From 4c35ba3d383e1b749a61f245425cdf29812c1e0e Mon Sep 17 00:00:00 2001 From: Tad Date: Wed, 28 Mar 2018 22:24:20 -0400 Subject: Add a profile for ncdu, enable private-etc in Steam again, and fixup gnome-recipes --- README.md | 2 +- RELNOTES | 2 +- etc/gnome-recipes.profile | 2 +- etc/ncdu.profile | 29 +++++++++++++++++++++++++++++ etc/steam.profile | 8 +++++--- src/firecfg/firecfg.config | 1 + 6 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 etc/ncdu.profile diff --git a/README.md b/README.md index 0c466a5e5..f39ea1069 100644 --- a/README.md +++ b/README.md @@ -294,4 +294,4 @@ Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-can pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder, gnome-recipes, akonadi_control, evince-previewer, evince-thumbnailer, blender-2.8, -thunderbird-beta \ No newline at end of file +thunderbird-beta, ncdu diff --git a/RELNOTES b/RELNOTES index b299c5b9b..ace9ec06e 100644 --- a/RELNOTES +++ b/RELNOTES @@ -30,7 +30,7 @@ firejail (0.9.53) baseline; urgency=low * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, - * new profiles: blender-2.8, thunderbird-beta + * new profiles: blender-2.8, thunderbird-beta, ncdu -- netblue30 Thu, 1 Mar 2018 08:00:00 -0500 firejail (0.9.52) baseline; urgency=low diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index 2392440a6..2f7657c0c 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile @@ -35,7 +35,7 @@ shell none disable-mnt private-bin gnome-recipes,tar private-dev -private-etc ca-certificates,fonts,ssl +private-etc ca-certificates,fonts,ssl,crypto-policies,pki # private-lib works for me with Gnome Shell 3.26.2, Mutter WM (Arch Linux) # not widely tested though, leaving it to devs discretion to enable it later #private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,libgnutls.so.30,libjpeg.so.8,libp11-kit.so.0,libproxy.so.1,librsvg-2.so.2 diff --git a/etc/ncdu.profile b/etc/ncdu.profile new file mode 100644 index 000000000..ab79a325e --- /dev/null +++ b/etc/ncdu.profile @@ -0,0 +1,29 @@ +# Firejail profile for ncdu +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/ncdu.local +# Persistent global definitions +include /etc/firejail/globals.local + +caps.drop all +ipc-namespace +nodbus +net none +no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +novideo +protocol unix +seccomp +shell none + +private-dev +# private-tmp + +memory-deny-write-execute +noexec ${HOME} +noexec /tmp diff --git a/etc/steam.profile b/etc/steam.profile index 4965d3a54..e6449aa97 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -32,7 +32,9 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/whitelist-var-common.inc caps.drop all +#ipc-namespace netfilter +#nodbus nodvd nogroups nonewprivs @@ -44,10 +46,10 @@ protocol unix,inet,inet6,netlink seccomp shell none # tracelog disabled as it breaks integrated browser -# tracelog +#tracelog # private-dev should be commented for controllers private-dev -# private-etc breaks some games -#private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies +# private-etc breaks a small selection of games on some systems, comment to support those +private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives private-tmp diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index f2409d67b..2f4884105 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -263,6 +263,7 @@ musescore mutt natron nautilus +ncdu netsurf neverball nheko -- cgit v1.2.3-70-g09d2