From 4d32f53c721c4040232c9a5dcf67cfdef8c6e4a4 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 25 Apr 2017 12:00:07 -0400 Subject: added Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict and Ristretto profiles --- README.md | 3 ++- etc/disable-programs.inc | 8 ++++++++ etc/globaltime.profile | 26 ++++++++++++++++++++++++++ etc/orage.profile | 27 +++++++++++++++++++++++++++ etc/ristretto.profile | 26 ++++++++++++++++++++++++++ etc/xfce4-dict.profile | 26 ++++++++++++++++++++++++++ etc/xfce4-notes.profile | 28 ++++++++++++++++++++++++++++ platform/debian/conffiles | 5 +++++ src/firecfg/firecfg.config | 5 +++++ 9 files changed, 153 insertions(+), 1 deletion(-) create mode 100644 etc/globaltime.profile create mode 100644 etc/orage.profile create mode 100644 etc/ristretto.profile create mode 100644 etc/xfce4-dict.profile create mode 100644 etc/xfce4-notes.profile diff --git a/README.md b/README.md index 06f7c1c6f..c6b1b0933 100644 --- a/README.md +++ b/README.md @@ -196,4 +196,5 @@ simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, -Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, akregator, kcalc, ktorrent +Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, akregator, kcalc, ktorrent, +Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fbe614b0d..9b84f5e8a 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -76,6 +76,7 @@ blacklist ${HOME}/.config/flowblade blacklist ${HOME}/.config/gajim blacklist ${HOME}/.config/geeqie blacklist ${HOME}/.config/gedit +blacklist ${HOME}/.config/globaltime blacklist ${HOME}/.config/google-chrome blacklist ${HOME}/.config/google-chrome-beta blacklist ${HOME}/.config/google-chrome-unstable @@ -104,10 +105,12 @@ blacklist ${HOME}/.config/okularpartrc blacklist ${HOME}/.config/okularrc blacklist ${HOME}/.config/opera blacklist ${HOME}/.config/opera-beta +blacklist ${HOME}/.config/orage blacklist ${HOME}/.config/org.kde.gwenviewrc blacklist ${HOME}/.config/pix blacklist ${HOME}/.config/pluma blacklist ${HOME}/.config/psi+ +blacklist ${HOME}/.config/ristretto blacklist ${HOME}/.config/qpdfview blacklist ${HOME}/.config/qt5ct blacklist ${HOME}/.config/qutebrowser @@ -135,6 +138,9 @@ blacklist ${HOME}/.config/xchat blacklist ${HOME}/.config/xed blacklist ${HOME}/.config/xfburn blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml +blacklist ${HOME}/.config/xfce4/xfce4-notes.rc +blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc +blacklist ${HOME}/.config/xfce4-dict blacklist ${HOME}/.config/xplayer blacklist ${HOME}/.config/xreader blacklist ${HOME}/.config/xviewer @@ -242,6 +248,7 @@ blacklist ${HOME}/.local/share/mupen64plus blacklist ${HOME}/.local/share/nautilus blacklist ${HOME}/.local/share/nemo blacklist ${HOME}/.local/share/okular +blacklist ${HOME}/.local/share/orage blacklist ${HOME}/.local/share/org.kde.gwenview blacklist ${HOME}/.local/share/pix blacklist ${HOME}/.local/share/psi+ @@ -256,6 +263,7 @@ blacklist ${HOME}/.local/share/vpltd blacklist ${HOME}/.local/share/vulkan blacklist ${HOME}/.local/share/wesnoth blacklist ${HOME}/.local/share/xplayer +blacklist ${HOME}/.local/share/notes blacklist ${HOME}/.local/share/xreader blacklist ${HOME}/.local/share/zathura blacklist ${HOME}/.lv2 diff --git a/etc/globaltime.profile b/etc/globaltime.profile new file mode 100644 index 000000000..271c331a9 --- /dev/null +++ b/etc/globaltime.profile @@ -0,0 +1,26 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/globaltime.local + +noblacklist ${HOME}/.config/globaltime +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +# private-tmp + diff --git a/etc/orage.profile b/etc/orage.profile new file mode 100644 index 000000000..b0bd8b9c3 --- /dev/null +++ b/etc/orage.profile @@ -0,0 +1,27 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/orage.local + +noblacklist ${HOME}/.config/orage +noblacklist ${HOME}/.local/share/orage +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +# private-tmp + diff --git a/etc/ristretto.profile b/etc/ristretto.profile new file mode 100644 index 000000000..9499febe1 --- /dev/null +++ b/etc/ristretto.profile @@ -0,0 +1,26 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/risretto.local + +noblacklist ${HOME}/.config/ristretto +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +# private-tmp + diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile new file mode 100644 index 000000000..41544e6b9 --- /dev/null +++ b/etc/xfce4-dict.profile @@ -0,0 +1,26 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/xfce4-dict.local + +noblacklist ${HOME}/.config/xfce4-dict +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +# private-tmp + diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile new file mode 100644 index 000000000..f2cb9a5f1 --- /dev/null +++ b/etc/xfce4-notes.profile @@ -0,0 +1,28 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/xfce4-notes.local + +noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc +noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc +noblacklist ${HOME}/.local/share/notes +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +# private-tmp + diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 4169184df..355faf44f 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -271,3 +271,8 @@ /etc/firejail/akregator.profile /etc/firejail/kcalc.profile /etc/firejail/ktorrent.profile +/etc/firejail/globaltime.profile +/etc/firejail/orage.profile +/etc/firejail/ristretto.profile +/etc/firejail/xfce4-dict.profile +/etc/firejail/xfce4-notes.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2569c36ef..c44d83e7b 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -65,6 +65,7 @@ geeqie gimp gitter gjs +globaltime gnome-2048 gnome-books gnome-calculator @@ -144,6 +145,7 @@ okular openshot opera opera-beta +orage palemoon parole pdfsam @@ -164,6 +166,7 @@ quiterss qutebrowser ranger rhythmbox +ristretto rtorrent scribus seamonkey @@ -211,6 +214,8 @@ wireshark xchat xed xfburn +xfce4-dict +xfce4-notes xiphos xmms xonotic-glx -- cgit v1.2.3-54-g00ecf