aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md2
-rw-r--r--RELNOTES5
-rw-r--r--etc/disable-common.inc4
-rw-r--r--etc/gwenview.profile2
-rwxr-xr-xetc/pdfchain.profile39
-rw-r--r--etc/whitelist-common.inc3
-rw-r--r--src/firecfg/firecfg.config1
7 files changed, 52 insertions, 4 deletions
diff --git a/README.md b/README.md
index 5438db4ac..1bb9b2d98 100644
--- a/README.md
+++ b/README.md
@@ -101,4 +101,4 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir
101## New profiles 101## New profiles
102 102
103Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary, 103Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,
104pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine 104pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain
diff --git a/RELNOTES b/RELNOTES
index 4e4b7e085..a924cd3d8 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -5,8 +5,9 @@ firejail (0.9.53) baseline; urgency=low
5 * whitelist support for overlay and chroot sandboxes 5 * whitelist support for overlay and chroot sandboxes
6 * private-dev support for overlay and chroot sandboxes 6 * private-dev support for overlay and chroot sandboxes
7 * private-tmp support for overlay and chroot sandboxes 7 * private-tmp support for overlay and chroot sandboxes
8 * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary 8 * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,
9 * new profiles: pycharm-community, pycharm-professional, kaffeine 9 * new profiles: discord-canary, pycharm-community, pycharm-professional, kaffeine,
10 * new profiles: pdfchain
10 -- netblue30 <netblue30@yahoo.com> Tue, 12 Dec 2017 08:00:00 -0500 11 -- netblue30 <netblue30@yahoo.com> Tue, 12 Dec 2017 08:00:00 -0500
11 12
12firejail (0.9.52) baseline; urgency=low 13firejail (0.9.52) baseline; urgency=low
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index cd79f43ab..ec700e24e 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -80,11 +80,15 @@ blacklist ${HOME}/.local/share/plasma
80blacklist ${HOME}/.local/share/solid 80blacklist ${HOME}/.local/share/solid
81read-only ${HOME}/.cache/ksycoca5_* 81read-only ${HOME}/.cache/ksycoca5_*
82read-only ${HOME}/.config/kdeglobals 82read-only ${HOME}/.config/kdeglobals
83read-only ${HOME}/.config/kio_httprc
84read-only ${HOME}/.config/kiorc
83read-only ${HOME}/.config/kioslaverc 85read-only ${HOME}/.config/kioslaverc
84read-only ${HOME}/.kde/share/config/kdeglobals 86read-only ${HOME}/.kde/share/config/kdeglobals
87read-only ${HOME}/.kde/share/config/kio_httprc
85read-only ${HOME}/.kde/share/config/kioslaverc 88read-only ${HOME}/.kde/share/config/kioslaverc
86read-only ${HOME}/.kde/share/kde4/services 89read-only ${HOME}/.kde/share/kde4/services
87read-only ${HOME}/.kde4/share/config/kdeglobals 90read-only ${HOME}/.kde4/share/config/kdeglobals
91read-only ${HOME}/.kde4/share/config/kio_httprc
88read-only ${HOME}/.kde4/share/config/kioslaverc 92read-only ${HOME}/.kde4/share/config/kioslaverc
89read-only ${HOME}/.kde4/share/kde4/services 93read-only ${HOME}/.kde4/share/kde4/services
90read-only ${HOME}/.local/share/kservices5 94read-only ${HOME}/.local/share/kservices5
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index b6304c812..58e059087 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -39,7 +39,7 @@ tracelog
39 39
40private-bin gwenview,gimp*,kbuildsycoca4,kdeinit4 40private-bin gwenview,gimp*,kbuildsycoca4,kdeinit4
41private-dev 41private-dev
42# private-etc fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg 42private-etc fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,xdg
43 43
44# memory-deny-write-execute 44# memory-deny-write-execute
45noexec ${HOME} 45noexec ${HOME}
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile
new file mode 100755
index 000000000..d43c0911e
--- /dev/null
+++ b/etc/pdfchain.profile
@@ -0,0 +1,39 @@
1# Firejail profile for pdfchain
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/pdfchain.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9blacklist /run/user/*/bus
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-programs.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc
15
16include /etc/firejail/whitelist-var-common.inc
17
18caps.drop all
19ipc-namespace
20net none
21no3d
22nogroups
23nonewprivs
24noroot
25nosound
26notv
27novideo
28protocol unix
29seccomp
30shell none
31
32private-bin pdfchain,pdftk,sh
33private-dev
34private-etc dconf,fonts,gtk-3.0,xdg
35private-tmp
36
37memory-deny-write-execute
38noexec ${HOME}
39noexec /tmp
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc
index 3beb11bfb..97846b4a3 100644
--- a/etc/whitelist-common.inc
+++ b/etc/whitelist-common.inc
@@ -55,13 +55,16 @@ whitelist ${HOME}/.config/dconf
55whitelist ${HOME}/.config/Kvantum 55whitelist ${HOME}/.config/Kvantum
56whitelist ${HOME}/.config/Trolltech.conf 56whitelist ${HOME}/.config/Trolltech.conf
57whitelist ${HOME}/.config/kdeglobals 57whitelist ${HOME}/.config/kdeglobals
58whitelist ${HOME}/.config/kio_httprc
58whitelist ${HOME}/.config/kioslaverc 59whitelist ${HOME}/.config/kioslaverc
59whitelist ${HOME}/.config/qt5ct 60whitelist ${HOME}/.config/qt5ct
60whitelist ${HOME}/.kde/share/config/kdeglobals 61whitelist ${HOME}/.kde/share/config/kdeglobals
62whitelist ${HOME}/.kde/share/config/kio_httprc
61whitelist ${HOME}/.kde/share/config/kioslaverc 63whitelist ${HOME}/.kde/share/config/kioslaverc
62whitelist ${HOME}/.kde/share/config/oxygenrc 64whitelist ${HOME}/.kde/share/config/oxygenrc
63whitelist ${HOME}/.kde/share/icons 65whitelist ${HOME}/.kde/share/icons
64whitelist ${HOME}/.kde4/share/config/kdeglobals 66whitelist ${HOME}/.kde4/share/config/kdeglobals
67whitelist ${HOME}/.kde4/share/config/kio_httprc
65whitelist ${HOME}/.kde4/share/config/kioslaverc 68whitelist ${HOME}/.kde4/share/config/kioslaverc
66whitelist ${HOME}/.kde4/share/config/oxygenrc 69whitelist ${HOME}/.kde4/share/config/oxygenrc
67whitelist ${HOME}/.kde4/share/icons 70whitelist ${HOME}/.kde4/share/icons
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 6c4c9faa9..90bbc8bb5 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -266,6 +266,7 @@ opera-beta
266orage 266orage
267palemoon 267palemoon
268parole 268parole
269pdfchain
269pdfmod 270pdfmod
270pdfsam 271pdfsam
271pdftotext 272pdftotext
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-03 08:40:34 +0000