diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/clipit.profile | 29 | ||||
-rw-r--r-- | etc/disable-programs.inc | 9 | ||||
-rw-r--r-- | etc/leafpad.profile | 26 | ||||
-rw-r--r-- | etc/lximage-qt.profile | 26 | ||||
-rw-r--r-- | etc/lxmusic.profile | 27 | ||||
-rw-r--r-- | etc/qlipper.profile | 28 | ||||
-rw-r--r-- | platform/debian/conffiles | 5 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 6 |
10 files changed, 156 insertions, 3 deletions
@@ -219,4 +219,4 @@ Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, Me | |||
219 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, | 219 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, |
220 | Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, | 220 | Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, |
221 | mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap, | 221 | mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap, |
222 | knotes | 222 | knotes, clipit, leafpad, lximage-qt, lxmusic, qlipper |
@@ -45,6 +45,7 @@ firejail (0.9.46-rc1) baseline; urgency=low | |||
45 | * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, | 45 | * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, |
46 | * new profiles: mate-calc, mate-dictionary, mate-color-select, caja, | 46 | * new profiles: mate-calc, mate-dictionary, mate-color-select, caja, |
47 | * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes | 47 | * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes |
48 | * new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper | ||
48 | * bugfixes | 49 | * bugfixes |
49 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 | 50 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 |
50 | 51 | ||
diff --git a/etc/clipit.profile b/etc/clipit.profile new file mode 100644 index 000000000..a1a279531 --- /dev/null +++ b/etc/clipit.profile | |||
@@ -0,0 +1,29 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/clipit.local | ||
4 | |||
5 | noblacklist ${HOME}/.local/share/clipit | ||
6 | noblacklist ${HOME}/.config/clipit | ||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | |||
11 | caps.drop all | ||
12 | netfilter | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | protocol unix,inet,inet6 | ||
16 | seccomp | ||
17 | |||
18 | |||
19 | |||
20 | # | ||
21 | # depending on your usage, you can enable some of the commands below: | ||
22 | # | ||
23 | nogroups | ||
24 | shell none | ||
25 | # private-bin program | ||
26 | # private-etc none | ||
27 | # private-dev | ||
28 | # private-tmp | ||
29 | nosound | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0f2a9b461..29da32bbf 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -36,6 +36,7 @@ blacklist ${HOME}/.config/Meltytech | |||
36 | blacklist ${HOME}/.config/Mousepad | 36 | blacklist ${HOME}/.config/Mousepad |
37 | blacklist ${HOME}/.config/Mumble | 37 | blacklist ${HOME}/.config/Mumble |
38 | blacklist ${HOME}/.config/Nylas Mail | 38 | blacklist ${HOME}/.config/Nylas Mail |
39 | blacklist ${HOME}/.config/Qlipper | ||
39 | blacklist ${HOME}/.config/QuiteRss | 40 | blacklist ${HOME}/.config/QuiteRss |
40 | blacklist ${HOME}/.config/QuiteRssrc | 41 | blacklist ${HOME}/.config/QuiteRssrc |
41 | blacklist ${HOME}/.config/Slack | 42 | blacklist ${HOME}/.config/Slack |
@@ -58,9 +59,9 @@ blacklist ${HOME}/.config/brave | |||
58 | blacklist ${HOME}/.config/caja | 59 | blacklist ${HOME}/.config/caja |
59 | blacklist ${HOME}/.config/cherrytree | 60 | blacklist ${HOME}/.config/cherrytree |
60 | blacklist ${HOME}/.config/chromium | 61 | blacklist ${HOME}/.config/chromium |
61 | blacklist ${HOME}/.config/qupzilla | ||
62 | blacklist ${HOME}/.config/chromium-dev | 62 | blacklist ${HOME}/.config/chromium-dev |
63 | blacklist ${HOME}/.config/chromium-flags.conf | 63 | blacklist ${HOME}/.config/chromium-flags.conf |
64 | blacklist ${HOME}/.config/clipit | ||
