diff options
39 files changed, 391 insertions, 3 deletions
@@ -277,7 +277,12 @@ glitsj16 (https://github.com/glitsj16) | |||
277 | - profile fixes: file, strings, claws-mail, | 277 | - profile fixes: file, strings, claws-mail, |
278 | - new profiles: QMediathekView, aria2c, Authenticator, checkbashisms | 278 | - new profiles: QMediathekView, aria2c, Authenticator, checkbashisms |
279 | - new profiles: devilspie, devilspie2, easystroke, github-desktop, min | 279 | - new profiles: devilspie, devilspie2, easystroke, github-desktop, min |
280 | - new profiles: bsdcat, bsdcpio, bsdtar, lzmadec | 280 | - new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat |
281 | - new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep | ||
282 | - new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat | ||
283 | - new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore | ||
284 | - new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh | ||
285 | - new profiles: nirtoshare-send, nitroshare-ui | ||
281 | graywolf (https://github.com/graywolf) | 286 | graywolf (https://github.com/graywolf) |
282 | - spelling fix | 287 | - spelling fix |
283 | greigdp (https://github.com/greigdp) | 288 | greigdp (https://github.com/greigdp) |
@@ -134,5 +134,7 @@ The new LTS branch is here: https://github.com/netblue30/firejail/tree/LTSbase | |||
134 | # New profiles: | 134 | # New profiles: |
135 | 135 | ||
136 | QMediathekView, aria2c, Authenticator, checkbashisms, devilspie, devilspie2, easystroke, github-desktop, min, | 136 | QMediathekView, aria2c, Authenticator, checkbashisms, devilspie, devilspie2, easystroke, github-desktop, min, |
137 | bsdcat, bsdcpio, bsdtar, lzmadec | 137 | bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep, |
138 | lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore, | ||
139 | lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui | ||
138 | 140 | ||
@@ -3,7 +3,12 @@ firejail (0.9.56.1) baseline; urgency=low | |||
3 | * --disable-mnt rework | 3 | * --disable-mnt rework |
4 | * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms | 4 | * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms |
5 | * new profiles: devilspie, devilspie2, easystroke, github-desktop, min | 5 | * new profiles: devilspie, devilspie2, easystroke, github-desktop, min |
6 | * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec | 6 | * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat |
7 | * new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep | ||
8 | * new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat | ||
9 | * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore | ||
10 | * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh | ||
11 | * new profiles: nirtoshare-send, nitroshare-ui | ||
7 | -- netblue30 <netblue30@yahoo.com> Thu, 11 Oct 2018 08:00:00 -0500 | 12 | -- netblue30 <netblue30@yahoo.com> Thu, 11 Oct 2018 08:00:00 -0500 |
8 | 13 | ||
9 | firejail (0.9.56) baseline; urgency=low | 14 | firejail (0.9.56) baseline; urgency=low |
diff --git a/etc/artha.profile b/etc/artha.profile new file mode 100644 index 000000000..befe9295f --- /dev/null +++ b/etc/artha.profile | |||
@@ -0,0 +1,46 @@ | |||
1 | # Firejail profile for artha | ||
2 | # Description: A free cross-platform English thesaurus based on WordNet | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include /etc/firejail/artha.local | ||
6 | # Persistent global definitions | ||
7 | include /etc/firejail/globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/artha.conf | ||
10 | noblacklist ${HOME}/.config/enchant | ||
11 | |||
12 | include /etc/firejail/disable-common.inc | ||
13 | include /etc/firejail/disable-devel.inc | ||
14 | include /etc/firejail/disable-interpreters.inc | ||
15 | include /etc/firejail/disable-passwdmgr.inc | ||
16 | include /etc/firejail/disable-programs.inc | ||
17 | |||
18 | caps.drop all | ||
