diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 20 | ||||
-rw-r--r-- | etc/kopete.profile | 34 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
5 files changed, 49 insertions, 10 deletions
@@ -212,7 +212,7 @@ calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-e | |||
212 | imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, | 212 | imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, |
213 | ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, | 213 | ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, |
214 | conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool, | 214 | conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool, |
215 | aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy | 215 | aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete |
216 | 216 | ||
217 | Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles, | 217 | Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles, |
218 | https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles. | 218 | https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles. |
@@ -36,7 +36,7 @@ firejail (0.9.51) baseline; urgency=low | |||
36 | mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, | 36 | mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, |
37 | Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, cliqz, | 37 | Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, cliqz, |
38 | cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, signal-desktop, | 38 | cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, signal-desktop, |
39 | xcalc, zaproxy | 39 | xcalc, zaproxy, kopete |
40 | 40 | ||
41 | -- netblue30 <netblue30@yahoo.com> Thu, 14 Sep 2017 20:00:00 -0500 | 41 | -- netblue30 <netblue30@yahoo.com> Thu, 14 Sep 2017 20:00:00 -0500 |
42 | 42 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0e5400dd6..9bfef1f5e 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -233,6 +233,7 @@ blacklist ${HOME}/.kde/share/apps/kcookiejar | |||
233 | blacklist ${HOME}/.kde/share/apps/khtml | 233 | blacklist ${HOME}/.kde/share/apps/khtml |
234 | blacklist ${HOME}/.kde/share/apps/konqsidebartng | 234 | blacklist ${HOME}/.kde/share/apps/konqsidebartng |
235 | blacklist ${HOME}/.kde/share/apps/konqueror | 235 | blacklist ${HOME}/.kde/share/apps/konqueror |
236 | blacklist ${HOME}/.kde/share/apps/kopete | ||
236 | blacklist ${HOME}/.kde/share/apps/okular | 237 | blacklist ${HOME}/.kde/share/apps/okular |
237 | blacklist ${HOME}/.kde/share/config/baloofilerc | 238 | blacklist ${HOME}/.kde/share/config/baloofilerc |
238 | blacklist ${HOME}/.kde/share/config/baloorc | 239 | blacklist ${HOME}/.kde/share/config/baloorc |
@@ -244,28 +245,31 @@ blacklist ${HOME}/.kde/share/config/khtmlrc | |||
244 | blacklist ${HOME}/.kde/share/config/konq_history | 245 | blacklist ${HOME}/.kde/share/config/konq_history |
245 | blacklist ${HOME}/.kde/share/config/konqsidebartngrc | 246 | blacklist ${HOME}/.kde/share/config/konqsidebartngrc |
246 | blacklist ${HOME}/.kde/share/config/konquerorrc | 247 | blacklist ${HOME}/.kde/share/config/konquerorrc |
248 | blacklist ${HOME}/.kde/share/config/kopeterc | ||
247 | blacklist ${HOME}/.kde/share/config/ktorrentrc | 249 | blacklist ${HOME}/.kde/share/config/ktorrentrc |
248 | blacklist ${HOME}/.kde/share/config/okularpartrc | 250 | blacklist ${HOME}/.kde/share/config/okularpartrc |
249 | blacklist ${HOME}/.kde/share/config/okularrc | 251 | blacklist ${HOME}/.kde/share/config/okularrc |
250 | blacklist ${HOME}/.kde4/share/config/baloorc | 252 | blacklist ${HOME}/.kde4/share/apps/gwenview |
251 | blacklist ${HOME}/.kde4/share/config/baloofilerc | 253 | blacklist ${HOME}/.kde4/share/apps/kcookiejar |
