From 0c37b30ad6bf30bb3f77b4bcb3b92a53bc6ff1fa Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Mon, 11 Jul 2016 13:49:38 +1000 Subject: Jitsi profile --- etc/jitsi.profile | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 etc/jitsi.profile diff --git a/etc/jitsi.profile b/etc/jitsi.profile new file mode 100644 index 000000000..8baf1ad94 --- /dev/null +++ b/etc/jitsi.profile @@ -0,0 +1,16 @@ +# Firejail profile for jitsi +noblacklist ~/.jitsi +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +caps.drop all +nonewprivs +nogroups +noroot +protocol unix,inet,inet6 +seccomp +shell none +tracelog + -- cgit v1.2.3-54-g00ecf From 9ff481769ae394e27ffa636c10a6614f3374e105 Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Mon, 11 Jul 2016 14:39:42 +1000 Subject: extra Jitsi files --- Makefile.in | 1 + README | 1 + README.md | 2 +- RELNOTES | 2 +- etc/disable-programs.inc | 1 + platform/debian/conffiles | 1 + src/firecfg/firecfg.config | 1 + 7 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Makefile.in b/Makefile.in index a5a3d7da9..181f30538 100644 --- a/Makefile.in +++ b/Makefile.in @@ -222,6 +222,7 @@ realinstall: install -c -m 0644 .etc/Telegram.profile $(DESTDIR)/$(sysconfdir)/firejail/. install -c -m 0644 .etc/atom-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/. install -c -m 0644 .etc/atom.profile $(DESTDIR)/$(sysconfdir)/firejail/. + install -c -m 0644 .etc/jitsi.profile $(DESTDIR)/$(sysconfdir)/firejail/. sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/. rm -fr .etc diff --git a/README b/README index 9f5bc7bdf..f2547ad90 100644 --- a/README +++ b/README @@ -57,6 +57,7 @@ Fred-Barclay (https://github.com/Fred-Barclay) - added Atom Beta and Atom profiles - tightened 0ad, atril, evince, gthumb, pix, qtox, and xreader profiles. - several private-bin conversions + - added jitsi profile Jaykishan Mutkawoa (https://github.com/jmutkawoa) - cpio profile Paupiah Yash (https://github.com/CaffeinatedStud) diff --git a/README.md b/README.md index a60c8dd7f..8f4a66c0f 100644 --- a/README.md +++ b/README.md @@ -135,5 +135,5 @@ Browsers: Palemoon ## New security profiles -Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix, audacity, strings, xz, xzdec, gzip, cpio, less, Atom Beta, Atom +Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix, audacity, strings, xz, xzdec, gzip, cpio, less, Atom Beta, Atom, jitsi diff --git a/RELNOTES b/RELNOTES index ef3706eb1..3ff1bf1ad 100644 --- a/RELNOTES +++ b/RELNOTES @@ -13,7 +13,7 @@ firejail (0.9.41) baseline; urgency=low * some profiles have been converted to private-bin * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice * new profiles: pix, audacity, strings, xz, xzdec, gzip, cpio, less - * new profiles: Atom Beta, Atom + * new profiles: Atom Beta, Atom, jitsi -- netblue30 Tue, 31 May 2016 08:00:00 -0500 firejail (0.9.40) baseline; urgency=low diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 81c97ca2d..837ac1e4c 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -74,6 +74,7 @@ blacklist ${HOME}/.config/tox blacklist ${HOME}/.TelegramDesktop blacklist ${HOME}/.config/Gitter blacklist ${HOME}/.config/Franz +blacklist ${HOME}/.jitsi # Games blacklist ${HOME}/.hedgewars diff --git a/platform/debian/conffiles b/platform/debian/conffiles index ae495ec6d..3bbd93d3c 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -128,3 +128,4 @@ /etc/firejail/Telegram.profile /etc/firejail/atom-beta.profile /etc/firejail/atom.profile +/etc/firejail/jitsi.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 55e7e30de..665cd80c8 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -53,6 +53,7 @@ corebird empathy gitter hexchat +jitsi konversation pidgin polari -- cgit v1.2.3-54-g00ecf