diff options
-rw-r--r-- | Makefile.in | 3 | ||||
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 3 | ||||
-rw-r--r-- | etc/atril.profile | 7 | ||||
-rw-r--r-- | etc/disable-programs.inc | 17 | ||||
-rw-r--r-- | etc/xplayer.profile | 15 | ||||
-rw-r--r-- | etc/xreader.profile | 16 | ||||
-rw-r--r-- | etc/xviewer.profile | 13 | ||||
-rw-r--r-- | platform/debian/conffiles | 3 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 4 |
11 files changed, 72 insertions, 12 deletions
diff --git a/Makefile.in b/Makefile.in index fdf247255..2d49f88e1 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -180,6 +180,9 @@ realinstall: | |||
180 | install -c -m 0644 .etc/quiterss.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 180 | install -c -m 0644 .etc/quiterss.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
181 | install -c -m 0644 .etc/cyberfox.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 181 | install -c -m 0644 .etc/cyberfox.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
182 | install -c -m 0644 .etc/snap.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 182 | install -c -m 0644 .etc/snap.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
183 | install -c -m 0644 .etc/xplayer.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
184 | install -c -m 0644 .etc/xreader.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
185 | install -c -m 0644 .etc/xviewer.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
183 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 186 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
184 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 187 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
185 | rm -fr .etc | 188 | rm -fr .etc |
@@ -70,6 +70,7 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
70 | - fixed disable-common.inc for mate-terminal | 70 | - fixed disable-common.inc for mate-terminal |
71 | - blacklisted escape-happy terminals in disable-common.inc | 71 | - blacklisted escape-happy terminals in disable-common.inc |
72 | - blacklisted g++ | 72 | - blacklisted g++ |
73 | - added xplayer, xreader, and xviewer profiles | ||
73 | Petter Reinholdtsen (pere@hungry.com) | 74 | Petter Reinholdtsen (pere@hungry.com) |
74 | - Opera profile patch | 75 | - Opera profile patch |
75 | n1trux (https://github.com/n1trux) | 76 | n1trux (https://github.com/n1trux) |
@@ -283,6 +283,6 @@ $ man firejail-profile | |||
283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, | 283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, |
284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf, | 284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf, |
285 | Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium, Google-Play-Music-Desktop-Player, quiterss, | 285 | Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium, Google-Play-Music-Desktop-Player, quiterss, |
286 | cyberfox, generic Ubuntu snap application profile | 286 | cyberfox, generic Ubuntu snap application profile, xplayer, xreader, xviewer |
287 | 287 | ||
288 | 288 | ||
@@ -23,7 +23,8 @@ firejail (0.9.40-rc1) baseline; urgency=low | |||
23 | * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100 | 23 | * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100 |
24 | * new profiles: okular, gwenview, Google-Play-Music-Desktop-Player | 24 | * new profiles: okular, gwenview, Google-Play-Music-Desktop-Player |
25 | * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox | 25 | * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox |
26 | * new profiles: generic Ubuntu snap application profile | 26 | * new profiles: generic Ubuntu snap application profile, xplayer |
27 | * new profiles: xreader, xplayer | ||
27 | * generic.profile renamed default.profile | 28 | * generic.profile renamed default.profile |
28 | * build rpm packages using "make rpms" | 29 | * build rpm packages using "make rpms" |
29 | * bugfixes | 30 | * bugfixes |
diff --git a/etc/atril.profile b/etc/atril.profile index c5b2abc48..d1a7b25f8 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -1,5 +1,6 @@ | |||
1 | # Atril profile | 1 | # Atril profile |
2 | noblacklist ~/.config/atril | 2 | noblacklist ~/.config/atril |
3 | noblacklist ~/.local/share | ||
3 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
@@ -8,10 +9,6 @@ include /etc/firejail/disable-passwdmgr.inc | |||
8 | caps.drop all | 9 | caps.drop all |
9 | seccomp | 10 | seccomp |
10 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
11 | net none | ||
12 | noroot | 12 | noroot |
13 | tracelog | 13 | tracelog |
14 | 14 | netfilter | |
15 | mkdir ~/.config | ||
16 | mkdir ~/.config/atril | ||
17 | whitelist ~/.config/atril | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 297d25bf2..1f3768693 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -12,17 +12,22 @@ blacklist ${HOME}/.config/uGet | |||
