diff options
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README | 3 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/audacity.profile | 16 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/xzdec.profile | 13 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 | ||||
-rw-r--r-- | strings.profile | 12 |
10 files changed, 49 insertions, 3 deletions
diff --git a/Makefile.in b/Makefile.in index b21200180..38279beca 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -208,6 +208,7 @@ realinstall: | |||
208 | install -c -m 0644 .etc/lowriter.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 208 | install -c -m 0644 .etc/lowriter.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
209 | install -c -m 0644 .etc/pix.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 209 | install -c -m 0644 .etc/pix.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
210 | install -c -m 0644 .etc/soffice.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 210 | install -c -m 0644 .etc/soffice.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
211 | install -c -m 0644 .etc/audacity.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
211 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 212 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
212 | install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/. | 213 | install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/. |
213 | rm -fr .etc | 214 | rm -fr .etc |
@@ -89,8 +89,9 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
89 | - added Brave profile | 89 | - added Brave profile |
90 | - added Gitter profile | 90 | - added Gitter profile |
91 | - various organising | 91 | - various organising |
92 | - added Libreoffice profile | 92 | - added LibreOffice profile |
93 | - added pix profile | 93 | - added pix profile |
94 | - added audacity profile | ||
94 | Petter Reinholdtsen (pere@hungry.com) | 95 | Petter Reinholdtsen (pere@hungry.com) |
95 | - Opera profile patch | 96 | - Opera profile patch |
96 | n1trux (https://github.com/n1trux) | 97 | n1trux (https://github.com/n1trux) |
@@ -77,4 +77,4 @@ Office: evince, gthumb, fbreader, pix | |||
77 | 77 | ||
78 | ## New security profiles | 78 | ## New security profiles |
79 | 79 | ||
80 | Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix | 80 | Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix, audacity |
@@ -4,7 +4,7 @@ firejail (0.9.41) baseline; urgency=low | |||
4 | * compile time support to disable global configuration file | 4 | * compile time support to disable global configuration file |
5 | * some profiles have been converted to private-bin | 5 | * some profiles have been converted to private-bin |
6 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice | 6 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice |
7 | * new profiles: pix | 7 | * new profiles: pix, audacity |
8 | -- netblue30 <netblue30@yahoo.com> Tue, 31 May 2016 08:00:00 -0500 | 8 | -- netblue30 <netblue30@yahoo.com> Tue, 31 May 2016 08:00:00 -0500 |
9 | 9 | ||
10 | firejail (0.9.40) baseline; urgency=low | 10 | firejail (0.9.40) baseline; urgency=low |
diff --git a/etc/audacity.profile b/etc/audacity.profile new file mode 100644 index 000000000..8971ce1a2 --- /dev/null +++ b/etc/audacity.profile | |||
@@ -0,0 +1,16 @@ | |||
1 | # Audacity profile | ||
2 | noblacklist ~/.audacity-data | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-devel.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | nogroups | ||
14 | #private-bin audacity | ||
15 | protocol unix,inet,inet6 | ||
16 | seccomp | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 70deb2b0c..e9dd331aa 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -32,6 +32,7 @@ blacklist ${HOME}/.config/vlc | |||
32 | blacklist ${HOME}/.config/mpv | 32 | blacklist ${HOME}/.config/mpv |
33 | blacklist ${HOME}/.config/totem | 33 | blacklist ${HOME}/.config/totem |
34 | blacklist ${HOME}/.config/xplayer | 34 | blacklist ${HOME}/.config/xplayer |
35 | blacklist ${HOME}/.audacity-data | ||
35 | 36 | ||
36 | # HTTP / FTP / Mail | 37 | # HTTP / FTP / Mail |
37 | blacklist ${HOME}/.icedove | 38 | blacklist ${HOME}/.icedove |
diff --git a/etc/xzdec.profile b/etc/xzdec.profile new file mode 100644 index 000000000..f29f7360c --- /dev/null +++ b/etc/xzdec.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | # Firejail profile for XZ decompressor | ||
2 | # xzdec.profile | ||
3 | |||
4 | include /etc/firejail/disable-mgmt.inc | ||
5 | include /etc/firejail/disable-secret.inc | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | |||
9 | caps.drop all | ||
10 | seccomp | ||
11 | tracelog | ||
12 | noroot | ||
13 | shell none | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 574567f4d..eca804ab6 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -118,3 +118,4 @@ | |||
118 | /etc/firejail/lowriter.profile | 118 | /etc/firejail/lowriter.profile |
119 | /etc/firejail/pix.profile | 119 | /etc/firejail/pix.profile |
120 | /etc/firejail/soffice.profile | 120 | /etc/firejail/soffice.profile |
121 | /etc/firejail/audacity.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 7340e430e..35338d427 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -83,6 +83,7 @@ warzone2100 | |||
83 | 83 | ||
84 | # Media | 84 | # Media |
85 | audacious | 85 | audacious |
86 | audacity | ||
86 | clementine | 87 | clementine |
87 | cmus | 88 | cmus |
88 | deadbeef | 89 | deadbeef |
diff --git a/strings.profile b/strings.profile new file mode 100644 index 000000000..ea6d4b415 --- /dev/null +++ b/strings.profile | |||
@@ -0,0 +1,12 @@ | |||
1 | noblacklist ~/.config | ||
2 | |||
3 | include /usr/local/etc/firejail/disable-common.inc | ||
4 | include /usr/local/etc/firejail/disable-programs.inc | ||
5 | include /usr/local/etc/firejail/disable-devel.inc | ||
6 | include /usr/local/etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | caps.drop all | ||
9 | noroot | ||
10 | nonewprivs | ||
11 | seccomp | ||
12 | tracelog | ||