64 | blacklist ${HOME}/.config/cmus | 65 | blacklist ${HOME}/.config/cmus |
65 | blacklist ${HOME}/.config/darktable | 66 | blacklist ${HOME}/.config/darktable |
66 | blacklist ${HOME}/.config/deadbeef | 67 | blacklist ${HOME}/.config/deadbeef |
@@ -96,7 +97,9 @@ blacklist ${HOME}/.config/katesyntaxhighlightingrc | |||
96 | blacklist ${HOME}/.config/katevirc | 97 | blacklist ${HOME}/.config/katevirc |
97 | blacklist ${HOME}/.config/kdeconnect | 98 | blacklist ${HOME}/.config/kdeconnect |
98 | blacklist ${HOME}/.config/knotesrc | 99 | blacklist ${HOME}/.config/knotesrc |
100 | blacklist ${HOME}/.config/leafpad | ||
99 | blacklist ${HOME}/.config/libreoffice | 101 | blacklist ${HOME}/.config/libreoffice |
102 | blacklist ${HOME}/.config/lximage-qt | ||
100 | blacklist ${HOME}/.config/mate/eom | 103 | blacklist ${HOME}/.config/mate/eom |
101 | blacklist ${HOME}/.config/mate/mate-dictionary | 104 | blacklist ${HOME}/.config/mate/mate-dictionary |
102 | blacklist ${HOME}/.config/mate-calc | 105 | blacklist ${HOME}/.config/mate-calc |
@@ -119,6 +122,7 @@ blacklist ${HOME}/.config/psi+ | |||
119 | blacklist ${HOME}/.config/ristretto | 122 | blacklist ${HOME}/.config/ristretto |
120 | blacklist ${HOME}/.config/qpdfview | 123 | blacklist ${HOME}/.config/qpdfview |
121 | blacklist ${HOME}/.config/qt5ct | 124 | blacklist ${HOME}/.config/qt5ct |
125 | blacklist ${HOME}/.config/qupzilla | ||
122 | blacklist ${HOME}/.config/qutebrowser | 126 | blacklist ${HOME}/.config/qutebrowser |
123 | blacklist ${HOME}/.config/ranger | 127 | blacklist ${HOME}/.config/ranger |
124 | blacklist ${HOME}/.config/redshift.conf | 128 | blacklist ${HOME}/.config/redshift.conf |
@@ -147,6 +151,7 @@ blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | |||
147 | blacklist ${HOME}/.config/xfce4/xfce4-notes.rc | 151 | blacklist ${HOME}/.config/xfce4/xfce4-notes.rc |
148 | blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | 152 | blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc |
149 | blacklist ${HOME}/.config/xfce4-dict | 153 | blacklist ${HOME}/.config/xfce4-dict |
154 | blacklist ${HOME}/.config/xmms2 | ||
150 | blacklist ${HOME}/.config/xplayer | 155 | blacklist ${HOME}/.config/xplayer |
151 | blacklist ${HOME}/.config/xreader | 156 | blacklist ${HOME}/.config/xreader |
152 | blacklist ${HOME}/.config/xviewer | 157 | blacklist ${HOME}/.config/xviewer |
@@ -238,6 +243,7 @@ blacklist ${HOME}/.local/share/aspyr-media | |||
238 | blacklist ${HOME}/.local/share/baloo | 243 | blacklist ${HOME}/.local/share/baloo |
239 | blacklist ${HOME}/.local/share/caja-python | 244 | blacklist ${HOME}/.local/share/caja-python |
240 | blacklist ${HOME}/.local/share/cdprojektred | 245 | blacklist ${HOME}/.local/share/cdprojektred |
246 | blacklist ${HOME}/.local/share/clipit | ||
241 | blacklist ${HOME}/.local/share/data/Mumble | 247 | blacklist ${HOME}/.local/share/data/Mumble |
242 | blacklist ${HOME}./local/share/dino | 248 | blacklist ${HOME}./local/share/dino |
243 | blacklist ${HOME}/.local/share/dolphin | 249 | blacklist ${HOME}/.local/share/dolphin |
@@ -370,3 +376,4 @@ blacklist ${HOME}/.cache/transmission | |||
370 | blacklist ${HOME}/.cache/vivaldi | 376 | blacklist ${HOME}/.cache/vivaldi |
371 | blacklist ${HOME}/.cache/wesnoth | 377 | blacklist ${HOME}/.cache/wesnoth |
372 | blacklist ${HOME}/.cache/xreader | 378 | blacklist ${HOME}/.cache/xreader |
379 | blacklist ${HOME}/.cache/xmms2 | ||
diff --git a/etc/leafpad.profile b/etc/leafpad.profile new file mode 100644 index 000000000..0d3a6ca4b --- /dev/null +++ b/etc/leafpad.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/leafpad.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/leafpad | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on your usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | # private-dev | ||
25 | # private-tmp | ||
26 | nosound | ||
