aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md2
-rw-r--r--RELNOTES1
-rw-r--r--etc/clipit.profile29
-rw-r--r--etc/disable-programs.inc9
-rw-r--r--etc/leafpad.profile26
-rw-r--r--etc/lximage-qt.profile26
-rw-r--r--etc/lxmusic.profile27
-rw-r--r--etc/qlipper.profile28
-rw-r--r--platform/debian/conffiles5
-rw-r--r--src/firecfg/firecfg.config6
10 files changed, 156 insertions, 3 deletions
diff --git a/README.md b/README.md
index 4633ff894..21752839e 100644
--- a/README.md
+++ b/README.md
@@ -219,4 +219,4 @@ Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, Me
219Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, 219Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,
220Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, 220Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin,
221mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap, 221mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap,
222knotes 222knotes, clipit, leafpad, lximage-qt, lxmusic, qlipper
diff --git a/RELNOTES b/RELNOTES
index 90164fb20..31b44b1d6 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -45,6 +45,7 @@ firejail (0.9.46-rc1) baseline; urgency=low
45 * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, 45 * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin,
46 * new profiles: mate-calc, mate-dictionary, mate-color-select, caja, 46 * new profiles: mate-calc, mate-dictionary, mate-color-select, caja,
47 * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes 47 * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes
48 * new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper
48 * bugfixes 49 * bugfixes
49 -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 50 -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500
50 51
diff --git a/etc/clipit.profile b/etc/clipit.profile
new file mode 100644
index 000000000..a1a279531
--- /dev/null
+++ b/etc/clipit.profile
@@ -0,0 +1,29 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include /etc/firejail/clipit.local
4
5noblacklist ${HOME}/.local/share/clipit
6noblacklist ${HOME}/.config/clipit
7include /etc/firejail/disable-common.inc
8include /etc/firejail/disable-programs.inc
9include /etc/firejail/disable-passwdmgr.inc
10
11caps.drop all
12netfilter
13nonewprivs
14noroot
15protocol unix,inet,inet6
16seccomp
17
18
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none
25# private-bin program
26# private-etc none
27# private-dev
28# private-tmp
29nosound
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 0f2a9b461..29da32bbf 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -36,6 +36,7 @@ blacklist ${HOME}/.config/Meltytech
36blacklist ${HOME}/.config/Mousepad 36blacklist ${HOME}/.config/Mousepad
37blacklist ${HOME}/.config/Mumble 37blacklist ${HOME}/.config/Mumble
38blacklist ${HOME}/.config/Nylas Mail 38blacklist ${HOME}/.config/Nylas Mail
39blacklist ${HOME}/.config/Qlipper
39blacklist ${HOME}/.config/QuiteRss 40blacklist ${HOME}/.config/QuiteRss
40blacklist ${HOME}/.config/QuiteRssrc 41blacklist ${HOME}/.config/QuiteRssrc
41blacklist ${HOME}/.config/Slack 42blacklist ${HOME}/.config/Slack
@@ -58,9 +59,9 @@ blacklist ${HOME}/.config/brave
58blacklist ${HOME}/.config/caja 59blacklist ${HOME}/.config/caja
59blacklist ${HOME}/.config/cherrytree 60blacklist ${HOME}/.config/cherrytree
60blacklist ${HOME}/.config/chromium 61blacklist ${HOME}/.config/chromium
61blacklist ${HOME}/.config/qupzilla
62blacklist ${HOME}/.config/chromium-dev 62blacklist ${HOME}/.config/chromium-dev
63blacklist ${HOME}/.config/chromium-flags.conf 63blacklist ${HOME}/.config/chromium-flags.conf
64blacklist ${HOME}/.config/clipit
64blacklist ${HOME}/.config/cmus 65blacklist ${HOME}/.config/cmus
