aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README1
-rw-r--r--README.md4
-rw-r--r--etc/0ad.profile26
-rw-r--r--etc/atril.profile8
-rw-r--r--etc/evince.profile3
-rw-r--r--etc/gthumb.profile9
-rw-r--r--etc/pix.profile9
-rw-r--r--etc/qtox.profile3
-rw-r--r--etc/xreader.profile8
-rw-r--r--platform/debian/conffiles2
10 files changed, 45 insertions, 28 deletions
diff --git a/README b/README
index f00e7b377..9d1732108 100644
--- a/README
+++ b/README
@@ -55,6 +55,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
55 - added audacity profile 55 - added audacity profile
56 - fixed Telegram and qtox profiles 56 - fixed Telegram and qtox profiles
57 - added Atom Beta and Atom profiles 57 - added Atom Beta and Atom profiles
58 - tightened 0ad, atril, evince, gthumb, pix, qtox, and xreader profiles.
58Jaykishan Mutkawoa (https://github.com/jmutkawoa) 59Jaykishan Mutkawoa (https://github.com/jmutkawoa)
59 - cpio profile 60 - cpio profile
60Paupiah Yash (https://github.com/CaffeinatedStud) 61Paupiah Yash (https://github.com/CaffeinatedStud)
diff --git a/README.md b/README.md
index 877d2b556..d71b27c61 100644
--- a/README.md
+++ b/README.md
@@ -98,7 +98,9 @@ File transfer: filezilla
98 98
99Media: vlc, mpv, gnome-mplayer 99Media: vlc, mpv, gnome-mplayer
100 100
101Office: evince, gthumb, fbreader, pix 101Office: evince, gthumb, fbreader, pix, atril, xreader
102
103Chat/messaging: qtox
102 104
103## New security profiles 105## New security profiles
104 106
diff --git a/etc/0ad.profile b/etc/0ad.profile
index 3797ae5cd..11fb45463 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -1,21 +1,13 @@
1# Firejail profile for 0ad. 1# Firejail profile for 0ad.
2noblacklist ~/.cache/0ad
2noblacklist ~/.config/0ad 3noblacklist ~/.config/0ad
4noblacklist ~/.local/share/0ad
3include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
4include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc 7include /etc/firejail/disable-passwdmgr.inc
6include /etc/firejail/disable-programs.inc 8include /etc/firejail/disable-programs.inc
7 9
8# Call these options
9caps.drop all
10netfilter
11noroot
12nonewprivs
13protocol unix,inet,inet6,netlink
14seccomp
15tracelog
16
17# Whitelists 10# Whitelists
18noblacklist ~/.cache/0ad
19mkdir ~/.cache 11mkdir ~/.cache
20mkdir ~/.cache/0ad 12mkdir ~/.cache/0ad
21whitelist ~/.cache/0ad 13whitelist ~/.cache/0ad
@@ -24,8 +16,20 @@ mkdir ~/.config
24mkdir ~/.config/0ad 16mkdir ~/.config/0ad
25whitelist ~/.config/0ad 17whitelist ~/.config/0ad
26 18
27noblacklist ~/.local/share/0ad
28mkdir ~/.local 19mkdir ~/.local
29mkdir ~/.local/share 20mkdir ~/.local/share
30mkdir ~/.local/share/0ad 21mkdir ~/.local/share/0ad
31whitelist ~/.local/share/0ad 22whitelist ~/.local/share/0ad
23
24caps.drop all
25netfilter
26nonewprivs
27nogroups
28noroot
29protocol unix,inet,inet6
30seccomp
31shell none
32tracelog
33
34private-dev
35
diff --git a/etc/atril.profile b/etc/atril.profile
index 8ee7da173..bfe731bec 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -7,10 +7,14 @@ include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc 7include /etc/firejail/disable-passwdmgr.inc
8 8
9caps.drop all 9caps.drop all
10netfilter
11nonewprivs 10nonewprivs
11nogroups
12noroot 12noroot
13nosound 13nosound
14protocol unix,inet,inet6 14protocol unix
15seccomp 15seccomp
16shell none
16tracelog 17tracelog
18
19private-bin atril, atril-previewer, atril-thumbnailer
20private-dev
