diff options
-rw-r--r-- | README.md | 11 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/dolphin.profile | 1 | ||||
-rw-r--r-- | etc/knotes.profile | 27 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
7 files changed, 38 insertions, 6 deletions
@@ -69,14 +69,14 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is | |||
69 | ## Desktop integration | 69 | ## Desktop integration |
70 | 70 | ||
71 | All --fix functionality is done by default in firecfg, --fix option was removed. Clicking on a program | 71 | All --fix functionality is done by default in firecfg, --fix option was removed. Clicking on a program |
72 | in desktop manager menu should start the program automatically in a sandbox, if a profile | 72 | in desktop manager menu should start the program automatically in a sandbox if a profile |
73 | is available in /etc/firejail. We cover about 270 different applications in this moment on all major desktop managers. | 73 | is available in /etc/firejail. We cover about 300 different applications in this moment on all major desktop managers. |
74 | 74 | ||
75 | Thunar (XFCE) and PCManFM (LXDE) file managers symlinks are installed in /usr/local/bin by firecfg. | 75 | Symlinks for the common file managers are installed in /usr/local/bin by firecfg. |
76 | File managers are usually started by default at login time, and will be sandboxed. | 76 | File managers are usually started by default at login time, and will be sandboxed. |
77 | Clicking on a file in the file manager will start the corresponding program in the same sandbox as the file manager. | 77 | Clicking on a file in the file manager will start the corresponding program in the same sandbox as the file manager. |
78 | For example, clicking on a video file will start a sandboxed VLC running the video. | 78 | For example, clicking on a video file will start a sandboxed VLC running the video. |
79 | We support in this moment XFCE, LXDE, MATE and Cinnamon. | 79 | We support in this moment XFCE, LXDE, MATE, Cinnamon and KDE. |
80 | 80 | ||
81 | ## AppImage | 81 | ## AppImage |
82 | 82 | ||
@@ -218,4 +218,5 @@ PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser | |||
218 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, | 218 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, |
219 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, | 219 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, |
220 | Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, | 220 | Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, |
221 | mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap | 221 | mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap, |
222 | knotes | ||
@@ -43,7 +43,7 @@ firejail (0.9.46-rc1) baseline; urgency=low | |||
43 | * new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, | 43 | * new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, |
44 | * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, | 44 | * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, |
45 | * new profiles: mate-calc, mate-dictionary, mate-color-select, caja, | 45 | * new profiles: mate-calc, mate-dictionary, mate-color-select, caja, |
46 | * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap | 46 | * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes |
47 | * bugfixes | 47 | * bugfixes |
48 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 | 48 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 |
49 | 49 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 89abbafd8..ddbc3f1fb 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -95,6 +95,7 @@ blacklist ${HOME}/.config/kateschemarc | |||
95 | blacklist ${HOME}/.config/katesyntaxhighlightingrc | 95 | blacklist ${HOME}/.config/katesyntaxhighlightingrc |
96 | blacklist ${HOME}/.config/katevirc | 96 | blacklist ${HOME}/.config/katevirc |
97 | blacklist ${HOME}/.config/kdeconnect | 97 | blacklist ${HOME}/.config/kdeconnect |
98 | blacklist ${HOME}/.config/knotesrc | ||
98 | blacklist ${HOME}/.config/libreoffice | 99 | blacklist ${HOME}/.config/libreoffice |
99 | blacklist ${HOME}/.config/mate/eom | 100 | blacklist ${HOME}/.config/mate/eom |
100 | blacklist ${HOME}/.config/mate/mate-dictionary | 101 | blacklist ${HOME}/.config/mate/mate-dictionary |
diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 3c9056f62..1a718c87f 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile | |||
@@ -10,6 +10,7 @@ noblacklist ~/.config/dolphinrc | |||
10 | noblacklist ~/.local/share/dolphin | 10 | noblacklist ~/.local/share/dolphin |
11 | noblacklist ~/.kde4/share/kde4/services | 11 | noblacklist ~/.kde4/share/kde4/services |
12 | noblacklist ~/.kde/share/kde4/services | 12 | noblacklist ~/.kde/share/kde4/services |
13 | noblacklist ${HOME}/.local/share/Trash | ||
13 | 14 | ||
14 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
15 | # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files | 16 | # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files |
diff --git a/etc/knotes.profile b/etc/knotes.profile new file mode 100644 index 000000000..8fa88a261 --- /dev/null +++ b/etc/knotes.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/knotes.local | ||
4 | |||
5 | # kate profile | ||
6 | noblacklist ~/.config/knotesrc | ||
7 | |||
8 | include /etc/firejail/disable-common.inc | ||
9 | include /etc/firejail/disable-programs.inc | ||
10 | #include /etc/firejail/disable-devel.inc | ||
11 | include /etc/firejail/disable-passwdmgr.inc | ||
12 | |||
13 | caps.drop all | ||
14 | nogroups | ||
15 | nonewprivs | ||
16 | noroot | ||
17 | nosound | ||
18 | protocol unix | ||
19 | seccomp | ||
20 | netfilter | ||
21 | shell none | ||
22 | tracelog | ||
23 | |||
24 | # private-bin kate | ||
25 | private-tmp | ||
26 | private-dev | ||
27 | # private-etc fonts | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 8bbd6ea6e..7353aa436 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -290,4 +290,5 @@ | |||
290 | /etc/firejail/nemo.profile | 290 | /etc/firejail/nemo.profile |
291 | /etc/firejail/gnome-font-viewer.profile | 291 | /etc/firejail/gnome-font-viewer.profile |
292 | /etc/firejail/gucharmap.profile | 292 | /etc/firejail/gucharmap.profile |
293 | /etc/firejail/knotes.profile | ||
293 | 294 | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 199a61fe4..946b75f80 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -117,6 +117,7 @@ keepassx | |||
117 | keepassx2 | 117 | keepassx2 |
118 | keepassxc | 118 | keepassxc |
119 | kmail | 119 | kmail |
120 | knotes | ||
120 | kodi | 121 | kodi |
121 | konversation | 122 | konversation |
122 | ktorrent | 123 | ktorrent |