65blacklist ${HOME}/.config/darktable 66blacklist ${HOME}/.config/darktable
66blacklist ${HOME}/.config/deadbeef 67blacklist ${HOME}/.config/deadbeef
@@ -96,7 +97,9 @@ blacklist ${HOME}/.config/katesyntaxhighlightingrc
96blacklist ${HOME}/.config/katevirc 97blacklist ${HOME}/.config/katevirc
97blacklist ${HOME}/.config/kdeconnect 98blacklist ${HOME}/.config/kdeconnect
98blacklist ${HOME}/.config/knotesrc 99blacklist ${HOME}/.config/knotesrc
100blacklist ${HOME}/.config/leafpad
99blacklist ${HOME}/.config/libreoffice 101blacklist ${HOME}/.config/libreoffice
102blacklist ${HOME}/.config/lximage-qt
100blacklist ${HOME}/.config/mate/eom 103blacklist ${HOME}/.config/mate/eom
101blacklist ${HOME}/.config/mate/mate-dictionary 104blacklist ${HOME}/.config/mate/mate-dictionary
102blacklist ${HOME}/.config/mate-calc 105blacklist ${HOME}/.config/mate-calc
@@ -119,6 +122,7 @@ blacklist ${HOME}/.config/psi+
119blacklist ${HOME}/.config/ristretto 122blacklist ${HOME}/.config/ristretto
120blacklist ${HOME}/.config/qpdfview 123blacklist ${HOME}/.config/qpdfview
121blacklist ${HOME}/.config/qt5ct 124blacklist ${HOME}/.config/qt5ct
125blacklist ${HOME}/.config/qupzilla
122blacklist ${HOME}/.config/qutebrowser 126blacklist ${HOME}/.config/qutebrowser
123blacklist ${HOME}/.config/ranger 127blacklist ${HOME}/.config/ranger
124blacklist ${HOME}/.config/redshift.conf 128blacklist ${HOME}/.config/redshift.conf
@@ -147,6 +151,7 @@ blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
147blacklist ${HOME}/.config/xfce4/xfce4-notes.rc 151blacklist ${HOME}/.config/xfce4/xfce4-notes.rc
148blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc 152blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
149blacklist ${HOME}/.config/xfce4-dict 153blacklist ${HOME}/.config/xfce4-dict
154blacklist ${HOME}/.config/xmms2
150blacklist ${HOME}/.config/xplayer 155blacklist ${HOME}/.config/xplayer
151blacklist ${HOME}/.config/xreader 156blacklist ${HOME}/.config/xreader
152blacklist ${HOME}/.config/xviewer 157blacklist ${HOME}/.config/xviewer
@@ -238,6 +243,7 @@ blacklist ${HOME}/.local/share/aspyr-media
238blacklist ${HOME}/.local/share/baloo 243blacklist ${HOME}/.local/share/baloo
239blacklist ${HOME}/.local/share/caja-python 244blacklist ${HOME}/.local/share/caja-python
240blacklist ${HOME}/.local/share/cdprojektred 245blacklist ${HOME}/.local/share/cdprojektred
246blacklist ${HOME}/.local/share/clipit
241blacklist ${HOME}/.local/share/data/Mumble 247blacklist ${HOME}/.local/share/data/Mumble
242blacklist ${HOME}./local/share/dino 248blacklist ${HOME}./local/share/dino
243blacklist ${HOME}/.local/share/dolphin 249blacklist ${HOME}/.local/share/dolphin
@@ -370,3 +376,4 @@ blacklist ${HOME}/.cache/transmission
370blacklist ${HOME}/.cache/vivaldi 376blacklist ${HOME}/.cache/vivaldi
371blacklist ${HOME}/.cache/wesnoth 377blacklist ${HOME}/.cache/wesnoth
372blacklist ${HOME}/.cache/xreader 378blacklist ${HOME}/.cache/xreader
379blacklist ${HOME}/.cache/xmms2
diff --git a/etc/leafpad.profile b/etc/leafpad.profile
new file mode 100644
index 000000000..0d3a6ca4b
--- /dev/null
+++ b/etc/leafpad.profile
@@ -0,0 +1,26 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include /etc/firejail/leafpad.local
4
5noblacklist ${HOME}/.config/leafpad
6include /etc/firejail/disable-common.inc
7include /etc/firejail/disable-programs.inc
8include /etc/firejail/disable-passwdmgr.inc
9
10caps.drop all
11netfilter
12nonewprivs
13noroot
14protocol unix,inet,inet6
15seccomp
16
17#
18# depending on your usage, you can enable some of the commands below:
19#
20nogroups
21shell none
22# private-bin program
23# private-etc none
24# private-dev
25# private-tmp
26nosound
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile
new file mode 100644