19 | ipc-namespace | ||
20 | machine-id | ||
21 | net none | ||
22 | no3d | ||
23 | # nodbus | ||
24 | nodvd | ||
25 | nogroups | ||
26 | nonewprivs | ||
27 | noroot | ||
28 | nosound | ||
29 | notv | ||
30 | nou2f | ||
31 | novideo | ||
32 | protocol unix | ||
33 | seccomp | ||
34 | shell none | ||
35 | |||
36 | disable-mnt | ||
37 | private-bin artha,enchant,notify-send | ||
38 | private-cache | ||
39 | private-dev | ||
40 | private-etc fonts | ||
41 | private-lib libnotify.so.* | ||
42 | private-tmp | ||
43 | |||
44 | memory-deny-write-execute | ||
45 | noexec ${HOME} | ||
46 | noexec /tmp | ||
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index 6ef11780e..19fd871d3 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc | |||
@@ -2,6 +2,7 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/disable-passwdmgr.local | 3 | include /etc/firejail/disable-passwdmgr.local |
4 | 4 | ||
5 | blacklist ${HOME}/.config/Bitwarden | ||
5 | blacklist ${HOME}/.config/KeePass | 6 | blacklist ${HOME}/.config/KeePass |
6 | blacklist ${HOME}/.config/keepass | 7 | blacklist ${HOME}/.config/keepass |
7 | blacklist ${HOME}/.config/keepassx | 8 | blacklist ${HOME}/.config/keepassx |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 251362b77..5453ce376 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -52,6 +52,7 @@ blacklist ${HOME}/.config/Beaker Browser | |||
52 | blacklist ${HOME}/.config/Brackets | 52 | blacklist ${HOME}/.config/Brackets |
53 | blacklist ${HOME}/.config/Clementine | 53 | blacklist ${HOME}/.config/Clementine |
54 | blacklist ${HOME}/.config/Code | 54 | blacklist ${HOME}/.config/Code |
55 | blacklist ${HOME}/.config/Code Industry | ||
55 | blacklist ${HOME}/.config/Cryptocat | 56 | blacklist ${HOME}/.config/Cryptocat |
56 | blacklist ${HOME}/.config/Franz | 57 | blacklist ${HOME}/.config/Franz |
57 | blacklist ${HOME}/.config/FreeCAD | 58 | blacklist ${HOME}/.config/FreeCAD |
@@ -72,6 +73,7 @@ blacklist ${HOME}/.config/Mumble | |||
72 | blacklist ${HOME}/.config/MusE | 73 | blacklist ${HOME}/.config/MusE |
73 | blacklist ${HOME}/.config/MuseScore | 74 | blacklist ${HOME}/.config/MuseScore |
74 | blacklist ${HOME}/.config/MusicBrainz | 75 | blacklist ${HOME}/.config/MusicBrainz |
76 | blacklist ${HOME}/.config/Nathan Osman | ||
75 | blacklist ${HOME}/.config/Nylas Mail | 77 | blacklist ${HOME}/.config/Nylas Mail |
76 | blacklist ${HOME}/.config/Qlipper | 78 | blacklist ${HOME}/.config/Qlipper |
77 | blacklist ${HOME}/.config/QMediathekView | 79 | blacklist ${HOME}/.config/QMediathekView |
@@ -91,6 +93,7 @@ blacklist ${HOME}/.config/akregatorrc | |||
91 | blacklist ${HOME}/.config/ardour4 | 93 | blacklist ${HOME}/.config/ardour4 |
92 | blacklist ${HOME}/.config/ardour5 | 94 | blacklist ${HOME}/.config/ardour5 |
93 | blacklist ${HOME}/.config/arkrc | 95 | blacklist ${HOME}/.config/arkrc |
96 | blacklist ${HOME}/.config/artha.conf | ||
94 | blacklist ${HOME}/.config/asunder | 97 | blacklist ${HOME}/.config/asunder |
95 | blacklist ${HOME}/.config/atril | 98 | blacklist ${HOME}/.config/atril |
96 | blacklist ${HOME}/.config/audacious | 99 | blacklist ${HOME}/.config/audacious |
@@ -191,6 +194,7 @@ blacklist ${HOME}/.config/nautilus | |||
191 | blacklist ${HOME}/.config/nemo | 194 | blacklist ${HOME}/.config/nemo |
192 | blacklist ${HOME}/.config/netsurf | 195 | blacklist ${HOME}/.config/netsurf |
193 | blacklist ${HOME}/.config/nheko | 196 | blacklist ${HOME}/.config/nheko |
197 | blacklist ${HOME}/.config/NitroShare | ||
194 | blacklist ${HOME}/.config/okularpartrc | 198 | blacklist ${HOME}/.config/okularpartrc |
195 | blacklist ${HOME}/.config/okularrc | 199 | blacklist ${HOME}/.config/okularrc |
196 | blacklist ${HOME}/.config/onionshare | 200 | blacklist ${HOME}/.config/onionshare |
@@ -458,6 +462,7 @@ blacklist ${HOME}/.local/share/xplayer | |||
458 | blacklist ${HOME}/.local/share/xreader | 462 | blacklist ${HOME}/.local/share/xreader |
