diff options
-rw-r--r-- | README | 11 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/rhythmbox.profile | 7 | ||||
-rw-r--r-- | etc/templates/profile.template | 3 |
5 files changed, 18 insertions, 7 deletions
@@ -97,7 +97,7 @@ announ (https://github.com/announ) | |||
97 | Antonio Russo (https://github.com/aerusso) | 97 | Antonio Russo (https://github.com/aerusso) |
98 | - enumerate root directories in apparmor profile | 98 | - enumerate root directories in apparmor profile |
99 | - fix join-or-start | 99 | - fix join-or-start |
100 | Austin Morton | 100 | Austin Morton (https://github.com/apmorton) |
101 | - deterministic-exit-code option | 101 | - deterministic-exit-code option |
102 | - private-cwd options | 102 | - private-cwd options |
103 | Austin S. Hemmelgarn (https://github.com/Ferroin) | 103 | Austin S. Hemmelgarn (https://github.com/Ferroin) |
@@ -193,6 +193,8 @@ Danil Semelenov (https://github.com/sgtpep) | |||
193 | Dara Adib (https://github.com/daradib) | 193 | Dara Adib (https://github.com/daradib) |
194 | - ssh profile fix | 194 | - ssh profile fix |
195 | - evince profile fix | 195 | - evince profile fix |
196 | David Thole (https://github.com/TheDarkTrumpet) | ||
197 | - added profile for teams-for-linux | ||
196 | Deelvesh Bunjun (https://github.com/DeelveshBunjun) | 198 | Deelvesh Bunjun (https://github.com/DeelveshBunjun) |
197 | - added xpdf profile | 199 | - added xpdf profile |
198 | dewbasaur (https://github.com/dewbasaur) | 200 | dewbasaur (https://github.com/dewbasaur) |
@@ -378,6 +380,9 @@ Jonas Heinrich (https://github.com/onny) | |||
378 | - fixed franz profile | 380 | - fixed franz profile |
379 | Jose Riha (https://github.com/jose1711) | 381 | Jose Riha (https://github.com/jose1711) |
380 | - added meteo-qt profile | 382 | - added meteo-qt profile |
383 | - created qgis, links, xlinks profiles | ||
384 | - extended profile.template with comments | ||
385 | - some typo and comment fixes in profile.template | ||
381 | jrabe (https://github.com/jrabe) | 386 | jrabe (https://github.com/jrabe) |
382 | - disallow access to kdbx files | 387 | - disallow access to kdbx files |
383 | - Epiphany profile | 388 | - Epiphany profile |
@@ -565,7 +570,8 @@ rusty-snake (https://github.com/rusty-snake) | |||
565 | - added profiles: gajim-history-manager, freemind, nomacs, kid3 | 570 | - added profiles: gajim-history-manager, freemind, nomacs, kid3 |
566 | - added profiles: kid3-qt, kid3-cli, anki, utox, mp3splt, mp3wrap | 571 | - added profiles: kid3-qt, kid3-cli, anki, utox, mp3splt, mp3wrap |
567 | - added profiles: oggsplt, flacsplt, cheese, inkview, mp3splt-gtk | 572 | - added profiles: oggsplt, flacsplt, cheese, inkview, mp3splt-gtk |
568 | - added profiles: ktouch, yelp | 573 | - added profiles: ktouch, yelp, klatexformula, klatexformula_cmdl |
574 | - added profiles: pandoc | ||
569 | - many profile fixing and hardening | 575 | - many profile fixing and hardening |
570 | - some typo fixes | 576 | - some typo fixes |
571 | - added profile templates | 577 | - added profile templates |
@@ -703,6 +709,7 @@ Topi Miettinen (https://github.com/topimiettinen) | |||
703 | - seccomp default list update | 709 | - seccomp default list update |
704 | - improve loading of seccomp filter and memory-deny-write-execute feature | 710 | - improve loading of seccomp filter and memory-deny-write-execute feature |
705 | - private-lib feature | 711 | - private-lib feature |
712 | - make --nodbus block also system D-Bus socket | ||
706 | user1024 (user1024@tut.by) | 713 | user1024 (user1024@tut.by) |
707 | - electron profile whitelisting | 714 | - electron profile whitelisting |
708 | - fixed Rocket.Chat profile | 715 | - fixed Rocket.Chat profile |
@@ -111,4 +111,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
111 | 111 | ||
112 | ## New profiles: | 112 | ## New profiles: |
113 | 113 | ||
114 | klatexformula, klatexformula_cmdl, links, pandoc, qgis, xlinks | 114 | klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks |
@@ -2,7 +2,7 @@ firejail (0.9.61) baseline; urgency=low | |||
2 | * work in progress | 2 | * work in progress |
3 | * profile templates | 3 | * profile templates |
4 | * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks | 4 | * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks |
5 | * new profiles: pandoc | 5 | * new profiles: pandoc, teams-for-linux |
6 | -- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500 | 6 | -- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500 |
7 | 7 | ||
8 | firejail (0.9.60) baseline; urgency=low | 8 | firejail (0.9.60) baseline; urgency=low |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index df874f378..1c9f0e4d1 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -9,11 +9,14 @@ include globals.local | |||
9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | noblacklist ${HOME}/.local/share/rhythmbox | 10 | noblacklist ${HOME}/.local/share/rhythmbox |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | ||
13 | include allow-python2.inc | ||
14 | include allow-python3.inc | ||
15 | |||
12 | include disable-common.inc | 16 | include disable-common.inc |
13 | include disable-devel.inc | 17 | include disable-devel.inc |
14 | # rhythmbox is using Python | ||
15 | include disable-exec.inc | 18 | include disable-exec.inc |
16 | #include disable-interpreters.inc | 19 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
18 | include disable-programs.inc | 21 | include disable-programs.inc |
19 | include disable-xdg.inc | 22 | include disable-xdg.inc |
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 2c44ee3a9..f2b64ac5d 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
@@ -112,7 +112,7 @@ | |||
112 | #novideo | 112 | #novideo |
113 | #protocol unix,inet,inet6,netlink | 113 | #protocol unix,inet,inet6,netlink |
114 | #seccomp | 114 | #seccomp |
115 | ##seccomp.drop SYSCALLS | 115 | ##seccomp.drop SYSCALLS (see also syscalls.txt) |
116 | #shell none | 116 | #shell none |
117 | #tracelog | 117 | #tracelog |
118 | 118 | ||
@@ -135,5 +135,6 @@ | |||
135 | 135 | ||
136 | ##env VAR=VALUE | 136 | ##env VAR=VALUE |
137 | #memory-deny-write-execute | 137 | #memory-deny-write-execute |
138 | ##noexec PATH | ||
138 | ##read-only ${HOME} | 139 | ##read-only ${HOME} |
139 | ##join-or-start NAME | 140 | ##join-or-start NAME |