diff options
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 6 | ||||
-rw-r--r-- | Makefile | 5 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | etc/profile-a-l/audacity.profile | 3 | ||||
-rw-r--r-- | etc/profile-a-l/gdu.profile | 46 | ||||
-rw-r--r-- | etc/profile-m-z/makepkg.profile | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
7 files changed, 58 insertions, 6 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4a09ad9d8..e5e86d8e0 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -53,7 +53,7 @@ jobs: | |||
53 | 53 | ||
54 | # Initializes the CodeQL tools for scanning. | 54 | # Initializes the CodeQL tools for scanning. |
55 | - name: Initialize CodeQL | 55 | - name: Initialize CodeQL |
56 | uses: github/codeql-action/init@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 | 56 | uses: github/codeql-action/init@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 |
57 | with: | 57 | with: |
58 | languages: ${{ matrix.language }} | 58 | languages: ${{ matrix.language }} |
59 | # If you wish to specify custom queries, you can do so here or in a config file. | 59 | # If you wish to specify custom queries, you can do so here or in a config file. |
@@ -64,7 +64,7 @@ jobs: | |||
64 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 64 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
65 | # If this step fails, then you should remove it and run the build manually (see below) | 65 | # If this step fails, then you should remove it and run the build manually (see below) |
66 | - name: Autobuild | 66 | - name: Autobuild |
67 | uses: github/codeql-action/autobuild@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 | 67 | uses: github/codeql-action/autobuild@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 |
68 | 68 | ||
69 | # âšī¸ Command-line programs to run using the OS shell. | 69 | # âšī¸ Command-line programs to run using the OS shell. |
70 | # đ https://git.io/JvXDl | 70 | # đ https://git.io/JvXDl |
@@ -78,4 +78,4 @@ jobs: | |||
78 | # make release | 78 | # make release |
79 | 79 | ||
80 | - name: Perform CodeQL Analysis | 80 | - name: Perform CodeQL Analysis |
81 | uses: github/codeql-action/analyze@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 | 81 | uses: github/codeql-action/analyze@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 |
@@ -179,8 +179,8 @@ uninstall: config.mk | |||
179 | rm -f $(DESTDIR)$(bindir)/firejail | 179 | rm -f $(DESTDIR)$(bindir)/firejail |
180 | rm -f $(DESTDIR)$(bindir)/firemon | 180 | rm -f $(DESTDIR)$(bindir)/firemon |
181 | rm -f $(DESTDIR)$(bindir)/firecfg | 181 | rm -f $(DESTDIR)$(bindir)/firecfg |
182 | rm -f $(DESTDIR)$(bindir)/jailcheck | ||
182 | rm -fr $(DESTDIR)$(libdir)/firejail | 183 | rm -fr $(DESTDIR)$(libdir)/firejail |
183 | rm -fr $(DESTDIR)$(libdir)/jailcheck | ||
184 | rm -fr $(DESTDIR)$(datarootdir)/doc/firejail | 184 | rm -fr $(DESTDIR)$(datarootdir)/doc/firejail |
185 | for man in $(MANPAGES); do \ | 185 | for man in $(MANPAGES); do \ |
186 | rm -f $(DESTDIR)$(mandir)/man5/$$man*; \ | 186 | rm -f $(DESTDIR)$(mandir)/man5/$$man*; \ |
@@ -189,6 +189,9 @@ uninstall: config.mk | |||
189 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail | 189 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail |
190 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon | 190 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon |
191 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg | 191 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg |
192 | rm -f $(DESTDIR)$(datarootdir)/zsh/site-functions/_firejail | ||
193 | rm -f $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect/firejail.vim | ||
194 | rm -f $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax/firejail.vim | ||
192 | @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)$(sysconfdir)/firejail', see #2038." | 195 | @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)$(sysconfdir)/firejail', see #2038." |
193 | 196 | ||
194 | DISTFILES = \ | 197 | DISTFILES = \ |
@@ -221,4 +221,4 @@ Stats: | |||
221 | 221 | ||
222 | ### New profiles: | 222 | ### New profiles: |
223 | 223 | ||
224 | onionshare, onionshare-cli, opera-developer, songrec | 224 | onionshare, onionshare-cli, opera-developer, songrec, gdu |
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile index b517620db..2831fec72 100644 --- a/etc/profile-a-l/audacity.profile +++ b/etc/profile-a-l/audacity.profile | |||
@@ -20,7 +20,8 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | apparmor | 23 | ## Enabling App Armor appears to break some Fedora / Arch installs |
24 | #apparmor | ||
24 | caps.drop all | 25 | caps.drop all |
25 | net none | 26 | net none |
26 | no3d | 27 | no3d |
diff --git a/etc/profile-a-l/gdu.profile b/etc/profile-a-l/gdu.profile new file mode 100644 index 000000000..783183bea --- /dev/null +++ b/etc/profile-a-l/gdu.profile | |||
@@ -0,0 +1,46 @@ | |||
1 | # Firejail profile for gdu | ||
2 | # Description: Fast disk usage analyzer with console interface | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include gdu.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
12 | include disable-exec.inc | ||
13 | |||
14 | apparmor | ||
15 | caps.drop all | ||
16 | ipc-namespace | ||
17 | machine-id | ||
18 | net none | ||
19 | no3d | ||
20 | nodvd | ||
21 | nogroups | ||
22 | noinput | ||
23 | nonewprivs | ||
24 | noroot | ||
25 | nosound | ||
26 | notv | ||
27 | nou2f | ||
28 | novideo | ||
29 | # block the socket syscall to simulate an be empty protocol line, see #639 | ||
30 | seccomp socket | ||
31 | seccomp.block-secondary | ||
32 | x11 none | ||
33 | |||
34 | private-dev | ||
35 | |||
36 | dbus-user none | ||
37 | dbus-system none | ||
38 | |||
39 | memory-deny-write-execute | ||
40 | |||
41 | # gdu has built-in delete (d), empty (e) dir/file support and shell spawning (b) features. | ||
42 | # Depending on workflow and use case the sandbox can be hardened by adding the | ||
43 | # lines below to your gdu.local if you don't need/want these functionalities. | ||
44 | #include disable-shell.inc | ||
45 | #private-bin gdu | ||
46 | #read-only ${HOME} | ||
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index dd2f0b318..4ec6ef82e 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # Firejail profile for makepkg | 1 | # Firejail profile for makepkg |
2 | # Description: A utility to automate the building of Arch Linux packages | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | quiet | 4 | quiet |
4 | # Persistent local customizations | 5 | # Persistent local customizations |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 71cec5eaf..1e10258d5 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -289,6 +289,7 @@ gapplication | |||
289 | gcalccmd | 289 | gcalccmd |
290 | gcloud | 290 | gcloud |
291 | gconf-editor | 291 | gconf-editor |
292 | gdu | ||
292 | geany | 293 | geany |
293 | geary | 294 | geary |
294 | gedit | 295 | gedit |