From 63ed58354e46d9333c0debe0a10ad1987d92e56d Mon Sep 17 00:00:00 2001 From: smitsohu Date: Sat, 9 Nov 2019 15:14:32 +0100 Subject: add kfind profile --- README.md | 2 +- RELNOTES | 2 +- etc/disable-programs.inc | 4 ++++ etc/kfind.profile | 45 +++++++++++++++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 5 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 etc/kfind.profile diff --git a/README.md b/README.md index 4e8f1ff38..4ae9ef519 100644 --- a/README.md +++ b/README.md @@ -122,4 +122,4 @@ gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformul pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt, gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop, ar, -gnome-latex, pngquant, kalgebra, kalgebramobile, signal-cli, amuled +gnome-latex, pngquant, kalgebra, kalgebramobile, signal-cli, amuled, kfind diff --git a/RELNOTES b/RELNOTES index 0ef05fd37..5cd59db3c 100644 --- a/RELNOTES +++ b/RELNOTES @@ -21,7 +21,7 @@ firejail (0.9.61) baseline; urgency=low * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, * new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra - * new profiles: kalgebramobile, signal-cli, amuled + * new profiles: kalgebramobile, signal-cli, amuled, kfind -- netblue30 Sat, 1 Jun 2019 08:00:00 -0500 firejail (0.9.60) baseline; urgency=low diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a5a38afda..47f7a6349 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -212,6 +212,7 @@ blacklist ${HOME}/.config/katesyntaxhighlightingrc blacklist ${HOME}/.config/katevirc blacklist ${HOME}/.config/kdeconnect blacklist ${HOME}/.config/kdenliverc +blacklist ${HOME}/.config/kfindrc blacklist ${HOME}/.config/kgetrc blacklist ${HOME}/.config/kid3rc blacklist ${HOME}/.config/klavaro @@ -402,6 +403,7 @@ blacklist ${HOME}/.kde/share/config/gwenviewrc blacklist ${HOME}/.kde/share/config/k3brc blacklist ${HOME}/.kde/share/config/kaffeinerc blacklist ${HOME}/.kde/share/config/kcookiejarrc +blacklist ${HOME}/.kde/share/config/kfindrc blacklist ${HOME}/.kde/share/config/kgetrc blacklist ${HOME}/.kde/share/config/khtmlrc blacklist ${HOME}/.kde/share/config/klipperrc @@ -431,6 +433,7 @@ blacklist ${HOME}/.kde4/share/config/gwenviewrc blacklist ${HOME}/.kde4/share/config/k3brc blacklist ${HOME}/.kde4/share/config/kaffeinerc blacklist ${HOME}/.kde4/share/config/kcookiejarrc +blacklist ${HOME}/.kde4/share/config/kfindrc blacklist ${HOME}/.kde4/share/config/kgetrc blacklist ${HOME}/.kde4/share/config/khtmlrc blacklist ${HOME}/.kde4/share/config/klipperrc @@ -736,6 +739,7 @@ blacklist ${HOME}/.cache/inox blacklist ${HOME}/.cache/iridium blacklist ${HOME}/.cache/kcmshell5 blacklist ${HOME}/.cache/kdenlive +blacklist ${HOME}/.cache/kfind blacklist ${HOME}/.cache/kinfocenter blacklist ${HOME}/.cache/kmail2 blacklist ${HOME}/.cache/krunner diff --git a/etc/kfind.profile b/etc/kfind.profile new file mode 100644 index 000000000..ee4c35825 --- /dev/null +++ b/etc/kfind.profile @@ -0,0 +1,45 @@ +# Firejail profile for kfind +# Description: File search utility +# This file is overwritten after every install/update +# Persistent local customizations +include kfind.local +# Persistent global definitions +include globals.local + +# searching in blacklisted or masked paths fails silently +# adjust filesystem restrictions as necessary + +# noblacklist ${HOME}/.cache/kfind - disable-programs.inc is disabled, see below +# noblacklist ${HOME}/.config/kfindrc +# noblacklist ${HOME}/.kde/share/config/kfindrc +# noblacklist ${HOME}/.kde4/share/config/kfindrc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +# include disable-programs.inc + +apparmor +caps.drop all +machine-id +# net none +netfilter +no3d +# nodbus +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix +seccomp +shell none + +# private-bin kbuildsycoca4,kdeinit4,kfind +private-dev +private-tmp diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 21f10ebd2..9e6254ce6 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -315,6 +315,7 @@ keepassx2 keepassxc keepassxc-cli keepassxc-proxy +# kfind kget kid3 kid3-cli -- cgit v1.2.3-54-g00ecf