diff options
206 files changed, 504 insertions, 236 deletions
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..28ee1c436 --- /dev/null +++ b/.github/pull_request_template.md | |||
@@ -0,0 +1,17 @@ | |||
1 | If you make a PR for new profiles or changeing profiles please do the following: | ||
2 | - The ordering of options follow the rules descripted in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). | ||
3 | Hint: The profile-template is very new, if you install firejail with your package-manager, it maybe missing, therefore, and to follow the latest rules, it is recommended to use the template from the repository. | ||
4 | - Order the arguments of options alphabetical, you can easy do this with the [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py). | ||
5 | The path to it depends on your distro: | ||
6 | |||
7 | | Distro | Path | | ||
8 | | ------ | ---- | | ||
9 | | Arch/Fedora | `/lib64/firejail/sort.py` | | ||
10 | | Debian/Ubuntu/Mint | `/usr/lib/x86_64-linux-gnu/firejail/sort.py` | | ||
11 | | local git clone | `contrib/sort.py` | | ||
12 | |||
13 | Note also that the sort.py script exists only since firejail `0.9.61`. | ||
14 | |||
15 | If you have no idea how to do one of these, you can open the PR anyway. | ||
16 | |||
17 | See also [CONTRIBUTING.md](/CONTRIBUTING.md). | ||
diff --git a/Makefile.in b/Makefile.in index 9d0dd69b1..9d21419bc 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -115,6 +115,7 @@ ifeq ($(HAVE_CONTRIB_INSTALL),yes) | |||
115 | install -c -m 0755 contrib/fjdisplay.py $(DESTDIR)/$(libdir)/firejail/. | 115 | install -c -m 0755 contrib/fjdisplay.py $(DESTDIR)/$(libdir)/firejail/. |
116 | install -c -m 0755 contrib/fjresize.py $(DESTDIR)/$(libdir)/firejail/. | 116 | install -c -m 0755 contrib/fjresize.py $(DESTDIR)/$(libdir)/firejail/. |
117 | install -c -m 0755 contrib/fj-mkdeb.py $(DESTDIR)/$(libdir)/firejail/. | 117 | install -c -m 0755 contrib/fj-mkdeb.py $(DESTDIR)/$(libdir)/firejail/. |
118 | install -c -m 0755 contrib/sort.py $(DESTDIR)/$(libdir)/firejail/. | ||
118 | endif | 119 | endif |
119 | # documents | 120 | # documents |
120 | install -m 0755 -d $(DESTDIR)/$(DOCDIR) | 121 | install -m 0755 -d $(DESTDIR)/$(DOCDIR) |
@@ -23,9 +23,11 @@ $ git clone https://github.com/netblue30/firejail.git | |||
23 | $ cd firejail | 23 | $ cd firejail |
24 | $ ./configure && make && sudo make install-strip | 24 | $ ./configure && make && sudo make install-strip |
25 | 25 | ||
26 | On Debian/Ubuntu you will need to install git and a compiler: | 26 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor |
27 | development libraries and pkg-config are required when using --apparmor | ||
28 | ./configure option: | ||
27 | 29 | ||
28 | $ sudo apt-get install build-essential | 30 | $ sudo apt-get install git build-essential libapparmor-dev pkg-config |
29 | 31 | ||
30 | 32 | ||
31 | 33 | ||
@@ -45,9 +45,11 @@ $ git clone https://github.com/netblue30/firejail.git | |||
45 | $ cd firejail | 45 | $ cd firejail |
46 | $ ./configure && make && sudo make install-strip | 46 | $ ./configure && make && sudo make install-strip |
47 | ````` | 47 | ````` |
48 | On Debian/Ubuntu you will need to install git and a compiler: | 48 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor |
49 | development libraries and pkg-config are required when using --apparmor | ||
50 | ./configure option: | ||
49 | ````` | 51 | ````` |
50 | $ sudo apt-get install git build-essential | 52 | $ sudo apt-get install git build-essential libapparmor-dev pkg-config |
51 | ````` | 53 | ````` |
52 | 54 | ||
53 | 55 | ||
@@ -113,4 +115,5 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
113 | 115 | ||
114 | ## New profiles: | 116 | ## New profiles: |
115 | 117 | ||
116 | klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark, keepassxc-cli, keepassxc-proxy, newsbeuter, rhythmbox-client | 118 | klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark, keepassxc-cli, keepassxc-proxy, newsbeuter, rhythmbox-client, |
119 | jerry | ||
@@ -4,7 +4,7 @@ firejail (0.9.61) baseline; urgency=low | |||
4 | * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks | 4 | * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks |
5 | * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder | 5 | * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder |
6 | * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli | 6 | * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli |
7 | * new profiles: keepassxc-proxy, rhythmbox-client | 7 | * new profiles: keepassxc-proxy, rhythmbox-client, jerry |
8 | -- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500 | 8 | -- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500 |
9 | 9 | ||
10 | firejail (0.9.60) baseline; urgency=low | 10 | firejail (0.9.60) baseline; urgency=low |
@@ -642,6 +642,7 @@ HAVE_GLOBALCFG | |||
642 | HAVE_CHROOT | 642 | HAVE_CHROOT |
643 | HAVE_SECCOMP | 643 | HAVE_SECCOMP |
644 | HAVE_PRIVATE_HOME | 644 | HAVE_PRIVATE_HOME |
645 | HAVE_FIRETUNNEL | ||
645 | HAVE_OVERLAYFS | 646 | HAVE_OVERLAYFS |
646 | EXTRA_LDFLAGS | 647 | EXTRA_LDFLAGS |
647 | EXTRA_CFLAGS | 648 | EXTRA_CFLAGS |
@@ -681,7 +682,6 @@ infodir | |||
681 | docdir | 682 | docdir |
682 | oldincludedir | 683 | oldincludedir |
683 | includedir | 684 | includedir |
684 | runstatedir | ||
685 | localstatedir | 685 | localstatedir |
686 | sharedstatedir | 686 | sharedstatedir |
687 | sysconfdir | 687 | sysconfdir |
@@ -706,6 +706,7 @@ ac_user_opts=' | |||
706 | enable_option_checking | 706 | enable_option_checking |
707 | enable_apparmor | 707 | enable_apparmor |
708 | enable_overlayfs | 708 | enable_overlayfs |
709 | enable_firetunnel | ||
709 | enable_private_home | 710 | enable_private_home |
710 | enable_seccomp | 711 | enable_seccomp |
711 | enable_chroot | 712 | enable_chroot |
@@ -773,7 +774,6 @@ datadir='${datarootdir}' | |||
773 | sysconfdir='${prefix}/etc' | 774 | sysconfdir='${prefix}/etc' |
774 | sharedstatedir='${prefix}/com' | 775 | sharedstatedir='${prefix}/com' |
775 | localstatedir='${prefix}/var' | 776 | localstatedir='${prefix}/var' |
776 | runstatedir='${localstatedir}/run' | ||
777 | includedir='${prefix}/include' | 777 | includedir='${prefix}/include' |
778 | oldincludedir='/usr/include' | 778 | oldincludedir='/usr/include' |
779 | docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' | 779 | docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' |
@@ -1026,15 +1026,6 @@ do | |||
1026 | | -silent | --silent | --silen | --sile | --sil) | 1026 | | -silent | --silent | --silen | --sile | --sil) |
1027 | silent=yes ;; | 1027 | silent=yes ;; |
1028 | 1028 | ||
1029 | -runstatedir | --runstatedir | --runstatedi | --runstated \ | ||
1030 | | --runstate | --runstat | --runsta | --runst | --runs \ | ||
1031 | | --run | --ru | --r) | ||
1032 | ac_prev=runstatedir ;; | ||
1033 | -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ | ||
1034 | | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ | ||
1035 | | --run=* | --ru=* | --r=*) | ||
1036 | runstatedir=$ac_optarg ;; | ||
1037 | |||
1038 | -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) | 1029 | -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) |
1039 | ac_prev=sbindir ;; | 1030 | ac_prev=sbindir ;; |
1040 | -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | 1031 | -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ |
@@ -1172,7 +1163,7 @@ fi | |||
1172 | for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ | 1163 | for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ |
1173 | datadir sysconfdir sharedstatedir localstatedir includedir \ | 1164 | datadir sysconfdir sharedstatedir localstatedir includedir \ |
1174 | oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ | 1165 | oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ |
1175 | libdir localedir mandir runstatedir | 1166 | libdir localedir mandir |
1176 | do | 1167 | do |
1177 | eval ac_val=\$$ac_var | 1168 | eval ac_val=\$$ac_var |
1178 | # Remove trailing slashes. | 1169 | # Remove trailing slashes. |
@@ -1325,7 +1316,6 @@ Fine tuning of the installation directories: | |||
1325 | --sysconfdir=DIR read-only single-machine data [PREFIX/etc] | 1316 | --sysconfdir=DIR read-only single-machine data [PREFIX/etc] |
1326 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] | 1317 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] |
1327 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] | 1318 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] |
1328 | --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] | ||
1329 | --libdir=DIR object code libraries [EPREFIX/lib] | 1319 | --libdir=DIR object code libraries [EPREFIX/lib] |
1330 | --includedir=DIR C header files [PREFIX/include] | 1320 | --includedir=DIR C header files [PREFIX/include] |
1331 | --oldincludedir=DIR C header files for non-gcc [/usr/include] | 1321 | --oldincludedir=DIR C header files for non-gcc [/usr/include] |
@@ -1357,6 +1347,7 @@ Optional Features: | |||
1357 | --enable-FEATURE[=ARG] include FEATURE [ARG=yes] | 1347 | --enable-FEATURE[=ARG] include FEATURE [ARG=yes] |
1358 | --enable-apparmor enable apparmor | 1348 | --enable-apparmor enable apparmor |
1359 | --disable-overlayfs disable overlayfs | 1349 | --disable-overlayfs disable overlayfs |
1350 | --disable-firetunnel disable firetunnel | ||
1360 | --disable-private-home disable private home feature | 1351 | --disable-private-home disable private home feature |
1361 | --disable-seccomp disable seccomp | 1352 | --disable-seccomp disable seccomp |
1362 | --disable-chroot disable chroot | 1353 | --disable-chroot disable chroot |
@@ -3191,6 +3182,78 @@ else | |||
3191 | : | 3182 | : |
3192 | fi | 3183 | fi |
3193 | 3184 | ||
3185 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-clash-protection" >&5 | ||
3186 | $as_echo_n "checking whether C compiler accepts -fstack-clash-protection... " >&6; } | ||
3187 | if ${ax_cv_check_cflags___fstack_clash_protection+:} false; then : | ||
3188 | $as_echo_n "(cached) " >&6 | ||
3189 | else | ||
3190 | |||
3191 | ax_check_save_flags=$CFLAGS | ||
3192 | CFLAGS="$CFLAGS -fstack-clash-protection" | ||
3193 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3194 | /* end confdefs.h. */ | ||
3195 | |||
3196 | int | ||
3197 | main () | ||
3198 | { | ||
3199 | |||
3200 | ; | ||
3201 | return 0; | ||
3202 | } | ||
3203 | _ACEOF | ||
3204 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3205 | ax_cv_check_cflags___fstack_clash_protection=yes | ||
3206 | else | ||
3207 | ax_cv_check_cflags___fstack_clash_protection=no | ||
3208 | fi | ||
3209 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3210 | CFLAGS=$ax_check_save_flags | ||
3211 | fi | ||
3212 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_clash_protection" >&5 | ||
3213 | $as_echo "$ax_cv_check_cflags___fstack_clash_protection" >&6; } | ||
3214 | if test "x$ax_cv_check_cflags___fstack_clash_protection" = xyes; then : | ||
3215 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-clash-protection" | ||
3216 | |||
3217 | else | ||
3218 | : | ||
3219 | fi | ||
3220 | |||
3221 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-strong" >&5 | ||
3222 | $as_echo_n "checking whether C compiler accepts -fstack-protector-strong... " >&6; } | ||
3223 | if ${ax_cv_check_cflags___fstack_protector_strong+:} false; then : | ||
3224 | $as_echo_n "(cached) " >&6 | ||
3225 | else | ||
3226 | |||
3227 | ax_check_save_flags=$CFLAGS | ||
3228 | CFLAGS="$CFLAGS -fstack-protector-strong" | ||
3229 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3230 | /* end confdefs.h. */ | ||
3231 | |||
3232 | int | ||
3233 | main () | ||
3234 | { | ||
3235 | |||
3236 | ; | ||
3237 | return 0; | ||
3238 | } | ||
3239 | _ACEOF | ||
3240 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3241 | ax_cv_check_cflags___fstack_protector_strong=yes | ||
3242 | else | ||
3243 | ax_cv_check_cflags___fstack_protector_strong=no | ||
3244 | fi | ||
3245 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3246 | CFLAGS=$ax_check_save_flags | ||
3247 | fi | ||
3248 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_strong" >&5 | ||
3249 | $as_echo "$ax_cv_check_cflags___fstack_protector_strong" >&6; } | ||
3250 | if test "x$ax_cv_check_cflags___fstack_protector_strong" = xyes; then : | ||
3251 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-protector-strong" | ||
3252 | |||
3253 | else | ||
3254 | : | ||
3255 | fi | ||
3256 | |||
3194 | 3257 | ||
3195 | HAVE_APPARMOR="" | 3258 | HAVE_APPARMOR="" |
3196 | # Check whether --enable-apparmor was given. | 3259 | # Check whether --enable-apparmor was given. |
@@ -3323,8 +3386,8 @@ if test "x$enable_apparmor" = "xyes"; then : | |||
3323 | HAVE_APPARMOR="-DHAVE_APPARMOR" | 3386 | HAVE_APPARMOR="-DHAVE_APPARMOR" |
3324 | 3387 | ||
3325 | pkg_failed=no | 3388 | pkg_failed=no |
3326 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for AA" >&5 | 3389 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libapparmor" >&5 |
3327 | $as_echo_n "checking for AA... " >&6; } | 3390 | $as_echo_n "checking for libapparmor... " >&6; } |
3328 | 3391 | ||
3329 | if test -n "$AA_CFLAGS"; then | 3392 | if test -n "$AA_CFLAGS"; then |
3330 | pkg_cv_AA_CFLAGS="$AA_CFLAGS" | 3393 | pkg_cv_AA_CFLAGS="$AA_CFLAGS" |
@@ -3364,7 +3427,7 @@ fi | |||
3364 | 3427 | ||
3365 | 3428 | ||
3366 | if test $pkg_failed = yes; then | 3429 | if test $pkg_failed = yes; then |
3367 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 3430 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
3368 | $as_echo "no" >&6; } | 3431 | $as_echo "no" >&6; } |
3369 | 3432 | ||