252 | blacklist ${HOME}/.kde4/share/apps/okular | 254 | blacklist ${HOME}/.kde4/share/apps/khtml |
253 | blacklist ${HOME}/.kde4/share/apps/konqueror | 255 | blacklist ${HOME}/.kde4/share/apps/konqueror |
254 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng | 256 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng |
255 | blacklist ${HOME}/.kde4/share/apps/khtml | 257 | blacklist ${HOME}/.kde4/share/apps/kopete |
256 | blacklist ${HOME}/.kde4/share/apps/kcookiejar | 258 | blacklist ${HOME}/.kde4/share/apps/okular |
259 | blacklist ${HOME}/.kde4/share/config/baloorc | ||
260 | blacklist ${HOME}/.kde4/share/config/baloofilerc | ||
257 | blacklist ${HOME}/.kde4/share/config/digikam | 261 | blacklist ${HOME}/.kde4/share/config/digikam |
258 | blacklist ${HOME}/.kde4/share/apps/gwenview | 262 | blacklist ${HOME}/.kde4/share/config/gwenviewrc |
263 | blacklist ${HOME}/.kde4/share/config/k3brc | ||
259 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc | 264 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc |
260 | blacklist ${HOME}/.kde4/share/config/khtmlrc | 265 | blacklist ${HOME}/.kde4/share/config/khtmlrc |
261 | blacklist ${HOME}/.kde4/share/config/konq_history | 266 | blacklist ${HOME}/.kde4/share/config/konq_history |
262 | blacklist ${HOME}/.kde4/share/config/konqsidebartngrc | 267 | blacklist ${HOME}/.kde4/share/config/konqsidebartngrc |
263 | blacklist ${HOME}/.kde4/share/config/konquerorrc | 268 | blacklist ${HOME}/.kde4/share/config/konquerorrc |
269 | blacklist ${HOME}/.kde4/share/config/kopeterc | ||
264 | blacklist ${HOME}/.kde4/share/config/okularpartrc | 270 | blacklist ${HOME}/.kde4/share/config/okularpartrc |
265 | blacklist ${HOME}/.kde4/share/config/okularrc | 271 | blacklist ${HOME}/.kde4/share/config/okularrc |
266 | blacklist ${HOME}/.kde4/share/config/ktorrentrc | 272 | blacklist ${HOME}/.kde4/share/config/ktorrentrc |
267 | blacklist ${HOME}/.kde4/share/config/gwenviewrc | ||
268 | blacklist ${HOME}/.kde4/share/config/k3brc | ||
269 | blacklist ${HOME}/.killingfloor | 273 | blacklist ${HOME}/.killingfloor |
270 | blacklist ${HOME}/.kino-history | 274 | blacklist ${HOME}/.kino-history |
271 | blacklist ${HOME}/.kinorc | 275 | blacklist ${HOME}/.kinorc |
diff --git a/etc/kopete.profile b/etc/kopete.profile new file mode 100644 index 000000000..3e943c162 --- /dev/null +++ b/etc/kopete.profile | |||
@@ -0,0 +1,34 @@ | |||
1 | # Firejail profile for kopete | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/kopete.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ~/.kde/share/apps/kopete | ||
9 | noblacklist ~/.kde/share/config/kopeterc | ||
10 | noblacklist ~/.kde4/share/apps/kopete | ||
11 | noblacklist ~/.kde4/share/config/kopeterc | ||
12 | |||
13 | include /etc/firejail/disable-common.inc | ||
14 | include /etc/firejail/disable-devel.inc | ||
15 | include /etc/firejail/disable-passwdmgr.inc | ||
16 | include /etc/firejail/disable-programs.inc | ||
17 | |||
18 | include /etc/firejail/whitelist-var-common.inc | ||
19 | |||
20 | caps.drop all | ||
21 | netfilter | ||
22 | nodvd | ||
23 | nogroups | ||
24 | nonewprivs | ||
25 | noroot | ||
26 | notv | ||
27 | protocol unix,inet,inet6,netlink | ||
28 | seccomp | ||
29 | |||
30 | private-dev | ||
31 | private-tmp | ||
32 | |||
33 | noexec ${HOME} | ||
34 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 3976525a2..6a3fcadd4 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -191,6 +191,7 @@ kmail | |||
191 | knotes | 191 | knotes |
192 | kodi | 192 | kodi |
193 | konversation | 193 | konversation |
194 | kopete | ||
194 | krita | 195 | krita |
195 | ktorrent | 196 | ktorrent |
196 | kwrite | 197 | kwrite |