459 | blacklist ${HOME}/.local/share/zathura | 463 | blacklist ${HOME}/.local/share/zathura |
460 | blacklist ${HOME}/.lv2 | 464 | blacklist ${HOME}/.lv2 |
465 | blacklist ${HOME}/.masterpdfeditor | ||
461 | blacklist ${HOME}/.mcabber | 466 | blacklist ${HOME}/.mcabber |
462 | blacklist ${HOME}/.mcabberrc | 467 | blacklist ${HOME}/.mcabberrc |
463 | blacklist ${HOME}/.mediathek3 | 468 | blacklist ${HOME}/.mediathek3 |
diff --git a/etc/lbunzip2.profile b/etc/lbunzip2.profile new file mode 100644 index 000000000..180eea2c8 --- /dev/null +++ b/etc/lbunzip2.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for gzip | ||
2 | # Description: GNU compression utilities | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/gzip.profile | ||
diff --git a/etc/lbzcat.profile b/etc/lbzcat.profile new file mode 100644 index 000000000..180eea2c8 --- /dev/null +++ b/etc/lbzcat.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for gzip | ||
2 | # Description: GNU compression utilities | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/gzip.profile | ||
diff --git a/etc/lbzip2.profile b/etc/lbzip2.profile new file mode 100644 index 000000000..180eea2c8 --- /dev/null +++ b/etc/lbzip2.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for gzip | ||
2 | # Description: GNU compression utilities | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/gzip.profile | ||
diff --git a/etc/lzcat.profile b/etc/lzcat.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/lzcat.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/lzcmp.profile b/etc/lzcmp.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/lzcmp.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/lzdiff.profile b/etc/lzdiff.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/lzdiff.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/lzegrep.profile b/etc/lzegrep.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/lzegrep.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/lzfgrep.profile b/etc/lzfgrep.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/lzfgrep.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/lzgrep.profile b/etc/lzgrep.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/lzgrep.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/lzip.profile b/etc/lzip.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/lzip.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/lzless.profile b/etc/lzless.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/lzless.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/lzma.profile b/etc/lzma.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/lzma.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/lzmainfo.profile b/etc/lzmainfo.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/lzmainfo.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/lzmore.profile b/etc/lzmore.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/lzmore.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile new file mode 100644 index 000000000..cc80679fc --- /dev/null +++ b/etc/masterpdfeditor.profile | |||
@@ -0,0 +1,50 @@ | |||
1 | # Firejail profile for masterpdfeditor | ||
2 | # Description: A complete solution for creating and editing PDF files | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include /etc/firejail/masterpdfeditor.local | ||
6 | # Persistent global definitions | ||
7 | include /etc/firejail/globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/Code Industry | ||
10 | noblacklist ${HOME}/.masterpdfeditor | ||
11 | |||
12 | include /etc/firejail/disable-common.inc | ||
13 | include /etc/firejail/disable-devel.inc | ||
14 | include /etc/firejail/disable-interpreters.inc | ||
15 | include /etc/firejail/disable-passwdmgr.inc | ||
16 | include /etc/firejail/disable-programs.inc | ||
17 | |||
18 | include /etc/firejail/whitelist-var-common.inc | ||