3370 | if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then | 3433 | if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then |
@@ -3391,7 +3454,7 @@ Alternatively, you may set the environment variables AA_CFLAGS | |||
3391 | and AA_LIBS to avoid the need to call pkg-config. | 3454 | and AA_LIBS to avoid the need to call pkg-config. |
3392 | See the pkg-config man page for more details." "$LINENO" 5 | 3455 | See the pkg-config man page for more details." "$LINENO" 5 |
3393 | elif test $pkg_failed = untried; then | 3456 | elif test $pkg_failed = untried; then |
3394 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 3457 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
3395 | $as_echo "no" >&6; } | 3458 | $as_echo "no" >&6; } |
3396 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | 3459 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 |
3397 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | 3460 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} |
@@ -3433,6 +3496,19 @@ if test "x$enable_overlayfs" != "xno"; then : | |||
3433 | 3496 | ||
3434 | fi | 3497 | fi |
3435 | 3498 | ||
3499 | HAVE_FIRETUNNEL="" | ||
3500 | # Check whether --enable-firetunnel was given. | ||
3501 | if test "${enable_firetunnel+set}" = set; then : | ||
3502 | enableval=$enable_firetunnel; | ||
3503 | fi | ||
3504 | |||
3505 | if test "x$enable_firetunnel" != "xno"; then : | ||
3506 | |||
3507 | HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL" | ||
3508 | |||
3509 | |||
3510 | fi | ||
3511 | |||
3436 | HAVE_PRIVATEHOME="" | 3512 | HAVE_PRIVATEHOME="" |
3437 | # Check whether --enable-private-home was given. | 3513 | # Check whether --enable-private-home was given. |
3438 | if test "${enable_private_home+set}" = set; then : | 3514 | if test "${enable_private_home+set}" = set; then : |
@@ -5280,6 +5356,7 @@ echo " whitelisting: $HAVE_WHITELIST" | |||
5280 | echo " private home support: $HAVE_PRIVATE_HOME" | 5356 | echo " private home support: $HAVE_PRIVATE_HOME" |
5281 | echo " file transfer support: $HAVE_FILE_TRANSFER" | 5357 | echo " file transfer support: $HAVE_FILE_TRANSFER" |
5282 | echo " overlayfs support: $HAVE_OVERLAYFS" | 5358 | echo " overlayfs support: $HAVE_OVERLAYFS" |
5359 | echo " firetunnel support: $HAVE_FIRETUNNEL" | ||
5283 | echo " busybox workaround: $BUSYBOX_WORKAROUND" | 5360 | echo " busybox workaround: $BUSYBOX_WORKAROUND" |
5284 | echo " Spectre compiler patch: $HAVE_SPECTRE" | 5361 | echo " Spectre compiler patch: $HAVE_SPECTRE" |
5285 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" | 5362 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" |
diff --git a/configure.ac b/configure.ac index c3ca7d912..27dcb39c5 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,3 +1,16 @@ | |||
1 | # | ||
2 | # Note: | ||
3 | # | ||
4 | # If for any reason autoconf fails, run "autoreconf -i --install " and try again. | ||
5 | # This is how the error looks like on Arch Linux: | ||
6 | # ./configure: line 3064: syntax error near unexpected token `newline' | ||
7 | # ./configure: line 3064: `AX_CHECK_COMPILE_FLAG(' | ||
8 | # | ||
9 | # We rely solely on autoconf, without automake. Apparently, in this case | ||
10 | # the macros from m4 directory are not picked up by default by automake. | ||
11 | # "autoreconf -i --install" seems to fix the problem. | ||
12 | # | ||
13 | |||
1 | AC_PREREQ([2.68]) | 14 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.61, netblue30@yahoo.com, , https://firejail.wordpress.com) | 15 | AC_INIT(firejail, 0.9.61, netblue30@yahoo.com, , https://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 16 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
@@ -17,6 +30,14 @@ AX_CHECK_COMPILE_FLAG( | |||
17 | [-mretpoline], | 30 | [-mretpoline], |
18 | [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"] | 31 | [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"] |
19 | ) | 32 | ) |
33 | AX_CHECK_COMPILE_FLAG( | ||
34 | [-fstack-clash-protection], | ||
35 | [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-clash-protection"] | ||
36 | ) | ||
37 | AX_CHECK_COMPILE_FLAG( | ||
38 | [-fstack-protector-strong], | ||
39 | [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-protector-strong"] | ||
40 | ) | ||
20 | 41 | ||
21 | HAVE_APPARMOR="" | 42 | HAVE_APPARMOR="" |
22 | AC_ARG_ENABLE([apparmor], | 43 | AC_ARG_ENABLE([apparmor], |
@@ -39,6 +60,14 @@ AS_IF([test "x$enable_overlayfs" != "xno"], [ | |||
39 | AC_SUBST(HAVE_OVERLAYFS) | 60 | AC_SUBST(HAVE_OVERLAYFS) |
40 | ]) | 61 | ]) |
41 | 62 | ||
63 | HAVE_FIRETUNNEL="" | ||
64 | AC_ARG_ENABLE([firetunnel], | ||
65 | AS_HELP_STRING([--disable-firetunnel], [disable firetunnel])) | ||
66 | AS_IF([test "x$enable_firetunnel" != "xno"], [ | ||
67 | HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL" | ||
68 | AC_SUBST(HAVE_FIRETUNNEL) | ||
69 | ]) | ||
70 | |||
42 | HAVE_PRIVATEHOME="" | 71 | HAVE_PRIVATEHOME="" |
43 | AC_ARG_ENABLE([private-home], | 72 | AC_ARG_ENABLE([private-home], |
44 | AS_HELP_STRING([--disable-private-home], [disable private home feature])) | 73 | AS_HELP_STRING([--disable-private-home], [disable private home feature])) |
@@ -186,6 +215,7 @@ echo " whitelisting: $HAVE_WHITELIST" | |||
186 | echo " private home support: $HAVE_PRIVATE_HOME" | 215 | echo " private home support: $HAVE_PRIVATE_HOME" |
187 | echo " file transfer support: $HAVE_FILE_TRANSFER" | 216 | echo " file transfer support: $HAVE_FILE_TRANSFER" |
188 | echo " overlayfs support: $HAVE_OVERLAYFS" | 217 | echo " overlayfs support: $HAVE_OVERLAYFS" |
218 | echo " firetunnel support: $HAVE_FIRETUNNEL" | ||
189 | echo " busybox workaround: $BUSYBOX_WORKAROUND" | 219 | echo " busybox workaround: $BUSYBOX_WORKAROUND" |
190 | echo " Spectre compiler patch: $HAVE_SPECTRE" | 220 | echo " Spectre compiler patch: $HAVE_SPECTRE" |
191 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" | 221 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" |
diff --git a/contrib/sort.py b/contrib/sort.py new file mode 100755 index 000000000..d0fcabac2 --- /dev/null +++ b/contrib/sort.py | |||
@@ -0,0 +1,115 @@ | |||
1 | #!/usr/bin/env python3 | ||
2 | """ | ||
3 | Sort the items of multi-item options in profiles, the following options are supported: | ||
4 | private-bin, private-etc, private-lib, caps.drop, caps.keep, seccomp.drop, seccomp.drop, protocol | ||
5 | |||
6 | Usage: | ||
7 | $ ./sort.py /path/to/profile [ /path/to/profile2 /path/to/profile3 ... ] | ||
8 | Keep in mind that this will overwrite your profile(s). | ||
9 | |||
10 | Examples: | ||
11 | $ ./sort.py MyAwesomeProfile.profile | ||
12 | $ ./sort.py new_profile.profile second_new_profile.profile | ||
13 | $ ./sort.py ~/.config/firejail/*.{profile,inc,local} | ||
14 | $ sudo ./sort.py /etc/firejail/*.{profile,inc,local} | ||
15 | |||
16 | Exit-Codes: | ||
17 | 0: No Error; No Profile Fixed. | ||
18 | 1: Error, one or more profiles were not processed correctly. | ||
19 | 101: No Error; One or more profile were fixed. | ||
20 | """ | ||
21 | |||
22 | # Requirements: | ||
23 | # python >= 3.6 | ||
24 | from sys import argv | ||
25 | |||
26 | def sort_alphabetical(raw_items): | ||
27 | items = raw_items.split(",") | ||
28 | items.sort(key=lambda s: s.casefold()) | ||
29 | return ",".join(items) | ||
30 | |||
31 | def sort_protocol(protocols): | ||
32 | """sort the given protocole into this scheme: unix,inet,inet6,netlink,packet""" | ||
33 | # shortcut for common protocol lines | ||
34 | if protocols in ("unix", "unix,inet,inet6"): | ||
35 | return protocols | ||
36 | fixed_protocols = "" | ||
37 | present_protocols = { | ||
38 | "unix": False, | ||
39 | "inet": False, | ||
40 | "inet6": False, | ||
41 | "netlink": False, | ||
42 | "packet": False, | ||
43 | } | ||
44 | for protocol in protocols.split(","): | ||
45 | if protocol == "unix": | ||
46 | present_protocols["unix"] = True | ||
47 | elif protocol == "inet": | ||
48 | present_protocols["inet"] = True | ||
49 | elif protocol == "inet6": | ||
50 | present_protocols["inet6"] = True | ||
51 | elif protocol == "netlink": | ||
52 | present_protocols["netlink"] = True | ||
53 | elif protocol == "packet": | ||
54 | present_protocols["packet"] = True | ||
55 | if present_protocols["unix"]: | ||
56 | fixed_protocols += "unix," | ||
57 | if present_protocols["inet"]: | ||
58 | fixed_protocols += "inet," | ||
59 | if present_protocols["inet6"]: | ||
60 | fixed_protocols += "inet6," | ||
61 | if present_protocols["netlink"]: | ||
62 | fixed_protocols += "netlink," | ||
63 | if present_protocols["packet"]: | ||
64 | fixed_protocols += "packet," | ||
65 | return fixed_protocols[:-1] | ||
66 | |||
67 | def fix_profile(filename): | ||
68 | with open(filename, "r+") as profile: | ||
69 | lines = profile.read().split("\n") | ||
70 | was_fixed = False | ||
71 | fixed_profile = [] | ||
72 | for line in lines: | ||
73 | if line[:12] in ("private-bin ", "private-etc ", "private-lib "): | ||
74 | fixed_line = f"{line[:12]}{sort_alphabetical(line[12:])}" | ||
75 | elif line[:13] in ("seccomp.drop ", "seccomp.keep "): | ||
76 | fixed_line = f"{line[:13]}{sort_alphabetical(line[13:])}" | ||
77 | elif line[:10] in ("caps.drop ", "caps.keep "): | ||
78 | fixed_line = f"{line[:10]}{sort_alphabetical(line[10:])}" | ||
79 | elif line[:8] == "protocol": | ||
80 | fixed_line = f"protocol {sort_protocol(line[9:])}" | ||
81 | else: | ||
82 | fixed_line = line | ||
83 | if fixed_line != line: | ||
84 | was_fixed = True | ||
85 | fixed_profile.append(fixed_line) | ||
86 | if was_fixed: | ||
87 | profile.seek(0) | ||
88 | profile.truncate() | ||
89 | profile.write("\n".join(fixed_profile)) | ||
90 | profile.flush() | ||
91 | print(f"[ Fixed ] {filename}") | ||
92 | return 101 | ||
93 | return 0 | ||
94 | |||
95 | def main(args): | ||
96 | exit_code = 0 | ||
97 | for filename in args: | ||
98 | try: | ||
99 | if exit_code not in (1, 101): | ||
100 | exit_code = fix_profile(filename) | ||
101 | else: | ||
102 | fix_profile(filename) | ||
103 | except FileNotFoundError: | ||
104 | print(f"[ Error ] Can't find {filename}") | ||
105 | exit_code = 1 | ||
106 | except PermissionError: | ||
107 | print(f"[ Error ] Can't read/write {filename}") | ||
108 | exit_code = 1 | ||
109 | except: | ||
110 | print(f"[ Error ] An error occurred while processing {filename}") | ||
111 | exit_code = 1 | ||
112 | return exit_code | ||
113 | |||
114 | if __name__ == "__main__": | ||
115 | exit(main(argv[1:])) | ||
diff --git a/etc/Builder.profile b/etc/Builder.profile index 128e0dfe3..54b437441 100644 --- a/etc/Builder.profile +++ b/etc/Builder.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Firejail profile for gnome-builder | 1 | # Firejail profile for gnome-builder |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 | 4 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 |
6 | # Redirect | 5 | # Redirect |
7 | include gnome-builder.profile | 6 | include gnome-builder.profile |
diff --git a/etc/Cheese.profile b/etc/Cheese.profile index 4bfce53a9..5bb5064f0 100644 --- a/etc/Cheese.profile +++ b/etc/Cheese.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Firejail profile for cheese | 1 | # Firejail profile for cheese |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 | 4 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 |
6 | # Redirect | 5 | # Redirect |
7 | include cheese.profile | 6 | include cheese.profile |
diff --git a/etc/Cyberfox.profile b/etc/Cyberfox.profile index 2fb21e3cf..26a4348c9 100644 --- a/etc/Cyberfox.profile +++ b/etc/Cyberfox.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for cyberfox | 1 | # Firejail profile alias for cyberfox |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include cyberfox.profile | 5 | include cyberfox.profile |
diff --git a/etc/Discord.profile b/etc/Discord.profile index 9a8957265..3f274b21c 100644 --- a/etc/Discord.profile +++ b/etc/Discord.profile | |||
@@ -5,7 +5,6 @@ include Discord.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | |||
9 | noblacklist ${HOME}/.config/discord | 8 | noblacklist ${HOME}/.config/discord |
10 | 9 | ||
11 | mkdir ${HOME}/.config/discord | 10 | mkdir ${HOME}/.config/discord |
@@ -14,5 +13,5 @@ whitelist ${HOME}/.config/discord | |||
14 | private-bin Discord | 13 | private-bin Discord |
15 | private-opt Discord | 14 | private-opt Discord |
16 | 15 | ||
17 | #Redirect | 16 | # Redirect |
18 | include discord-common.profile | 17 | include discord-common.profile |
diff --git a/etc/DiscordCanary.profile b/etc/DiscordCanary.profile index 0624ff949..d24e73ed8 100644 --- a/etc/DiscordCanary.profile +++ b/etc/DiscordCanary.profile | |||
@@ -5,7 +5,6 @@ include DiscordCanary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | |||
9 | noblacklist ${HOME}/.config/discordcanary | 8 | noblacklist ${HOME}/.config/discordcanary |
10 | 9 | ||
11 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
@@ -14,5 +13,5 @@ whitelist ${HOME}/.config/discordcanary | |||
14 | private-bin DiscordCanary | 13 | private-bin DiscordCanary |
15 | private-opt DiscordCanary | 14 | private-opt DiscordCanary |
16 | 15 | ||
17 | #Redirect | 16 | # Redirect |
18 | include discord-common.profile | 17 | include discord-common.profile |
diff --git a/etc/Documents.profile b/etc/Documents.profile index c965c55a8..171ab4357 100644 --- a/etc/Documents.profile +++ b/etc/Documents.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Firejail profile for gnome-documents | 1 | # Firejail profile for gnome-documents |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 | 4 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 |
6 | # Redirect | 5 | # Redirect |
7 | include gnome-documents.profile | 6 | include gnome-documents.profile |
