diff options
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/0ad.profile | 30 | ||||
-rw-r--r-- | etc/disable-programs.inc | 3 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 |
7 files changed, 38 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in index 3a555f55c..16f8e8717 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -163,6 +163,7 @@ realinstall: | |||
163 | install -c -m 0644 .etc/palemoon.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 163 | install -c -m 0644 .etc/palemoon.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
164 | install -c -m 0644 .etc/icedove.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 164 | install -c -m 0644 .etc/icedove.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
165 | install -c -m 0644 .etc/abrowser.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 165 | install -c -m 0644 .etc/abrowser.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
166 | install -c -m 0644 .etc/0ad.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
166 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 167 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
167 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 168 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
168 | rm -fr .etc | 169 | rm -fr .etc |
@@ -24,6 +24,7 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
24 | - added Vivaldi, Atril profiles | 24 | - added Vivaldi, Atril profiles |
25 | - added PaleMoon profile | 25 | - added PaleMoon profile |
26 | - split Icedove and Thunderbird profiles | 26 | - split Icedove and Thunderbird profiles |
27 | - added 0ad profile | ||
27 | avoidr (https://github.com/avoidr) | 28 | avoidr (https://github.com/avoidr) |
28 | - whitelist fix | 29 | - whitelist fix |
29 | - recently-used.xbel fix | 30 | - recently-used.xbel fix |
@@ -281,5 +281,5 @@ $ man firejail-profile | |||
281 | 281 | ||
282 | ## New security profiles | 282 | ## New security profiles |
283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, | 283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, |
284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser | 284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad |
285 | 285 | ||
@@ -18,7 +18,7 @@ firejail (0.9.40-rc1) baseline; urgency=low | |||
18 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril | 18 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril |
19 | * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars | 19 | * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars |
20 | * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq | 20 | * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq |
21 | * new profiles: PaleMoon, Icedove | 21 | * new profiles: PaleMoon, Icedove, 0ad |
22 | * build rpm packages using "make rpms" | 22 | * build rpm packages using "make rpms" |
23 | * bugfixes | 23 | * bugfixes |
24 | -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 | 24 | -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 |
diff --git a/etc/0ad.profile b/etc/0ad.profile new file mode 100644 index 000000000..f8a3ce23d --- /dev/null +++ b/etc/0ad.profile | |||
@@ -0,0 +1,30 @@ | |||
1 | # Firejail profile for 0ad. | ||
2 | noblacklist ~/.config/0ad | ||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | |||
8 | # Call these options | ||
9 | caps.drop all | ||
10 | seccomp | ||
11 | protocol unix,inet,inet6,netlink | ||
12 | netfilter | ||
13 | tracelog | ||
14 | noroot | ||
15 | |||
16 | # Whitelists | ||
17 | noblacklist ~/.cache/0ad | ||
18 | mkdir ~/.cache | ||
19 | mkdir ~/.cache/0ad | ||
20 | whitelist ~/.cache/0ad | ||
21 | |||
22 | mkdir ~/.config | ||
23 | mkdir ~/.config/0ad | ||
24 | whitelist ~/.config/0ad | ||
25 | |||
26 | noblacklist ~/.local/share/0ad | ||
27 | mkdir ~/.local | ||
28 | mkdir ~/.local/share | ||
29 | mkdir ~/.local/share/0ad | ||
30 | whitelist ~/.local/share/0ad | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 7faf75638..7f18aa16f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -53,6 +53,7 @@ blacklist ${HOME}/.TelegramDesktop | |||
53 | blacklist ${HOME}/.hedgewars | 53 | blacklist ${HOME}/.hedgewars |
54 | blacklist ${HOME}/.steam | 54 | blacklist ${HOME}/.steam |
55 | blacklist ${HOME}/.config/wesnoth | 55 | blacklist ${HOME}/.config/wesnoth |
56 | blacklist ${HOME}/.config/0ad | ||
56 | 57 | ||
57 | # Cryptocoins | 58 | # Cryptocoins |
58 | blacklist ${HOME}/.*coin | 59 | blacklist ${HOME}/.*coin |
@@ -81,6 +82,7 @@ blacklist ${HOME}/.cache/thunderbird | |||
81 | blacklist ${HOME}/.cache/icedove | 82 | blacklist ${HOME}/.cache/icedove |
82 | blacklist ${HOME}/.cache/transmission | 83 | blacklist ${HOME}/.cache/transmission |
83 | blacklist ${HOME}/.cache/wesnoth | 84 | blacklist ${HOME}/.cache/wesnoth |
85 | blacklist ${HOME}/.cache/0ad | ||
84 | 86 | ||
85 | # share | 87 | # share |
86 | blacklist ${HOME}/.local/share/epiphany | 88 | blacklist ${HOME}/.local/share/epiphany |
@@ -88,3 +90,4 @@ blacklist ${HOME}/.local/share/mupen64plus | |||
88 | blacklist ${HOME}/.local/share/spotify | 90 | blacklist ${HOME}/.local/share/spotify |
89 | blacklist ${HOME}/.local/share/steam | 91 | blacklist ${HOME}/.local/share/steam |
90 | blacklist ${HOME}/.local/share/wesnoth | 92 | blacklist ${HOME}/.local/share/wesnoth |
93 | blacklist ${HOME}/.local/share/0ad | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 7ed4c3152..dc8640147 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -82,3 +82,4 @@ | |||
82 | /etc/firejail/dnsmasq.profile | 82 | /etc/firejail/dnsmasq.profile |
83 | /etc/firejail/palemoon.profile | 83 | /etc/firejail/palemoon.profile |
84 | /etc/firejail/abrowser.profile | 84 | /etc/firejail/abrowser.profile |
85 | /etc/firejail/0ad.profile | ||