From 7140573b9269b04cc36f5a9bd34a861ed2feb380 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Tue, 18 Apr 2023 02:36:55 +0000 Subject: New profile: url-eater (#5780) * Create url-eater.profile * RELNOTES: add url-eater to 'new profiles' --- RELNOTES | 2 +- etc/profile-m-z/url-eater.profile | 58 +++++++++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 etc/profile-m-z/url-eater.profile diff --git a/RELNOTES b/RELNOTES index 72cfa336e..6452e11ff 100644 --- a/RELNOTES +++ b/RELNOTES @@ -30,7 +30,7 @@ firejail (0.9.73) baseline; urgency=low * docs: markdown formatting and misc improvements (#5757) * legal: selinux.c: Split Copyright notice & use same license as upstream (#5667) - * new profiles: fix-qdf, qpdf, zlib-flate, standard-notes + * new profiles: fix-qdf, qpdf, zlib-flate, standard-notes, url-eater -- netblue30 Mon, 17 Jan 2023 09:00:00 -0500 firejail (0.9.72) baseline; urgency=low diff --git a/etc/profile-m-z/url-eater.profile b/etc/profile-m-z/url-eater.profile new file mode 100644 index 000000000..a894ff0f6 --- /dev/null +++ b/etc/profile-m-z/url-eater.profile @@ -0,0 +1,58 @@ +# Firejail profile for url-eater +# Description: Clean unnecessary parameters from URLs copied to clipboard +# This file is overwritten after every install/update +# Persistent local customizations +include url-eater.local +# Persistent global definitions +include globals.local + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-proc.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +include whitelist-common.inc +include whitelist-run-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +machine-id +net none +no3d +nodvd +nogroups +noinput +nonewprivs +noprinters +noroot +nosound +notv +nou2f +novideo +protocol unix +seccomp +seccomp.block-secondary +tracelog + +disable-mnt +private-bin url-eater +private-cache +private-dev +private-etc url-eater.kdl +private-lib +#private-tmp # breaks on Arch + +dbus-user none +dbus-system none + +memory-deny-write-execute +read-only ${HOME} +restrict-namespaces diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 94e8b9194..1e996ef72 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -883,6 +883,7 @@ unbound unf unknown-horizons # unzstd - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) +url-eater utox uudeview uzbl-browser -- cgit v1.2.3-54-g00ecf