19 | |||
20 | caps.drop all | ||
21 | ipc-namespace | ||
22 | machine-id | ||
23 | net none | ||
24 | no3d | ||
25 | nodbus | ||
26 | nodvd | ||
27 | nogroups | ||
28 | nonewprivs | ||
29 | noroot | ||
30 | nosound | ||
31 | notv | ||
32 | nou2f | ||
33 | novideo | ||
34 | protocol unix | ||
35 | seccomp | ||
36 | shell none | ||
37 | tracelog | ||
38 | |||
39 | # disable-mnt | ||
40 | # private | ||
41 | private-bin masterpdfeditor* | ||
42 | private-cache | ||
43 | private-dev | ||
44 | private-etc fonts | ||
45 | # private-lib | ||
46 | private-tmp | ||
47 | |||
48 | # memory-deny-write-execute | ||
49 | noexec ${HOME} | ||
50 | noexec /tmp | ||
diff --git a/etc/masterpdfeditor4.profile b/etc/masterpdfeditor4.profile new file mode 100644 index 000000000..7ab9c9421 --- /dev/null +++ b/etc/masterpdfeditor4.profile | |||
@@ -0,0 +1,12 @@ | |||
1 | # Firejail profile for masterpdfeditor4 | ||
2 | # Description: A complete solution for creating and editing PDF files | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include /etc/firejail/masterpdfeditor4.local | ||
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include /etc/firejail/globals.local | ||
9 | |||
10 | |||
11 | # Redirect | ||
12 | include /etc/firejail/masterpdfeditor.profile | ||
diff --git a/etc/masterpdfeditor5.profile b/etc/masterpdfeditor5.profile new file mode 100644 index 000000000..86faf5da0 --- /dev/null +++ b/etc/masterpdfeditor5.profile | |||
@@ -0,0 +1,12 @@ | |||
1 | # Firejail profile for masterpdfeditor5 | ||
2 | # Description: A complete solution for creating and editing PDF files | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include /etc/firejail/masterpdfeditor5.local | ||
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include /etc/firejail/globals.local | ||
9 | |||
10 | |||
11 | # Redirect | ||
12 | include /etc/firejail/masterpdfeditor.profile | ||
diff --git a/etc/nitroshare-cli.profile b/etc/nitroshare-cli.profile new file mode 100644 index 000000000..a9ad197e9 --- /dev/null +++ b/etc/nitroshare-cli.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for nitroshare | ||
2 | # Description: Network File Transfer Application | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/nitroshare.profile | ||
diff --git a/etc/nitroshare-nmh.profile b/etc/nitroshare-nmh.profile new file mode 100644 index 000000000..a9ad197e9 --- /dev/null +++ b/etc/nitroshare-nmh.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for nitroshare | ||
2 | # Description: Network File Transfer Application | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/nitroshare.profile | ||
diff --git a/etc/nitroshare-send.profile b/etc/nitroshare-send.profile new file mode 100644 index 000000000..a9ad197e9 --- /dev/null +++ b/etc/nitroshare-send.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for nitroshare | ||
2 | # Description: Network File Transfer Application | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/nitroshare.profile | ||
diff --git a/etc/nitroshare-ui.profile b/etc/nitroshare-ui.profile new file mode 100644 index 000000000..a9ad197e9 --- /dev/null +++ b/etc/nitroshare-ui.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for nitroshare | ||
2 | # Description: Network File Transfer Application | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/nitroshare.profile | ||
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile new file mode 100644 index 000000000..f02599ac6 --- /dev/null +++ b/etc/nitroshare.profile | |||
@@ -0,0 +1,50 @@ | |||
1 | # Firejail profile for nitroshare | ||
2 | # Description: Network File Transfer Application | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include /etc/firejail/nitroshare.local | ||
6 | # Persistent global definitions | ||
7 | include /etc/firejail/globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/Nathan Osman | ||
