From 45e044c275aab65c3f9c97a479733ab1db8f4ed2 Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Mon, 5 Mar 2018 13:04:03 -0600 Subject: Add falkon profile - see #1794 --- README | 2 ++ README.md | 2 +- RELNOTES | 3 ++- etc/disable-programs.inc | 2 ++ etc/falkon.profile | 37 +++++++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 6 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 etc/falkon.profile diff --git a/README b/README index 26c5c689e..8a5cf311a 100644 --- a/README +++ b/README @@ -317,6 +317,8 @@ KellerFuchs (https://github.com/KellerFuchs) - added support for .local profile files in /etc/firejail - fixed Cryptocat profile - make ~/.local read-only +Kishore96in (https://github.com/Kishore96in) + - added falkon profile KOLANICH (https://github.com/KOLANICH) - added symlink fixer fix_private-bin.py in contrib section Kunal Mehta (https://github.com/legoktm) diff --git a/README.md b/README.md index fe3a4f1f5..fd3518c27 100644 --- a/README.md +++ b/README.md @@ -244,4 +244,4 @@ firefox-common-addons.inc in firefox-common.profile. Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary, pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain, -tilp, vivaldi-snapshot, bitcoin-qt, VS Code +tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon diff --git a/RELNOTES b/RELNOTES index b05d88e2d..682e40d0e 100644 --- a/RELNOTES +++ b/RELNOTES @@ -25,7 +25,8 @@ firejail (0.9.53) baseline; urgency=low * private-tmp support for overlay and chroot sandboxes * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, * new profiles: discord-canary, pycharm-community, pycharm-professional, - * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code + * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code, + * new profiles: falkon -- netblue30 Thu, 1 Mar 2018 08:00:00 -0500 firejail (0.9.52) baseline; urgency=low diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a78355031..8f2a4ab64 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -107,6 +107,7 @@ blacklist ${HOME}/.config/eog blacklist ${HOME}/.config/epiphany blacklist ${HOME}/.config/evince blacklist ${HOME}/.config/evolution +blacklist ${HOME}/.config/falkon blacklist ${HOME}/.config/filezilla blacklist ${HOME}/.config/flowblade blacklist ${HOME}/.config/gajim @@ -502,6 +503,7 @@ blacklist ${HOME}/.cache/discover blacklist ${HOME}/.cache/dolphin blacklist ${HOME}/.cache/epiphany blacklist ${HOME}/.cache/evolution +blacklist ${HOME}/.cache/falkon blacklist ${HOME}/.cache/fossamail blacklist ${HOME}/.cache/gajim blacklist ${HOME}/.cache/geeqie diff --git a/etc/falkon.profile b/etc/falkon.profile new file mode 100644 index 000000000..03484382a --- /dev/null +++ b/etc/falkon.profile @@ -0,0 +1,37 @@ +# Firejail profile for falkon +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/falkon.local +# Persistent global definitions +include /etc/firejail/globals.local + +noblacklist ${HOME}/.cache/falkon +noblacklist ${HOME}/.config/falkon + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +whitelist ${DOWNLOADS} +whitelist ~/.cache/falkon +whitelist ~/.config/falkon +include /etc/firejail/whitelist-common.inc +include /etc/firejail/whitelist-var-common.inc + +caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +protocol unix,inet,inet6,netlink +seccomp +tracelog + +private-dev +private-tmp + +noexec ${HOME} +noexec /tmp diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 8d5f2066f..ef4b47818 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -109,6 +109,7 @@ etr evince evolution exiftool +falkon fbreader feh ffmpeg -- cgit v1.2.3-54-g00ecf