From 789408283567e63c909a76e3fd907781505fffa6 Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 19 Aug 2018 15:47:36 -0400 Subject: Fixup f9aeac080a830fc1aaf07f0beff781a1ed7e42ad --- etc/disable-passwdmgr.inc | 1 + etc/keepassxc.profile | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index 6ef11780e..597fbd1fc 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc @@ -10,6 +10,7 @@ blacklist ${HOME}/.config/Sinew Software Systems blacklist ${HOME}/.keepass blacklist ${HOME}/.keepassx blacklist ${HOME}/.keepassxc +blacklist ${HOME}/.keepassxc-socket blacklist ${HOME}/.lastpass blacklist ${HOME}/.local/share/KeePass blacklist ${HOME}/.local/share/keepass diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index dcd652e55..2073feabb 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile @@ -10,6 +10,7 @@ noblacklist ${HOME}/*.kdb noblacklist ${HOME}/*.kdbx noblacklist ${HOME}/.config/keepassxc noblacklist ${HOME}/.keepassxc +noblacklist ${HOME}/.keepassxc-socket # 2.2.4 needs this path when compiled with "Native messaging browser extension" noblacklist ${HOME}/.mozilla noblacklist ${DOCUMENTS} @@ -34,7 +35,7 @@ nonewprivs noroot nosound notv -pnovideo +novideo protocol unix seccomp shell none @@ -49,6 +50,7 @@ private-tmp noexec ${HOME} noexec /tmp +# Mutex is stored in /tmp by default, which is broken by private-tmp +# Make a new directory and have it stored there. Fixes #2062 mkdir ${HOME}/.keepassxc-socket - env TMPDIR=${HOME}/.keepassxc-socket/ -- cgit v1.2.3-54-g00ecf From 03ea090ab6f50c62154b5aae7a708d23e84f5e0f Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 19 Aug 2018 15:48:51 -0400 Subject: Minor steam.profile fixup from downstream ParrotSec fork --- etc/steam.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/steam.profile b/etc/steam.profile index 4ebd941dd..8dbe613f8 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -67,5 +67,5 @@ shell none # private-dev should be commented for controllers private-dev # private-etc breaks a small selection of games on some systems, comment to support those -private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives +private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives,bumblebee,nvidia,os-release private-tmp -- cgit v1.2.3-54-g00ecf From 78a8f830c21d932d05883971d6c41f4d2c4de7e9 Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 19 Aug 2018 15:50:17 -0400 Subject: Add a profile for ClamTK --- README.md | 2 +- RELNOTES | 2 +- etc/clamtk.profile | 28 ++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 4 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 etc/clamtk.profile diff --git a/README.md b/README.md index 644a911b4..681cd1e65 100644 --- a/README.md +++ b/README.md @@ -167,4 +167,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe ## New profiles Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop, shellcheck, patch, flameshot, rview, rvim, vimcat, vimdiff, vimpager, vimtutor, -xxd, Beaker, electrum +xxd, Beaker, electrum, clamtk diff --git a/RELNOTES b/RELNOTES index 974999bcb..d751b2511 100644 --- a/RELNOTES +++ b/RELNOTES @@ -16,7 +16,7 @@ firejail (0.9.56~rc1) baseline; urgency=low * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd, - * new profiles: Beaker, electrum + * new profiles: Beaker, electrum, clamtk -- netblue30 Sat, 11 Aug 2018 08:00:00 -0500 firejail (0.9.54) baseline; urgency=low diff --git a/etc/clamtk.profile b/etc/clamtk.profile new file mode 100644 index 000000000..d916381b2 --- /dev/null +++ b/etc/clamtk.profile @@ -0,0 +1,28 @@ +# Firejail profile for clamtk +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/clamtk.local +# Persistent global definitions +include /etc/firejail/globals.local + +caps.drop all +ipc-namespace +net none +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +nosound +notv +novideo +protocol unix +seccomp +shell none + +private-dev + +memory-deny-write-execute +noexec ${HOME} +noexec /tmp diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index a33aaeb49..648470b27 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -77,6 +77,7 @@ cinelerra clamdscan clamdtop clamscan +clamtk claws-mail clementine clipit -- cgit v1.2.3-54-g00ecf