diff options
-rw-r--r-- | .github/workflows/check-c.yml | 4 | ||||
-rw-r--r-- | .github/workflows/check-python.yml | 4 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 5 | ||||
-rw-r--r-- | etc/profile-a-l/brz.profile | 14 | ||||
-rw-r--r-- | etc/profile-a-l/bzr.profile | 10 | ||||
-rw-r--r-- | etc/profile-a-l/lettura.profile | 76 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
7 files changed, 110 insertions, 4 deletions
diff --git a/.github/workflows/check-c.yml b/.github/workflows/check-c.yml index 7340ce8ce..38cb25381 100644 --- a/.github/workflows/check-c.yml +++ b/.github/workflows/check-c.yml | |||
@@ -149,7 +149,7 @@ jobs: | |||
149 | 149 | ||
150 | # Initializes the CodeQL tools for scanning. | 150 | # Initializes the CodeQL tools for scanning. |
151 | - name: Initialize CodeQL | 151 | - name: Initialize CodeQL |
152 | uses: github/codeql-action/init@6a28655e3dcb49cb0840ea372fd6d17733edd8a4 | 152 | uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 |
153 | with: | 153 | with: |
154 | languages: cpp | 154 | languages: cpp |
155 | 155 | ||
@@ -160,4 +160,4 @@ jobs: | |||
160 | run: make -j "$(nproc)" | 160 | run: make -j "$(nproc)" |
161 | 161 | ||
162 | - name: Perform CodeQL Analysis | 162 | - name: Perform CodeQL Analysis |
163 | uses: github/codeql-action/analyze@6a28655e3dcb49cb0840ea372fd6d17733edd8a4 | 163 | uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 |
diff --git a/.github/workflows/check-python.yml b/.github/workflows/check-python.yml index 5d4320809..c3236421a 100644 --- a/.github/workflows/check-python.yml +++ b/.github/workflows/check-python.yml | |||
@@ -49,9 +49,9 @@ jobs: | |||
49 | 49 | ||
50 | # Initializes the CodeQL tools for scanning. | 50 | # Initializes the CodeQL tools for scanning. |
51 | - name: Initialize CodeQL | 51 | - name: Initialize CodeQL |
52 | uses: github/codeql-action/init@6a28655e3dcb49cb0840ea372fd6d17733edd8a4 | 52 | uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 |
53 | with: | 53 | with: |
54 | languages: python | 54 | languages: python |
55 | 55 | ||
56 | - name: Perform CodeQL Analysis | 56 | - name: Perform CodeQL Analysis |
57 | uses: github/codeql-action/analyze@6a28655e3dcb49cb0840ea372fd6d17733edd8a4 | 57 | uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 4d4673b34..f2a03764d 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -158,6 +158,7 @@ blacklist ${HOME}/.cache/ksplashqml | |||
158 | blacklist ${HOME}/.cache/kube | 158 | blacklist ${HOME}/.cache/kube |
159 | blacklist ${HOME}/.cache/kwin | 159 | blacklist ${HOME}/.cache/kwin |
160 | blacklist ${HOME}/.cache/lbry-viewer | 160 | blacklist ${HOME}/.cache/lbry-viewer |
161 | blacklist ${HOME}/.cache/lettura | ||
161 | blacklist ${HOME}/.cache/libgweather | 162 | blacklist ${HOME}/.cache/libgweather |
162 | blacklist ${HOME}/.cache/librewolf | 163 | blacklist ${HOME}/.cache/librewolf |
163 | blacklist ${HOME}/.cache/liferea | 164 | blacklist ${HOME}/.cache/liferea |
@@ -386,6 +387,7 @@ blacklist ${HOME}/.config/borg | |||
386 | blacklist ${HOME}/.config/brasero | 387 | blacklist ${HOME}/.config/brasero |
387 | blacklist ${HOME}/.config/brave | 388 | blacklist ${HOME}/.config/brave |
388 | blacklist ${HOME}/.config/brave-flags.conf | 389 | blacklist ${HOME}/.config/brave-flags.conf |
390 | blacklist ${HOME}/.config/breezy | ||
389 | blacklist ${HOME}/.config/caja | 391 | blacklist ${HOME}/.config/caja |
390 | blacklist ${HOME}/.config/calibre | 392 | blacklist ${HOME}/.config/calibre |
391 | blacklist ${HOME}/.config/cantata | 393 | blacklist ${HOME}/.config/cantata |
@@ -407,6 +409,7 @@ blacklist ${HOME}/.config/cliqz | |||
407 | blacklist ${HOME}/.config/cmus | 409 | blacklist ${HOME}/.config/cmus |
408 | blacklist ${HOME}/.config/cointop | 410 | blacklist ${HOME}/.config/cointop |
409 | blacklist ${HOME}/.config/com.github.bleakgrey.tootle | 411 | blacklist ${HOME}/.config/com.github.bleakgrey.tootle |
412 | blacklist ${HOME}/.config/com.lettura.dev | ||
410 | blacklist ${HOME}/.config/corebird | 413 | blacklist ${HOME}/.config/corebird |
411 | blacklist ${HOME}/.config/coyim | 414 | blacklist ${HOME}/.config/coyim |
412 | blacklist ${HOME}/.config/d-feet | 415 | blacklist ${HOME}/.config/d-feet |
@@ -835,6 +838,7 @@ blacklist ${HOME}/.klatexformula | |||
835 | blacklist ${HOME}/.klei | 838 | blacklist ${HOME}/.klei |
836 | blacklist ${HOME}/.kodi | 839 | blacklist ${HOME}/.kodi |
837 | blacklist ${HOME}/.lastpass | 840 | blacklist ${HOME}/.lastpass |
841 | blacklist ${HOME}/.lettura | ||
838 | blacklist ${HOME}/.librewolf | 842 | blacklist ${HOME}/.librewolf |
839 | blacklist ${HOME}/.lincity-ng | 843 | blacklist ${HOME}/.lincity-ng |
840 | blacklist ${HOME}/.links | 844 | blacklist ${HOME}/.links |
@@ -905,6 +909,7 @@ blacklist ${HOME}/.local/share/cdprojektred | |||