diff --git a/etc/FossaMail.profile b/etc/FossaMail.profile index 55fd43515..9e1f61421 100644 --- a/etc/FossaMail.profile +++ b/etc/FossaMail.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for fossamail | 1 | # Firejail profile alias for fossamail |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include fossamail.profile | 5 | include fossamail.profile |
diff --git a/etc/Gitter.profile b/etc/Gitter.profile index 53e66d108..a8bcb6a54 100644 --- a/etc/Gitter.profile +++ b/etc/Gitter.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for Gitter | 1 | # Firejail profile alias for Gitter |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include gitter.profile | 5 | include gitter.profile |
diff --git a/etc/Logs.profile b/etc/Logs.profile index f82722ed4..431439f17 100644 --- a/etc/Logs.profile +++ b/etc/Logs.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Firejail profile for gnome-logs | 1 | # Firejail profile for gnome-logs |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 | 4 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 |
6 | # Redirect | 5 | # Redirect |
7 | include gnome-logs.profile | 6 | include gnome-logs.profile |
diff --git a/etc/Maps.profile b/etc/Maps.profile index b3fc03e38..c52d2f2da 100644 --- a/etc/Maps.profile +++ b/etc/Maps.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Firejail profile for gnome-maps | 1 | # Firejail profile for gnome-maps |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 | 4 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 |
6 | # Redirect | 5 | # Redirect |
7 | include gnome-maps.profile | 6 | include gnome-maps.profile |
diff --git a/etc/Natron.profile b/etc/Natron.profile index aadd68c5c..42c22bf67 100644 --- a/etc/Natron.profile +++ b/etc/Natron.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for natron | 1 | # Firejail profile alias for natron |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include natron.profile | 5 | include natron.profile |
diff --git a/etc/PPSSPPQt.profile b/etc/PPSSPPQt.profile new file mode 100644 index 000000000..c5592f99c --- /dev/null +++ b/etc/PPSSPPQt.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # Firejail profile for PPSSPPQt | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include PPSSPPQt.local | ||
5 | # added by included profile | ||
6 | #include globals.local | ||
7 | |||
8 | # Redirect | ||
9 | include ppsspp.profile | ||
diff --git a/etc/Telegram.profile b/etc/Telegram.profile index 51e4d9765..310e0237e 100644 --- a/etc/Telegram.profile +++ b/etc/Telegram.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for telegram | 1 | # Firejail profile alias for telegram |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include telegram.profile | 5 | include telegram.profile |
diff --git a/etc/VirtualBox.profile b/etc/VirtualBox.profile index 5fe8f1c57..4c99ae9a3 100644 --- a/etc/VirtualBox.profile +++ b/etc/VirtualBox.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: x86 virtualization solution | 2 | # Description: x86 virtualization solution |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include virtualbox.profile | 6 | include virtualbox.profile |
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 010247c6b..2e6e8f1af 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
@@ -16,6 +16,5 @@ whitelist ${HOME}/.mozilla | |||
16 | # private-etc must first be enabled in firefox-common.profile | 16 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc abrowser | 17 | #private-etc abrowser |
18 | 18 | ||
19 | |||
20 | # Redirect | 19 | # Redirect |
21 | include firefox-common.profile | 20 | include firefox-common.profile |
diff --git a/etc/ardour4.profile b/etc/ardour4.profile index 5c22b57d0..4ad8dd456 100644 --- a/etc/ardour4.profile +++ b/etc/ardour4.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for ardour5 | 1 | # Firejail profile alias for ardour5 |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include ardour5.profile | 5 | include ardour5.profile |
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index 36baee5c4..c0ee2c492 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile | |||
@@ -2,5 +2,9 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include atom-beta.local | 4 | include atom-beta.local |
5 | # Profile redirect | 5 | # Persistent global definitions |
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | # Redirect | ||
6 | include atom.profile | 10 | include atom.profile |
diff --git a/etc/atril-previewer.profile b/etc/atril-previewer.profile index 3f24acefa..7f4697357 100644 --- a/etc/atril-previewer.profile +++ b/etc/atril-previewer.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include atril-previewer.local | 4 | include atril-previewer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include atril.profile | 10 | include atril.profile |
diff --git a/etc/atril-thumbnailer.profile b/etc/atril-thumbnailer.profile index de4a52514..8f6129ea6 100644 --- a/etc/atril-thumbnailer.profile +++ b/etc/atril-thumbnailer.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include atril-thumbnailer.local | 4 | include atril-thumbnailer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include atril.profile | 10 | include atril.profile |
diff --git a/etc/autokey-gtk.profile b/etc/autokey-gtk.profile index 86168ba0d..7e398fc6b 100644 --- a/etc/autokey-gtk.profile +++ b/etc/autokey-gtk.profile | |||
@@ -7,5 +7,5 @@ include autokey-gtk.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | #Redirect | 10 | # Redirect |
11 | include autokey-common.profile | 11 | include autokey-common.profile |
diff --git a/etc/autokey-qt.profile b/etc/autokey-qt.profile index f3877d829..1a2365681 100644 --- a/etc/autokey-qt.profile +++ b/etc/autokey-qt.profile | |||
@@ -7,5 +7,5 @@ include autokey-qt.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | #Redirect | 10 | # Redirect |
11 | include autokey-common.profile | 11 | include autokey-common.profile |
diff --git a/etc/autokey-run.profile b/etc/autokey-run.profile index b70239022..dca1f4548 100644 --- a/etc/autokey-run.profile +++ b/etc/autokey-run.profile | |||
@@ -7,5 +7,5 @@ include autokey-run.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | #Redirect | 10 | # Redirect |
11 | include autokey-common.profile | 11 | include autokey-common.profile |
diff --git a/etc/autokey-shell.profile b/etc/autokey-shell.profile index 5745fce77..def5809c2 100644 --- a/etc/autokey-shell.profile +++ b/etc/autokey-shell.profile | |||
@@ -7,5 +7,5 @@ include autokey-shell.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | #Redirect | 10 | # Redirect |
11 | include autokey-common.profile | 11 | include autokey-common.profile |
diff --git a/etc/baloo_filemetadata_temp_extractor.profile b/etc/baloo_filemetadata_temp_extractor.profile index 94496ede8..ff10e9965 100644 --- a/etc/baloo_filemetadata_temp_extractor.profile +++ b/etc/baloo_filemetadata_temp_extractor.profile | |||
@@ -4,7 +4,8 @@ quiet | |||
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include baloo_filemetadata_temp_extractor.local | 5 | include baloo_filemetadata_temp_extractor.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | # added by included profile |
8 | #include globals.local | ||
8 | 9 | ||
9 | ignore read-write | 10 | ignore read-write |
10 | read-only ${HOME} | 11 | read-only ${HOME} |
diff --git a/etc/beaker.profile b/etc/beaker.profile index d18429408..21eeac4b3 100644 --- a/etc/beaker.profile +++ b/etc/beaker.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include beaker.local | 4 | include beaker.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | noblacklist ${HOME}/.config/Beaker Browser | 9 | noblacklist ${HOME}/.config/Beaker Browser |
9 | 10 | ||
diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile index 9da0cb921..b7242c443 100644 --- a/etc/blender-2.8.profile +++ b/etc/blender-2.8.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for blender | 1 | # Firejail profile alias for blender |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include blender.profile | 5 | include blender.profile |
diff --git a/etc/bsdcat.profile b/etc/bsdcat.profile index e95dfdf2d..5271ee5d6 100644 --- a/etc/bsdcat.profile +++ b/etc/bsdcat.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for bsdtar | 1 | # Firejail profile alias for bsdtar |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include bsdtar.profile | 5 | include bsdtar.profile |
diff --git a/etc/bsdcpio.profile b/etc/bsdcpio.profile index e95dfdf2d..5271ee5d6 100644 --- a/etc/bsdcpio.profile +++ b/etc/bsdcpio.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for bsdtar | 1 | # Firejail profile alias for bsdtar |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include bsdtar.profile | 5 | include bsdtar.profile |
diff --git a/etc/calligraauthor.profile b/etc/calligraauthor.profile index b9c06a588..7804a3b97 100644 --- a/etc/calligraauthor.profile +++ b/etc/calligraauthor.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for calligra | 1 | # Firejail profile alias for calligra |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include calligra.profile | 5 | include calligra.profile |
diff --git a/etc/calligraconverter.profile b/etc/calligraconverter.profile index b9c06a588..7804a3b97 100644 --- a/etc/calligraconverter.profile +++ b/etc/calligraconverter.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for calligra | 1 | # Firejail profile alias for calligra |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include calligra.profile | 5 | include calligra.profile |
diff --git a/etc/calligraflow.profile b/etc/calligraflow.profile index b9c06a588..7804a3b97 100644 --- a/etc/calligraflow.profile +++ b/etc/calligraflow.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for calligra | 1 | # Firejail profile alias for calligra |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include calligra.profile | 5 | include calligra.profile |
diff --git a/etc/calligraplan.profile b/etc/calligraplan.profile index b9c06a588..7804a3b97 100644 --- a/etc/calligraplan.profile +++ b/etc/calligraplan.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for calligra | 1 | # Firejail profile alias for calligra |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include calligra.profile | 5 | include calligra.profile |
diff --git a/etc/calligraplanwork.profile b/etc/calligraplanwork.profile index b9c06a588..7804a3b97 100644 --- a/etc/calligraplanwork.profile +++ b/etc/calligraplanwork.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for calligra | 1 | # Firejail profile alias for calligra |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include calligra.profile | 5 | include calligra.profile |
diff --git a/etc/calligrasheets.profile b/etc/calligrasheets.profile index b9c06a588..7804a3b97 100644 --- a/etc/calligrasheets.profile +++ b/etc/calligrasheets.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for calligra | 1 | # Firejail profile alias for calligra |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include calligra.profile | 5 | include calligra.profile |
diff --git a/etc/calligrastage.profile b/etc/calligrastage.profile index b9c06a588..7804a3b97 100644 --- a/etc/calligrastage.profile +++ b/etc/calligrastage.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for calligra | 1 | # Firejail profile alias for calligra |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include calligra.profile | 5 | include calligra.profile |
diff --git a/etc/calligrawords.profile b/etc/calligrawords.profile index b9c06a588..7804a3b97 100644 --- a/etc/calligrawords.profile +++ b/etc/calligrawords.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for calligra | 1 | # Firejail profile alias for calligra |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include calligra.profile | 5 | include calligra.profile |
diff --git a/etc/chromium-browser.profile b/etc/chromium-browser.profile index b2c6f58fd..f83052d9a 100644 --- a/etc/chromium-browser.profile +++ b/etc/chromium-browser.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for chromium | 1 | # Firejail profile alias for chromium |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include chromium.profile | 5 | include chromium.profile |
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index ba6f9d88c..7b88e417a 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile | |||
@@ -3,7 +3,7 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include chromium-common.local | 4 | include chromium-common.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | # already included by caller profile | 6 | # added by caller profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
diff --git a/etc/cinelerra.profile b/etc/cinelerra.profile index 26f782384..88a65037e 100644 --- a/etc/cinelerra.profile +++ b/etc/cinelerra.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for cin | 1 | # Firejail profile alias for cin |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include cin.profile | 5 | include cin.profile |
diff --git a/etc/clamdscan.profile b/etc/clamdscan.profile index df78d8c4c..4c6c56c5f 100644 --- a/etc/clamdscan.profile +++ b/etc/clamdscan.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for clamav | 1 | # Firejail profile alias for clamav |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include clamav.profile | 5 | include clamav.profile |
diff --git a/etc/clamdtop.profile b/etc/clamdtop.profile index df78d8c4c..4c6c56c5f 100644 --- a/etc/clamdtop.profile +++ b/etc/clamdtop.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for clamav | 1 | # Firejail profile alias for clamav |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include clamav.profile | 5 | include clamav.profile |
