From 32ed1ff248df5ac919226492df114cf506a6a72f Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Sat, 25 Jul 2020 09:56:08 +0200 Subject: add newsflash profile --- README.md | 2 +- RELNOTES | 3 +- etc/inc/disable-programs.inc | 3 ++ etc/profile-a-l/com.gitlab.newsflash.profile | 5 +++ etc/profile-m-z/newsflash.profile | 60 ++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 2 + 6 files changed, 73 insertions(+), 2 deletions(-) create mode 100644 etc/profile-a-l/com.gitlab.newsflash.profile create mode 100644 etc/profile-m-z/newsflash.profile diff --git a/README.md b/README.md index 5c07954e9..c370368d7 100644 --- a/README.md +++ b/README.md @@ -196,4 +196,4 @@ gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnom penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword, four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars, hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers, -seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication, xonotic-sdl-wrapper, openarena_ded +seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication, xonotic-sdl-wrapper, openarena_ded, cawbird, freetube, homebank, mattermost-desktop, newsflash, com.gitlab.newsflash, element-desktop diff --git a/RELNOTES b/RELNOTES index eff6de2ad..d0cf88d4d 100644 --- a/RELNOTES +++ b/RELNOTES @@ -37,7 +37,8 @@ firejail (0.9.63) baseline; urgency=low * new profiles: swell-foop, fdns, five-or-more, steam-runtime, jitsi-meet-desktop * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im, strawberry * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper - * new profiles: gapplication, openarena_ded, element-desktop + * new profiles: gapplication, openarena_ded, element-desktop, cawbird, freetube + * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash -- netblue30 Tue, 21 Apr 2020 08:00:00 -0500 firejail (0.9.62) baseline; urgency=low diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index d59ce8c73..996f02577 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -301,6 +301,7 @@ blacklist ${HOME}/.config/nautilus blacklist ${HOME}/.config/nemo blacklist ${HOME}/.config/netsurf blacklist ${HOME}/.config/newsbeuter +blacklist ${HOME}/.config/newsflash blacklist ${HOME}/.config/nheko blacklist ${HOME}/.config/NitroShare blacklist ${HOME}/.config/nomacs @@ -637,6 +638,7 @@ blacklist ${HOME}/.local/share/nautilus blacklist ${HOME}/.local/share/nautilus-python blacklist ${HOME}/.local/share/nemo blacklist ${HOME}/.local/share/nemo-python +blacklist ${HOME}/.local/share/news-flash blacklist ${HOME}/.local/share/nomacs blacklist ${HOME}/.local/share/notes blacklist ${HOME}/.local/share/ocenaudio @@ -809,6 +811,7 @@ blacklist ${HOME}/.cache/Ferdi blacklist ${HOME}/.cache/Franz blacklist ${HOME}/.cache/INRIA blacklist ${HOME}/.cache/MusicBrainz +blacklist ${HOME}/.cache/NewsFlashGTK blacklist ${HOME}/.cache/QuiteRss blacklist ${HOME}/.cache/Shortwave blacklist ${HOME}/.cache/Tox diff --git a/etc/profile-a-l/com.gitlab.newsflash.profile b/etc/profile-a-l/com.gitlab.newsflash.profile new file mode 100644 index 000000000..0628d3d01 --- /dev/null +++ b/etc/profile-a-l/com.gitlab.newsflash.profile @@ -0,0 +1,5 @@ +# Firejail profile alias for newsflash +# This file is overwritten after every install/update + +# Redirect +include newsflash.profile diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile new file mode 100644 index 000000000..d0ac83baf --- /dev/null +++ b/etc/profile-m-z/newsflash.profile @@ -0,0 +1,60 @@ +# Firejail profile for newsflash +# Description: Modern feed reader +# This file is overwritten after every install/update +# Persistent local customizations +include newsflash.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.cache/NewsFlashGTK +noblacklist ${HOME}/.config/news-flash +noblacklist ${HOME}/.local/share/news-flash + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/NewsFlashGTK +mkdir ${HOME}/.config/news-flash +mkdir ${HOME}/.local/share/news-flash +whitelist ${HOME}/.cache/NewsFlashGTK +whitelist ${HOME}/.config/news-flash +whitelist ${HOME}/.local/share/news-flash +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +machine-id +netfilter +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +private-bin com.gitlab.newsflash,newsflash +private-cache +private-dev +private-etc ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,nsswitch.conf,pango,pki,resolv.conf,ssl,X11 +private-tmp + +dbus-user none +#dbus-user.own com.gitlab.newsflash +#dbus-user.talk org.freedesktop.Notifications +dbus-system none diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 5d5858496..fd8d21268 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -137,6 +137,7 @@ code code-oss com.github.dahenson.agenda com.github.johnfactotum.Foliate +com.gitlab.newsflash conkeror conky conplay @@ -506,6 +507,7 @@ neverball neverputt newsbeuter newsboat +newsflash nheko nicotine nitroshare -- cgit v1.2.3-54-g00ecf