12 | blacklist ${HOME}/.config/Gpredict | 12 | blacklist ${HOME}/.config/Gpredict |
13 | blacklist ${HOME}/.config/aweather | 13 | blacklist ${HOME}/.config/aweather |
14 | blacklist ${HOME}/.config/stellarium | 14 | blacklist ${HOME}/.config/stellarium |
15 | blacklist ~/.kde/share/apps/okular | 15 | blacklist ${HOME}/.config/atril |
16 | blacklist ~/.kde/share/config/okularrc | 16 | blacklist ${HOME}/.config/xreader |
17 | blacklist ~/.kde/share/config/okularpartrc | 17 | blacklist ${HOME}/.config/xviewer |
18 | blacklist ~/.kde/share/apps/gwenview | 18 | blacklist ${HOME}/.kde/share/apps/okular |
19 | blacklist ~/.kde/share/config/gwenviewrc | 19 | blacklist ${HOME}/.kde/share/config/okularrc |
20 | blacklist ${HOME}/.kde/share/config/okularpartrc | ||
21 | blacklist ${HOME}/.kde/share/apps/gwenview | ||
22 | blacklist ${HOME}/.kde/share/config/gwenviewrc | ||
20 | 23 | ||
21 | # Media players | 24 | # Media players |
22 | blacklist ${HOME}/.config/cmus | 25 | blacklist ${HOME}/.config/cmus |
23 | blacklist ${HOME}/.config/deadbeef | 26 | blacklist ${HOME}/.config/deadbeef |
24 | blacklist ${HOME}/.config/spotify | 27 | blacklist ${HOME}/.config/spotify |
25 | blacklist ${HOME}/.config/vlc | 28 | blacklist ${HOME}/.config/vlc |
29 | blacklist ${HOME}/.config/totem | ||
30 | blacklist ${HOME}/.config/xplayer | ||
26 | 31 | ||
27 | # HTTP / FTP / Mail | 32 | # HTTP / FTP / Mail |
28 | blacklist ${HOME}/.icedove | 33 | blacklist ${HOME}/.icedove |
@@ -95,6 +100,7 @@ blacklist ${HOME}/.cache/transmission | |||
95 | blacklist ${HOME}/.cache/wesnoth | 100 | blacklist ${HOME}/.cache/wesnoth |
96 | blacklist ${HOME}/.cache/0ad | 101 | blacklist ${HOME}/.cache/0ad |
97 | blacklist ${HOME}/.cache/8pecxstudios | 102 | blacklist ${HOME}/.cache/8pecxstudios |
103 | blacklist ${HOME}/.cache/xreader | ||
98 | 104 | ||
99 | # share | 105 | # share |
100 | blacklist ${HOME}/.local/share/epiphany | 106 | blacklist ${HOME}/.local/share/epiphany |
@@ -103,3 +109,4 @@ blacklist ${HOME}/.local/share/spotify | |||
103 | blacklist ${HOME}/.local/share/steam | 109 | blacklist ${HOME}/.local/share/steam |
104 | blacklist ${HOME}/.local/share/wesnoth | 110 | blacklist ${HOME}/.local/share/wesnoth |
105 | blacklist ${HOME}/.local/share/0ad | 111 | blacklist ${HOME}/.local/share/0ad |
112 | blacklist ${HOME}/.local/share/xplayer | ||
diff --git a/etc/xplayer.profile b/etc/xplayer.profile new file mode 100644 index 000000000..67a46a7da --- /dev/null +++ b/etc/xplayer.profile | |||
@@ -0,0 +1,15 @@ | |||
1 | # Xplayer profile | ||
2 | noblacklist ~/.config/xplayer | ||
3 | noblacklist ~/.local/share/xplayer | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | seccomp | ||
12 | protocol unix,inet,inet6 | ||
13 | noroot | ||
14 | tracelog | ||
15 | netfilter | ||
diff --git a/etc/xreader.profile b/etc/xreader.profile new file mode 100644 index 000000000..7b72d41a6 --- /dev/null +++ b/etc/xreader.profile | |||
@@ -0,0 +1,16 @@ | |||
1 | # Xreader profile | ||
2 | noblacklist ~/.config/xreader | ||
3 | noblacklist ~/.cache/xreader | ||
4 | noblacklist ~/.local/share | ||
5 | |||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-devel.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | |||
11 | caps.drop all | ||
12 | seccomp | ||
13 | protocol unix,inet,inet6 | ||
14 | noroot | ||
15 | tracelog | ||
16 | netfilter | ||
diff --git a/etc/xviewer.profile b/etc/xviewer.profile new file mode 100644 index 000000000..33e1e3c68 --- /dev/null +++ b/etc/xviewer.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | noblacklist ~/.config/xviewer | ||
2 | |||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-devel.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | caps.drop all | ||
9 | seccomp | ||
10 | protocol unix,inet,inet6 | ||
11 | noroot | ||
12 | tracelog | ||
13 | netfilter | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 109af24d7..4f118d571 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -94,3 +94,6 @@ | |||
94 | /etc/firejail/quiterss.profile | 94 | /etc/firejail/quiterss.profile |
95 | /etc/firejail/cyberfox.profile | 95 | /etc/firejail/cyberfox.profile |
96 | /etc/firejail/snap.profile | 96 | /etc/firejail/snap.profile |
97 | /etc/firejail/xplayer.profile | ||
98 | /etc/firejail/xreader.profile | ||
99 | /etc/firejail/xviewer.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 3812ee7d8..d019c3a5c 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -60,6 +60,8 @@ Mathematica | |||
60 | mathematica | 60 | mathematica |
61 | gwenview | 61 | gwenview |
62 | okular | 62 | okular |
63 | atril | ||
64 | xreader | ||
63 | 65 | ||
64 | # Media | 66 | # Media |
65 | vlc | 67 | vlc |
@@ -70,6 +72,8 @@ parole | |||
70 | rhythmbox | 72 | rhythmbox |
71 | totem | 73 | totem |
72 | cmus | 74 | cmus |
75 | xplayer | ||
76 | xviewer | ||
73 | 77 | ||
74 | # chat/messaging | 78 | # chat/messaging |
75 | bitlbee | 79 | bitlbee |