diff options
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/2048-qt.profile | 27 | ||||
-rw-r--r-- | etc/blender.profile | 28 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | platform/debian/conffiles | 2 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 |
8 files changed, 64 insertions, 1 deletions
@@ -394,6 +394,7 @@ startx2017 (https://github.com/startx2017) | |||
394 | - --quiet fixes | 394 | - --quiet fixes |
395 | - 0.9.38-LTS branch maintainer | 395 | - 0.9.38-LTS branch maintainer |
396 | - firemon --top speed-up | 396 | - firemon --top speed-up |
397 | - Blender and 2048-qt profiles | ||
397 | thewisenerd (https://github.com/thewisenerd) | 398 | thewisenerd (https://github.com/thewisenerd) |
398 | - allow multiple private-home commands | 399 | - allow multiple private-home commands |
399 | - use $SHELL variable if the shell is not specified | 400 | - use $SHELL variable if the shell is not specified |
@@ -219,4 +219,4 @@ Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, Me | |||
219 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, | 219 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, |
220 | Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, | 220 | Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, |
221 | mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap, | 221 | mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap, |
222 | knotes, clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr | 222 | knotes, clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr, Blender, 2048-qt |
@@ -49,6 +49,7 @@ firejail (0.9.46-rc1) baseline; urgency=low | |||
49 | * new profiles: mate-calc, mate-dictionary, mate-color-select, caja, | 49 | * new profiles: mate-calc, mate-dictionary, mate-color-select, caja, |
50 | * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes | 50 | * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes |
51 | * new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr | 51 | * new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr |
52 | * new profiles: Blender, 2048-qt | ||
52 | * bugfixes | 53 | * bugfixes |
53 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 | 54 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 |
54 | 55 | ||
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile new file mode 100644 index 000000000..f0ec90ee7 --- /dev/null +++ b/etc/2048-qt.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/2048-qt.local | ||
4 | |||
5 | noblacklist ~/.config/xiaoyong | ||
6 | noblacklist ~/.config/2048-qt | ||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | |||
11 | caps.drop all | ||
12 | netfilter | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | protocol unix,inet,inet6 | ||
16 | seccomp | ||
17 | |||
18 | # | ||
19 | # depending on your usage, you can enable some of the commands below: | ||
20 | # | ||
21 | nogroups | ||
22 | shell none | ||
23 | # private-bin program | ||
24 | # private-etc none | ||
25 | # private-dev | ||
26 | # private-tmp | ||
27 | nosound | ||
diff --git a/etc/blender.profile b/etc/blender.profile new file mode 100644 index 000000000..fac6f7731 --- /dev/null +++ b/etc/blender.profile | |||
@@ -0,0 +1,28 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/blender.local | ||
4 | |||
5 | noblacklist ~/.config/blender | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6,netlink | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on your usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | # private-dev | ||
25 | # private-tmp | ||
26 | |||
27 | # blender uses the sound system | ||
28 | # nosound | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 29da32bbf..0ee47a89e 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -21,6 +21,7 @@ blacklist ${HOME}/.bcast5 | |||
21 | blacklist ${HOME}/.bibletime | 21 | blacklist ${HOME}/.bibletime |
22 | blacklist ${HOME}/.claws-mail | 22 | blacklist ${HOME}/.claws-mail |
23 | blacklist ${HOME}/.config/0ad | 23 | blacklist ${HOME}/.config/0ad |
24 | blacklist ${HOME}/.config/2048-qt | ||
24 | blacklist ${HOME}/.config/akregatorrc | 25 | blacklist ${HOME}/.config/akregatorrc |
25 | blacklist ${HOME}/.config/Atom | 26 | blacklist ${HOME}/.config/Atom |
26 | blacklist ${HOME}/.config/Audaciousrc | 27 | blacklist ${HOME}/.config/Audaciousrc |
@@ -151,6 +152,7 @@ blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | |||
151 | blacklist ${HOME}/.config/xfce4/xfce4-notes.rc | 152 | blacklist ${HOME}/.config/xfce4/xfce4-notes.rc |
152 | blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | 153 | blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc |
153 | blacklist ${HOME}/.config/xfce4-dict | 154 | blacklist ${HOME}/.config/xfce4-dict |
155 | blacklist ${HOME}/.config/xiaoyong | ||
154 | blacklist ${HOME}/.config/xmms2 | 156 | blacklist ${HOME}/.config/xmms2 |
155 | blacklist ${HOME}/.config/xplayer | 157 | blacklist ${HOME}/.config/xplayer |
156 | blacklist ${HOME}/.config/xreader | 158 | blacklist ${HOME}/.config/xreader |
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index ae7924140..af2f72d01 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -298,3 +298,5 @@ | |||
298 | /etc/firejail/qlipper.profile | 298 | /etc/firejail/qlipper.profile |
299 | /etc/firejail/Xvfb.profile | 299 | /etc/firejail/Xvfb.profile |
300 | /etc/firejail/Xephyr.profile | 300 | /etc/firejail/Xephyr.profile |
301 | /etc/firejail/blender.profile | ||
302 | /etc/firejail/2048-qt.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 3869a5bdb..60e414755 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -2,6 +2,7 @@ | |||
2 | # This is the list of programs in alfabetical order handled by firecfg utility | 2 | # This is the list of programs in alfabetical order handled by firecfg utility |
3 | # | 3 | # |
4 | 0ad | 4 | 0ad |
5 | 2048-qt | ||
5 | abrowser | 6 | abrowser |
6 | akregator | 7 | akregator |
7 | amarok | 8 | amarok |
@@ -19,6 +20,7 @@ bibletime | |||
19 | bitlbee | 20 | bitlbee |
20 | bleachbit | 21 | bleachbit |
21 | bless | 22 | bless |
23 | blender | ||
22 | brasero | 24 | brasero |
23 | brave | 25 | brave |
24 | cherrytree | 26 | cherrytree |