diff --git a/etc/clamscan.profile b/etc/clamscan.profile index df78d8c4c..4c6c56c5f 100644 --- a/etc/clamscan.profile +++ b/etc/clamscan.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for clamav | 1 | # Firejail profile alias for clamav |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include clamav.profile | 5 | include clamav.profile |
diff --git a/etc/clocks.profile b/etc/clocks.profile index dd234ce44..da50e7d49 100644 --- a/etc/clocks.profile +++ b/etc/clocks.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Firejail profile for gnome-clocks | 1 | # Firejail profile for gnome-clocks |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 | 4 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 |
6 | # Redirect | 5 | # Redirect |
7 | include gnome-clocks.profile | 6 | include gnome-clocks.profile |
diff --git a/etc/cryptocat.profile b/etc/cryptocat.profile index 7a9039ea4..69aa39de2 100644 --- a/etc/cryptocat.profile +++ b/etc/cryptocat.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for Cryptocat | 1 | # Firejail profile alias for Cryptocat |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include Cryptocat.profile | 5 | include Cryptocat.profile |
diff --git a/etc/curl.profile b/etc/curl.profile index 76beee46a..d8282b972 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -17,8 +17,11 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | ipc-namespace | ||
21 | machine-id | ||
20 | netfilter | 22 | netfilter |
21 | no3d | 23 | no3d |
24 | nodbus | ||
22 | nodvd | 25 | nodvd |
23 | nogroups | 26 | nogroups |
24 | nonewprivs | 27 | nonewprivs |
@@ -27,7 +30,7 @@ nosound | |||
27 | notv | 30 | notv |
28 | nou2f | 31 | nou2f |
29 | novideo | 32 | novideo |
30 | protocol unix,inet,inet6 | 33 | protocol inet,inet6 |
31 | seccomp | 34 | seccomp |
32 | shell none | 35 | shell none |
33 | 36 | ||
diff --git a/etc/cvlc.profile b/etc/cvlc.profile index 1070b602c..56c0d965c 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include cvlc.local | 4 | include cvlc.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | # cvlc doesn't like private-bin | 9 | # cvlc doesn't like private-bin |
9 | ignore private-bin | 10 | ignore private-bin |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fb7e02d0b..679a8c0a0 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -151,6 +151,7 @@ blacklist ${HOME}/.config/digikam | |||
151 | blacklist ${HOME}/.config/digikamrc | 151 | blacklist ${HOME}/.config/digikamrc |
152 | blacklist ${HOME}/.config/discord | 152 | blacklist ${HOME}/.config/discord |
153 | blacklist ${HOME}/.config/discordcanary | 153 | blacklist ${HOME}/.config/discordcanary |
154 | blacklist ${HOME}/.config/dkl | ||
154 | blacklist ${HOME}/.config/dnox | 155 | blacklist ${HOME}/.config/dnox |
155 | blacklist ${HOME}/.config/dolphinrc | 156 | blacklist ${HOME}/.config/dolphinrc |
156 | blacklist ${HOME}/.config/dragonplayerrc | 157 | blacklist ${HOME}/.config/dragonplayerrc |
diff --git a/etc/discord-canary.profile b/etc/discord-canary.profile index 12b5433b2..3e9dacd1e 100644 --- a/etc/discord-canary.profile +++ b/etc/discord-canary.profile | |||
@@ -5,7 +5,6 @@ include discord-canary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | |||
9 | noblacklist ${HOME}/.config/discordcanary | 8 | noblacklist ${HOME}/.config/discordcanary |
10 | 9 | ||
11 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
@@ -14,5 +13,5 @@ whitelist ${HOME}/.config/discordcanary | |||
14 | private-bin discord-canary | 13 | private-bin discord-canary |
15 | private-opt discord-canary | 14 | private-opt discord-canary |
16 | 15 | ||
17 | #Redirect | 16 | # Redirect |
18 | include discord-common.profile | 17 | include discord-common.profile |
diff --git a/etc/discord-common.profile b/etc/discord-common.profile index 82dd0475c..a6e730937 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile | |||
@@ -3,7 +3,7 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include discord-common.local | 4 | include discord-common.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | # already included by caller profile | 6 | # added by caller profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
diff --git a/etc/discord.profile b/etc/discord.profile index 62c4a5658..8ef02a30f 100644 --- a/etc/discord.profile +++ b/etc/discord.profile | |||
@@ -5,7 +5,6 @@ include discord.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | |||
9 | noblacklist ${HOME}/.config/discord | 8 | noblacklist ${HOME}/.config/discord |
10 | 9 | ||
11 | mkdir ${HOME}/.config/discord | 10 | mkdir ${HOME}/.config/discord |
@@ -14,5 +13,5 @@ whitelist ${HOME}/.config/discord | |||
14 | private-bin discord | 13 | private-bin discord |
15 | private-opt discord | 14 | private-opt discord |
16 | 15 | ||
17 | #Redirect | 16 | # Redirect |
18 | include discord-common.profile | 17 | include discord-common.profile |
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index ae248f2e8..169b23f5f 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -13,19 +13,24 @@ blacklist /tmp/.X11-unix | |||
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
18 | include disable-programs.inc | 19 | include disable-programs.inc |
19 | include disable-xdg.inc | 20 | include disable-xdg.inc |
20 | 21 | ||
21 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | 22 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot |
23 | ipc-namespace | ||
24 | machine-id | ||
22 | no3d | 25 | no3d |
26 | nodbus | ||
23 | nodvd | 27 | nodvd |
24 | nonewprivs | 28 | nonewprivs |
25 | nosound | 29 | nosound |
26 | notv | 30 | notv |
27 | nou2f | 31 | nou2f |
28 | novideo | 32 | novideo |
33 | protocol inet,inet6 | ||
29 | seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice | 34 | seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice |
30 | 35 | ||
31 | disable-mnt | 36 | disable-mnt |
diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile index 075a24c92..70a21e11c 100644 --- a/etc/dooble-qt4.profile +++ b/etc/dooble-qt4.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for dooble | 1 | # Firejail profile alias for dooble |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include dooble.profile | 5 | include dooble.profile |
diff --git a/etc/eo-common.profile b/etc/eo-common.profile index 2a65de5e1..f4b263f50 100644 --- a/etc/eo-common.profile +++ b/etc/eo-common.profile | |||
@@ -4,7 +4,7 @@ | |||
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include eo-common.local | 5 | include eo-common.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | # already included by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
diff --git a/etc/evince-previewer.profile b/etc/evince-previewer.profile index bd1ea6aa9..3857d6f7b 100644 --- a/etc/evince-previewer.profile +++ b/etc/evince-previewer.profile | |||
@@ -6,6 +6,5 @@ include evince-previewer.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | |||
10 | # Redirect | 9 | # Redirect |
11 | include evince.profile | 10 | include evince.profile |
diff --git a/etc/evince-thumbnailer.profile b/etc/evince-thumbnailer.profile index d11d4e1e1..080a04a52 100644 --- a/etc/evince-thumbnailer.profile +++ b/etc/evince-thumbnailer.profile | |||
@@ -6,6 +6,5 @@ include evince-thumbnailer.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | |||
10 | # Redirect | 9 | # Redirect |
11 | include evince.profile | 10 | include evince.profile |
diff --git a/etc/ffplay.profile b/etc/ffplay.profile index 00da400bd..b42cc29bc 100644 --- a/etc/ffplay.profile +++ b/etc/ffplay.profile | |||
@@ -9,6 +9,5 @@ include ffplay.local | |||
9 | 9 | ||
10 | private-bin ffplay | 10 | private-bin ffplay |
11 | 11 | ||
12 | |||
13 | # Redirect | 12 | # Redirect |
14 | include ffmpeg.profile | 13 | include ffmpeg.profile |
diff --git a/etc/ffprobe.profile b/etc/ffprobe.profile index 166cc8b46..bd8643206 100644 --- a/etc/ffprobe.profile +++ b/etc/ffprobe.profile | |||
@@ -9,6 +9,5 @@ include ffprobe.local | |||
9 | 9 | ||
10 | private-bin ffprobe | 10 | private-bin ffprobe |
11 | 11 | ||
12 | |||
13 | # Redirect | 12 | # Redirect |
14 | include ffmpeg.profile | 13 | include ffmpeg.profile |
diff --git a/etc/firefox-beta.profile b/etc/firefox-beta.profile index ee158703d..fa8bbb1f5 100644 --- a/etc/firefox-beta.profile +++ b/etc/firefox-beta.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include firefox-beta.local | 4 | include firefox-beta.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include firefox.profile | 10 | include firefox.profile |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 961b338e7..6ad4a9bc2 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -3,7 +3,7 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include firefox-common.local | 4 | include firefox-common.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | # already included by caller profile | 6 | # added by caller profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
diff --git a/etc/firefox-developer-edition.profile b/etc/firefox-developer-edition.profile index 56a0485cb..8c7ca3887 100644 --- a/etc/firefox-developer-edition.profile +++ b/etc/firefox-developer-edition.profile | |||
@@ -4,8 +4,8 @@ | |||
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include firefox-developer-edition.local | 5 | include firefox-developer-edition.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | # added by included profile |
8 | 8 | #include globals.local | |
9 | 9 | ||
10 | # Redirect | 10 | # Redirect |
11 | include firefox.profile | 11 | include firefox.profile |
diff --git a/etc/firefox-esr.profile b/etc/firefox-esr.profile index 0ba04d9c1..6c1d77986 100644 --- a/etc/firefox-esr.profile +++ b/etc/firefox-esr.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include firefox-esr.local | 4 | include firefox-esr.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include firefox.profile | 10 | include firefox.profile |
diff --git a/etc/firefox-nightly.profile b/etc/firefox-nightly.profile index 6f3838e33..96d2bf898 100644 --- a/etc/firefox-nightly.profile +++ b/etc/firefox-nightly.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include firefox-nightly.local | 4 | include firefox-nightly.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include firefox.profile | 10 | include firefox.profile |
diff --git a/etc/firefox-wayland.profile b/etc/firefox-wayland.profile index e47ca32f9..068da5ee3 100644 --- a/etc/firefox-wayland.profile +++ b/etc/firefox-wayland.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include firefox-wayland.local | 4 | include firefox-wayland.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include firefox.profile | 10 | include firefox.profile |
diff --git a/etc/fossamail.profile b/etc/fossamail.profile index e821f6f65..2d700d336 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include fossamail.local | 4 | include fossamail.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | noblacklist ${HOME}/.cache/fossamail | 9 | noblacklist ${HOME}/.cache/fossamail |
9 | noblacklist ${HOME}/.fossamail | 10 | noblacklist ${HOME}/.fossamail |
diff --git a/etc/freecadcmd.profile b/etc/freecadcmd.profile index d98b05e65..44bf62cfe 100644 --- a/etc/freecadcmd.profile +++ b/etc/freecadcmd.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for freecad | 1 | # Firejail profile alias for freecad |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include freecad.profile | 5 | include freecad.profile |
diff --git a/etc/gconf-editor.profile b/etc/gconf-editor.profile index e9756f8af..1b84bf536 100644 --- a/etc/gconf-editor.profile +++ b/etc/gconf-editor.profile | |||
@@ -7,6 +7,5 @@ include gconf-editor.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include gconf.profile | 11 | include gconf.profile |
diff --git a/etc/gconf-merge-schema.profile b/etc/gconf-merge-schema.profile index 411b7b815..619f801b0 100644 --- a/etc/gconf-merge-schema.profile +++ b/etc/gconf-merge-schema.profile | |||
@@ -7,6 +7,5 @@ include gconf-merge-schema.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include gconf.profile | 11 | include gconf.profile |
diff --git a/etc/gconf-merge-tree.profile b/etc/gconf-merge-tree.profile index 66a4226ca..2f6bfe5e5 100644 --- a/etc/gconf-merge-tree.profile +++ b/etc/gconf-merge-tree.profile | |||
@@ -7,6 +7,5 @@ include gconf-merge-tree.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include gconf.profile | 11 | include gconf.profile |
diff --git a/etc/gconfpkg.profile b/etc/gconfpkg.profile index 1793ce072..5bfc1250a 100644 --- a/etc/gconfpkg.profile +++ b/etc/gconfpkg.profile | |||
@@ -7,6 +7,5 @@ include gconfpkg.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include gconf.profile | 11 | include gconf.profile |
diff --git a/etc/gconftool-2.profile b/etc/gconftool-2.profile index 59a2242a7..947e4252f 100644 --- a/etc/gconftool-2.profile +++ b/etc/gconftool-2.profile | |||
@@ -7,6 +7,5 @@ include gconftool-2.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include gconf.profile | 11 | include gconf.profile |
diff --git a/etc/ghb.profile b/etc/ghb.profile index 1cb09ddde..1e7ce2350 100644 --- a/etc/ghb.profile +++ b/etc/ghb.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for handbrake | 1 | # Firejail profile alias for handbrake |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include handbrake.profile | 5 | include handbrake.profile |
diff --git a/etc/gimp-2.10.profile b/etc/gimp-2.10.profile index d42307710..dbf49ac22 100644 --- a/etc/gimp-2.10.profile +++ b/etc/gimp-2.10.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for gimp | 1 | # Firejail profile alias for gimp |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include gimp.profile | 5 | include gimp.profile |
