diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 8 | ||||
-rw-r--r-- | etc/disable-passwdmgr.inc | 1 | ||||
-rw-r--r-- | etc/enpass.profile | 39 | ||||
-rw-r--r-- | etc/runenpass.sh.profile | 6 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
6 files changed, 52 insertions, 5 deletions
@@ -221,7 +221,7 @@ calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-e | |||
221 | imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, | 221 | imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, |
222 | ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, | 222 | ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, |
223 | conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool, | 223 | conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool, |
224 | aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete, kget, nheko | 224 | aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete, kget, nheko, Enpass |
225 | 225 | ||
226 | Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles, | 226 | Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles, |
227 | https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles. | 227 | https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles. |
@@ -30,15 +30,15 @@ firejail (0.9.51) baseline; urgency=low | |||
30 | https://aur.archlinux.org/packages/firejail-profiles. | 30 | https://aur.archlinux.org/packages/firejail-profiles. |
31 | * new profiles: terasology, surf, rocketchat, clamscan, clamdscan, | 31 | * new profiles: terasology, surf, rocketchat, clamscan, clamdscan, |
32 | clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5, | 32 | clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5, |
33 | brackets, calligra, calligraauthor, calligraconverter, calligraflow, | 33 | brackets, calligra, calligraauthor, calligraconverter, calligraflow, |
34 | calligraplan, calligraplanwork, calligrasheets, calligrastage, | 34 | calligraplan, calligraplanwork, calligrasheets, calligrastage, |
35 | calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, | 35 | calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, |
36 | google-earth,imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, | 36 | google-earth,imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, |
37 | mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, | 37 | mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, |
38 | Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, | 38 | Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, |
39 | cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, | 39 | cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, |
40 | xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko | 40 | xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass |
41 | 41 | ||
42 | -- netblue30 <netblue30@yahoo.com> Thu, 14 Sep 2017 20:00:00 -0500 | 42 | -- netblue30 <netblue30@yahoo.com> Thu, 14 Sep 2017 20:00:00 -0500 |
43 | 43 | ||
44 | firejail (0.9.50~rc1) baseline; urgency=low | 44 | firejail (0.9.50~rc1) baseline; urgency=low |
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index 9507d3feb..8ed87eefb 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc | |||
@@ -6,6 +6,7 @@ blacklist ${HOME}/.config/KeePass | |||
6 | blacklist ${HOME}/.config/keepass | 6 | blacklist ${HOME}/.config/keepass |
7 | blacklist ${HOME}/.config/keepassx | 7 | blacklist ${HOME}/.config/keepassx |
8 | blacklist ${HOME}/.config/keepassxc | 8 | blacklist ${HOME}/.config/keepassxc |
9 | blacklist ${HOME}/.config/Sinew Software Systems | ||
9 | blacklist ${HOME}/.keepass | 10 | blacklist ${HOME}/.keepass |
10 | blacklist ${HOME}/.keepassx | 11 | blacklist ${HOME}/.keepassx |
11 | blacklist ${HOME}/.keepassxc | 12 | blacklist ${HOME}/.keepassxc |
diff --git a/etc/enpass.profile b/etc/enpass.profile new file mode 100644 index 000000000..4c19d5825 --- /dev/null +++ b/etc/enpass.profile | |||
@@ -0,0 +1,39 @@ | |||
1 | # This file is overwritten after every install/update. | ||
2 | # Persistent local customisations | ||
3 | include /etc/firejail/enpass.local | ||
4 | # Persistent global definitions | ||
5 | include /etc/firejail/globals.local | ||
6 | |||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-devel.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | include /etc/firejail/disable-programs.inc | ||
11 | |||
12 | noblacklist ${HOME}/.config/Sinew Software Systems | ||
13 | |||
14 | include /etc/firejail/whitelist-var-common.inc | ||
15 | |||
16 | caps.drop all | ||
17 | machine-id | ||
18 | net none | ||
19 | no3d | ||
20 | nodvd | ||
21 | nogroups | ||
22 | nonewprivs | ||
23 | noroot | ||
24 | nosound | ||
25 | notv | ||
26 | novideo | ||
27 | protocol unix | ||
28 | seccomp | ||
29 | shell none | ||
30 | tracelog | ||
31 | |||
32 | private-bin sh,readlink,dirname | ||
33 | private-dev | ||
34 | private-opt Enpass | ||
35 | private-tmp | ||
36 | |||
37 | memory-deny-write-execute | ||
38 | noexec ${HOME} | ||
39 | noexec /tmp | ||
diff --git a/etc/runenpass.sh.profile b/etc/runenpass.sh.profile new file mode 100644 index 000000000..05ffbfe20 --- /dev/null +++ b/etc/runenpass.sh.profile | |||
@@ -0,0 +1,6 @@ | |||
1 | # Firejail alias profile for enpass | ||
2 | # This file is overwritten after every install/update | ||
3 | |||
4 | |||
5 | # Redirect | ||
6 | include /etc/firejail/enpass.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 56ff9a15b..28d3aab67 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -284,6 +284,7 @@ riot-web | |||
284 | ristretto | 284 | ristretto |
285 | rocketchat | 285 | rocketchat |
286 | rtorrent | 286 | rtorrent |
287 | runenpass.sh | ||
287 | scribus | 288 | scribus |
288 | sdat2img | 289 | sdat2img |
289 | seamonkey | 290 | seamonkey |