diff options
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 6 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/eom.profile | 20 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 5 |
8 files changed, 32 insertions, 5 deletions
diff --git a/Makefile.in b/Makefile.in index db326d2db..c6147cee7 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -223,6 +223,7 @@ realinstall: | |||
223 | install -c -m 0644 .etc/atom-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 223 | install -c -m 0644 .etc/atom-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
224 | install -c -m 0644 .etc/atom.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 224 | install -c -m 0644 .etc/atom.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
225 | install -c -m 0644 .etc/jitsi.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 225 | install -c -m 0644 .etc/jitsi.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
226 | install -c -m 0644 .etc/eom.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
226 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 227 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
227 | install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/. | 228 | install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/. |
228 | rm -fr .etc | 229 | rm -fr .etc |
@@ -59,6 +59,7 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
59 | - several private-bin conversions | 59 | - several private-bin conversions |
60 | - added jitsi profile | 60 | - added jitsi profile |
61 | - pidgin private-bin conversion | 61 | - pidgin private-bin conversion |
62 | - added eom profile | ||
62 | Jaykishan Mutkawoa (https://github.com/jmutkawoa) | 63 | Jaykishan Mutkawoa (https://github.com/jmutkawoa) |
63 | - cpio profile | 64 | - cpio profile |
64 | Paupiah Yash (https://github.com/CaffeinatedStud) | 65 | Paupiah Yash (https://github.com/CaffeinatedStud) |
@@ -136,9 +136,9 @@ BitTorrent: deluge, qbittorrent, rtorrent, transmission-gtk, transmission-qt, ug | |||
136 | 136 | ||
137 | File transfer: filezilla | 137 | File transfer: filezilla |
138 | 138 | ||
139 | Media: vlc, mpv, gnome-mplayer, audacity, rhythmbox, spotify, xplayer, xviewer | 139 | Media: vlc, mpv, gnome-mplayer, audacity, rhythmbox, spotify, xplayer, xviewer, eom |
140 | 140 | ||
141 | Office: evince, gthumb, fbreader, pix, atril, xreader | 141 | Office: evince, gthumb, fbreader, pix, atril, xreader, |
142 | 142 | ||
143 | Chat/messaging: qtox, gitter, pidgin | 143 | Chat/messaging: qtox, gitter, pidgin |
144 | 144 | ||
@@ -152,5 +152,5 @@ Browsers: Palemoon | |||
152 | 152 | ||
153 | ## New security profiles | 153 | ## New security profiles |
154 | 154 | ||
155 | Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix, audacity, strings, xz, xzdec, gzip, cpio, less, Atom Beta, Atom, jitsi | 155 | Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix, audacity, strings, xz, xzdec, gzip, cpio, less, Atom Beta, Atom, jitsi, eom |
156 | 156 | ||
@@ -14,7 +14,7 @@ firejail (0.9.42~rc1) baseline; urgency=low | |||
14 | * compile time support to disable global configuration file | 14 | * compile time support to disable global configuration file |
15 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice | 15 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice |
16 | * new profiles: pix, audacity, strings, xz, xzdec, gzip, cpio, less | 16 | * new profiles: pix, audacity, strings, xz, xzdec, gzip, cpio, less |
17 | * new profiles: Atom Beta, Atom, jitsi | 17 | * new profiles: Atom Beta, Atom, jitsi, eom |
18 | -- netblue30 <netblue30@yahoo.com> Thu, 21 Jul 2016 08:00:00 -0500 | 18 | -- netblue30 <netblue30@yahoo.com> Thu, 21 Jul 2016 08:00:00 -0500 |
19 | 19 | ||
20 | firejail (0.9.40) baseline; urgency=low | 20 | firejail (0.9.40) baseline; urgency=low |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 837ac1e4c..0f155351d 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -20,6 +20,7 @@ blacklist ${HOME}/.config/xreader | |||
20 | blacklist ${HOME}/.config/xviewer | 20 | blacklist ${HOME}/.config/xviewer |
21 | blacklist ${HOME}/.config/libreoffice | 21 | blacklist ${HOME}/.config/libreoffice |
22 | blacklist ${HOME}/.config/pix | 22 | blacklist ${HOME}/.config/pix |
23 | blacklist ${HOME}/.config/mate/eom | ||
23 | blacklist ${HOME}/.kde/share/apps/okular | 24 | blacklist ${HOME}/.kde/share/apps/okular |
24 | blacklist ${HOME}/.kde/share/config/okularrc | 25 | blacklist ${HOME}/.kde/share/config/okularrc |
25 | blacklist ${HOME}/.kde/share/config/okularpartrc | 26 | blacklist ${HOME}/.kde/share/config/okularpartrc |
diff --git a/etc/eom.profile b/etc/eom.profile new file mode 100644 index 000000000..81d993e96 --- /dev/null +++ b/etc/eom.profile | |||
@@ -0,0 +1,20 @@ | |||
1 | # Firejail profile for Eye of Mate (eom) | ||
2 | noblacklist ~/.config/mate/eom | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | nogroups | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | nosound | ||
14 | protocol unix | ||
15 | seccomp | ||
16 | shell none | ||
17 | tracelog | ||
18 | |||
19 | private-bin eom | ||
20 | private-dev | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 3bbd93d3c..24884228e 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -129,3 +129,4 @@ | |||
129 | /etc/firejail/atom-beta.profile | 129 | /etc/firejail/atom-beta.profile |
130 | /etc/firejail/atom.profile | 130 | /etc/firejail/atom.profile |
131 | /etc/firejail/jitsi.profile | 131 | /etc/firejail/jitsi.profile |
132 | /etc/firejail/eom.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index ba975c4b4..48e205a58 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -40,6 +40,7 @@ midori | |||
40 | netsurf | 40 | netsurf |
41 | opera-beta | 41 | opera-beta |
42 | opera | 42 | opera |
43 | palemoon | ||
43 | qutebrowser | 44 | qutebrowser |
44 | seamonkey | 45 | seamonkey |
45 | seamonkey-bin | 46 | seamonkey-bin |
@@ -98,6 +99,7 @@ totem | |||
98 | vlc | 99 | vlc |
99 | xplayer | 100 | xplayer |
100 | xviewer | 101 | xviewer |
102 | eom | ||
101 | 103 | ||
102 | # news readers | 104 | # news readers |
103 | quiterss | 105 | quiterss |
@@ -110,10 +112,11 @@ fbreader | |||
110 | gwenview | 112 | gwenview |
111 | gthumb | 113 | gthumb |
112 | libreoffice | 114 | libreoffice |
115 | localc | ||
113 | lodraw | 116 | lodraw |
114 | loffice | 117 | loffice |
115 | lofromtemplate | 118 | lofromtemplate |
116 | loimpres | 119 | loimpress |
117 | lomath | 120 | lomath |
118 | loweb | 121 | loweb |
119 | lowriter | 122 | lowriter |