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile new file mode 100644 index 000000000..4fd176eee --- /dev/null +++ b/etc/lximage-qt.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/lximage-qt.local | ||
4 | |||
5 | noblacklist .config/lximage-qt | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on your usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | # private-dev | ||
25 | # private-tmp | ||
26 | nosound | ||
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile new file mode 100644 index 000000000..3a30e0a39 --- /dev/null +++ b/etc/lxmusic.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/lxmusic.local | ||
4 | |||
5 | noblacklist ~/.cache/xmms2 | ||
6 | noblacklist ~/.config/xmms2 | ||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | |||
11 | caps.drop all | ||
12 | netfilter | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | protocol unix,inet,inet6 | ||
16 | seccomp | ||
17 | |||
18 | # | ||
19 | # depending on your usage, you can enable some of the commands below: | ||
20 | # | ||
21 | nogroups | ||
22 | shell none | ||
23 | # private-bin program | ||
24 | # private-etc none | ||
25 | # private-dev | ||
26 | # private-tmp | ||
27 | # nosound | ||
diff --git a/etc/qlipper.profile b/etc/qlipper.profile new file mode 100644 index 000000000..37e3999a1 --- /dev/null +++ b/etc/qlipper.profile | |||
@@ -0,0 +1,28 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/qlipper.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/Qlipper | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | |||
18 | |||
19 | # | ||
20 | # depending on your usage, you can enable some of the commands below: | ||
21 | # | ||
22 | nogroups | ||
23 | shell none | ||
24 | # private-bin program | ||
25 | # private-etc none | ||
26 | # private-dev | ||
27 | # private-tmp | ||
28 | nosound | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 147ec0af6..200ecd685 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -291,3 +291,8 @@ | |||
291 | /etc/firejail/gnome-font-viewer.profile | 291 | /etc/firejail/gnome-font-viewer.profile |
292 | /etc/firejail/gucharmap.profile | 292 | /etc/firejail/gucharmap.profile |
293 | /etc/firejail/knotes.profile | 293 | /etc/firejail/knotes.profile |
294 | /etc/firejail/clipit.profile | ||
295 | /etc/firejail/leafpad.profile | ||
296 | /etc/firejail/lximage-qt.profile | ||
297 | /etc/firejail/lxmusic.profile | ||
298 | /etc/firejail/qlipper.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index ca4a958ae..3869a5bdb 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -25,6 +25,7 @@ cherrytree | |||
25 | chromium | 25 | chromium |
26 | chromium-browser | 26 | chromium-browser |
27 | claws-mail | 27 | claws-mail |
28 | clipit | ||
28 | clementine | 29 | clementine |
29 | cmus | 30 | cmus |
30 | conkeror | 31 | conkeror |
@@ -120,6 +121,7 @@ knotes | |||
120 | kodi | 121 | kodi |
121 | konversation | 122 | konversation |
122 | ktorrent | 123 | ktorrent |
124 | leafpad | ||
123 | libreoffice | 125 | libreoffice |
124 | localc | 126 | localc |
125 | lodraw | 127 | lodraw |
@@ -131,6 +133,8 @@ lomath | |||
131 | loweb | 133 | loweb |
132 | lowriter | 134 | lowriter |
133 | luminance-hdr | 135 | luminance-hdr |
136 | lxmusic | ||
137 | lximage-qt | ||
134 | lynx | 138 | lynx |
135 | mate-calc | 139 | mate-calc |
136 | mate-calculator | 140 | mate-calculator |
@@ -160,7 +164,6 @@ opera-beta | |||
160 | orage | 164 | orage |
161 | palemoon | 165 | palemoon |
162 | parole | 166 | parole |
163 | pcmanfm | ||
164 | pdfsam | 167 | pdfsam |
165 | pdftotext | 168 | pdftotext |
166 | pidgin | 169 | pidgin |
@@ -172,6 +175,7 @@ psi-plus | |||
172 | qbittorrent | 175 | qbittorrent |
173 | qemu-launcher | 176 | qemu-launcher |
174 | #qemu-system-x86_64 | 177 | #qemu-system-x86_64 |
178 | qlipper | ||
175 | qpdfview | 179 | qpdfview |
176 | qtox | 180 | qtox |
177 | quassel | 181 | quassel |