10 | noblacklist ${HOME}/.config/NitroShare | ||
11 | |||
12 | # Allow python (blacklisted by disable-interpreters.inc) | ||
13 | noblacklist ${PATH}/python2* | ||
14 | noblacklist ${PATH}/python3* | ||
15 | noblacklist /usr/lib/python2* | ||
16 | noblacklist /usr/lib/python3* | ||
17 | |||
18 | include /etc/firejail/disable-common.inc | ||
19 | include /etc/firejail/disable-devel.inc | ||
20 | include /etc/firejail/disable-interpreters.inc | ||
21 | include /etc/firejail/disable-passwdmgr.inc | ||
22 | include /etc/firejail/disable-programs.inc | ||
23 | |||
24 | caps.drop all | ||
25 | netfilter | ||
26 | no3d | ||
27 | # nodbus | ||
28 | nodvd | ||
29 | nogroups | ||
30 | nonewprivs | ||
31 | noroot | ||
32 | nosound | ||
33 | notv | ||
34 | nou2f | ||
35 | novideo | ||
36 | protocol unix,inet,inet6,netlink | ||
37 | seccomp | ||
38 | shell none | ||
39 | |||
40 | disable-mnt | ||
41 | private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui | ||
42 | private-cache | ||
43 | private-dev | ||
44 | private-etc ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl | ||
45 | # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare | ||
46 | private-tmp | ||
47 | |||
48 | # memory-deny-write-execute | ||
49 | noexec ${HOME} | ||
50 | noexec /tmp | ||
diff --git a/etc/unlzma.profile b/etc/unlzma.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/unlzma.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/unxz.profile b/etc/unxz.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/unxz.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/xzcat.profile b/etc/xzcat.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/xzcat.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/xzcmp.profile b/etc/xzcmp.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/xzcmp.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/xzdiff.profile b/etc/xzdiff.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/xzdiff.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/xzegrep.profile b/etc/xzegrep.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/xzegrep.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/xzfgrep.profile b/etc/xzfgrep.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/xzfgrep.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/xzgrep.profile b/etc/xzgrep.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/xzgrep.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/xzless.profile b/etc/xzless.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/xzless.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/xzmore.profile b/etc/xzmore.profile new file mode 100644 index 000000000..cd79eebc6 --- /dev/null +++ b/etc/xzmore.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Firejail profile alias for cpio | ||
2 | # Description: Library and command line tools for XZ and LZMA compressed files | ||
3 | # This file is overwritten after every install/update | ||
4 | |||
5 | |||
6 | # Redirect | ||
7 | include /etc/firejail/cpio.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index ddc4b676d..dba078ca2 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -35,6 +35,7 @@ ardour5 | |||
35 | arduino | 35 | arduino |
36 | ark | 36 | ark |
37 | arm | 37 | arm |
38 | artha | ||
38 | # atom | 39 | # atom |
39 | # atom-beta | 40 | # atom-beta |
40 | asunder | 41 | asunder |
@@ -270,6 +271,8 @@ lximage-qt | |||
270 | lxmusic | 271 | lxmusic |
271 | lynx | 272 | lynx |
272 | macrofusion | 273 | macrofusion |
274 | masterpdfeditor4 | ||
275 | masterpdfeditor5 | ||
273 | mate-calc | 276 | mate-calc |
274 | mate-calculator | 277 | mate-calculator |
275 | mate-color-select | 278 | mate-color-select |
@@ -305,6 +308,7 @@ ncdu | |||
305 | netsurf | 308 | netsurf |
306 | neverball | 309 | neverball |
307 | nheko | 310 | nheko |
311 | nitroshare | ||
308 | nylas | 312 | nylas |
309 | obs | 313 | obs |
310 | odt2txt | 314 | odt2txt |