5 files changed, 48 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in
index 8dc052352..20df3acf9 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -147,6 +147,7 @@ realinstall:
        install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/atril.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/qutebrowser.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/flashpeak-slimjet.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
        sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
        rm -fr .etc
diff --git a/README.md b/README.md
index 0865bc966..0da0ec5ea 100644
--- a/README.md
+++ b/README.md
@@ -154,5 +154,5 @@ $ man firejail-profile
 ## New security profiles
-lxterminal, Epiphany, cherrytree, Battle for Wesnoth, Hedgewars, qutebrowser
+lxterminal, Epiphany, cherrytree, Battle for Wesnoth, Hedgewars, qutebrowser, SlimJet
diff --git a/RELNOTES b/RELNOTES
index 1392bbaff..00695006e 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -9,8 +9,9 @@ firejail (0.9.39) baseline; urgency=low
  * added compile-time option to restrict --net= to root only
  * build rpm packages using "make rpms"
  * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril
+  * new profiles: qutebrowser, SlimJet
  * bugfixes
- -- netblue30 <netblue30@yahoo.com>  Wed, 3 Mar 2016 08:00:00 -0500
+ -- netblue30 <netblue30@yahoo.com>  Wed, 16 Mar 2016 08:00:00 -0500
 firejail (0.9.38) baseline; urgency=low
  * IPv6 support (--ip6 and --netfilter6)
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile
new file mode 100644
index 000000000..2f5d7148c
--- /dev/null
+++ b/etc/flashpeak-slimjet.profile
@@ -0,0 +1,43 @@
+# SlimJet browser profile
+# This is a whitelisted profile, the internal browser sandbox
+# is disabled because it requires sudo password. The command
+# to run it is as follows:
+#
+#  firejail flashpeak-slimjet --no-sandbox
+#
+noblacklist ~/.config/silmjet
+noblacklist ~/.cache/slimjet
+noblacklist ~/keepassx.kdbx
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-terminals.inc
+# chromium is distributed with a perl script on Arch
+# include /etc/firejail/disable-devel.inc
+#
+caps.drop all
+seccomp
+protocol unix,inet,inet6,netlink
+netfilter
+noroot
+whitelist ${DOWNLOADS}
+mkdir ~/.config
+mkdir ~/.config/slimjet
+whitelist ~/.config/slimjet
+mkdir ~/.cache
+mkdir ~/.cache/slimjet
+whitelist ~/.cache/simjet
+mkdir ~/.pki
+whitelist ~/.pki
+# lastpass, keepassx
+whitelist ~/.keepassx
+whitelist ~/.config/keepassx
+whitelist ~/keepassx.kdbx
+whitelist ~/.lastpass
+whitelist ~/.config/lastpass
+include /etc/firejail/whitelist-common.inc
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 5f552414f..9f324c59f 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -74,3 +74,4 @@
 /etc/firejail/atril.profile
 /etc/firejail/firejail.config
 /etc/firejail/qutebrowser.profile
+/etc/firejail/flashpeak-slimjet.profile

diff --git a/Makefile.in b/Makefile.in index 8dc052352..20df3acf9 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -147,6 +147,7 @@ realinstall:
147	install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/.	147	install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/.
148	install -c -m 0644 .etc/atril.profile $(DESTDIR)/$(sysconfdir)/firejail/.	148	install -c -m 0644 .etc/atril.profile $(DESTDIR)/$(sysconfdir)/firejail/.
149	install -c -m 0644 .etc/qutebrowser.profile $(DESTDIR)/$(sysconfdir)/firejail/.	149	install -c -m 0644 .etc/qutebrowser.profile $(DESTDIR)/$(sysconfdir)/firejail/.
		150	install -c -m 0644 .etc/flashpeak-slimjet.profile $(DESTDIR)/$(sysconfdir)/firejail/.
150	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"	151	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
151	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"	152	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
152	rm -fr .etc	153	rm -fr .etc


diff --git a/README.md b/README.md index 0865bc966..0da0ec5ea 100644 --- a/README.md +++ b/README.md
@@ -154,5 +154,5 @@ $ man firejail-profile
154		154
155	## New security profiles	155	## New security profiles
156		156
157	lxterminal, Epiphany, cherrytree, Battle for Wesnoth, Hedgewars, qutebrowser	157	lxterminal, Epiphany, cherrytree, Battle for Wesnoth, Hedgewars, qutebrowser, SlimJet
158		158


diff --git a/RELNOTES b/RELNOTES index 1392bbaff..00695006e 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -9,8 +9,9 @@ firejail (0.9.39) baseline; urgency=low
9	* added compile-time option to restrict --net= to root only	9	* added compile-time option to restrict --net= to root only
10	* build rpm packages using "make rpms"	10	* build rpm packages using "make rpms"
11	* new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril	11	* new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril
		12	* new profiles: qutebrowser, SlimJet
12	* bugfixes	13	* bugfixes
13	-- netblue30 <netblue30@yahoo.com> Wed, 3 Mar 2016 08:00:00 -0500	14	-- netblue30 <netblue30@yahoo.com> Wed, 16 Mar 2016 08:00:00 -0500
14		15
15	firejail (0.9.38) baseline; urgency=low	16	firejail (0.9.38) baseline; urgency=low
16	* IPv6 support (--ip6 and --netfilter6)	17	* IPv6 support (--ip6 and --netfilter6)


diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile new file mode 100644 index 000000000..2f5d7148c --- /dev/null +++ b/etc/flashpeak-slimjet.profile
@@ -0,0 +1,43 @@
		1	# SlimJet browser profile
		2	# This is a whitelisted profile, the internal browser sandbox
		3	# is disabled because it requires sudo password. The command
		4	# to run it is as follows:
		5	#
		6	# firejail flashpeak-slimjet --no-sandbox
		7	#
		8	noblacklist ~/.config/silmjet
		9	noblacklist ~/.cache/slimjet
		10	noblacklist ~/keepassx.kdbx
		11	include /etc/firejail/disable-mgmt.inc
		12	include /etc/firejail/disable-secret.inc
		13	include /etc/firejail/disable-common.inc
		14	include /etc/firejail/disable-terminals.inc
		15
		16	# chromium is distributed with a perl script on Arch
		17	# include /etc/firejail/disable-devel.inc
		18	#
		19
		20	caps.drop all
		21	seccomp
		22	protocol unix,inet,inet6,netlink
		23	netfilter
		24	noroot
		25
		26	whitelist ${DOWNLOADS}
		27	mkdir ~/.config
		28	mkdir ~/.config/slimjet
		29	whitelist ~/.config/slimjet
		30	mkdir ~/.cache
		31	mkdir ~/.cache/slimjet
		32	whitelist ~/.cache/simjet
		33	mkdir ~/.pki
		34	whitelist ~/.pki
		35
		36	# lastpass, keepassx
		37	whitelist ~/.keepassx
		38	whitelist ~/.config/keepassx
		39	whitelist ~/keepassx.kdbx
		40	whitelist ~/.lastpass
		41	whitelist ~/.config/lastpass
		42
		43	include /etc/firejail/whitelist-common.inc


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 5f552414f..9f324c59f 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -74,3 +74,4 @@
74	/etc/firejail/atril.profile	74	/etc/firejail/atril.profile
75	/etc/firejail/firejail.config	75	/etc/firejail/firejail.config
76	/etc/firejail/qutebrowser.profile	76	/etc/firejail/qutebrowser.profile
		77	/etc/firejail/flashpeak-slimjet.profile