diff --git a/etc/evince.profile b/etc/evince.profile
index 9899da84d..530ce959a 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -6,9 +6,10 @@ include /etc/firejail/disable-passwdmgr.inc
6 6
7caps.drop all 7caps.drop all
8nonewprivs 8nonewprivs
9nogroups
9noroot 10noroot
10nosound 11nosound
11protocol unix,inet,inet6 12protocol unix
12seccomp 13seccomp
13 14
14shell none 15shell none
diff --git a/etc/gthumb.profile b/etc/gthumb.profile
index c673a1297..3c02576aa 100644
--- a/etc/gthumb.profile
+++ b/etc/gthumb.profile
@@ -7,14 +7,15 @@ include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc 7include /etc/firejail/disable-passwdmgr.inc
8 8
9caps.drop all 9caps.drop all
10netfilter
11nonewprivs 10nonewprivs
11nogroups
12noroot 12noroot
13protocol unix,inet,inet6 13nosound
14protocol unix
14seccomp 15seccomp
15
16shell none 16shell none
17tracelog
18
17private-bin gthumb 19private-bin gthumb
18whitelist /tmp/.X11-unix 20whitelist /tmp/.X11-unix
19private-dev 21private-dev
20nosound
diff --git a/etc/pix.profile b/etc/pix.profile
index 81ab7486f..80c05fd09 100644
--- a/etc/pix.profile
+++ b/etc/pix.profile
@@ -8,15 +8,16 @@ include /etc/firejail/disable-devel.inc
8include /etc/firejail/disable-passwdmgr.inc 8include /etc/firejail/disable-passwdmgr.inc
9 9
10caps.drop all 10caps.drop all
11netfilter
12nonewprivs 11nonewprivs
12nogroups
13noroot 13noroot
14protocol unix,inet,inet6 14nosound
15protocol unix
15seccomp 16seccomp
16
17shell none 17shell none
18tracelog
19
18private-bin pix 20private-bin pix
19whitelist /tmp/.X11-unix 21whitelist /tmp/.X11-unix
20private-dev 22private-dev
21nosound
22 23
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 39f900748..0cac18573 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -8,14 +8,15 @@ include /etc/firejail/disable-passwdmgr.inc
8mkdir ${HOME}/.config/tox 8mkdir ${HOME}/.config/tox
9whitelist ${HOME}/.config/tox 9whitelist ${HOME}/.config/tox
10whitelist ${DOWNLOADS} 10whitelist ${DOWNLOADS}
11include /etc/firejail/whitelist-common.inc
12 11
13caps.drop all 12caps.drop all
14netfilter 13netfilter
15nonewprivs 14nonewprivs
15nogroups
16noroot 16noroot
17protocol unix,inet,inet6 17protocol unix,inet,inet6
18seccomp 18seccomp
19shell none 19shell none
20tracelog 20tracelog
21 21
22private-bin qtox
diff --git a/etc/xreader.profile b/etc/xreader.profile
index 2cf109f09..fed9d4db5 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -9,10 +9,14 @@ include /etc/firejail/disable-devel.inc
9include /etc/firejail/disable-passwdmgr.inc 9include /etc/firejail/disable-passwdmgr.inc
10 10
11caps.drop all 11caps.drop all
12netfilter
13nonewprivs 12nonewprivs
13nogroups
14noroot 14noroot
15nosound 15nosound
16protocol unix,inet,inet6 16protocol unix
17seccomp 17seccomp
18shell none
18tracelog 19tracelog
20
21private-bin xreader, xreader-previewer, xreader-thumbnailer
22private-dev
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 3ae366541..ae495ec6d 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -1,5 +1,3 @@
1# Do not have a new/empty line on the end of this file or dpkg-deb will warn
2# that "conffile '' is not a plain file."
3/etc/firejail/evince.profile 1/etc/firejail/evince.profile
4/etc/firejail/chromium.profile 2/etc/firejail/chromium.profile
5/etc/firejail/chromium-browser.profile 3/etc/firejail/chromium-browser.profile
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-11 04:09:43 +0000