diff options
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | README.md | 3 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/qupzilla.txt | 22 | ||||
-rw-r--r-- | platform/debian/conffiles | 2 |
6 files changed, 32 insertions, 2 deletions
@@ -97,6 +97,8 @@ valoq (https://github.com/valoq) | |||
97 | - added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles | 97 | - added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles |
98 | - added wget profile | 98 | - added wget profile |
99 | - disable gnupg and systemd directories under /run/user | 99 | - disable gnupg and systemd directories under /run/user |
100 | Jesse Smith (https://github.com/slicer69) | ||
101 | - added QupZilla profile | ||
100 | Lari Rauno (https://github.com/tuutti) | 102 | Lari Rauno (https://github.com/tuutti) |
101 | - qutebrowser profile fixes | 103 | - qutebrowser profile fixes |
102 | SpotComms (https://github.com/SpotComms) | 104 | SpotComms (https://github.com/SpotComms) |
@@ -117,6 +119,8 @@ curiosity-seeker (https://github.com/curiosity-seeker) | |||
117 | - cherrytree profile fixes | 119 | - cherrytree profile fixes |
118 | - added quiterss profile | 120 | - added quiterss profile |
119 | - added guayadeque profile | 121 | - added guayadeque profile |
122 | - added VirtualBox.profile | ||
123 | - various other profile fixes | ||
120 | Simon Peter (https://github.com/probonopd) | 124 | Simon Peter (https://github.com/probonopd) |
121 | - set $APPIMAGE and $APPDIR environment variables | 125 | - set $APPIMAGE and $APPDIR environment variables |
122 | - AppImage version detection | 126 | - AppImage version detection |
@@ -89,4 +89,5 @@ gjs, gnome-books, gnome-clocks, gnome-documents, gnome-maps, gnome-music, gnome- | |||
89 | goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, | 89 | goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, |
90 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, | 90 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, |
91 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, | 91 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, |
92 | PDFSam, Pithos, Xonotic, wireshark, keepassx2 | 92 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla |
93 | |||
@@ -18,7 +18,7 @@ firejail (0.9.45) baseline; urgency=low | |||
18 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, | 18 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, |
19 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, | 19 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, |
20 | * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, | 20 | * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, |
21 | * new profies: Xonotic, wireshark, keepassx2 | 21 | * new profies: Xonotic, wireshark, keepassx2, QupZilla |
22 | * bugfixes | 22 | * bugfixes |
23 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 | 23 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 |
24 | 24 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 279a65d6e..d2e391229 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -20,6 +20,7 @@ blacklist ${HOME}/.cache/INRIA | |||
20 | blacklist ${HOME}/.cache/QuiteRss | 20 | blacklist ${HOME}/.cache/QuiteRss |
21 | blacklist ${HOME}/.cache/champlain | 21 | blacklist ${HOME}/.cache/champlain |
22 | blacklist ${HOME}/.cache/chromium | 22 | blacklist ${HOME}/.cache/chromium |
23 | blacklist ${HOME}/.cache/qupzilla | ||
23 | blacklist ${HOME}/.cache/chromium-dev | 24 | blacklist ${HOME}/.cache/chromium-dev |
24 | blacklist ${HOME}/.cache/darktable | 25 | blacklist ${HOME}/.cache/darktable |
25 | blacklist ${HOME}/.cache/epiphany | 26 | blacklist ${HOME}/.cache/epiphany |
diff --git a/etc/qupzilla.txt b/etc/qupzilla.txt new file mode 100644 index 000000000..387ddeffa --- /dev/null +++ b/etc/qupzilla.txt | |||
@@ -0,0 +1,22 @@ | |||
1 | # Firejail profile for Qupzilla web browser | ||
2 | noblacklist ${HOME}/.config/qupzilla | ||
3 | noblacklist ${HOME}/.cache/qupzilla | ||
4 | include /etc/firejail/disable-mgmt.inc | ||
5 | include /etc/firejail/disable-secret.inc | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | caps.drop all | ||
9 | seccomp | ||
10 | protocol unix,inet,inet6,netlink | ||
11 | netfilter | ||
12 | tracelog | ||
13 | noroot | ||
14 | whitelist ${DOWNLOADS} | ||
15 | whitelist ~/.config/qupzilla | ||
16 | whitelist ~/.cache/qupzilla | ||
17 | include /etc/firejail/whitelist-common.inc | ||
18 | |||
19 | # experimental features | ||
20 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | ||
21 | |||
22 | |||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 57657f208..9afe42be8 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -238,3 +238,5 @@ | |||
238 | /etc/firejail/xonotic-glx.profile | 238 | /etc/firejail/xonotic-glx.profile |
239 | /etc/firejail/xonotic-sdl.profile | 239 | /etc/firejail/xonotic-sdl.profile |
240 | /etc/firejail/xonotic.profile | 240 | /etc/firejail/xonotic.profile |
241 | /etc/firejail/VirtualBox.profile | ||
242 | /etc/firejail/qupzilla.profile | ||