diff --git a/etc/gimp-2.8.profile b/etc/gimp-2.8.profile index d42307710..dbf49ac22 100644 --- a/etc/gimp-2.8.profile +++ b/etc/gimp-2.8.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for gimp | 1 | # Firejail profile alias for gimp |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include gimp.profile | 5 | include gimp.profile |
diff --git a/etc/google-chrome-stable.profile b/etc/google-chrome-stable.profile index 55868e0b7..a456e8d61 100644 --- a/etc/google-chrome-stable.profile +++ b/etc/google-chrome-stable.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for google-chrome | 1 | # Firejail profile alias for google-chrome |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include google-chrome.profile | 5 | include google-chrome.profile |
diff --git a/etc/google-earth-pro.profile b/etc/google-earth-pro.profile index d62319fa2..c1f919769 100644 --- a/etc/google-earth-pro.profile +++ b/etc/google-earth-pro.profile | |||
@@ -1,4 +1,7 @@ | |||
1 | # Redirect | 1 | # Firejail profile alias for google-earth |
2 | include google-earth.profile | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | private-bin google-earth-pro | 4 | private-bin google-earth-pro |
5 | |||
6 | # Redirect | ||
7 | include google-earth.profile | ||
diff --git a/etc/gsettings-data-convert.profile b/etc/gsettings-data-convert.profile index 21a232440..6f1d43939 100644 --- a/etc/gsettings-data-convert.profile +++ b/etc/gsettings-data-convert.profile | |||
@@ -7,6 +7,5 @@ include gsettings-data-convert.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include gconf.profile | 11 | include gconf.profile |
diff --git a/etc/gsettings-schema-convert.profile b/etc/gsettings-schema-convert.profile index 2dbf4fb44..5c8b0e2e2 100644 --- a/etc/gsettings-schema-convert.profile +++ b/etc/gsettings-schema-convert.profile | |||
@@ -7,6 +7,5 @@ include gsettings-schema-convert.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include gconf.profile | 11 | include gconf.profile |
diff --git a/etc/gtar.profile b/etc/gtar.profile index 12acb8356..2391c121b 100644 --- a/etc/gtar.profile +++ b/etc/gtar.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for tar | 1 | # Firejail profile alias for tar |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include tar.profile | 5 | include tar.profile |
diff --git a/etc/handbrake-gtk.profile b/etc/handbrake-gtk.profile index 1cb09ddde..1e7ce2350 100644 --- a/etc/handbrake-gtk.profile +++ b/etc/handbrake-gtk.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for handbrake | 1 | # Firejail profile alias for handbrake |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include handbrake.profile | 5 | include handbrake.profile |
diff --git a/etc/icedove.profile b/etc/icedove.profile index a66309bf1..19690cd5a 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include icedove.local | 4 | include icedove.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | # Users have icedove set to open a browser by clicking a link in an email | 9 | # Users have icedove set to open a browser by clicking a link in an email |
9 | # We are not allowed to blacklist browser-specific directories | 10 | # We are not allowed to blacklist browser-specific directories |
diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile index 24a2f4cc3..badd2648a 100644 --- a/etc/iceweasel.profile +++ b/etc/iceweasel.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include iceweasel.local | 4 | include iceweasel.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | # private-etc must first be enabled in firefox-common.profile | 9 | # private-etc must first be enabled in firefox-common.profile |
9 | #private-etc iceweasel | 10 | #private-etc iceweasel |
diff --git a/etc/idea.profile b/etc/idea.profile index d56dceb71..4e43bb629 100644 --- a/etc/idea.profile +++ b/etc/idea.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include idea.local | 4 | include idea.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include idea.sh.profile | 10 | include idea.sh.profile |
diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile index b960b08e5..7e1778f58 100644 --- a/etc/ideaIC.profile +++ b/etc/ideaIC.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include ideaIC.local | 4 | include ideaIC.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include idea.sh.profile | 10 | include idea.sh.profile |
diff --git a/etc/inkview.profile b/etc/inkview.profile index 6c0127f37..4f88b0258 100644 --- a/etc/inkview.profile +++ b/etc/inkview.profile | |||
@@ -3,6 +3,9 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include inkview.local | 5 | include inkview.local |
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include globals.local | ||
6 | 9 | ||
7 | # Redirect | 10 | # Redirect |
8 | include inkscape.profile | 11 | include inkscape.profile |
diff --git a/etc/iridium-browser.profile b/etc/iridium-browser.profile index 0a6418d5c..c7ee64d56 100644 --- a/etc/iridium-browser.profile +++ b/etc/iridium-browser.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for iridium | 1 | # Firejail profile alias for iridium |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include iridium.profile | 5 | include iridium.profile |
diff --git a/etc/jdownloader.profile b/etc/jdownloader.profile index 037d92338..b5f892a9d 100644 --- a/etc/jdownloader.profile +++ b/etc/jdownloader.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include jdownloader.local | 4 | include jdownloader.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include JDownloader.profile | 10 | include JDownloader.profile |
diff --git a/etc/jerry.profile b/etc/jerry.profile new file mode 100644 index 000000000..f6bfb9953 --- /dev/null +++ b/etc/jerry.profile | |||
@@ -0,0 +1,41 @@ | |||
1 | # Firejail profile for jerry | ||
2 | # Description: Chess GUI | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include jerry.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/dkl | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | caps.drop all | ||
20 | machine-id | ||
21 | net none | ||
22 | no3d | ||
23 | nodbus | ||
24 | nodvd | ||
25 | nogroups | ||
26 | nonewprivs | ||
27 | noroot | ||
28 | nosound | ||
29 | notv | ||
30 | novideo | ||
31 | protocol unix | ||
32 | seccomp | ||
33 | shell none | ||
34 | tracelog | ||
35 | |||
36 | private-bin bash,jerry,sh,stockfish | ||
37 | private-dev | ||
38 | private-etc fonts,gtk-2.0,gtk-3.0 | ||
39 | private-tmp | ||
40 | |||
41 | memory-deny-write-execute | ||
diff --git a/etc/karbon.profile b/etc/karbon.profile index e9e3c2a69..3b2e93b0a 100644 --- a/etc/karbon.profile +++ b/etc/karbon.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for krita | 1 | # Firejail profile alias for krita |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include krita.profile | 5 | include krita.profile |
diff --git a/etc/keepass2.profile b/etc/keepass2.profile index 9e33e08db..aef236ccc 100644 --- a/etc/keepass2.profile +++ b/etc/keepass2.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for keepass | 1 | # Firejail profile alias for keepass |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include keepass.profile | 5 | include keepass.profile |
diff --git a/etc/keepassxc-cli.profile b/etc/keepassxc-cli.profile index 6f657e7de..925609384 100644 --- a/etc/keepassxc-cli.profile +++ b/etc/keepassxc-cli.profile | |||
@@ -7,6 +7,5 @@ include keepassxc-cli.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include keepassxc.profile | 11 | include keepassxc.profile |
diff --git a/etc/keepassxc-proxy.profile b/etc/keepassxc-proxy.profile index 79666aee2..b2b6763ee 100644 --- a/etc/keepassxc-proxy.profile +++ b/etc/keepassxc-proxy.profile | |||
@@ -6,6 +6,5 @@ include keepassxc-proxy.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | |||
10 | # Redirect | 9 | # Redirect |
11 | include keepassxc.profile | 10 | include keepassxc.profile |
diff --git a/etc/knotes.profile b/etc/knotes.profile index e7ea04873..ababfcdb1 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile | |||
@@ -4,7 +4,8 @@ | |||
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include knotes.local | 5 | include knotes.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | # added by included profile |
8 | #include globals.local | ||
8 | 9 | ||
9 | # knotes has problems launching akonadi in debian and ubuntu. | 10 | # knotes has problems launching akonadi in debian and ubuntu. |
10 | # one solution is to have akonadi already running when knotes is started | 11 | # one solution is to have akonadi already running when knotes is started |
@@ -12,6 +13,5 @@ include globals.local | |||
12 | noblacklist ${HOME}/.config/knotesrc | 13 | noblacklist ${HOME}/.config/knotesrc |
13 | noblacklist ${HOME}/.local/share/knotes | 14 | noblacklist ${HOME}/.local/share/knotes |
14 | 15 | ||
15 | |||
16 | # Redirect | 16 | # Redirect |
17 | include kmail.profile | 17 | include kmail.profile |
diff --git a/etc/lbunzip2.profile b/etc/lbunzip2.profile index ec9a8f546..338d8c8bb 100644 --- a/etc/lbunzip2.profile +++ b/etc/lbunzip2.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: GNU compression utilities | 2 | # Description: GNU compression utilities |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include gzip.profile | 6 | include gzip.profile |
diff --git a/etc/lbzcat.profile b/etc/lbzcat.profile index ec9a8f546..338d8c8bb 100644 --- a/etc/lbzcat.profile +++ b/etc/lbzcat.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: GNU compression utilities | 2 | # Description: GNU compression utilities |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include gzip.profile | 6 | include gzip.profile |
diff --git a/etc/lbzip2.profile b/etc/lbzip2.profile index ec9a8f546..338d8c8bb 100644 --- a/etc/lbzip2.profile +++ b/etc/lbzip2.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: GNU compression utilities | 2 | # Description: GNU compression utilities |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include gzip.profile | 6 | include gzip.profile |
diff --git a/etc/lobase.profile b/etc/lobase.profile index ea0f84631..8348a57fe 100644 --- a/etc/lobase.profile +++ b/etc/lobase.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for libreoffice | 1 | # Firejail profile alias for libreoffice |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include libreoffice.profile | 5 | include libreoffice.profile |
diff --git a/etc/localc.profile b/etc/localc.profile index ea0f84631..8348a57fe 100644 --- a/etc/localc.profile +++ b/etc/localc.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for libreoffice | 1 | # Firejail profile alias for libreoffice |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include libreoffice.profile | 5 | include libreoffice.profile |
diff --git a/etc/lodraw.profile b/etc/lodraw.profile index ea0f84631..8348a57fe 100644 --- a/etc/lodraw.profile +++ b/etc/lodraw.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for libreoffice | 1 | # Firejail profile alias for libreoffice |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include libreoffice.profile | 5 | include libreoffice.profile |
diff --git a/etc/loffice.profile b/etc/loffice.profile index ea0f84631..8348a57fe 100644 --- a/etc/loffice.profile +++ b/etc/loffice.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for libreoffice | 1 | # Firejail profile alias for libreoffice |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include libreoffice.profile | 5 | include libreoffice.profile |
diff --git a/etc/lofromtemplate.profile b/etc/lofromtemplate.profile index ea0f84631..8348a57fe 100644 --- a/etc/lofromtemplate.profile +++ b/etc/lofromtemplate.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for libreoffice | 1 | # Firejail profile alias for libreoffice |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include libreoffice.profile | 5 | include libreoffice.profile |
diff --git a/etc/loimpress.profile b/etc/loimpress.profile index ea0f84631..8348a57fe 100644 --- a/etc/loimpress.profile +++ b/etc/loimpress.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for libreoffice | 1 | # Firejail profile alias for libreoffice |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include libreoffice.profile | 5 | include libreoffice.profile |
diff --git a/etc/lomath.profile b/etc/lomath.profile index ea0f84631..8348a57fe 100644 --- a/etc/lomath.profile +++ b/etc/lomath.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for libreoffice | 1 | # Firejail profile alias for libreoffice |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include libreoffice.profile | 5 | include libreoffice.profile |
diff --git a/etc/loweb.profile b/etc/loweb.profile index ea0f84631..8348a57fe 100644 --- a/etc/loweb.profile +++ b/etc/loweb.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for libreoffice | 1 | # Firejail profile alias for libreoffice |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include libreoffice.profile | 5 | include libreoffice.profile |
diff --git a/etc/lowriter.profile b/etc/lowriter.profile index ea0f84631..8348a57fe 100644 --- a/etc/lowriter.profile +++ b/etc/lowriter.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for libreoffice | 1 | # Firejail profile alias for libreoffice |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include libreoffice.profile | 5 | include libreoffice.profile |
diff --git a/etc/lrunzip.profile b/etc/lrunzip.profile index 96aeee770..72abec8bb 100644 --- a/etc/lrunzip.profile +++ b/etc/lrunzip.profile | |||
@@ -7,6 +7,5 @@ include lrunzip.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include cpio.profile | 11 | include cpio.profile |
diff --git a/etc/lrz.profile b/etc/lrz.profile index 03de48104..c1f928bde 100644 --- a/etc/lrz.profile +++ b/etc/lrz.profile | |||
