From 2509b0f8d740b9384d30aa95d3eaf64fbe27bf27 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 15 Nov 2016 10:01:54 -0500 Subject: added Guayadeque profile --- README | 13 +++++++------ README.md | 2 +- RELNOTES | 3 ++- etc/disable-programs.inc | 1 + etc/guayadeque.profile | 19 +++++++++++++++++++ platform/debian/conffiles | 1 + 6 files changed, 31 insertions(+), 8 deletions(-) create mode 100644 etc/guayadeque.profile diff --git a/README b/README index 69e5e6337..e21e96bc7 100644 --- a/README +++ b/README @@ -80,6 +80,13 @@ Fred-Barclay (https://github.com/Fred-Barclay) - evince profile enhancement - tightened Spotify profile - added xiphos and Tor Browser Bundle profiles +curiosity-seeker (https://github.com/curiosity-seeker) + - tightening unbound and dnscrypt-proxy profiles + - dnsmasq profile + - okular and gwenview profiles + - cherrytree profile fixes + - added quiterss profile + - added guayadeque profile Simon Peter (https://github.com/probonopd) - set $APPIMAGE and $APPDIR environment variables - AppImage version detection @@ -194,12 +201,6 @@ Vasya Novikov (https://github.com/vn971) - manpage fixes - fixed firecfg clean/clear issue - found the ugliest bug so far -curiosity-seeker (https://github.com/curiosity-seeker) - - tightening unbound and dnscrypt-proxy profiles - - dnsmasq profile - - okular and gwenview profiles - - cherrytree profile fixes - - added quiterss profile Matthew Gyurgyik (https://github.com/pyther) - rpm spec and several fixes Joan Figueras (https://github.com/figue) diff --git a/README.md b/README.md index 931b27ef3..ad90639e2 100644 --- a/README.md +++ b/README.md @@ -52,5 +52,5 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is ````` ## New Profiles -xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom +xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom,Guayadeque diff --git a/RELNOTES b/RELNOTES index 922296fd7..e726674ec 100644 --- a/RELNOTES +++ b/RELNOTES @@ -6,7 +6,8 @@ firejail (0.9.45) baseline; urgency=low * security: split most of networking code in a separate executable * security: split seccomp filter code configuration in a separate executable * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) - * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire + * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, + * new profiles: mumble, zoom, Guayadeque * bugfixes -- netblue30 Sun, 23 Oct 2016 08:00:00 -0500 diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0d9bd1bb4..f4e66dc66 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -53,6 +53,7 @@ blacklist ${HOME}/.config/mpv blacklist ${HOME}/.config/totem blacklist ${HOME}/.config/xplayer blacklist ${HOME}/.audacity-data +blacklist ${HOME}/.guayadeque # HTTP / FTP / Mail blacklist ${HOME}/.icedove diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile new file mode 100644 index 000000000..0c6ad00be --- /dev/null +++ b/etc/guayadeque.profile @@ -0,0 +1,19 @@ +noblacklist ${HOME}/.guayadeque + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-devel.inc + +caps.drop all +netfilter +nogroups +nonewprivs +noroot +protocol unix,inet,inet6,netlink +seccomp +shell none + +private-bin guayadeque +private-dev +private-tmp diff --git a/platform/debian/conffiles b/platform/debian/conffiles index ff3909c17..321a96f80 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -173,3 +173,4 @@ /etc/firejail/wire.profile /etc/firejail/mumble.profile /etc/firejail/zoom.profile +/etc/firejail/guayadeque.profile -- cgit v1.2.3-70-g09d2