diff options
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | etc/evince.profile | 2 | ||||
-rw-r--r-- | etc/firefox.profile | 3 | ||||
-rw-r--r-- | etc/mupdf.profile | 2 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 |
6 files changed, 9 insertions, 5 deletions
@@ -80,6 +80,8 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
80 | - evince profile enhancement | 80 | - evince profile enhancement |
81 | - tightened Spotify profile | 81 | - tightened Spotify profile |
82 | - added xiphos and Tor Browser Bundle profiles | 82 | - added xiphos and Tor Browser Bundle profiles |
83 | BogDan Vatra (https://github.com/bog-dan-ro) | ||
84 | - zoom profile | ||
83 | Impyy (https://github.com/Impyy) | 85 | Impyy (https://github.com/Impyy) |
84 | - added mumble profile | 86 | - added mumble profile |
85 | valoq (https://github.com/valoq) | 87 | valoq (https://github.com/valoq) |
@@ -88,6 +90,8 @@ valoq (https://github.com/valoq) | |||
88 | - added support for /srv in --whitelist feature | 90 | - added support for /srv in --whitelist feature |
89 | - Eye of GNOME, Evolution, display (imagemagik) and Wire profiles | 91 | - Eye of GNOME, Evolution, display (imagemagik) and Wire profiles |
90 | - blacklist suid binaries in disable-common.inc | 92 | - blacklist suid binaries in disable-common.inc |
93 | - fix man pages | ||
94 | - various profile improvements | ||
91 | Vadim A. Misbakh-Soloviov (https://github.com/msva) | 95 | Vadim A. Misbakh-Soloviov (https://github.com/msva) |
92 | - profile fixes | 96 | - profile fixes |
93 | Rafael Cavalcanti (https://github.com/rccavalcanti) | 97 | Rafael Cavalcanti (https://github.com/rccavalcanti) |
@@ -52,5 +52,5 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is | |||
52 | 52 | ||
53 | ````` | 53 | ````` |
54 | ## New Profiles | 54 | ## New Profiles |
55 | xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble | 55 | xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom |
56 | 56 | ||
diff --git a/etc/evince.profile b/etc/evince.profile index 9a9113c70..cbb2083f4 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -6,7 +6,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | netfilter | 8 | netfilter |
9 | net none | 9 | #net none - creates some problems on some distributions |
10 | nogroups | 10 | nogroups |
11 | nonewprivs | 11 | nonewprivs |
12 | noroot | 12 | noroot |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 7875ca6b9..3fb56fd0e 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -47,8 +47,7 @@ whitelist ~/.config/pipelight-silverlight5.1 | |||
47 | include /etc/firejail/whitelist-common.inc | 47 | include /etc/firejail/whitelist-common.inc |
48 | 48 | ||
49 | # experimental features | 49 | # experimental features |
50 | 50 | #private-bin firefox,which,sh,dbus-launch,dbus-send,env | |
51 | private-bin firefox,which,sh,dbus-launch,dbus-send,env | ||
52 | private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse | 51 | private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse |
53 | private-dev | 52 | private-dev |
54 | private-tmp | 53 | private-tmp |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 65e6a8978..e022866e8 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -16,7 +16,7 @@ net none | |||
16 | shell none | 16 | shell none |
17 | tracelog | 17 | tracelog |
18 | 18 | ||
19 | seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev | 19 | #seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev |
20 | 20 | ||
21 | private-bin mupdf | 21 | private-bin mupdf |
22 | private-tmp | 22 | private-tmp |
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index df660ab4f..ae8db5a67 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -171,3 +171,4 @@ | |||
171 | /etc/firejail/display.profile | 171 | /etc/firejail/display.profile |
172 | /etc/firejail/Wire.profile | 172 | /etc/firejail/Wire.profile |
173 | /etc/firejail/mumble.profile | 173 | /etc/firejail/mumble.profile |
174 | /etc/firejail/zoom.profile | ||