@@ -7,6 +7,5 @@ include lrz.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include cpio.profile | 11 | include cpio.profile |
diff --git a/etc/lrzcat.profile b/etc/lrzcat.profile index 6d95c41a0..edcd7f8cd 100644 --- a/etc/lrzcat.profile +++ b/etc/lrzcat.profile | |||
@@ -7,6 +7,5 @@ include lrzcat.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include cpio.profile | 11 | include cpio.profile |
diff --git a/etc/lrzip.profile b/etc/lrzip.profile index 148d23393..a69096e28 100644 --- a/etc/lrzip.profile +++ b/etc/lrzip.profile | |||
@@ -7,6 +7,5 @@ include lrzip.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include cpio.profile | 11 | include cpio.profile |
diff --git a/etc/lrztar.profile b/etc/lrztar.profile index 90327c2bb..54b04b4ec 100644 --- a/etc/lrztar.profile +++ b/etc/lrztar.profile | |||
@@ -7,6 +7,5 @@ include lrztar.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include cpio.profile | 11 | include cpio.profile |
diff --git a/etc/lrzuntar.profile b/etc/lrzuntar.profile index 6aa91cabd..f21169b24 100644 --- a/etc/lrzuntar.profile +++ b/etc/lrzuntar.profile | |||
@@ -7,6 +7,5 @@ include lrzuntar.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include cpio.profile | 11 | include cpio.profile |
diff --git a/etc/lzcat.profile b/etc/lzcat.profile index 748dad2e3..f7410b928 100644 --- a/etc/lzcat.profile +++ b/etc/lzcat.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/lzcmp.profile b/etc/lzcmp.profile index 748dad2e3..f7410b928 100644 --- a/etc/lzcmp.profile +++ b/etc/lzcmp.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/lzdiff.profile b/etc/lzdiff.profile index 748dad2e3..f7410b928 100644 --- a/etc/lzdiff.profile +++ b/etc/lzdiff.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/lzegrep.profile b/etc/lzegrep.profile index 748dad2e3..f7410b928 100644 --- a/etc/lzegrep.profile +++ b/etc/lzegrep.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/lzfgrep.profile b/etc/lzfgrep.profile index 748dad2e3..f7410b928 100644 --- a/etc/lzfgrep.profile +++ b/etc/lzfgrep.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/lzgrep.profile b/etc/lzgrep.profile index 748dad2e3..f7410b928 100644 --- a/etc/lzgrep.profile +++ b/etc/lzgrep.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/lzip.profile b/etc/lzip.profile index 748dad2e3..f7410b928 100644 --- a/etc/lzip.profile +++ b/etc/lzip.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/lzless.profile b/etc/lzless.profile index 748dad2e3..f7410b928 100644 --- a/etc/lzless.profile +++ b/etc/lzless.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/lzma.profile b/etc/lzma.profile index 748dad2e3..f7410b928 100644 --- a/etc/lzma.profile +++ b/etc/lzma.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/lzmadec.profile b/etc/lzmadec.profile index 9ba22601b..0c5ec1b09 100644 --- a/etc/lzmadec.profile +++ b/etc/lzmadec.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include xzdec.profile | 6 | include xzdec.profile |
diff --git a/etc/lzmainfo.profile b/etc/lzmainfo.profile index 748dad2e3..f7410b928 100644 --- a/etc/lzmainfo.profile +++ b/etc/lzmainfo.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/lzmore.profile b/etc/lzmore.profile index 748dad2e3..f7410b928 100644 --- a/etc/lzmore.profile +++ b/etc/lzmore.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/masterpdfeditor4.profile b/etc/masterpdfeditor4.profile index 5612fdaa4..84e78171f 100644 --- a/etc/masterpdfeditor4.profile +++ b/etc/masterpdfeditor4.profile | |||
@@ -7,6 +7,5 @@ include masterpdfeditor4.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include masterpdfeditor.profile | 11 | include masterpdfeditor.profile |
diff --git a/etc/masterpdfeditor5.profile b/etc/masterpdfeditor5.profile index 8669ceb11..057d343dd 100644 --- a/etc/masterpdfeditor5.profile +++ b/etc/masterpdfeditor5.profile | |||
@@ -7,6 +7,5 @@ include masterpdfeditor5.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include masterpdfeditor.profile | 11 | include masterpdfeditor.profile |
diff --git a/etc/mate-calculator.profile b/etc/mate-calculator.profile index 442acf8ff..bb438f5f0 100644 --- a/etc/mate-calculator.profile +++ b/etc/mate-calculator.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for mate-calc | 1 | # Firejail profile alias for mate-calc |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include mate-calc.profile | 5 | include mate-calc.profile |
diff --git a/etc/mathematica.profile b/etc/mathematica.profile index 5f29181cd..964060350 100644 --- a/etc/mathematica.profile +++ b/etc/mathematica.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for Mathematica | 1 | # Firejail profile alias for Mathematica |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include Mathematica.profile | 5 | include Mathematica.profile |
diff --git a/etc/mp3wrap.profile b/etc/mp3wrap.profile index 2e7d97f72..9e48f7807 100644 --- a/etc/mp3wrap.profile +++ b/etc/mp3wrap.profile | |||
@@ -1,6 +1,9 @@ | |||
1 | # Firejail profile for mp3wrap | 1 | # Firejail profile for mp3wrap |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | include mp3wrap.local | 3 | include mp3wrap.local |
4 | # Persistent global definitions | ||
5 | # added by included profile | ||
6 | #include globals.local | ||
4 | 7 | ||
5 | # Redirect | 8 | # Redirect |
6 | include mp3splt.profile | 9 | include mp3splt.profile |
diff --git a/etc/ms-excel.profile b/etc/ms-excel.profile index e103baf19..db24e8f9b 100644 --- a/etc/ms-excel.profile +++ b/etc/ms-excel.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include ms-excel.local | 4 | include ms-excel.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | noblacklist ${HOME}/.cache/ms-excel-online | 9 | noblacklist ${HOME}/.cache/ms-excel-online |
9 | private-bin ms-excel | 10 | private-bin ms-excel |
diff --git a/etc/ms-onenote.profile b/etc/ms-onenote.profile index 1259d55c8..9ea0637bd 100644 --- a/etc/ms-onenote.profile +++ b/etc/ms-onenote.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include ms-onenote.local | 4 | include ms-onenote.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | noblacklist ${HOME}/.cache/ms-onenote-online | 9 | noblacklist ${HOME}/.cache/ms-onenote-online |
9 | private-bin ms-onenote | 10 | private-bin ms-onenote |
diff --git a/etc/ms-outlook.profile b/etc/ms-outlook.profile index a9fadc2c1..fc3e7c009 100644 --- a/etc/ms-outlook.profile +++ b/etc/ms-outlook.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include ms-outlook.local | 4 | include ms-outlook.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | noblacklist ${HOME}/.cache/ms-outlook-online | 9 | noblacklist ${HOME}/.cache/ms-outlook-online |
9 | private-bin ms-outlook | 10 | private-bin ms-outlook |
diff --git a/etc/ms-powerpoint.profile b/etc/ms-powerpoint.profile index 4c096de4e..dadcd5b1e 100644 --- a/etc/ms-powerpoint.profile +++ b/etc/ms-powerpoint.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include ms-powerpoint.local | 4 | include ms-powerpoint.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | noblacklist ${HOME}/.cache/ms-powerpoint-online | 9 | noblacklist ${HOME}/.cache/ms-powerpoint-online |
9 | private-bin ms-powerpoint | 10 | private-bin ms-powerpoint |
diff --git a/etc/ms-word.profile b/etc/ms-word.profile index f21e987d4..5a617a893 100644 --- a/etc/ms-word.profile +++ b/etc/ms-word.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include ms-word.local | 4 | include ms-word.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | noblacklist ${HOME}/.cache/ms-word-online | 9 | noblacklist ${HOME}/.cache/ms-word-online |
9 | private-bin ms-word | 10 | private-bin ms-word |
diff --git a/etc/neverputt.profile b/etc/neverputt.profile new file mode 100644 index 000000000..93fb14e07 --- /dev/null +++ b/etc/neverputt.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # Firejail profile for neverputt | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include neverputt.local | ||
5 | # added by included profile | ||
6 | #include globals.local | ||
7 | |||
8 | # Redirect | ||
9 | include neverball.profile | ||
diff --git a/etc/nitroshare-cli.profile b/etc/nitroshare-cli.profile index 5ee683711..d9cb2edc5 100644 --- a/etc/nitroshare-cli.profile +++ b/etc/nitroshare-cli.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Network File Transfer Application | 2 | # Description: Network File Transfer Application |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include nitroshare.profile | 6 | include nitroshare.profile |
diff --git a/etc/nitroshare-nmh.profile b/etc/nitroshare-nmh.profile index 5ee683711..d9cb2edc5 100644 --- a/etc/nitroshare-nmh.profile +++ b/etc/nitroshare-nmh.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Network File Transfer Application | 2 | # Description: Network File Transfer Application |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include nitroshare.profile | 6 | include nitroshare.profile |
diff --git a/etc/nitroshare-send.profile b/etc/nitroshare-send.profile index 5ee683711..d9cb2edc5 100644 --- a/etc/nitroshare-send.profile +++ b/etc/nitroshare-send.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Network File Transfer Application | 2 | # Description: Network File Transfer Application |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include nitroshare.profile | 6 | include nitroshare.profile |
diff --git a/etc/nitroshare-ui.profile b/etc/nitroshare-ui.profile index 5ee683711..d9cb2edc5 100644 --- a/etc/nitroshare-ui.profile +++ b/etc/nitroshare-ui.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Network File Transfer Application | 2 | # Description: Network File Transfer Application |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include nitroshare.profile | 6 | include nitroshare.profile |
diff --git a/etc/oggsplt.profile b/etc/oggsplt.profile index 456412c30..5aedadde9 100644 --- a/etc/oggsplt.profile +++ b/etc/oggsplt.profile | |||
@@ -1,6 +1,9 @@ | |||
1 | # Firejail profile for oggsplt | 1 | # Firejail profile for oggsplt |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | include oggsplt.local | 3 | include oggsplt.local |
4 | # Persistent global definitions | ||
5 | # added by included profile | ||
6 | #include globals.local | ||
4 | 7 | ||
5 | # Redirect | 8 | # Redirect |
6 | include mp3splt.profile | 9 | include mp3splt.profile |
diff --git a/etc/openshot-qt.profile b/etc/openshot-qt.profile index b86073b41..2f886d2ac 100644 --- a/etc/openshot-qt.profile +++ b/etc/openshot-qt.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for openshot | 1 | # Firejail profile alias for openshot |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include openshot.profile | 5 | include openshot.profile |
diff --git a/etc/qt-faststart.profile b/etc/qt-faststart.profile index 51bc1b298..cf459472a 100644 --- a/etc/qt-faststart.profile +++ b/etc/qt-faststart.profile | |||
@@ -9,6 +9,5 @@ include qt-faststart.local | |||
9 | 9 | ||
10 | private-bin qt-faststart | 10 | private-bin qt-faststart |
11 | 11 | ||
12 | |||
13 | # Redirect | 12 | # Redirect |
14 | include ffmpeg.profile | 13 | include ffmpeg.profile |
diff --git a/etc/riot-desktop.profile b/etc/riot-desktop.profile index fececd850..e91d25196 100644 --- a/etc/riot-desktop.profile +++ b/etc/riot-desktop.profile | |||
@@ -4,7 +4,8 @@ | |||
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include riot-desktop.local | 5 | include riot-desktop.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | # added by included profile |
8 | #include globals.local | ||
8 | 9 | ||
9 | # Redirect | 10 | # Redirect |
10 | include riot-web.profile | 11 | include riot-web.profile |
diff --git a/etc/riot-web.profile b/etc/riot-web.profile index c9f597626..b930adf2b 100644 --- a/etc/riot-web.profile +++ b/etc/riot-web.profile | |||
@@ -4,7 +4,8 @@ | |||
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include riot-web.local | 5 | include riot-web.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | # added by included profile |
8 | #include globals.local | ||
8 | 9 | ||
9 | noblacklist ${HOME}/.config/Riot | 10 | noblacklist ${HOME}/.config/Riot |
10 | 11 | ||
diff --git a/etc/rnano.profile b/etc/rnano.profile index 89c1663c4..565c957e0 100644 --- a/etc/rnano.profile +++ b/etc/rnano.profile | |||
@@ -4,8 +4,8 @@ | |||
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include rnano.local | 5 | include rnano.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | # added by included profile | ||
7 | #include globals.local | 8 | #include globals.local |
8 | 9 | ||
9 | |||
10 | # Redirect | 10 | # Redirect |
11 | include nano.profile | 11 | include nano.profile |
diff --git a/etc/rocketchat.profile b/etc/rocketchat.profile index 8170c62e7..a574e4e8b 100644 --- a/etc/rocketchat.profile +++ b/etc/rocketchat.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include rocketchat.local | 4 | include rocketchat.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | noblacklist ${HOME}/.config/Rocket.Chat | 9 | noblacklist ${HOME}/.config/Rocket.Chat |
9 | 10 | ||
diff --git a/etc/runenpass.sh.profile b/etc/runenpass.sh.profile index 794c38d6e..64432c171 100644 --- a/etc/runenpass.sh.profile +++ b/etc/runenpass.sh.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail alias profile for enpass | 1 | # Firejail alias profile for enpass |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include enpass.profile | 5 | include enpass.profile |
diff --git a/etc/rview.profile b/etc/rview.profile index b3a6bfbdc..fb72a00de 100644 --- a/etc/rview.profile +++ b/etc/rview.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include rview.local | 4 | include rview.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include vim.profile | 10 | include vim.profile |
