aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md2
-rw-r--r--RELNOTES2
-rw-r--r--etc/Maelstrom.profile43
-rw-r--r--etc/disable-programs.inc2
-rw-r--r--etc/easystroke.profile14
-rw-r--r--etc/ostrichriders.profile46
-rw-r--r--etc/pavucontrol.profile2
-rw-r--r--src/firecfg/firecfg.config2
8 files changed, 104 insertions, 9 deletions
diff --git a/README.md b/README.md
index 3eecca941..1f7af9149 100644
--- a/README.md
+++ b/README.md
@@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
102## Current development version: 0.9.59 102## Current development version: 0.9.59
103 103
104## New profiles: 104## New profiles:
105crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha 105crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders
diff --git a/RELNOTES b/RELNOTES
index ff8c9eba9..cd300a3f1 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -6,7 +6,7 @@ firejail (0.9.59) baseline; urgency=low
6 * new profiles: netactview, redshift, devhelp, assogiate, subdownloader 6 * new profiles: netactview, redshift, devhelp, assogiate, subdownloader
7 * new profiles: font-manager, exfalso, gconf-editor, dconf-editor 7 * new profiles: font-manager, exfalso, gconf-editor, dconf-editor
8 * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings 8 * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
9 * new profiles: code-oss, pragha 9 * new profiles: code-oss, pragha, Maelstrom, ostrichriders
10 * memory-deny-write-execute now also blocks memfd_create 10 * memory-deny-write-execute now also blocks memfd_create
11 * drop support for flatpak/snap packages 11 * drop support for flatpak/snap packages
12 12
diff --git a/etc/Maelstrom.profile b/etc/Maelstrom.profile
new file mode 100644
index 000000000..cee49111e
--- /dev/null
+++ b/etc/Maelstrom.profile
@@ -0,0 +1,43 @@
1# Firejail profile for Maelstrom
2# Description: A space combat game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include Maelstrom.local
6# Persistent global definitions
7include globals.local
8
9noblacklist /var/lib/games/Maelstrom-Scores
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19whitelist /var/lib/games
20include whitelist-common.inc
21include whitelist-var-common.inc
22
23caps.drop all
24ipc-namespace
25net none
26nodbus
27nodvd
28nogroups
29#nonewprivs
30#noroot
31notv
32nou2f
33novideo
34#protocol unix
35#seccomp
36shell none
37tracelog
38
39disable-mnt
40private-bin Maelstrom
41private-cache
42private-dev
43private-tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 976c3610e..b8ecd4b13 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -538,6 +538,7 @@ blacklist ${HOME}/.openshot
538blacklist ${HOME}/.openshot_qt 538blacklist ${HOME}/.openshot_qt
539blacklist ${HOME}/.opera 539blacklist ${HOME}/.opera
540blacklist ${HOME}/.opera-beta 540blacklist ${HOME}/.opera-beta
541blacklist ${HOME}/.ostrichriders
541blacklist ${HOME}/.pingus 542blacklist ${HOME}/.pingus
542blacklist ${HOME}/.purple 543blacklist ${HOME}/.purple
543blacklist ${HOME}/.qemu-launcher 544blacklist ${HOME}/.qemu-launcher
@@ -695,3 +696,4 @@ blacklist ${HOME}/.cache/yandex-browser
695blacklist ${HOME}/.cache/yandex-browser-beta 696blacklist ${HOME}/.cache/yandex-browser-beta
696 697
697blacklist /var/games/nethack 698blacklist /var/games/nethack
699blacklist /var/lib/games/Maelstrom-Scores
diff --git a/etc/easystroke.profile b/etc/easystroke.profile
index 44156f97e..42529d302 100644
--- a/etc/easystroke.profile
+++ b/etc/easystroke.profile
@@ -10,12 +10,14 @@ noblacklist ${HOME}/.easystroke
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
17include disable-xdg.inc
16 18
19apparmor
17caps.drop all 20caps.drop all
18ipc-namespace
19machine-id 21machine-id
20net none 22net none
21no3d 23no3d
@@ -33,13 +35,13 @@ seccomp
33shell none 35shell none
34 36
35disable-mnt 37disable-mnt
36private-bin easystroke,bash,sh 38# breaks custom shell command functionality
39#private-bin bash,easystroke,sh
37private-cache 40private-cache
38private-dev 41private-dev
39private-etc alternatives,fonts 42private-etc alternatives,fonts,group,passwd
40private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* 43# breaks custom shell command functionality
44#private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
41private-tmp 45private-tmp
42 46
43memory-deny-write-execute 47memory-deny-write-execute
44noexec ${HOME}
45noexec /tmp
diff --git a/etc/ostrichriders.profile b/etc/ostrichriders.profile
new file mode 100644
index 000000000..4eedddefd
--- /dev/null
+++ b/etc/ostrichriders.profile
@@ -0,0 +1,46 @@
1# Firejail profile for ostrichriders
2# Description: Knights flying on ostriches compete against other riders
3# This file is overwritten after every install/update
4# Persistent local customizations
5include ostrichriders.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.ostrichriders
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19mkdir ${HOME}/.ostrichriders
20whitelist ${HOME}/.ostrichriders
21include whitelist-common.inc
22include whitelist-var-common.inc
23
24caps.drop all
25ipc-namespace
26net none
27nodbus
28nodvd
29nogroups
30nonewprivs
31noroot
32notv
33nou2f
34novideo
35# protocol seems to have a huge impact on performance
36#protocol unix
37seccomp
38shell none
39tracelog
40
41disable-mnt
42private-bin ostrichriders
43private-cache
44# private-dev should be commented for controllers
45private-dev
46private-tmp
diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile
index b3faca12c..18b9b7fc6 100644
--- a/etc/pavucontrol.profile
+++ b/etc/pavucontrol.profile
@@ -20,7 +20,7 @@ include whitelist-var-common.inc
20 20
21apparmor 21apparmor
22caps.drop all 22caps.drop all
23ipc-namespace 23#ipc-namespace
24net none 24net none
25no3d 25no3d
26nodbus 26nodbus
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 7531206f5..1e59bbb4f 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -12,6 +12,7 @@ FossaMail
12Fritzing 12Fritzing
13Gitter 13Gitter
14JDownloader 14JDownloader
15Maelstrom
15Mathematica 16Mathematica
16Natron 17Natron
17QMediathekView 18QMediathekView
@@ -377,6 +378,7 @@ openshot-qt
377opera 378opera
378opera-beta 379opera-beta
379orage 380orage
381ostrichriders
380palemoon 382palemoon
381parole 383parole
382patch 384patch
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-07 09:16:44 +0000