diff options
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/atril.profile | 1 | ||||
-rw-r--r-- | etc/brave.profile | 18 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/xreader.profile | 1 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
10 files changed, 28 insertions, 3 deletions
diff --git a/Makefile.in b/Makefile.in index edcf09225..6699ab732 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -187,6 +187,7 @@ realinstall: | |||
187 | install -c -m 0644 .etc/corebird.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 187 | install -c -m 0644 .etc/corebird.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
188 | install -c -m 0644 .etc/konversation.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 188 | install -c -m 0644 .etc/konversation.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
189 | install -c -m 0644 .etc/psi-plus.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 189 | install -c -m 0644 .etc/psi-plus.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
190 | install -c -m 0644 .etc/brave.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
190 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 191 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
191 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 192 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
192 | rm -fr .etc | 193 | rm -fr .etc |
@@ -77,6 +77,8 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
77 | - blacklisted escape-happy terminals in disable-common.inc | 77 | - blacklisted escape-happy terminals in disable-common.inc |
78 | - blacklisted g++ | 78 | - blacklisted g++ |
79 | - added xplayer, xreader, and xviewer profiles | 79 | - added xplayer, xreader, and xviewer profiles |
80 | - added Brave profile | ||
81 | - added "shutdown" filter for x86_64 arch to seccomp | ||
80 | Petter Reinholdtsen (pere@hungry.com) | 82 | Petter Reinholdtsen (pere@hungry.com) |
81 | - Opera profile patch | 83 | - Opera profile patch |
82 | n1trux (https://github.com/n1trux) | 84 | n1trux (https://github.com/n1trux) |
@@ -290,6 +290,4 @@ $ man firejail-profile | |||
290 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, | 290 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, |
291 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf, | 291 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf, |
292 | Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium, Google-Play-Music-Desktop-Player, quiterss, | 292 | Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium, Google-Play-Music-Desktop-Player, quiterss, |
293 | cyberfox, generic Ubuntu snap application profile, xplayer, xreader, xviewer, mcabber, Psi+, Corebird, Konversation | 293 | cyberfox, generic Ubuntu snap application profile, xplayer, xreader, xviewer, mcabber, Psi+, Corebird, Konversation, Brave |
294 | |||
295 | |||
@@ -25,6 +25,7 @@ firejail (0.9.40) baseline; urgency=low | |||
25 | * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox | 25 | * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox |
26 | * new profiles: generic Ubuntu snap application profile, xplayer | 26 | * new profiles: generic Ubuntu snap application profile, xplayer |
27 | * new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation | 27 | * new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation |
28 | * new profiles: Brave | ||
28 | * generic.profile renamed default.profile | 29 | * generic.profile renamed default.profile |
29 | * build rpm packages using "make rpms" | 30 | * build rpm packages using "make rpms" |
30 | * bugfixes | 31 | * bugfixes |
diff --git a/etc/atril.profile b/etc/atril.profile index c20a8c7b3..b55f99cdd 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -13,3 +13,4 @@ nonewprivs | |||
13 | noroot | 13 | noroot |
14 | tracelog | 14 | tracelog |
15 | netfilter | 15 | netfilter |
16 | nosound | ||
diff --git a/etc/brave.profile b/etc/brave.profile new file mode 100644 index 000000000..24a0a31c9 --- /dev/null +++ b/etc/brave.profile | |||
@@ -0,0 +1,18 @@ | |||
1 | # Profile for Brave browser | ||
2 | |||
3 | noblacklist ~/.config/brave | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | |||
8 | caps.drop all | ||
9 | seccomp | ||
10 | protocol unix,inet,inet6,netlink | ||
11 | netfilter | ||
12 | noroot | ||
13 | |||
14 | whitelist ${DOWNLOADS} | ||
15 | |||
16 | mkdir ~/.config | ||
17 | mkdir ~/.config/brave | ||
18 | whitelist ~/.config/brave | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 3474a6592..633f9c548 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -51,6 +51,7 @@ blacklist ${HOME}/.config/epiphany | |||
51 | blacklist ${HOME}/.config/slimjet | 51 | blacklist ${HOME}/.config/slimjet |
52 | blacklist ${HOME}/.config/qutebrowser | 52 | blacklist ${HOME}/.config/qutebrowser |
53 | blacklist ${HOME}/.8pecxstudios | 53 | blacklist ${HOME}/.8pecxstudios |
54 | blacklist ${HOME}/.config/brave | ||
54 | 55 | ||
55 | # Instant Messaging | 56 | # Instant Messaging |
56 | blacklist ${HOME}/.config/hexchat | 57 | blacklist ${HOME}/.config/hexchat |
diff --git a/etc/xreader.profile b/etc/xreader.profile index 4b7ed41be..267330c1f 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -15,3 +15,4 @@ nonewprivs | |||
15 | noroot | 15 | noroot |
16 | tracelog | 16 | tracelog |
17 | netfilter | 17 | netfilter |
18 | nosound | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index eff859cc5..7da95eb68 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -101,3 +101,4 @@ | |||
101 | /etc/firejail/corebird.profile | 101 | /etc/firejail/corebird.profile |
102 | /etc/firejail/konversation.profile | 102 | /etc/firejail/konversation.profile |
103 | /etc/firejail/psi-plus.profile | 103 | /etc/firejail/psi-plus.profile |
104 | /etc/firejail/brave.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index d019c3a5c..567f97c69 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -35,6 +35,7 @@ vivaldi-beta | |||
35 | vivaldi | 35 | vivaldi |
36 | dillo | 36 | dillo |
37 | netsurf | 37 | netsurf |
38 | brave | ||
38 | 39 | ||
39 | # bittorrent/ftp | 40 | # bittorrent/ftp |
40 | deluge | 41 | deluge |