diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 6 | ||||
-rw-r--r-- | etc/kget.profile | 37 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
5 files changed, 45 insertions, 3 deletions
@@ -212,7 +212,7 @@ calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-e | |||
212 | imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, | 212 | imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, |
213 | ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, | 213 | ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, |
214 | conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool, | 214 | conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool, |
215 | aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete | 215 | aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete, kget |
216 | 216 | ||
217 | Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles, | 217 | Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles, |
218 | https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles. | 218 | https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles. |
@@ -36,7 +36,7 @@ firejail (0.9.51) baseline; urgency=low | |||
36 | mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, | 36 | mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, |
37 | Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, | 37 | Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, |
38 | cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, | 38 | cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, |
39 | xcalc, zaproxy, kopete, cliqz, signal-desktop | 39 | xcalc, zaproxy, kopete, cliqz, signal-desktop, kget |
40 | 40 | ||
41 | -- netblue30 <netblue30@yahoo.com> Thu, 14 Sep 2017 20:00:00 -0500 | 41 | -- netblue30 <netblue30@yahoo.com> Thu, 14 Sep 2017 20:00:00 -0500 |
42 | 42 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 9bfef1f5e..73a2e6515 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -230,6 +230,7 @@ blacklist ${HOME}/.java | |||
230 | blacklist ${HOME}/.jitsi | 230 | blacklist ${HOME}/.jitsi |
231 | blacklist ${HOME}/.kde/share/apps/gwenview | 231 | blacklist ${HOME}/.kde/share/apps/gwenview |
232 | blacklist ${HOME}/.kde/share/apps/kcookiejar | 232 | blacklist ${HOME}/.kde/share/apps/kcookiejar |
233 | blacklist ${HOME}/.kde/share/apps/kget | ||
233 | blacklist ${HOME}/.kde/share/apps/khtml | 234 | blacklist ${HOME}/.kde/share/apps/khtml |
234 | blacklist ${HOME}/.kde/share/apps/konqsidebartng | 235 | blacklist ${HOME}/.kde/share/apps/konqsidebartng |
235 | blacklist ${HOME}/.kde/share/apps/konqueror | 236 | blacklist ${HOME}/.kde/share/apps/konqueror |
@@ -241,6 +242,7 @@ blacklist ${HOME}/.kde/share/config/digikam | |||
241 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 242 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
242 | blacklist ${HOME}/.kde/share/config/k3brc | 243 | blacklist ${HOME}/.kde/share/config/k3brc |
243 | blacklist ${HOME}/.kde/share/config/kcookiejarrc | 244 | blacklist ${HOME}/.kde/share/config/kcookiejarrc |
245 | blacklist ${HOME}/.kde/share/config/kgetrc | ||
244 | blacklist ${HOME}/.kde/share/config/khtmlrc | 246 | blacklist ${HOME}/.kde/share/config/khtmlrc |
245 | blacklist ${HOME}/.kde/share/config/konq_history | 247 | blacklist ${HOME}/.kde/share/config/konq_history |
246 | blacklist ${HOME}/.kde/share/config/konqsidebartngrc | 248 | blacklist ${HOME}/.kde/share/config/konqsidebartngrc |
@@ -251,6 +253,7 @@ blacklist ${HOME}/.kde/share/config/okularpartrc | |||
251 | blacklist ${HOME}/.kde/share/config/okularrc | 253 | blacklist ${HOME}/.kde/share/config/okularrc |
