3 files changed, 46 insertions, 0 deletions
diff --git a/etc/arm.profile b/etc/arm.profile
new file mode 100644
index 000000000..3000c35d7
--- /dev/null
+++ b/etc/arm.profile
@@ -0,0 +1,42 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/arm.local
+# Firejail profile for arm
+noblacklist ${HOME}/.arm
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+mkdir ${HOME}/.arm
+whitelist ${HOME}/.arm
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+#private-bin arm,tor,sh,python2,python2.7,ps,lsof,ldconfig
+private-dev
+private-etc tor,passwd
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index a2e02dd6a..a60bf92c3 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -66,6 +66,7 @@
 /etc/firejail/dragon.profile
 /etc/firejail/dropbox.profile
 /etc/firejail/elinks.profile
+/etc/firejail/electron.profile
 /etc/firejail/emacs.profile
 /etc/firejail/empathy.profile
 /etc/firejail/enchant.profile
@@ -230,6 +231,7 @@
 /etc/firejail/qutebrowser.profile
 /etc/firejail/ranger.profile
 /etc/firejail/rhythmbox.profile
+/etc/firejail/riot-web.profile
 /etc/firejail/ristretto.profile
 /etc/firejail/rtorrent.profile
 /etc/firejail/scribus.profile
@@ -264,6 +266,7 @@
 /etc/firejail/transmission-show.profile
 /etc/firejail/uget-gtk.profile
 /etc/firejail/unbound.profile
+/etc/firejail/unknown-horizons.profile
 /etc/firejail/unrar.profile
 /etc/firejail/unzip.profile
 /etc/firejail/uudeview.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index b3614bf64..eb611034f 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -9,6 +9,7 @@ amarok
 android-studio
 arduino
 ark
+arm
 atom
 atom-beta
 atool

diff --git a/etc/arm.profile b/etc/arm.profile new file mode 100644 index 000000000..3000c35d7 --- /dev/null +++ b/etc/arm.profile
@@ -0,0 +1,42 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/globals.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/arm.local
		7
		8	# Firejail profile for arm
		9
		10	noblacklist ${HOME}/.arm
		11
		12	include /etc/firejail/disable-common.inc
		13	include /etc/firejail/disable-devel.inc
		14	include /etc/firejail/disable-passwdmgr.inc
		15	include /etc/firejail/disable-programs.inc
		16
		17	mkdir ${HOME}/.arm
		18	whitelist ${HOME}/.arm
		19	include /etc/firejail/whitelist-common.inc
		20
		21	caps.drop all
		22	ipc-namespace
		23	netfilter
		24	no3d
		25	nogroups
		26	nonewprivs
		27	noroot
		28	nosound
		29	novideo
		30	protocol unix,inet,inet6
		31	seccomp
		32	shell none
		33	tracelog
		34
		35	disable-mnt
		36	#private-bin arm,tor,sh,python2,python2.7,ps,lsof,ldconfig
		37	private-dev
		38	private-etc tor,passwd
		39	private-tmp
		40
		41	noexec ${HOME}
		42	noexec /tmp


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index a2e02dd6a..a60bf92c3 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -66,6 +66,7 @@
66	/etc/firejail/dragon.profile	66	/etc/firejail/dragon.profile
67	/etc/firejail/dropbox.profile	67	/etc/firejail/dropbox.profile
68	/etc/firejail/elinks.profile	68	/etc/firejail/elinks.profile
		69	/etc/firejail/electron.profile
69	/etc/firejail/emacs.profile	70	/etc/firejail/emacs.profile
70	/etc/firejail/empathy.profile	71	/etc/firejail/empathy.profile
71	/etc/firejail/enchant.profile	72	/etc/firejail/enchant.profile
@@ -230,6 +231,7 @@
230	/etc/firejail/qutebrowser.profile	231	/etc/firejail/qutebrowser.profile
231	/etc/firejail/ranger.profile	232	/etc/firejail/ranger.profile
232	/etc/firejail/rhythmbox.profile	233	/etc/firejail/rhythmbox.profile
		234	/etc/firejail/riot-web.profile
233	/etc/firejail/ristretto.profile	235	/etc/firejail/ristretto.profile
234	/etc/firejail/rtorrent.profile	236	/etc/firejail/rtorrent.profile
235	/etc/firejail/scribus.profile	237	/etc/firejail/scribus.profile
@@ -264,6 +266,7 @@
264	/etc/firejail/transmission-show.profile	266	/etc/firejail/transmission-show.profile
265	/etc/firejail/uget-gtk.profile	267	/etc/firejail/uget-gtk.profile
266	/etc/firejail/unbound.profile	268	/etc/firejail/unbound.profile
		269	/etc/firejail/unknown-horizons.profile
267	/etc/firejail/unrar.profile	270	/etc/firejail/unrar.profile
268	/etc/firejail/unzip.profile	271	/etc/firejail/unzip.profile
269	/etc/firejail/uudeview.profile	272	/etc/firejail/uudeview.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index b3614bf64..eb611034f 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -9,6 +9,7 @@ amarok
9	android-studio	9	android-studio
10	arduino	10	arduino
11	ark	11	ark
		12	arm
12	atom	13	atom
13	atom-beta	14	atom-beta
14	atool	15	atool