diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 3 | ||||
-rw-r--r-- | etc/geeqie.profile | 27 | ||||
-rw-r--r-- | etc/vlc.profile | 2 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
7 files changed, 35 insertions, 3 deletions
@@ -192,4 +192,4 @@ goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nau | |||
192 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, | 192 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, |
193 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, | 193 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, |
194 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, | 194 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, |
195 | Kino, Thunar | 195 | Kino, Thunar, Geeqie |
@@ -37,7 +37,7 @@ firejail (0.9.45) baseline; urgency=low | |||
37 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, | 37 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, |
38 | * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, | 38 | * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, |
39 | * new profies: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, | 39 | * new profies: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, |
40 | * new profiles: Uzbl browser, iridium browser, Thunar | 40 | * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie |
41 | * bugfixes | 41 | * bugfixes |
42 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 | 42 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 |
43 | 43 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index c59285e85..98983bd72 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -30,6 +30,7 @@ blacklist ${HOME}/.cache/darktable | |||
30 | blacklist ${HOME}/.cache/epiphany | 30 | blacklist ${HOME}/.cache/epiphany |
31 | blacklist ${HOME}/.cache/evolution | 31 | blacklist ${HOME}/.cache/evolution |
32 | blacklist ${HOME}/.cache/gajim | 32 | blacklist ${HOME}/.cache/gajim |
33 | blacklist ${HOME}/.cache/geeqie | ||
33 | blacklist ${HOME}/.cache/google-chrome | 34 | blacklist ${HOME}/.cache/google-chrome |
34 | blacklist ${HOME}/.cache/google-chrome-beta | 35 | blacklist ${HOME}/.cache/google-chrome-beta |
35 | blacklist ${HOME}/.cache/google-chrome-unstable | 36 | blacklist ${HOME}/.cache/google-chrome-unstable |
@@ -103,6 +104,7 @@ blacklist ${HOME}/.config/evolution | |||
103 | blacklist ${HOME}/.config/filezilla | 104 | blacklist ${HOME}/.config/filezilla |
104 | blacklist ${HOME}/.config/flowblade | 105 | blacklist ${HOME}/.config/flowblade |
105 | blacklist ${HOME}/.config/gajim | 106 | blacklist ${HOME}/.config/gajim |
107 | blacklist ${HOME}/.config/geeqie | ||
106 | blacklist ${HOME}/.config/gedit | 108 | blacklist ${HOME}/.config/gedit |
107 | blacklist ${HOME}/.config/google-chrome | 109 | blacklist ${HOME}/.config/google-chrome |
108 | blacklist ${HOME}/.config/google-chrome-beta | 110 | blacklist ${HOME}/.config/google-chrome-beta |
@@ -218,6 +220,7 @@ blacklist ${HOME}/.local/share/epiphany | |||
218 | blacklist ${HOME}/.local/share/evolution | 220 | blacklist ${HOME}/.local/share/evolution |
219 | blacklist ${HOME}/.local/share/feral-interactive | 221 | blacklist ${HOME}/.local/share/feral-interactive |
220 | blacklist ${HOME}/.local/share/gajim | 222 | blacklist ${HOME}/.local/share/gajim |
223 | blacklist ${HOME}/.local/share/geeqie | ||
221 | blacklist ${HOME}/.local/share/gnome-2048 | 224 | blacklist ${HOME}/.local/share/gnome-2048 |
222 | blacklist ${HOME}/.local/share/gnome-chess | 225 | blacklist ${HOME}/.local/share/gnome-chess |
223 | blacklist ${HOME}/.local/share/gnome-music | 226 | blacklist ${HOME}/.local/share/gnome-music |
diff --git a/etc/geeqie.profile b/etc/geeqie.profile new file mode 100644 index 000000000..57f942a50 --- /dev/null +++ b/etc/geeqie.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/geeqie.local | ||
4 | |||
5 | # Firejail profile for Geeqie | ||
6 | noblacklist ~/.cache/geeqie | ||
7 | noblacklist ~/.config/geeqie | ||
8 | noblacklist ~/.local/share/geeqie | ||
9 | include /etc/firejail/disable-common.inc | ||
10 | include /etc/firejail/disable-programs.inc | ||
11 | include /etc/firejail/disable-devel.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | |||
14 | caps.drop all | ||
15 | nogroups | ||
16 | nonewprivs | ||
17 | noroot | ||
18 | protocol unix | ||
19 | seccomp | ||
20 | nosound | ||
21 | |||
22 | private-dev | ||
23 | |||
24 | #Experimental: | ||
25 | shell none | ||
26 | #private-bin geeqie | ||
27 | #private-etc X11 | ||
diff --git a/etc/vlc.profile b/etc/vlc.profile index 9d1cdb4c8..0c96f0108 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -20,5 +20,5 @@ seccomp | |||
20 | shell none | 20 | shell none |
21 | 21 | ||
22 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc | 22 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc |
23 | private-dev | 23 | # private-dev |
24 | private-tmp | 24 | private-tmp |
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index edaf1781b..ed04ed7c0 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -249,3 +249,4 @@ | |||
249 | /etc/firejail/kino.profile | 249 | /etc/firejail/kino.profile |
250 | /etc/firejail/Thunar.profile | 250 | /etc/firejail/Thunar.profile |
251 | /etc/firejail/thunar.profile | 251 | /etc/firejail/thunar.profile |
252 | /etc/firejail/geeqie.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 7c959cd04..3c1ecc573 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -113,6 +113,7 @@ dolphin | |||
113 | dragon | 113 | dragon |
114 | exiftool | 114 | exiftool |
115 | feh | 115 | feh |
116 | geeqie | ||
116 | gjs | 117 | gjs |
117 | gnome-books | 118 | gnome-books |
118 | gnome-clocks | 119 | gnome-clocks |