /etc/firejail/zathura.profile |
145 | /etc/firejail/dosbox.profile | ||
146 | /etc/firejail/mupdf.profile | ||
147 | /etc/firejail/qpdfview.profile | ||
148 | /etc/firejail/luminance-hdr.profile | ||
149 | /etc/firejail/synfigstudio.profile | ||
150 | /etc/firejail/gimp.profile | ||
151 | /etc/firejail/inkscape.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 75265545b..9e5ff7f12 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -91,6 +91,7 @@ audacity | |||
91 | clementine | 91 | clementine |
92 | cmus | 92 | cmus |
93 | deadbeef | 93 | deadbeef |
94 | feh | ||
94 | gnome-mplayer | 95 | gnome-mplayer |
95 | google-play-music-desktop-player | 96 | google-play-music-desktop-player |
96 | mpv | 97 | mpv |
@@ -111,8 +112,10 @@ atril | |||
111 | cherrytree | 112 | cherrytree |
112 | evince | 113 | evince |
113 | fbreader | 114 | fbreader |
114 | gwenview | 115 | gimp |
115 | gthumb | 116 | gthumb |
117 | gwenview | ||
118 | inkscape | ||
116 | libreoffice | 119 | libreoffice |
117 | localc | 120 | localc |
118 | lodraw | 121 | lodraw |
@@ -122,23 +125,23 @@ loimpress | |||
122 | lomath | 125 | lomath |
123 | loweb | 126 | loweb |
124 | lowriter | 127 | lowriter |
128 | luminance-hdr | ||
129 | mupdf | ||
130 | qpdfview | ||
125 | soffice | 131 | soffice |
132 | synfigstudio | ||
126 | Mathematica | 133 | Mathematica |
127 | mathematica | 134 | mathematica |
128 | okular | 135 | okular |
129 | pix | 136 | pix |
130 | xreader | 137 | xreader |
131 | mupdf | 138 | zathura |
132 | qpdfview | ||
133 | luminance-hdr | ||
134 | synfigstudio | ||
135 | gimp | ||
136 | inkscape | ||
137 | 139 | ||
138 | # other | 140 | # other |
139 | ssh | 141 | ssh |
140 | atom-beta | 142 | atom-beta |
141 | atom | 143 | atom |
144 | ranger | ||
142 | 145 | ||
143 | # weather/climate | 146 | # weather/climate |
144 | aweather | 147 | aweather |