diff options
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/gthumb.profile | 17 | ||||
-rw-r--r-- | etc/mpv.profile | 14 | ||||
-rw-r--r-- | platform/debian/conffiles | 2 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 |
8 files changed, 41 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in index ea6299b3e..c7897145a 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -189,6 +189,8 @@ realinstall: | |||
189 | install -c -m 0644 .etc/psi-plus.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 189 | install -c -m 0644 .etc/psi-plus.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
190 | install -c -m 0644 .etc/brave.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 190 | install -c -m 0644 .etc/brave.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
191 | install -c -m 0644 .etc/gitter.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 191 | install -c -m 0644 .etc/gitter.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
192 | install -c -m 0644 .etc/gthumb.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
193 | install -c -m 0644 .etc/mpv.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
192 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 194 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
193 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 195 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
194 | rm -fr .etc | 196 | rm -fr .etc |
@@ -67,4 +67,4 @@ AppImage project home: https://github.com/probonopd/AppImageKit | |||
67 | 67 | ||
68 | ## New security profiles | 68 | ## New security profiles |
69 | 69 | ||
70 | Gitter | 70 | Gitter, gThumb, mpv |
@@ -1,6 +1,6 @@ | |||
1 | firejail (0.9.41) baseline; urgency=low | 1 | firejail (0.9.41) baseline; urgency=low |
2 | * work in progress... | 2 | * work in progress... |
3 | * new profiles: Gitter | 3 | * new profiles: Gitter, gThumb, mpv |
4 | -- netblue30 <netblue30@yahoo.com> Tue, 31 May 2016 08:00:00 -0500 | 4 | -- netblue30 <netblue30@yahoo.com> Tue, 31 May 2016 08:00:00 -0500 |
5 | 5 | ||
6 | firejail (0.9.40) baseline; urgency=low | 6 | firejail (0.9.40) baseline; urgency=low |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 1f86a0ebe..04cc1ac7a 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -6,6 +6,7 @@ blacklist ${HOME}/.wine | |||
6 | blacklist ${HOME}/.Mathematica | 6 | blacklist ${HOME}/.Mathematica |
7 | blacklist ${HOME}/.Wolfram Research | 7 | blacklist ${HOME}/.Wolfram Research |
8 | blacklist ${HOME}/.stellarium | 8 | blacklist ${HOME}/.stellarium |
9 | blacklist ${HOME}/.config/gthumb | ||
9 | blacklist ${HOME}/.config/mupen64plus | 10 | blacklist ${HOME}/.config/mupen64plus |
10 | blacklist ${HOME}/.config/transmission | 11 | blacklist ${HOME}/.config/transmission |
11 | blacklist ${HOME}/.config/uGet | 12 | blacklist ${HOME}/.config/uGet |
@@ -26,6 +27,7 @@ blacklist ${HOME}/.config/cmus | |||
26 | blacklist ${HOME}/.config/deadbeef | 27 | blacklist ${HOME}/.config/deadbeef |
27 | blacklist ${HOME}/.config/spotify | 28 | blacklist ${HOME}/.config/spotify |
28 | blacklist ${HOME}/.config/vlc | 29 | blacklist ${HOME}/.config/vlc |
30 | blacklist ${HOME}/.config/mpv | ||
29 | blacklist ${HOME}/.config/totem | 31 | blacklist ${HOME}/.config/totem |
30 | blacklist ${HOME}/.config/xplayer | 32 | blacklist ${HOME}/.config/xplayer |
31 | 33 | ||
diff --git a/etc/gthumb.profile b/etc/gthumb.profile new file mode 100644 index 000000000..55041b5cc --- /dev/null +++ b/etc/gthumb.profile | |||
@@ -0,0 +1,17 @@ | |||
1 | # gthumb profile | ||
2 | noblacklist ${HOME}/.config/gthumb | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | protocol unix,inet,inet6 | ||
14 | seccomp | ||
15 | |||
16 | private-bin gthumb | ||
17 | shell none | ||
diff --git a/etc/mpv.profile b/etc/mpv.profile new file mode 100644 index 000000000..0a8a6103f --- /dev/null +++ b/etc/mpv.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # mpv media player profile | ||
2 | noblacklist ${HOME}/.config/mpv | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | protocol unix,inet,inet6 | ||
14 | seccomp | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 7ae5ca1b9..b4bbdb36a 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -103,3 +103,5 @@ | |||
103 | /etc/firejail/psi-plus.profile | 103 | /etc/firejail/psi-plus.profile |
104 | /etc/firejail/brave.profile | 104 | /etc/firejail/brave.profile |
105 | /etc/firejail/gitter.profile | 105 | /etc/firejail/gitter.profile |
106 | /etc/firejail/gthumb.profile | ||
107 | /etc/firejail/mpv.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 566fb156f..8bb90bf4a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -87,6 +87,7 @@ cmus | |||
87 | deadbeef | 87 | deadbeef |
88 | gnome-mplayer | 88 | gnome-mplayer |
89 | google-play-music-desktop-player | 89 | google-play-music-desktop-player |
90 | mpv | ||
90 | parole | 91 | parole |
91 | rhythmbox | 92 | rhythmbox |
92 | spotify | 93 | spotify |
@@ -104,6 +105,7 @@ cherrytree | |||
104 | evince | 105 | evince |
105 | fbreader | 106 | fbreader |
106 | gwenview | 107 | gwenview |
108 | gthumb | ||
107 | Mathematica | 109 | Mathematica |
108 | mathematica | 110 | mathematica |
109 | okular | 111 | okular |