252 | blacklist ${HOME}/.kde4/share/apps/gwenview | 254 | blacklist ${HOME}/.kde4/share/apps/gwenview |
253 | blacklist ${HOME}/.kde4/share/apps/kcookiejar | 255 | blacklist ${HOME}/.kde4/share/apps/kcookiejar |
256 | blacklist ${HOME}/.kde4/share/apps/kget | ||
254 | blacklist ${HOME}/.kde4/share/apps/khtml | 257 | blacklist ${HOME}/.kde4/share/apps/khtml |
255 | blacklist ${HOME}/.kde4/share/apps/konqueror | 258 | blacklist ${HOME}/.kde4/share/apps/konqueror |
256 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng | 259 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng |
@@ -262,14 +265,15 @@ blacklist ${HOME}/.kde4/share/config/digikam | |||
262 | blacklist ${HOME}/.kde4/share/config/gwenviewrc | 265 | blacklist ${HOME}/.kde4/share/config/gwenviewrc |
263 | blacklist ${HOME}/.kde4/share/config/k3brc | 266 | blacklist ${HOME}/.kde4/share/config/k3brc |
264 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc | 267 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc |
268 | blacklist ${HOME}/.kde4/share/config/kgetrc | ||
265 | blacklist ${HOME}/.kde4/share/config/khtmlrc | 269 | blacklist ${HOME}/.kde4/share/config/khtmlrc |
266 | blacklist ${HOME}/.kde4/share/config/konq_history | 270 | blacklist ${HOME}/.kde4/share/config/konq_history |
267 | blacklist ${HOME}/.kde4/share/config/konqsidebartngrc | 271 | blacklist ${HOME}/.kde4/share/config/konqsidebartngrc |
268 | blacklist ${HOME}/.kde4/share/config/konquerorrc | 272 | blacklist ${HOME}/.kde4/share/config/konquerorrc |
269 | blacklist ${HOME}/.kde4/share/config/kopeterc | 273 | blacklist ${HOME}/.kde4/share/config/kopeterc |
274 | blacklist ${HOME}/.kde4/share/config/ktorrentrc | ||
270 | blacklist ${HOME}/.kde4/share/config/okularpartrc | 275 | blacklist ${HOME}/.kde4/share/config/okularpartrc |
271 | blacklist ${HOME}/.kde4/share/config/okularrc | 276 | blacklist ${HOME}/.kde4/share/config/okularrc |
272 | blacklist ${HOME}/.kde4/share/config/ktorrentrc | ||
273 | blacklist ${HOME}/.killingfloor | 277 | blacklist ${HOME}/.killingfloor |
274 | blacklist ${HOME}/.kino-history | 278 | blacklist ${HOME}/.kino-history |
275 | blacklist ${HOME}/.kinorc | 279 | blacklist ${HOME}/.kinorc |
diff --git a/etc/kget.profile b/etc/kget.profile new file mode 100644 index 000000000..f6d7352c1 --- /dev/null +++ b/etc/kget.profile | |||
@@ -0,0 +1,37 @@ | |||
1 | # Firejail profile for kget | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/kget.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ~/.kde/share/apps/kget | ||
9 | noblacklist ~/.kde/share/config/kgetrc | ||
10 | noblacklist ~/.kde4/share/apps/kget | ||
11 | noblacklist ~/.kde4/share/config/kgetrc | ||
12 | |||
13 | include /etc/firejail/disable-common.inc | ||
14 | include /etc/firejail/disable-devel.inc | ||
15 | include /etc/firejail/disable-passwdmgr.inc | ||
16 | include /etc/firejail/disable-programs.inc | ||
17 | |||
18 | include /etc/firejail/whitelist-var-common.inc | ||
19 | |||
20 | caps.drop all | ||
21 | netfilter | ||
22 | nodvd | ||
23 | nogroups | ||
24 | nonewprivs | ||
25 | noroot | ||
26 | nosound | ||
27 | notv | ||
28 | novideo | ||
29 | protocol unix,inet,inet6 | ||
30 | seccomp | ||
31 | |||
32 | private-dev | ||
33 | private-tmp | ||
34 | |||
35 | # memory-deny-write-execute | ||
36 | noexec ${HOME} | ||
37 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 6a3fcadd4..75bd2e388 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -186,6 +186,7 @@ keepass2 | |||
186 | keepassx | 186 | keepassx |
187 | keepassx2 | 187 | keepassx2 |
188 | keepassxc | 188 | keepassxc |
189 | kget | ||
189 | kino | 190 | kino |
190 | kmail | 191 | kmail |
191 | knotes | 192 | knotes |