From 14e53086709d4f145b84b40ec72bc48220f8faa1 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 16 Mar 2016 13:08:05 -0400 Subject: added SlimJet profile --- Makefile.in | 1 + README.md | 2 +- RELNOTES | 3 ++- etc/flashpeak-slimjet.profile | 43 +++++++++++++++++++++++++++++++++++++++++++ platform/debian/conffiles | 1 + 5 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 etc/flashpeak-slimjet.profile diff --git a/Makefile.in b/Makefile.in index 8dc052352..20df3acf9 100644 --- a/Makefile.in +++ b/Makefile.in @@ -147,6 +147,7 @@ realinstall: install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/. install -c -m 0644 .etc/atril.profile $(DESTDIR)/$(sysconfdir)/firejail/. install -c -m 0644 .etc/qutebrowser.profile $(DESTDIR)/$(sysconfdir)/firejail/. + install -c -m 0644 .etc/flashpeak-slimjet.profile $(DESTDIR)/$(sysconfdir)/firejail/. sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" rm -fr .etc diff --git a/README.md b/README.md index 0865bc966..0da0ec5ea 100644 --- a/README.md +++ b/README.md @@ -154,5 +154,5 @@ $ man firejail-profile ## New security profiles -lxterminal, Epiphany, cherrytree, Battle for Wesnoth, Hedgewars, qutebrowser +lxterminal, Epiphany, cherrytree, Battle for Wesnoth, Hedgewars, qutebrowser, SlimJet diff --git a/RELNOTES b/RELNOTES index 1392bbaff..00695006e 100644 --- a/RELNOTES +++ b/RELNOTES @@ -9,8 +9,9 @@ firejail (0.9.39) baseline; urgency=low * added compile-time option to restrict --net= to root only * build rpm packages using "make rpms" * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril + * new profiles: qutebrowser, SlimJet * bugfixes - -- netblue30 Wed, 3 Mar 2016 08:00:00 -0500 + -- netblue30 Wed, 16 Mar 2016 08:00:00 -0500 firejail (0.9.38) baseline; urgency=low * IPv6 support (--ip6 and --netfilter6) diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile new file mode 100644 index 000000000..2f5d7148c --- /dev/null +++ b/etc/flashpeak-slimjet.profile @@ -0,0 +1,43 @@ +# SlimJet browser profile +# This is a whitelisted profile, the internal browser sandbox +# is disabled because it requires sudo password. The command +# to run it is as follows: +# +# firejail flashpeak-slimjet --no-sandbox +# +noblacklist ~/.config/silmjet +noblacklist ~/.cache/slimjet +noblacklist ~/keepassx.kdbx +include /etc/firejail/disable-mgmt.inc +include /etc/firejail/disable-secret.inc +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-terminals.inc + +# chromium is distributed with a perl script on Arch +# include /etc/firejail/disable-devel.inc +# + +caps.drop all +seccomp +protocol unix,inet,inet6,netlink +netfilter +noroot + +whitelist ${DOWNLOADS} +mkdir ~/.config +mkdir ~/.config/slimjet +whitelist ~/.config/slimjet +mkdir ~/.cache +mkdir ~/.cache/slimjet +whitelist ~/.cache/simjet +mkdir ~/.pki +whitelist ~/.pki + +# lastpass, keepassx +whitelist ~/.keepassx +whitelist ~/.config/keepassx +whitelist ~/keepassx.kdbx +whitelist ~/.lastpass +whitelist ~/.config/lastpass + +include /etc/firejail/whitelist-common.inc diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 5f552414f..9f324c59f 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -74,3 +74,4 @@ /etc/firejail/atril.profile /etc/firejail/firejail.config /etc/firejail/qutebrowser.profile +/etc/firejail/flashpeak-slimjet.profile -- cgit v1.2.3-54-g00ecf