diff options
-rw-r--r-- | README.md | 6 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/gpicview.profile | 27 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
6 files changed, 34 insertions, 4 deletions
@@ -112,7 +112,7 @@ Added AppImage type 2 support, and support for passing command line arguments to | |||
112 | 112 | ||
113 | Example: | 113 | Example: |
114 | $ firejail --hosts-file=~/myhosts firefox | 114 | $ firejail --hosts-file=~/myhosts firefox |
115 | 115 | ||
116 | --writable-var-log | 116 | --writable-var-log |
117 | Use the real /var/log directory, not a clone. By default, a | 117 | Use the real /var/log directory, not a clone. By default, a |
118 | tmpfs is mounted on top of /var/log directory, and a skeleton | 118 | tmpfs is mounted on top of /var/log directory, and a skeleton |
@@ -120,7 +120,7 @@ Added AppImage type 2 support, and support for passing command line arguments to | |||
120 | 120 | ||
121 | Example: | 121 | Example: |
122 | $ sudo firejail --writable-var-log | 122 | $ sudo firejail --writable-var-log |
123 | 123 | ||
124 | --git-install | 124 | --git-install |
125 | Download, compile and install mainline git version of Firejail | 125 | Download, compile and install mainline git version of Firejail |
126 | from the official repository on GitHub. The software is | 126 | from the official repository on GitHub. The software is |
@@ -195,4 +195,4 @@ goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nau | |||
195 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, | 195 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, |
196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, | 196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, |
197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, | 197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, |
198 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad | 198 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview |
@@ -41,7 +41,7 @@ firejail (0.9.45) baseline; urgency=low | |||
41 | * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, | 41 | * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, |
42 | * new profies: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, | 42 | * new profies: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, |
43 | * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa | 43 | * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa |
44 | * new profiles: Scribus, mousepad | 44 | * new profiles: Scribus, mousepad, gpicview |
45 | * bugfixes | 45 | * bugfixes |
46 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 | 46 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 |
47 | 47 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 39a8ed4f5..eeb5bc663 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -71,6 +71,7 @@ blacklist ${HOME}/.config/gedit | |||
71 | blacklist ${HOME}/.config/google-chrome | 71 | blacklist ${HOME}/.config/google-chrome |
72 | blacklist ${HOME}/.config/google-chrome-beta | 72 | blacklist ${HOME}/.config/google-chrome-beta |
73 | blacklist ${HOME}/.config/google-chrome-unstable | 73 | blacklist ${HOME}/.config/google-chrome-unstable |
74 | blacklist ${HOME}./config/gpicview | ||
74 | blacklist ${HOME}/.config/gthumb | 75 | blacklist ${HOME}/.config/gthumb |
75 | blacklist ${HOME}/.config/gwenviewrc | 76 | blacklist ${HOME}/.config/gwenviewrc |
76 | blacklist ${HOME}/.config/hexchat | 77 | blacklist ${HOME}/.config/hexchat |
diff --git a/etc/gpicview.profile b/etc/gpicview.profile new file mode 100644 index 000000000..7a8188665 --- /dev/null +++ b/etc/gpicview.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/gpicview.local | ||
4 | |||
5 | # Firejail profile for GPicView | ||
6 | noblacklist ~/.config/gpicview | ||
7 | |||
8 | include /etc/firejail/disable-common.inc | ||
9 | include /etc/firejail/disable-programs.inc | ||
10 | include /etc/firejail/disable-devel.inc | ||
11 | include /etc/firejail/disable-passwdmgr.inc | ||
12 | |||
13 | caps.drop all | ||
14 | net none | ||
15 | nogroups | ||
16 | nonewprivs | ||
17 | noroot | ||
18 | nosound | ||
19 | protocol unix | ||
20 | seccomp | ||
21 | shell none | ||
22 | tracelog | ||
23 | |||
24 | private-bin gpicview | ||
25 | private-dev | ||
26 | private-etc fonts | ||
27 | private-tmp | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 253af3f01..a31f13200 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -90,6 +90,7 @@ | |||
90 | /etc/firejail/gpa.profile | 90 | /etc/firejail/gpa.profile |
91 | /etc/firejail/gpg-agent.profile | 91 | /etc/firejail/gpg-agent.profile |
92 | /etc/firejail/gpg.profile | 92 | /etc/firejail/gpg.profile |
93 | /etc/firejail/gpicview.profile | ||
93 | /etc/firejail/gpredict.profile | 94 | /etc/firejail/gpredict.profile |
94 | /etc/firejail/gtar.profile | 95 | /etc/firejail/gtar.profile |
95 | /etc/firejail/gthumb.profile | 96 | /etc/firejail/gthumb.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 1db8736e9..5bfd94736 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -123,6 +123,7 @@ gnome-mplayer | |||
123 | gnome-music | 123 | gnome-music |
124 | goobox | 124 | goobox |
125 | google-play-music-desktop-player | 125 | google-play-music-desktop-player |
126 | gpicview | ||
126 | img2txt | 127 | img2txt |
127 | k3b | 128 | k3b |
128 | mediainfo | 129 | mediainfo |