diff --git a/etc/rvim.profile b/etc/rvim.profile index 5481dfe43..7c6465d3c 100644 --- a/etc/rvim.profile +++ b/etc/rvim.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include rvim.local | 4 | include rvim.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include vim.profile | 10 | include vim.profile |
diff --git a/etc/seamonkey-bin.profile b/etc/seamonkey-bin.profile index e420d8124..532294950 100644 --- a/etc/seamonkey-bin.profile +++ b/etc/seamonkey-bin.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for seamonkey | 1 | # Firejail profile alias for seamonkey |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include seamonkey.profile | 5 | include seamonkey.profile |
diff --git a/etc/soffice.profile b/etc/soffice.profile index ea0f84631..8348a57fe 100644 --- a/etc/soffice.profile +++ b/etc/soffice.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for libreoffice | 1 | # Firejail profile alias for libreoffice |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include libreoffice.profile | 5 | include libreoffice.profile |
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 9af747b62..55df45a87 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -19,6 +19,7 @@ include disable-programs.inc | |||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | no3d | 21 | no3d |
22 | nodbus | ||
22 | nodvd | 23 | nodvd |
23 | nonewprivs | 24 | nonewprivs |
24 | noroot | 25 | noroot |
diff --git a/etc/ssh.profile b/etc/ssh.profile index ce0e54a0d..7a9bb5abe 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -22,6 +22,7 @@ caps.drop all | |||
22 | ipc-namespace | 22 | ipc-namespace |
23 | netfilter | 23 | netfilter |
24 | no3d | 24 | no3d |
25 | nodbus | ||
25 | nodvd | 26 | nodvd |
26 | nogroups | 27 | nogroups |
27 | nonewprivs | 28 | nonewprivs |
diff --git a/etc/start-tor-browser.desktop.profile b/etc/start-tor-browser.desktop.profile index d5d7a17e4..9c3175ad7 100644 --- a/etc/start-tor-browser.desktop.profile +++ b/etc/start-tor-browser.desktop.profile | |||
@@ -2,6 +2,9 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include start-tor-browser.desktop.local | 4 | include start-tor-browser.desktop.local |
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
5 | 8 | ||
6 | noblacklist ${HOME}/.tor-browser-* | 9 | noblacklist ${HOME}/.tor-browser-* |
7 | noblacklist ${HOME}/.tor-browser_* | 10 | noblacklist ${HOME}/.tor-browser_* |
diff --git a/etc/steam-native.profile b/etc/steam-native.profile index 1419a10b5..47608ad28 100644 --- a/etc/steam-native.profile +++ b/etc/steam-native.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for steam | 1 | # Firejail profile alias for steam |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include steam.profile | 5 | include steam.profile |
diff --git a/etc/studio.sh.profile b/etc/studio.sh.profile index c69297e29..79e879f36 100644 --- a/etc/studio.sh.profile +++ b/etc/studio.sh.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for Android Studio | 1 | # Firejail profile alias for Android Studio |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include android-studio.profile | 5 | include android-studio.profile |
diff --git a/etc/sysprof-cli.profile b/etc/sysprof-cli.profile index 62672b22b..935c7e9ca 100644 --- a/etc/sysprof-cli.profile +++ b/etc/sysprof-cli.profile | |||
@@ -15,6 +15,5 @@ private-lib | |||
15 | 15 | ||
16 | memory-deny-write-execute | 16 | memory-deny-write-execute |
17 | 17 | ||
18 | |||
19 | # Redirect | 18 | # Redirect |
20 | include sysprof.profile | 19 | include sysprof.profile |
diff --git a/etc/telegram-desktop.profile b/etc/telegram-desktop.profile index ef60bdc8c..0cfa7114b 100644 --- a/etc/telegram-desktop.profile +++ b/etc/telegram-desktop.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Official Telegram Desktop client | 2 | # Description: Official Telegram Desktop client |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include telegram.profile | 6 | include telegram.profile |
diff --git a/etc/thunar.profile b/etc/thunar.profile index 0c7a048c4..19993016a 100644 --- a/etc/thunar.profile +++ b/etc/thunar.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Modern file manager for Xfce | 2 | # Description: Modern file manager for Xfce |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include Thunar.profile | 6 | include Thunar.profile |
diff --git a/etc/transmission-create.profile b/etc/transmission-create.profile index 7aea44c3b..9b84bc33a 100644 --- a/etc/transmission-create.profile +++ b/etc/transmission-create.profile | |||
@@ -7,6 +7,5 @@ include transmission-create.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include transmission-cli.profile | 11 | include transmission-cli.profile |
diff --git a/etc/transmission-edit.profile b/etc/transmission-edit.profile index 5bc81c231..07990aa15 100644 --- a/etc/transmission-edit.profile +++ b/etc/transmission-edit.profile | |||
@@ -7,6 +7,5 @@ include transmission-edit.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | |||
11 | # Redirect | 10 | # Redirect |
12 | include transmission-cli.profile | 11 | include transmission-cli.profile |
diff --git a/etc/transmission-remote-cli.profile b/etc/transmission-remote-cli.profile index 7b7a47f14..98b875fc5 100644 --- a/etc/transmission-remote-cli.profile +++ b/etc/transmission-remote-cli.profile | |||
@@ -21,6 +21,5 @@ include whitelist-var-common.inc | |||
21 | # private-bin python* | 21 | # private-bin python* |
22 | private-etc fonts | 22 | private-etc fonts |
23 | 23 | ||
24 | |||
25 | # Redirect | 24 | # Redirect |
26 | include transmission-remote.profile | 25 | include transmission-remote.profile |
diff --git a/etc/transmission-remote-gtk.profile b/etc/transmission-remote-gtk.profile index 3ead56008..b7173def5 100644 --- a/etc/transmission-remote-gtk.profile +++ b/etc/transmission-remote-gtk.profile | |||
@@ -16,6 +16,5 @@ include whitelist-var-common.inc | |||
16 | 16 | ||
17 | private-etc fonts | 17 | private-etc fonts |
18 | 18 | ||
19 | |||
20 | # Redirect | 19 | # Redirect |
21 | include transmission-remote.profile | 20 | include transmission-remote.profile |
diff --git a/etc/udiskie.profile b/etc/udiskie.profile index 8cc443bff..f6e85d60e 100644 --- a/etc/udiskie.profile +++ b/etc/udiskie.profile | |||
@@ -41,5 +41,5 @@ private-bin awk,cut,dbus-send,egrep,file,grep,head,python*,readlink,sed,sh,udisk | |||
41 | # private-bin thunar | 41 | # private-bin thunar |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg | 44 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg |
45 | private-tmp | 45 | private-tmp |
diff --git a/etc/unbound.profile b/etc/unbound.profile index e152ee7ea..7d1c36d2f 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -13,6 +13,7 @@ blacklist /tmp/.X11-unix | |||
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
18 | include disable-programs.inc | 19 | include disable-programs.inc |
@@ -22,13 +23,18 @@ whitelist /var/lib/unbound | |||
22 | whitelist /var/run | 23 | whitelist /var/run |
23 | 24 | ||
24 | caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource | 25 | caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource |
26 | ipc-namespace | ||
27 | machine-id | ||
28 | netfilter | ||
25 | no3d | 29 | no3d |
30 | nodbus | ||
26 | nodvd | 31 | nodvd |
27 | nonewprivs | 32 | nonewprivs |
28 | nosound | 33 | nosound |
29 | notv | 34 | notv |
30 | nou2f | 35 | nou2f |
31 | novideo | 36 | novideo |
37 | protocol inet,inet6 | ||
32 | seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice | 38 | seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice |
33 | 39 | ||
34 | disable-mnt | 40 | disable-mnt |
diff --git a/etc/unlzma.profile b/etc/unlzma.profile index 748dad2e3..f7410b928 100644 --- a/etc/unlzma.profile +++ b/etc/unlzma.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/unxz.profile b/etc/unxz.profile index 748dad2e3..f7410b928 100644 --- a/etc/unxz.profile +++ b/etc/unxz.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/vimcat.profile b/etc/vimcat.profile index a8f7758e0..73b76b5ab 100644 --- a/etc/vimcat.profile +++ b/etc/vimcat.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include vimcat.local | 4 | include vimcat.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include vim.profile | 10 | include vim.profile |
diff --git a/etc/vimdiff.profile b/etc/vimdiff.profile index 53a5c6224..f09faf1d6 100644 --- a/etc/vimdiff.profile +++ b/etc/vimdiff.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include vimdiff.local | 4 | include vimdiff.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include vim.profile | 10 | include vim.profile |
diff --git a/etc/vimpager.profile b/etc/vimpager.profile index ef2c20ef1..af7703752 100644 --- a/etc/vimpager.profile +++ b/etc/vimpager.profile | |||
@@ -4,8 +4,8 @@ | |||
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include vimpager.local | 5 | include vimpager.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | # added by included profile |
8 | 8 | #include globals.local | |
9 | 9 | ||
10 | # Redirect | 10 | # Redirect |
11 | include vim.profile | 11 | include vim.profile |
diff --git a/etc/vimtutor.profile b/etc/vimtutor.profile index 7330d6da2..b9584cc49 100644 --- a/etc/vimtutor.profile +++ b/etc/vimtutor.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include vimtutor.local | 4 | include vimtutor.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include vim.profile | 10 | include vim.profile |
diff --git a/etc/vivaldi-beta.profile b/etc/vivaldi-beta.profile index bee5d6be6..5de5682a3 100644 --- a/etc/vivaldi-beta.profile +++ b/etc/vivaldi-beta.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for vivaldi | 1 | # Firejail profile alias for vivaldi |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include vivaldi.profile | 5 | include vivaldi.profile |
diff --git a/etc/vivaldi-stable.profile b/etc/vivaldi-stable.profile index bee5d6be6..5de5682a3 100644 --- a/etc/vivaldi-stable.profile +++ b/etc/vivaldi-stable.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for vivaldi | 1 | # Firejail profile alias for vivaldi |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include vivaldi.profile | 5 | include vivaldi.profile |
diff --git a/etc/vscodium.profile b/etc/vscodium.profile index 954510113..b4728fb72 100644 --- a/etc/vscodium.profile +++ b/etc/vscodium.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Firejail profile alias for Visual Studio Code | 1 | # Firejail profile alias for Visual Studio Code |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | noblacklist ${HOME}/.VSCodium | 4 | noblacklist ${HOME}/.VSCodium |
6 | 5 | ||
7 | # Redirect | 6 | # Redirect |
diff --git a/etc/weechat-curses.profile b/etc/weechat-curses.profile index 4e9d6826c..4719b9788 100644 --- a/etc/weechat-curses.profile +++ b/etc/weechat-curses.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for weechat | 1 | # Firejail profile alias for weechat |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include weechat.profile | 5 | include weechat.profile |
diff --git a/etc/wireshark-gtk.profile b/etc/wireshark-gtk.profile index 14978013d..3e2e1807e 100644 --- a/etc/wireshark-gtk.profile +++ b/etc/wireshark-gtk.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Network protocol analyzer | 2 | # Description: Network protocol analyzer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include wireshark.profile | 6 | include wireshark.profile |
diff --git a/etc/wireshark-qt.profile b/etc/wireshark-qt.profile index 14978013d..3e2e1807e 100644 --- a/etc/wireshark-qt.profile +++ b/etc/wireshark-qt.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Network protocol analyzer | 2 | # Description: Network protocol analyzer |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include wireshark.profile | 6 | include wireshark.profile |
diff --git a/etc/xlinks.profile b/etc/xlinks.profile index ad1511791..7987af280 100644 --- a/etc/xlinks.profile +++ b/etc/xlinks.profile | |||
@@ -3,6 +3,9 @@ | |||
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include xlinks.local | 5 | include xlinks.local |
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include globals.local | ||
6 | 9 | ||
7 | noblacklist /tmp/.X11-unix | 10 | noblacklist /tmp/.X11-unix |
8 | noblacklist ${HOME}/.links | 11 | noblacklist ${HOME}/.links |
diff --git a/etc/xonotic-glx.profile b/etc/xonotic-glx.profile index 8a44fb587..abb91e1ec 100644 --- a/etc/xonotic-glx.profile +++ b/etc/xonotic-glx.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for xonotic | 1 | # Firejail profile alias for xonotic |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include xonotic.profile | 5 | include xonotic.profile |
diff --git a/etc/xonotic-sdl.profile b/etc/xonotic-sdl.profile index 8a44fb587..abb91e1ec 100644 --- a/etc/xonotic-sdl.profile +++ b/etc/xonotic-sdl.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile alias for xonotic | 1 | # Firejail profile alias for xonotic |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | |||
5 | # Redirect | 4 | # Redirect |
6 | include xonotic.profile | 5 | include xonotic.profile |
diff --git a/etc/xplayer-audio-preview.profile b/etc/xplayer-audio-preview.profile index 78252c134..0559b8183 100644 --- a/etc/xplayer-audio-preview.profile +++ b/etc/xplayer-audio-preview.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include xplayer-audio-preview.local | 4 | include xplayer-audio-preview.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include xplayer.profile | 10 | include xplayer.profile |
