diff options
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/pix.profile | 19 | ||||
-rw-r--r-- | platform/debian/conffiles | 3 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
8 files changed, 28 insertions, 4 deletions
diff --git a/Makefile.in b/Makefile.in index 196c5892f..1a5a9160d 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -206,6 +206,7 @@ realinstall: | |||
206 | install -c -m 0644 .etc/lomath.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 206 | install -c -m 0644 .etc/lomath.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
207 | install -c -m 0644 .etc/loweb.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 207 | install -c -m 0644 .etc/loweb.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
208 | install -c -m 0644 .etc/lowriter.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 208 | install -c -m 0644 .etc/lowriter.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
209 | install -c -m 0644 .etc/pix.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
209 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 210 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
210 | install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/. | 211 | install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/. |
211 | rm -fr .etc | 212 | rm -fr .etc |
@@ -89,6 +89,7 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
89 | - added Gitter profile | 89 | - added Gitter profile |
90 | - various organising | 90 | - various organising |
91 | - added Libreoffice profile | 91 | - added Libreoffice profile |
92 | - added pix profile | ||
92 | Petter Reinholdtsen (pere@hungry.com) | 93 | Petter Reinholdtsen (pere@hungry.com) |
93 | - Opera profile patch | 94 | - Opera profile patch |
94 | n1trux (https://github.com/n1trux) | 95 | n1trux (https://github.com/n1trux) |
@@ -73,8 +73,8 @@ File transfer: filezilla | |||
73 | 73 | ||
74 | Media: vlc, mpv, gnome-mplayer | 74 | Media: vlc, mpv, gnome-mplayer |
75 | 75 | ||
76 | Office: evince, gthumb, fbreader | 76 | Office: evince, gthumb, fbreader, pix |
77 | 77 | ||
78 | ## New security profiles | 78 | ## New security profiles |
79 | 79 | ||
80 | Gitter, gThumb, mpv, Franz messenger, LibreOffice | 80 | Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix |
@@ -4,6 +4,7 @@ firejail (0.9.41) baseline; urgency=low | |||
4 | * compile time support to disable global configuration file | 4 | * compile time support to disable global configuration file |
5 | * some profiles have been converted to private-bin | 5 | * some profiles have been converted to private-bin |
6 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice | 6 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice |
7 | * new profiles: pix | ||
7 | -- netblue30 <netblue30@yahoo.com> Tue, 31 May 2016 08:00:00 -0500 | 8 | -- netblue30 <netblue30@yahoo.com> Tue, 31 May 2016 08:00:00 -0500 |
8 | 9 | ||
9 | firejail (0.9.40) baseline; urgency=low | 10 | firejail (0.9.40) baseline; urgency=low |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a5b33c860..70deb2b0c 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -17,6 +17,7 @@ blacklist ${HOME}/.config/atril | |||
17 | blacklist ${HOME}/.config/xreader | 17 | blacklist ${HOME}/.config/xreader |
18 | blacklist ${HOME}/.config/xviewer | 18 | blacklist ${HOME}/.config/xviewer |
19 | blacklist ${HOME}/.config/libreoffice | 19 | blacklist ${HOME}/.config/libreoffice |
20 | blacklist ${HOME}/.config/pix | ||
20 | blacklist ${HOME}/.kde/share/apps/okular | 21 | blacklist ${HOME}/.kde/share/apps/okular |
21 | blacklist ${HOME}/.kde/share/config/okularrc | 22 | blacklist ${HOME}/.kde/share/config/okularrc |
22 | blacklist ${HOME}/.kde/share/config/okularpartrc | 23 | blacklist ${HOME}/.kde/share/config/okularpartrc |
@@ -120,3 +121,4 @@ blacklist ${HOME}/.local/share/0ad | |||
120 | blacklist ${HOME}/.local/share/xplayer | 121 | blacklist ${HOME}/.local/share/xplayer |
121 | blacklist ${HOME}/.local/share/totem | 122 | blacklist ${HOME}/.local/share/totem |
122 | blacklist ${HOME}/.local/share/psi+ | 123 | blacklist ${HOME}/.local/share/psi+ |
124 | blacklist ${HOME}/.local/share/pix | ||
diff --git a/etc/pix.profile b/etc/pix.profile new file mode 100644 index 000000000..ccf0c0381 --- /dev/null +++ b/etc/pix.profile | |||
@@ -0,0 +1,19 @@ | |||
1 | # gthumb profile | ||
2 | noblacklist ${HOME}/.config/pix | ||
3 | noblacklist ${HOME}/.local/share/pix | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | shell none | ||
18 | private-bin pix | ||
19 | whitelist /tmp/.X11-unix | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 2730a497c..d312d4bd9 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -116,5 +116,4 @@ | |||
116 | /etc/firejail/lomath.profile | 116 | /etc/firejail/lomath.profile |
117 | /etc/firejail/loweb.profile | 117 | /etc/firejail/loweb.profile |
118 | /etc/firejail/lowriter.profile | 118 | /etc/firejail/lowriter.profile |
119 | 119 | /etc/firejail/pix.profile | |
120 | |||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index b54ca221c..ee90a6d89 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -118,6 +118,7 @@ lowriter | |||
118 | Mathematica | 118 | Mathematica |
119 | mathematica | 119 | mathematica |
120 | okular | 120 | okular |
121 | pix | ||
121 | xreader | 122 | xreader |
122 | 123 | ||
123 | # other | 124 | # other |