diff options
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/libreoffice.profile | 14 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
8 files changed, 21 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in index 8726e4211..7f21811f5 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -196,6 +196,7 @@ realinstall: | |||
196 | install -c -m 0644 .etc/gthumb.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 196 | install -c -m 0644 .etc/gthumb.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
197 | install -c -m 0644 .etc/mpv.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 197 | install -c -m 0644 .etc/mpv.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
198 | install -c -m 0644 .etc/franz.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 198 | install -c -m 0644 .etc/franz.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
199 | install -c -m 0644 .etc/libreoffice.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
199 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 200 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
200 | install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/. | 201 | install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/. |
201 | rm -fr .etc | 202 | rm -fr .etc |
@@ -87,6 +87,7 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
87 | - added Brave profile | 87 | - added Brave profile |
88 | - added Gitter profile | 88 | - added Gitter profile |
89 | - various organising | 89 | - various organising |
90 | - added Libreoffice profile | ||
90 | Petter Reinholdtsen (pere@hungry.com) | 91 | Petter Reinholdtsen (pere@hungry.com) |
91 | - Opera profile patch | 92 | - Opera profile patch |
92 | n1trux (https://github.com/n1trux) | 93 | n1trux (https://github.com/n1trux) |
@@ -77,4 +77,4 @@ Office: evince, gthumb, fbreader | |||
77 | 77 | ||
78 | ## New security profiles | 78 | ## New security profiles |
79 | 79 | ||
80 | Gitter, gThumb, mpv, Franz messenger | 80 | Gitter, gThumb, mpv, Franz messenger, LibreOffice |
@@ -3,7 +3,7 @@ firejail (0.9.41) baseline; urgency=low | |||
3 | * compile time and run time support to disable whitelists | 3 | * compile time and run time support to disable whitelists |
4 | * compile time support to disable global configuration file | 4 | * compile time support to disable global configuration file |
5 | * some profiles have been converted to private-bin | 5 | * some profiles have been converted to private-bin |
6 | * new profiles: Gitter, gThumb, mpv, Franz messenger | 6 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice |
7 | -- netblue30 <netblue30@yahoo.com> Tue, 31 May 2016 08:00:00 -0500 | 7 | -- netblue30 <netblue30@yahoo.com> Tue, 31 May 2016 08:00:00 -0500 |
8 | 8 | ||
9 | firejail (0.9.40) baseline; urgency=low | 9 | firejail (0.9.40) baseline; urgency=low |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6e79b3be0..6c166c186 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -16,6 +16,7 @@ blacklist ${HOME}/.config/stellarium | |||
16 | blacklist ${HOME}/.config/atril | 16 | blacklist ${HOME}/.config/atril |
17 | blacklist ${HOME}/.config/xreader | 17 | blacklist ${HOME}/.config/xreader |
18 | blacklist ${HOME}/.config/xviewer | 18 | blacklist ${HOME}/.config/xviewer |
19 | blacklist $(HOME)/.config/libreoffice | ||
19 | blacklist ${HOME}/.kde/share/apps/okular | 20 | blacklist ${HOME}/.kde/share/apps/okular |
20 | blacklist ${HOME}/.kde/share/config/okularrc | 21 | blacklist ${HOME}/.kde/share/config/okularrc |
21 | blacklist ${HOME}/.kde/share/config/okularpartrc | 22 | blacklist ${HOME}/.kde/share/config/okularpartrc |
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile new file mode 100644 index 000000000..9056b1df2 --- /dev/null +++ b/etc/libreoffice.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for LibreOffice | ||
2 | noblacklist ~/.config/libreoffice | ||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-devel.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | caps.drop all | ||
9 | netfilter | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | protocol unix,inet,inet6,netlink | ||
13 | seccomp | ||
14 | tracelog | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 3ada0256a..6635a594b 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -106,3 +106,4 @@ | |||
106 | /etc/firejail/gthumb.profile | 106 | /etc/firejail/gthumb.profile |
107 | /etc/firejail/mpv.profile | 107 | /etc/firejail/mpv.profile |
108 | /etc/firejail/franz.profile | 108 | /etc/firejail/franz.profile |
109 | /etc/firejail/libreoffice.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index e31a7c12a..eeac7a088 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -106,6 +106,7 @@ evince | |||
106 | fbreader | 106 | fbreader |
107 | gwenview | 107 | gwenview |
108 | gthumb | 108 | gthumb |
109 | LibreOffice | ||
109 | Mathematica | 110 | Mathematica |
110 | mathematica | 111 | mathematica |
111 | okular | 112 | okular |