diff --git a/etc/xplayer-video-thumbnailer.profile b/etc/xplayer-video-thumbnailer.profile index ac8986c69..6b2878476 100644 --- a/etc/xplayer-video-thumbnailer.profile +++ b/etc/xplayer-video-thumbnailer.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include xplayer-video-thumbnailer.local | 4 | include xplayer-video-thumbnailer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include xplayer.profile | 10 | include xplayer.profile |
diff --git a/etc/xreader-previewer.profile b/etc/xreader-previewer.profile index 2d7e7644c..6e1dcb5d2 100644 --- a/etc/xreader-previewer.profile +++ b/etc/xreader-previewer.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include xreader-previewer.local | 4 | include xreader-previewer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include xreader.profile | 10 | include xreader.profile |
diff --git a/etc/xreader-thumbnailer.profile b/etc/xreader-thumbnailer.profile index d463787e6..a6925fcde 100644 --- a/etc/xreader-thumbnailer.profile +++ b/etc/xreader-thumbnailer.profile | |||
@@ -3,8 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include xreader-thumbnailer.local | 4 | include xreader-thumbnailer.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | 7 | #include globals.local | |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include xreader.profile | 10 | include xreader.profile |
diff --git a/etc/xxd.profile b/etc/xxd.profile index f5072da75..569f194d3 100644 --- a/etc/xxd.profile +++ b/etc/xxd.profile | |||
@@ -4,8 +4,8 @@ | |||
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include xxd.local | 5 | include xxd.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | # added by included profile |
8 | 8 | #include globals.local | |
9 | 9 | ||
10 | # Redirect | 10 | # Redirect |
11 | include vim.profile | 11 | include vim.profile |
diff --git a/etc/xz.profile b/etc/xz.profile index 748dad2e3..f7410b928 100644 --- a/etc/xz.profile +++ b/etc/xz.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/xzcat.profile b/etc/xzcat.profile index 748dad2e3..f7410b928 100644 --- a/etc/xzcat.profile +++ b/etc/xzcat.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/xzcmp.profile b/etc/xzcmp.profile index 748dad2e3..f7410b928 100644 --- a/etc/xzcmp.profile +++ b/etc/xzcmp.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/xzdiff.profile b/etc/xzdiff.profile index 748dad2e3..f7410b928 100644 --- a/etc/xzdiff.profile +++ b/etc/xzdiff.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/xzegrep.profile b/etc/xzegrep.profile index 748dad2e3..f7410b928 100644 --- a/etc/xzegrep.profile +++ b/etc/xzegrep.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/xzfgrep.profile b/etc/xzfgrep.profile index 748dad2e3..f7410b928 100644 --- a/etc/xzfgrep.profile +++ b/etc/xzfgrep.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/xzgrep.profile b/etc/xzgrep.profile index 748dad2e3..f7410b928 100644 --- a/etc/xzgrep.profile +++ b/etc/xzgrep.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/xzless.profile b/etc/xzless.profile index 748dad2e3..f7410b928 100644 --- a/etc/xzless.profile +++ b/etc/xzless.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/etc/xzmore.profile b/etc/xzmore.profile index 748dad2e3..f7410b928 100644 --- a/etc/xzmore.profile +++ b/etc/xzmore.profile | |||
@@ -2,6 +2,5 @@ | |||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | 2 | # Description: Library and command line tools for XZ and LZMA compressed files |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | 4 | ||
5 | |||
6 | # Redirect | 5 | # Redirect |
7 | include cpio.profile | 6 | include cpio.profile |
diff --git a/src/common.mk.in b/src/common.mk.in index b9af977ae..1b6ad91a5 100644 --- a/src/common.mk.in +++ b/src/common.mk.in | |||
@@ -20,6 +20,7 @@ HAVE_WHITELIST=@HAVE_WHITELIST@ | |||
20 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | 20 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ |
21 | HAVE_APPARMOR=@HAVE_APPARMOR@ | 21 | HAVE_APPARMOR=@HAVE_APPARMOR@ |
22 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | 22 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ |
23 | HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@ | ||
23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
24 | HAVE_GCOV=@HAVE_GCOV@ | 25 | HAVE_GCOV=@HAVE_GCOV@ |
25 | 26 | ||
@@ -28,7 +29,7 @@ C_FILE_LIST = $(sort $(wildcard *.c)) | |||
28 | OBJS = $(C_FILE_LIST:.c=.o) | 29 | OBJS = $(C_FILE_LIST:.c=.o) |
29 | BINOBJS = $(foreach file, $(OBJS), $file) | 30 | BINOBJS = $(foreach file, $(OBJS), $file) |
30 | 31 | ||
31 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | 32 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security |
32 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 33 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
33 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 34 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
34 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | 35 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index b4efa3add..10293cb8f 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -20,6 +20,7 @@ Maelstrom | |||
20 | Maps | 20 | Maps |
21 | Mathematica | 21 | Mathematica |
22 | Natron | 22 | Natron |
23 | PPSSPPQt | ||
23 | QMediathekView | 24 | QMediathekView |
24 | QOwnNotes | 25 | QOwnNotes |
25 | Telegram | 26 | Telegram |
@@ -288,6 +289,7 @@ iridium | |||
288 | iridium-browser | 289 | iridium-browser |
289 | jd-gui | 290 | jd-gui |
290 | jdownloader | 291 | jdownloader |
292 | jerry | ||
291 | jitsi | 293 | jitsi |
292 | k3b | 294 | k3b |
293 | kaffeine | 295 | kaffeine |
@@ -402,6 +404,7 @@ netactview | |||
402 | nethack | 404 | nethack |
403 | netsurf | 405 | netsurf |
404 | neverball | 406 | neverball |
407 | neverputt | ||
405 | newsbeuter | 408 | newsbeuter |
406 | newsboat | 409 | newsboat |
407 | nheko | 410 | nheko |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 7ca72bf30..b11d795a9 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -278,6 +278,14 @@ void print_compiletime_support(void) { | |||
278 | #endif | 278 | #endif |
279 | ); | 279 | ); |
280 | 280 | ||
281 | printf("\t- firetunnel support is %s\n", | ||
282 | #ifdef HAVE_FIRETUNNEL | ||
283 | "enabled" | ||
284 | #else | ||
285 | "disabled" | ||
286 | #endif | ||
287 | ); | ||
288 | |||
281 | printf("\t- networking support is %s\n", | 289 | printf("\t- networking support is %s\n", |
282 | #ifdef HAVE_NETWORK | 290 | #ifdef HAVE_NETWORK |
283 | "enabled" | 291 | "enabled" |
diff --git a/src/firejail/main.c b/src/firejail/main.c index c50ed4dc4..2403cafa1 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1498,6 +1498,7 @@ int main(int argc, char **argv) { | |||
1498 | exit_err_feature("overlayfs"); | 1498 | exit_err_feature("overlayfs"); |
1499 | } | 1499 | } |
1500 | #endif | 1500 | #endif |
1501 | #ifdef HAVE_FIRETUNNEL | ||
1501 | else if (strcmp(argv[i], "--tunnel") == 0) { | 1502 | else if (strcmp(argv[i], "--tunnel") == 0) { |
1502 | // try to connect to the default client side of the tunnel | 1503 | // try to connect to the default client side of the tunnel |
1503 | // if this fails, try the default server side of the tunnel | 1504 | // if this fails, try the default server side of the tunnel |
@@ -1523,7 +1524,7 @@ int main(int argc, char **argv) { | |||
1523 | exit(1); | 1524 | exit(1); |
1524 | } | 1525 | } |
1525 | } | 1526 | } |
1526 | 1527 | #endif | |
1527 | else if (strncmp(argv[i], "--profile=", 10) == 0) { | 1528 | else if (strncmp(argv[i], "--profile=", 10) == 0) { |
1528 | // multiple profile files are allowed! | 1529 | // multiple profile files are allowed! |
1529 | 1530 | ||
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 69a9a7bee..3beef3986 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -310,7 +310,7 @@ void x11_start_xvfb(int argc, char **argv) { | |||
310 | 310 | ||
311 | if (arg_debug) { | 311 | if (arg_debug) { |
312 | size_t i = 0; | 312 | size_t i = 0; |
313 | printf("\n*** Stating xvfb client:"); | 313 | printf("\n*** Starting xvfb client:"); |
314 | while (jail_argv[i]!=NULL) { | 314 | while (jail_argv[i]!=NULL) { |
315 | printf(" \"%s\"", jail_argv[i]); | 315 | printf(" \"%s\"", jail_argv[i]); |
316 | i++; | 316 | i++; |
@@ -838,7 +838,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { | |||
838 | 838 | ||
839 | if (arg_debug) { | 839 | if (arg_debug) { |
840 | if (n == 10) | 840 | if (n == 10) |
841 | printf("failed to stop xpra server gratefully\n"); | 841 | printf("failed to stop xpra server gracefully\n"); |
842 | else | 842 | else |
843 | printf("xpra server successfully stopped in %d secs\n", n); | 843 | printf("xpra server successfully stopped in %d secs\n", n); |
844 | } | 844 | } |
@@ -1023,6 +1023,7 @@ void x11_start_xpra(int argc, char **argv) { | |||
1023 | if (!program_in_path("xpra")) { | 1023 | if (!program_in_path("xpra")) { |
1024 | fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n"); | 1024 | fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n"); |
1025 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n"); | 1025 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n"); |
1026 | fprintf(stderr, " Arch: sudo pacman -S xpra\n"); | ||
1026 | exit(0); | 1027 | exit(0); |
1027 | } | 1028 | } |
1028 | 1029 | ||
@@ -1056,6 +1057,8 @@ void x11_start(int argc, char **argv) { | |||
1056 | fprintf(stderr, "\nError: Xpra or Xephyr not found in /usr/bin directory, please install one of them:\n"); | 1057 | fprintf(stderr, "\nError: Xpra or Xephyr not found in /usr/bin directory, please install one of them:\n"); |
1057 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n"); | 1058 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n"); |
1058 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xserver-xephyr\n"); | 1059 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xserver-xephyr\n"); |
1060 | fprintf(stderr, " Arch: sudo pacman -S xpra\n"); | ||
1061 | fprintf(stderr, " Arch: sudo pacman -S xorg-server-xephyr\n"); | ||
1059 | exit(0); | 1062 | exit(0); |
1060 | } | 1063 | } |
1061 | } | 1064 | } |
@@ -1087,7 +1090,8 @@ void x11_xorg(void) { | |||
1087 | struct stat s; | 1090 | struct stat s; |
1088 | if (stat("/usr/bin/xauth", &s) == -1) { | 1091 | if (stat("/usr/bin/xauth", &s) == -1) { |
1089 | fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n" | 1092 | fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n" |
1090 | " Debian/Ubuntu/Mint: sudo apt-get install xauth\n"); | 1093 | " Debian/Ubuntu/Mint: sudo apt-get install xauth\n" |
1094 | " Arch: sudo pacman -S xorg-xauth\n"); | ||
1091 | exit(1); | 1095 | exit(1); |
1092 | } | 1096 | } |
1093 | if (s.st_uid != 0 && s.st_gid != 0) { | 1097 | if (s.st_uid != 0 && s.st_gid != 0) { |
@@ -1128,8 +1132,14 @@ void x11_xorg(void) { | |||
1128 | #ifdef HAVE_GCOV | 1132 | #ifdef HAVE_GCOV |
1129 | __gcov_flush(); | 1133 | __gcov_flush(); |
1130 | #endif | 1134 | #endif |
1131 | execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname, | 1135 | if (arg_debug) { |
1136 | execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname, | ||
1132 | "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); | 1137 | "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); |
1138 | } | ||
1139 | else { | ||
1140 | execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", tmpfname, | ||
1141 | "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); | ||
1142 | } | ||
1133 | 1143 | ||
1134 | _exit(127); | 1144 | _exit(127); |
1135 | } | 1145 | } |
diff --git a/test/compile/compile.sh b/test/compile/compile.sh index adacab616..e662b4d30 100755 --- a/test/compile/compile.sh +++ b/test/compile/compile.sh | |||
@@ -3,7 +3,7 @@ | |||
3 | arr[1]="TEST 1: standard compilation" | 3 | arr[1]="TEST 1: standard compilation" |
4 | arr[2]="TEST 2: compile seccomp disabled" | 4 | arr[2]="TEST 2: compile seccomp disabled" |
5 | arr[3]="TEST 3: compile chroot disabled" | 5 | arr[3]="TEST 3: compile chroot disabled" |
6 | arr[4]="deprecated: TEST 4: compile bind disabled" | 6 | arr[4]="TEST 4: compile firetunnel disabled" |
7 | arr[5]="TEST 5: compile user namespace disabled" | 7 | arr[5]="TEST 5: compile user namespace disabled" |
8 | arr[6]="TEST 6: compile network disabled" | 8 | arr[6]="TEST 6: compile network disabled" |
9 | arr[7]="TEST 7: compile X11 disabled" | 9 | arr[7]="TEST 7: compile X11 disabled" |
@@ -108,6 +108,24 @@ cp output-make om3 | |||
108 | rm output-configure output-make | 108 | rm output-configure output-make |
109 | 109 | ||
110 | #***************************************************************** | 110 | #***************************************************************** |
111 | # TEST 4 | ||
112 | #***************************************************************** | ||
113 | # - disable firetunnel configuration | ||
114 | #***************************************************************** | ||
115 | print_title "${arr[4]}" | ||
116 | # seccomp | ||
117 | cd firejail | ||
118 | make distclean | ||
119 | ./configure --prefix=/usr --disable-firetunnel --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
120 | make -j4 2>&1 | tee ../output-make | ||
121 | cd .. | ||
122 | grep Warning output-configure output-make > ./report-test4 | ||
123 | grep Error output-configure output-make >> ./report-test4 | ||
124 | cp output-configure oc4 | ||
125 | cp output-make om4 | ||
126 | rm output-configure output-make | ||
127 | |||
128 | #***************************************************************** | ||
111 | # TEST 5 | 129 | # TEST 5 |
112 | #***************************************************************** | 130 | #***************************************************************** |
113 | # - disable user namespace configuration | 131 | # - disable user namespace configuration |