905 | blacklist ${HOME}/.local/share/chatterino | 909 | blacklist ${HOME}/.local/share/chatterino |
906 | blacklist ${HOME}/.local/share/clipit | 910 | blacklist ${HOME}/.local/share/clipit |
907 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 911 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate |
912 | blacklist ${HOME}/.local/share/com.lettura.dev | ||
908 | blacklist ${HOME}/.local/share/com.vmingueza.journal-viewer | 913 | blacklist ${HOME}/.local/share/com.vmingueza.journal-viewer |
909 | blacklist ${HOME}/.local/share/contacts | 914 | blacklist ${HOME}/.local/share/contacts |
910 | blacklist ${HOME}/.local/share/cor-games | 915 | blacklist ${HOME}/.local/share/cor-games |
diff --git a/etc/profile-a-l/brz.profile b/etc/profile-a-l/brz.profile new file mode 100644 index 000000000..dcc7af54b --- /dev/null +++ b/etc/profile-a-l/brz.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for brz | ||
2 | # Description: Distributed VCS with support for Bazaar and Git file formats | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include brz.local | ||
7 | # Persistent global definitions | ||
8 | # added by included profile | ||
9 | #include globals.local | ||
10 | |||
11 | noblacklist ${HOME}/.config/breezy | ||
12 | |||
13 | # Redirect | ||
14 | include git.profile | ||
diff --git a/etc/profile-a-l/bzr.profile b/etc/profile-a-l/bzr.profile new file mode 100644 index 000000000..61c1aae38 --- /dev/null +++ b/etc/profile-a-l/bzr.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | # Firejail profile alias for bzr | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include bzr.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | # Redirect | ||
10 | include brz.profile | ||
diff --git a/etc/profile-a-l/lettura.profile b/etc/profile-a-l/lettura.profile new file mode 100644 index 000000000..94a455355 --- /dev/null +++ b/etc/profile-a-l/lettura.profile | |||
@@ -0,0 +1,76 @@ | |||
1 | # Firejail profile for lettura | ||
2 | # Description: Another free and open-source feed reader | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include lettura.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.cache/lettura | ||
10 | noblacklist ${HOME}/.config/com.lettura.dev | ||
11 | noblacklist ${HOME}/.lettura | ||
12 | noblacklist ${HOME}/.local/share/com.lettura.dev | ||
13 | |||
14 | include disable-common.inc | ||
15 | include disable-devel.inc | ||
16 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | ||
18 | include disable-proc.inc | ||
19 | include disable-programs.inc | ||
20 | include disable-shell.inc | ||
21 | include disable-xdg.inc | ||
22 | |||
23 | mkdir ${HOME}/.cache/lettura | ||
24 | mkdir ${HOME}/.config/com.lettura.dev | ||
25 | mkdir ${HOME}/.lettura | ||
26 | mkdir ${HOME}/.local/share/com.lettura.dev | ||
27 | whitelist ${HOME}/.cache/lettura | ||
28 | whitelist ${HOME}/.config/com.lettura.dev | ||
29 | whitelist ${HOME}/.lettura | ||
30 | whitelist ${HOME}/.local/share/com.lettura.dev | ||
31 | whitelist ${DOWNLOADS} | ||
32 | include whitelist-common.inc | ||
33 | include whitelist-run-common.inc | ||
34 | include whitelist-runuser-common.inc | ||
35 | include whitelist-usr-share-common.inc | ||
36 | include whitelist-var-common.inc | ||
37 | |||
38 | # The lines below are needed to find the default Firefox profile name, to allow | ||
39 | # opening links in an existing instance of Firefox (note that it still fails if | ||
40 | # there isn't a Firefox instance running with the default profile; see #5352) | ||
41 | noblacklist ${HOME}/.mozilla | ||
42 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
43 | |||
44 | apparmor | ||
45 | caps.drop all | ||
46 | netfilter | ||
47 | nodvd | ||
48 | nogroups | ||
49 | noinput | ||
50 | nonewprivs | ||
51 | noprinters | ||
52 | noroot | ||
53 | #nosound | ||
54 | notv | ||
55 | nou2f | ||
56 | novideo | ||
57 | protocol unix,inet,inet6 | ||
58 | seccomp | ||
59 | seccomp.block-secondary | ||
60 | tracelog | ||
61 | |||
62 | disable-mnt | ||
63 | private-bin lettura | ||
64 | private-cache | ||
65 | private-dev | ||
66 | private-etc @network,@sound,@tls-ca,@x11,mime.types | ||
67 | private-tmp | ||
68 | |||
69 | dbus-user filter | ||
70 | dbus-user.talk org.freedesktop.Notifications | ||
71 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher | ||
72 | # allow D-Bus communication with firefox for opening links | ||
73 | dbus-user.talk org.mozilla.* | ||
74 | dbus-system none | ||
75 | |||
76 | restrict-namespaces | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index ce606efc3..2fff32f4b 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -482,6 +482,7 @@ kwrite | |||
482 | lbry-viewer | 482 | lbry-viewer |
483 | leafpad | 483 | leafpad |
484 | #less # breaks man | 484 | #less # breaks man |
485 | lettura | ||
485 | librecad | 486 | librecad |
486 | libreoffice | 487 | libreoffice |
487 | librewolf | 488 | librewolf |