From 1e3939289f53fd84c92f57bd3144a0eec2dcf1e3 Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 21 May 2018 18:08:21 -0400 Subject: Fixup Discord profiles Packagers seem to be all using different names --- etc/Discord.profile | 17 +++++++++++++++++ etc/DiscordCanary.profile | 18 ++++++++++++++++++ etc/disable-programs.inc | 2 ++ etc/discord-canary.profile | 21 ++++++++------------- etc/discord-common.profile | 32 ++++++++++++++++++++++++++++++++ etc/discord.profile | 28 ++++++---------------------- src/firecfg/firecfg.config | 3 +++ 7 files changed, 86 insertions(+), 35 deletions(-) create mode 100644 etc/Discord.profile create mode 100644 etc/DiscordCanary.profile create mode 100644 etc/discord-common.profile diff --git a/etc/Discord.profile b/etc/Discord.profile new file mode 100644 index 000000000..d485518a8 --- /dev/null +++ b/etc/Discord.profile @@ -0,0 +1,17 @@ +# Firejail profile for Discord +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/Discord.local +# Persistent global definitions +include /etc/firejail/globals.local + + +noblacklist ${HOME}/.config/discord + +mkdir ${HOME}/.config/discord +whitelist ${HOME}/.config/discord + +private-bin Discord +private-opt Discord + +include /etc/firejail/discord-common.profile diff --git a/etc/DiscordCanary.profile b/etc/DiscordCanary.profile new file mode 100644 index 000000000..f7b0e2c56 --- /dev/null +++ b/etc/DiscordCanary.profile @@ -0,0 +1,18 @@ +# Firejail profile for DiscordCanary +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/DiscordCanary.local +# Persistent global definitions +include /etc/firejail/globals.local + + +noblacklist ${HOME}/.config/discordcanary + +mkdir ${HOME}/.config/discordcanary +whitelist ${HOME}/.config/discordcanary + +private-bin DiscordCanary +private-opt DiscordCanary + +#Redirect +include /etc/firejail/discord-common.profile diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index c7605d660..f1107d4a2 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -110,6 +110,8 @@ blacklist ${HOME}/.config/deadbeef blacklist ${HOME}/.config/deluge blacklist ${HOME}/.config/digikam blacklist ${HOME}/.config/digikamrc +blacklist ${HOME}/.config/discord +blacklist ${HOME}/.config/discordcanary blacklist ${HOME}/.config/dolphinrc blacklist ${HOME}/.config/dragonplayerrc blacklist ${HOME}/.config/emaildefaults diff --git a/etc/discord-canary.profile b/etc/discord-canary.profile index 391af668e..b6958cbd3 100644 --- a/etc/discord-canary.profile +++ b/etc/discord-canary.profile @@ -5,19 +5,14 @@ include /etc/firejail/discord-canary.local # Persistent global definitions include /etc/firejail/globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -whitelist ${DOWNLOADS} +noblacklist ${HOME}/.config/discordcanary + +mkdir ${HOME}/.config/discordcanary whitelist ${HOME}/.config/discordcanary -caps.drop all -netfilter -nodvd -nogroups -nonewprivs -noroot -notv -protocol unix,inet,inet6,netlink -seccomp +private-bin discord-canary +private-opt discord-canary + +#Redirect +include /etc/firejail/discord-common.profile diff --git a/etc/discord-common.profile b/etc/discord-common.profile new file mode 100644 index 000000000..5cd8d6bb6 --- /dev/null +++ b/etc/discord-common.profile @@ -0,0 +1,32 @@ +# Firejail profile for discord +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/discord-common.local +# Persistent global definitions +include /etc/firejail/globals.local + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +whitelist ${DOWNLOADS} + +caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +novideo +protocol unix,inet,inet6,netlink +seccomp + +private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep +private-dev +private-etc fonts,machine-id +private-tmp + +noexec ${HOME} +noexec /tmp diff --git a/etc/discord.profile b/etc/discord.profile index 40deae2fc..21d46193e 100644 --- a/etc/discord.profile +++ b/etc/discord.profile @@ -1,33 +1,17 @@ -# Firejail profile for Discord +# Firejail profile for discord # This file is overwritten after every install/update # Persistent local customizations include /etc/firejail/discord.local # Persistent global definitions include /etc/firejail/globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc + +noblacklist ${HOME}/.config/discord mkdir ${HOME}/.config/discord whitelist ${HOME}/.config/discord -caps.drop all -netfilter -nodvd -nogroups -nonewprivs -noroot -notv -novideo -protocol unix,inet,inet6,netlink -seccomp - -private-bin discord,sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep -private-dev -private-etc fonts,machine-id -private-tmp +private-bin discord +private-opt discord -noexec ${HOME} -noexec /tmp +include /etc/firejail/discord-common.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 1bfc9e66e..bcda4f26b 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -6,6 +6,8 @@ 0ad 2048-qt Cyberfox +Discord +DiscordCanary FossaMail Fritzing Mathematica @@ -94,6 +96,7 @@ dia digikam dillo dino +discord discord-canary display dnox -- cgit v1.2.3-54-g00ecf