diff options
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 3 | ||||
-rw-r--r-- | etc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/kodi.profile | 1 | ||||
-rw-r--r-- | platform/debian/conffiles | 4 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 4 |
7 files changed, 18 insertions, 4 deletions
@@ -357,7 +357,9 @@ SpotComms (https://github.com/SpotComms) | |||
357 | - disabled Go, Rust, and OpenSSL in disable-devel.conf | 357 | - disabled Go, Rust, and OpenSSL in disable-devel.conf |
358 | - added dino profile | 358 | - added dino profile |
359 | - added Kodi profile | 359 | - added Kodi profile |
360 | - lots of profile hardening | 360 | - lots of profile tightening |
361 | - added viking, youtube-dl, meld profiles | ||
362 | - more profile tightening | ||
361 | SYN-cook (https://github.com/SYN-cook) | 363 | SYN-cook (https://github.com/SYN-cook) |
362 | - keepass/keepassx browser fixes | 364 | - keepass/keepassx browser fixes |
363 | - disable-common.inc fixes | 365 | - disable-common.inc fixes |
@@ -196,4 +196,4 @@ simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, | |||
196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, | 196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, |
197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, | 197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, |
198 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, | 198 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, |
199 | Nylas, dino, BibleTime, viewnior | 199 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld |
@@ -36,7 +36,8 @@ firejail (0.9.46-rc1) baseline; urgency=low | |||
36 | * new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, | 36 | * new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, |
37 | * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa, | 37 | * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa, |
38 | * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, | 38 | * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, |
39 | * new profiles: baloo_file, Nylas, dino, BibleTime, viewnior | 39 | * new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking, |
40 | * new profiles: youtube-dl, meld | ||
40 | * bugfixes | 41 | * bugfixes |
41 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 | 42 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 |
42 | 43 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e9ed47e38..32adac298 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -199,6 +199,7 @@ blacklist ${HOME}/.kde/share/config/okularrc | |||
199 | blacklist ${HOME}/.killingfloor | 199 | blacklist ${HOME}/.killingfloor |
200 | blacklist ${HOME}/.kino-history | 200 | blacklist ${HOME}/.kino-history |
201 | blacklist ${HOME}/.kinorc | 201 | blacklist ${HOME}/.kinorc |
202 | blacklist ${HOME}/.kodi | ||
202 | blacklist ${HOME}/.linphone-history.db | 203 | blacklist ${HOME}/.linphone-history.db |
203 | blacklist ${HOME}/.linphonerc | 204 | blacklist ${HOME}/.linphonerc |
204 | blacklist ${HOME}/.lmmsrc.xml | 205 | blacklist ${HOME}/.lmmsrc.xml |
@@ -231,6 +232,7 @@ blacklist ${HOME}/.local/share/gnome-music | |||
231 | blacklist ${HOME}/.local/share/gnome-photos | 232 | blacklist ${HOME}/.local/share/gnome-photos |
232 | blacklist ${HOME}/.local/share/kate | 233 | blacklist ${HOME}/.local/share/kate |
233 | blacklist ${HOME}/.local/share/lollypop | 234 | blacklist ${HOME}/.local/share/lollypop |
235 | blacklist ${HOME}/.local/share/meld | ||
234 | blacklist ${HOME}/.local/share/multimc5 | 236 | blacklist ${HOME}/.local/share/multimc5 |
235 | blacklist ${HOME}/.local/share/mupen64plus | 237 | blacklist ${HOME}/.local/share/mupen64plus |
236 | blacklist ${HOME}/.local/share/nautilus | 238 | blacklist ${HOME}/.local/share/nautilus |
@@ -287,6 +289,8 @@ blacklist ${HOME}/.synfig | |||
287 | blacklist ${HOME}/.tconn | 289 | blacklist ${HOME}/.tconn |
288 | blacklist ${HOME}/.thunderbird | 290 | blacklist ${HOME}/.thunderbird |