index 000000000..4fd176eee
--- /dev/null
+++ b/etc/lximage-qt.profile
@@ -0,0 +1,26 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include /etc/firejail/lximage-qt.local
4
5noblacklist .config/lximage-qt
6include /etc/firejail/disable-common.inc
7include /etc/firejail/disable-programs.inc
8include /etc/firejail/disable-passwdmgr.inc
9
10caps.drop all
11netfilter
12nonewprivs
13noroot
14protocol unix,inet,inet6
15seccomp
16
17#
18# depending on your usage, you can enable some of the commands below:
19#
20nogroups
21shell none
22# private-bin program
23# private-etc none
24# private-dev
25# private-tmp
26nosound
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile
new file mode 100644
index 000000000..3a30e0a39
--- /dev/null
+++ b/etc/lxmusic.profile
@@ -0,0 +1,27 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include /etc/firejail/lxmusic.local
4
5noblacklist ~/.cache/xmms2
6noblacklist ~/.config/xmms2
7include /etc/firejail/disable-common.inc
8include /etc/firejail/disable-programs.inc
9include /etc/firejail/disable-passwdmgr.inc
10
11caps.drop all
12netfilter
13nonewprivs
14noroot
15protocol unix,inet,inet6
16seccomp
17
18#
19# depending on your usage, you can enable some of the commands below:
20#
21nogroups
22shell none
23# private-bin program
24# private-etc none
25# private-dev
26# private-tmp
27# nosound
diff --git a/etc/qlipper.profile b/etc/qlipper.profile
new file mode 100644
index 000000000..37e3999a1
--- /dev/null
+++ b/etc/qlipper.profile
@@ -0,0 +1,28 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include /etc/firejail/qlipper.local
4
5noblacklist ${HOME}/.config/Qlipper
6include /etc/firejail/disable-common.inc
7include /etc/firejail/disable-programs.inc
8include /etc/firejail/disable-passwdmgr.inc
9
10caps.drop all
11netfilter
12nonewprivs
13noroot
14protocol unix,inet,inet6
15seccomp
16
17
18
19#
20# depending on your usage, you can enable some of the commands below:
21#
22nogroups
23shell none
24# private-bin program
25# private-etc none
26# private-dev
27# private-tmp
28nosound
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 147ec0af6..200ecd685 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -291,3 +291,8 @@
291/etc/firejail/gnome-font-viewer.profile 291/etc/firejail/gnome-font-viewer.profile
292/etc/firejail/gucharmap.profile 292/etc/firejail/gucharmap.profile
293/etc/firejail/knotes.profile 293/etc/firejail/knotes.profile
294/etc/firejail/clipit.profile
295/etc/firejail/leafpad.profile
296/etc/firejail/lximage-qt.profile
297/etc/firejail/lxmusic.profile
298/etc/firejail/qlipper.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index ca4a958ae..3869a5bdb 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -25,6 +25,7 @@ cherrytree
25chromium 25chromium
26chromium-browser 26chromium-browser
27claws-mail 27claws-mail
28clipit
28clementine 29clementine
29cmus 30cmus
30conkeror 31conkeror
@@ -120,6 +121,7 @@ knotes
120kodi 121kodi
121konversation 122konversation
122ktorrent 123ktorrent
124leafpad
123libreoffice 125libreoffice
124localc 126localc
125lodraw 127lodraw
@@ -131,6 +133,8 @@ lomath
131loweb 133loweb
132lowriter 134lowriter
133luminance-hdr 135luminance-hdr
136lxmusic
137lximage-qt
134lynx 138lynx
135mate-calc 139mate-calc
136mate-calculator 140mate-calculator
@@ -160,7 +164,6 @@ opera-beta
160orage 164orage
161palemoon 165palemoon
162parole 166parole
163pcmanfm
164pdfsam 167pdfsam
165pdftotext 168pdftotext
166pidgin 169pidgin
@@ -172,6 +175,7 @@ psi-plus
172qbittorrent 175qbittorrent
173qemu-launcher 176qemu-launcher
174#qemu-system-x86_64 177#qemu-system-x86_64
178qlipper
175qpdfview 179qpdfview
176qtox 180qtox
177quassel 181quassel
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-06 16:45:30 +0000