diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | etc/calibre.profile | 35 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/ebook-viewer.profile | 10 | ||||
-rw-r--r-- | platform/debian/conffiles | 2 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 | ||||
-rw-r--r-- | src/firejail/x11.c | 4 |
7 files changed, 54 insertions, 3 deletions
@@ -66,5 +66,5 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is | |||
66 | 66 | ||
67 | ## New profiles: | 67 | ## New profiles: |
68 | 68 | ||
69 | curl, mplayer2, SMPlayer | 69 | curl, mplayer2, SMPlayer, Calibre, ebook-viewer |
70 | 70 | ||
diff --git a/etc/calibre.profile b/etc/calibre.profile new file mode 100644 index 000000000..b75e0c276 --- /dev/null +++ b/etc/calibre.profile | |||
@@ -0,0 +1,35 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/calibre.local | ||
7 | |||
8 | noblacklist ~/.config/calibre | ||
9 | noblacklist ~/.cache/calibre | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | #include /etc/firejail/disable-devel.inc | ||
14 | include /etc/firejail/disable-passwdmgr.inc | ||
15 | |||
16 | caps.drop all | ||
17 | #ipc-namespace | ||
18 | netfilter | ||
19 | no3d | ||
20 | nogroups | ||
21 | nonewprivs | ||
22 | noroot | ||
23 | nosound | ||
24 | novideo | ||
25 | protocol unix,inet,inet6 | ||
26 | seccomp | ||
27 | shell none | ||
28 | tracelog | ||
29 | |||
30 | #private-bin | ||
31 | private-dev | ||
32 | private-tmp | ||
33 | |||
34 | noexec ${HOME} | ||
35 | noexec /tmp | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 3b2c150fc..7a3ca37ed 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -62,6 +62,7 @@ blacklist ${HOME}/.config/borg | |||
62 | blacklist ${HOME}/.config/brasero | 62 | blacklist ${HOME}/.config/brasero |
63 | blacklist ${HOME}/.config/brave | 63 | blacklist ${HOME}/.config/brave |
64 | blacklist ${HOME}/.config/caja | 64 | blacklist ${HOME}/.config/caja |
65 | blacklist ${HOME}/.config/calibre | ||
65 | blacklist ${HOME}/.config/catfish | 66 | blacklist ${HOME}/.config/catfish |
66 | blacklist ${HOME}/.config/cherrytree | 67 | blacklist ${HOME}/.config/cherrytree |
67 | blacklist ${HOME}/.config/chromium | 68 | blacklist ${HOME}/.config/chromium |
@@ -361,6 +362,7 @@ blacklist ${HOME}/.cache/INRIA | |||
361 | blacklist ${HOME}/.cache/QuiteRss | 362 | blacklist ${HOME}/.cache/QuiteRss |
362 | blacklist ${HOME}/.cache/attic | 363 | blacklist ${HOME}/.cache/attic |
363 | blacklist ${HOME}/.cache/borg | 364 | blacklist ${HOME}/.cache/borg |
365 | blacklist ${HOME}/.cache/calibre | ||
364 | blacklist ${HOME}/.cache/champlain | 366 | blacklist ${HOME}/.cache/champlain |
365 | blacklist ${HOME}/.cache/chromium | 367 | blacklist ${HOME}/.cache/chromium |
366 | blacklist ${HOME}/.cache/qupzilla | 368 | blacklist ${HOME}/.cache/qupzilla |
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile new file mode 100644 index 000000000..ba28e3550 --- /dev/null +++ b/etc/ebook-viewer.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/ebook-viewer.local | ||
7 | |||
8 | # Firejail profile for ebook-viewer (Calibre) | ||
9 | include /etc/firejail/calibre.profile | ||
10 | net none | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index ad01c9b2a..05b5a819f 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -310,3 +310,5 @@ | |||
310 | /etc/firejail/curl.profile | 310 | /etc/firejail/curl.profile |
311 | /etc/firejail/mplayer.profile | 311 | /etc/firejail/mplayer.profile |
312 | /etc/firejail/smplayer.profile | 312 | /etc/firejail/smplayer.profile |
313 | /etc/firejail/ebook-viewer.profile | ||
314 | /etc/firejail/calibre.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 7bac70887..1ac8234ab 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -23,6 +23,7 @@ bless | |||
23 | blender | 23 | blender |
24 | brasero | 24 | brasero |
25 | brave | 25 | brave |
26 | calibre | ||
26 | catfish | 27 | catfish |
27 | cherrytree | 28 | cherrytree |
28 | chromium | 29 | chromium |
@@ -50,6 +51,7 @@ dolphin | |||
50 | dosbox | 51 | dosbox |
51 | dragon | 52 | dragon |
52 | dropbox | 53 | dropbox |
54 | ebook-viewer | ||
53 | elinks | 55 | elinks |
54 | empathy | 56 | empathy |
55 | eog | 57 | eog |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 5ce156603..79ebc3b1b 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -639,7 +639,7 @@ void x11_start_xpra(int argc, char **argv) { | |||
639 | 639 | ||
640 | // build the start command | 640 | // build the start command |
641 | char *server_argv[256] = { // rest initialyzed to NULL | 641 | char *server_argv[256] = { // rest initialyzed to NULL |
642 | "xpra", "start", display_str, "--no-daemon", | 642 | "xpra", "start", display_str, "--no-daemon", "--use-display", |
643 | }; | 643 | }; |
644 | unsigned pos = 0; | 644 | unsigned pos = 0; |
645 | while (server_argv[pos] != NULL) pos++; | 645 | while (server_argv[pos] != NULL) pos++; |
@@ -736,7 +736,7 @@ void x11_start_xpra(int argc, char **argv) { | |||
736 | } | 736 | } |
737 | 737 | ||
738 | // add a small delay, on some systems it takes some time for the server to start | 738 | // add a small delay, on some systems it takes some time for the server to start |
739 | sleep(1); | 739 | sleep(5); |
740 | 740 | ||
741 | // check X11 socket | 741 | // check X11 socket |
742 | char *fname; | 742 | char *fname; |