289 | blacklist ${HOME}/.ts3client | 291 | blacklist ${HOME}/.ts3client |
292 | blacklist ${HOME}/.viking | ||
293 | blacklist ${HOME}/.viking-maps | ||
290 | blacklist ${HOME}/.vst | 294 | blacklist ${HOME}/.vst |
291 | blacklist ${HOME}/.w3m | 295 | blacklist ${HOME}/.w3m |
292 | blacklist ${HOME}/.warzone2100-3.* | 296 | blacklist ${HOME}/.warzone2100-3.* |
diff --git a/etc/kodi.profile b/etc/kodi.profile index 45a8430f1..b81b010bf 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile | |||
@@ -4,7 +4,6 @@ include /etc/firejail/kodi.local | |||
4 | 4 | ||
5 | # Firejail profile for kodi | 5 | # Firejail profile for kodi |
6 | noblacklist ${HOME}/.kodi | 6 | noblacklist ${HOME}/.kodi |
7 | mkdir ${HOME}/.kodi | ||
8 | 7 | ||
9 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index dca17bfbe..0f1f14bf5 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -119,6 +119,7 @@ | |||
119 | /etc/firejail/keepassx2.profile | 119 | /etc/firejail/keepassx2.profile |
120 | /etc/firejail/keepassxc.profile | 120 | /etc/firejail/keepassxc.profile |
121 | /etc/firejail/kmail.profile | 121 | /etc/firejail/kmail.profile |
122 | /etc/firejail/kodi.profile | ||
122 | /etc/firejail/konversation.profile | 123 | /etc/firejail/konversation.profile |
123 | /etc/firejail/less.profile | 124 | /etc/firejail/less.profile |
124 | /etc/firejail/libreoffice.profile | 125 | /etc/firejail/libreoffice.profile |
@@ -137,6 +138,7 @@ | |||
137 | /etc/firejail/mathematica.profile | 138 | /etc/firejail/mathematica.profile |
138 | /etc/firejail/mcabber.profile | 139 | /etc/firejail/mcabber.profile |
139 | /etc/firejail/mediainfo.profile | 140 | /etc/firejail/mediainfo.profile |
141 | /etc/firejail/meld.profile | ||
140 | /etc/firejail/midori.profile | 142 | /etc/firejail/midori.profile |
141 | /etc/firejail/mousepad.profile | 143 | /etc/firejail/mousepad.profile |
142 | /etc/firejail/mpv.profile | 144 | /etc/firejail/mpv.profile |
@@ -206,6 +208,7 @@ | |||
206 | /etc/firejail/unzip.profile | 208 | /etc/firejail/unzip.profile |
207 | /etc/firejail/uudeview.profile | 209 | /etc/firejail/uudeview.profile |
208 | /etc/firejail/viewnior.profile | 210 | /etc/firejail/viewnior.profile |
211 | /etc/firejail/viking.profile | ||
209 | /etc/firejail/vim.profile | 212 | /etc/firejail/vim.profile |
210 | /etc/firejail/virtualbox.profile | 213 | /etc/firejail/virtualbox.profile |
211 | /etc/firejail/vivaldi.profile | 214 | /etc/firejail/vivaldi.profile |
@@ -233,6 +236,7 @@ | |||
233 | /etc/firejail/xviewer.profile | 236 | /etc/firejail/xviewer.profile |
234 | /etc/firejail/xz.profile | 237 | /etc/firejail/xz.profile |
235 | /etc/firejail/xzdec.profile | 238 | /etc/firejail/xzdec.profile |
239 | /etc/firejail/youtube-dl.profile | ||
236 | /etc/firejail/zathura.profile | 240 | /etc/firejail/zathura.profile |
237 | /etc/firejail/zoom.profile | 241 | /etc/firejail/zoom.profile |
238 | /etc/firejail/wget.profile | 242 | /etc/firejail/wget.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 27a34472d..dc8df9bac 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -17,6 +17,7 @@ transmission-qt | |||
17 | transmission-cli | 17 | transmission-cli |
18 | transmission-show | 18 | transmission-show |
19 | uget-gtk | 19 | uget-gtk |
20 | youtube-dl | ||
20 | 21 | ||
21 | # browsers/email | 22 | # browsers/email |
22 | abrowser | 23 | abrowser |
@@ -130,6 +131,7 @@ google-play-music-desktop-player | |||
130 | gpicview | 131 | gpicview |
131 | img2txt | 132 | img2txt |
132 | k3b | 133 | k3b |
134 | kodi | ||
133 | mediainfo | 135 | mediainfo |
134 | mediathekview | 136 | mediathekview |
135 | mpv | 137 | mpv |
@@ -202,11 +204,13 @@ keepass2 | |||
202 | keepassx | 204 | keepassx |
203 | keepassx2 | 205 | keepassx2 |
204 | keepassxc | 206 | keepassxc |
207 | meld | ||
205 | mousepad | 208 | mousepad |
206 | pluma | 209 | pluma |
207 | Thunar | 210 | Thunar |
208 | thunar | 211 | thunar |
209 | tracker | 212 | tracker |
213 | viking | ||
210 | wireshark | 214 | wireshark |
211 | xiphos | 215 | xiphos |
212 | xed | 216 | xed |