diff options
| -rw-r--r-- | README | 11 | ||||
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | RELNOTES | 2 | ||||
| -rw-r--r-- | etc/rhythmbox.profile | 7 | ||||
| -rw-r--r-- | etc/templates/profile.template | 3 |
5 files changed, 18 insertions, 7 deletions
| @@ -97,7 +97,7 @@ announ (https://github.com/announ) | |||
| 97 | Antonio Russo (https://github.com/aerusso) | 97 | Antonio Russo (https://github.com/aerusso) |
| 98 | - enumerate root directories in apparmor profile | 98 | - enumerate root directories in apparmor profile |
| 99 | - fix join-or-start | 99 | - fix join-or-start |
| 100 | Austin Morton | 100 | Austin Morton (https://github.com/apmorton) |
| 101 | - deterministic-exit-code option | 101 | - deterministic-exit-code option |
| 102 | - private-cwd options | 102 | - private-cwd options |
| 103 | Austin S. Hemmelgarn (https://github.com/Ferroin) | 103 | Austin S. Hemmelgarn (https://github.com/Ferroin) |
| @@ -193,6 +193,8 @@ Danil Semelenov (https://github.com/sgtpep) | |||
| 193 | Dara Adib (https://github.com/daradib) | 193 | Dara Adib (https://github.com/daradib) |
| 194 | - ssh profile fix | 194 | - ssh profile fix |
| 195 | - evince profile fix | 195 | - evince profile fix |
| 196 | David Thole (https://github.com/TheDarkTrumpet) | ||
| 197 | - added profile for teams-for-linux | ||
| 196 | Deelvesh Bunjun (https://github.com/DeelveshBunjun) | 198 | Deelvesh Bunjun (https://github.com/DeelveshBunjun) |
| 197 | - added xpdf profile | 199 | - added xpdf profile |
| 198 | dewbasaur (https://github.com/dewbasaur) | 200 | dewbasaur (https://github.com/dewbasaur) |
| @@ -378,6 +380,9 @@ Jonas Heinrich (https://github.com/onny) | |||
| 378 | - fixed franz profile | 380 | - fixed franz profile |
| 379 | Jose Riha (https://github.com/jose1711) | 381 | Jose Riha (https://github.com/jose1711) |
| 380 | - added meteo-qt profile | 382 | - added meteo-qt profile |
| 383 | - created qgis, links, xlinks profiles | ||
| 384 | - extended profile.template with comments | ||
| 385 | - some typo and comment fixes in profile.template | ||
| 381 | jrabe (https://github.com/jrabe) | 386 | jrabe (https://github.com/jrabe) |
| 382 | - disallow access to kdbx files | 387 | - disallow access to kdbx files |
| 383 | - Epiphany profile | 388 | - Epiphany profile |
| @@ -565,7 +570,8 @@ rusty-snake (https://github.com/rusty-snake) | |||
| 565 | - added profiles: gajim-history-manager, freemind, nomacs, kid3 | 570 | - added profiles: gajim-history-manager, freemind, nomacs, kid3 |
| 566 | - added profiles: kid3-qt, kid3-cli, anki, utox, mp3splt, mp3wrap | 571 | - added profiles: kid3-qt, kid3-cli, anki, utox, mp3splt, mp3wrap |
| 567 | - added profiles: oggsplt, flacsplt, cheese, inkview, mp3splt-gtk | 572 | - added profiles: oggsplt, flacsplt, cheese, inkview, mp3splt-gtk |
| 568 | - added profiles: ktouch, yelp | 573 | - added profiles: ktouch, yelp, klatexformula, klatexformula_cmdl |
| 574 | - added profiles: pandoc | ||
| 569 | - many profile fixing and hardening | 575 | - many profile fixing and hardening |
| 570 | - some typo fixes | 576 | - some typo fixes |
| 571 | - added profile templates | 577 | - added profile templates |
| @@ -703,6 +709,7 @@ Topi Miettinen (https://github.com/topimiettinen) | |||
| 703 | - seccomp default list update | 709 | - seccomp default list update |
| 704 | - improve loading of seccomp filter and memory-deny-write-execute feature | 710 | - improve loading of seccomp filter and memory-deny-write-execute feature |
| 705 | - private-lib feature | 711 | - private-lib feature |
| 712 | - make --nodbus block also system D-Bus socket | ||
| 706 | user1024 (user1024@tut.by) | 713 | user1024 (user1024@tut.by) |
| 707 | - electron profile whitelisting | 714 | - electron profile whitelisting |
| 708 | - fixed Rocket.Chat profile | 715 | - fixed Rocket.Chat profile |
| @@ -111,4 +111,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
| 111 | 111 | ||
| 112 | ## New profiles: | 112 | ## New profiles: |
| 113 | 113 | ||
| 114 | klatexformula, klatexformula_cmdl, links, pandoc, qgis, xlinks | 114 | klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks |
| @@ -2,7 +2,7 @@ firejail (0.9.61) baseline; urgency=low | |||
| 2 | * work in progress | 2 | * work in progress |
| 3 | * profile templates | 3 | * profile templates |
| 4 | * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks | 4 | * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks |
| 5 | * new profiles: pandoc | 5 | * new profiles: pandoc, teams-for-linux |
| 6 | -- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500 | 6 | -- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500 |
| 7 | 7 | ||
| 8 | firejail (0.9.60) baseline; urgency=low | 8 | firejail (0.9.60) baseline; urgency=low |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index df874f378..1c9f0e4d1 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
| @@ -9,11 +9,14 @@ include globals.local | |||
| 9 | noblacklist ${MUSIC} | 9 | noblacklist ${MUSIC} |
| 10 | noblacklist ${HOME}/.local/share/rhythmbox | 10 | noblacklist ${HOME}/.local/share/rhythmbox |
| 11 | 11 | ||
| 12 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 13 | include allow-python2.inc | ||
| 14 | include allow-python3.inc | ||
| 15 | |||
| 12 | include disable-common.inc | 16 | include disable-common.inc |
| 13 | include disable-devel.inc | 17 | include disable-devel.inc |
| 14 | # rhythmbox is using Python | ||
| 15 | include disable-exec.inc | 18 | include disable-exec.inc |
| 16 | #include disable-interpreters.inc | 19 | include disable-interpreters.inc |
| 17 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
| 18 | include disable-programs.inc | 21 | include disable-programs.inc |
| 19 | include disable-xdg.inc | 22 | include disable-xdg.inc |
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 2c44ee3a9..f2b64ac5d 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
| @@ -112,7 +112,7 @@ | |||
| 112 | #novideo | 112 | #novideo |
| 113 | #protocol unix,inet,inet6,netlink | 113 | #protocol unix,inet,inet6,netlink |
| 114 | #seccomp | 114 | #seccomp |
| 115 | ##seccomp.drop SYSCALLS | 115 | ##seccomp.drop SYSCALLS (see also syscalls.txt) |
| 116 | #shell none | 116 | #shell none |
| 117 | #tracelog | 117 | #tracelog |
| 118 | 118 | ||
| @@ -135,5 +135,6 @@ | |||
| 135 | 135 | ||
| 136 | ##env VAR=VALUE | 136 | ##env VAR=VALUE |
| 137 | #memory-deny-write-execute | 137 | #memory-deny-write-execute |
| 138 | ##noexec PATH | ||
| 138 | ##read-only ${HOME} | 139 | ##read-only ${HOME} |
| 139 | ##join-or-start NAME | 140 | ##join-or-start NAME |