From a3307a905ce69baa44f63079fbac78a0967eeb4c Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Tue, 9 Apr 2019 16:38:47 +0200 Subject: Add cheese.profile --- README | 4 ++-- README.md | 2 +- RELNOTES | 2 +- etc/Cheese.profile | 7 +++++++ etc/cheese.profile | 43 +++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 54 insertions(+), 4 deletions(-) create mode 100644 etc/Cheese.profile create mode 100644 etc/cheese.profile diff --git a/README b/README index d41ae967a..6bb17d4f3 100644 --- a/README +++ b/README @@ -545,12 +545,12 @@ rusty-snake (https://github.com/rusty-snake) - added profiles: kid3-qt, kid3-cli, anki - fixed profiles: kdenlive, bibletime, rhythmbox, gajim, seahorse - fixed profiles: libreoffice, gnome-maps, wget, seahorse-tool - - fixed profiles: gnome-logs + - fixed profiles: gnome-logs, atom, brackets, gnome-builder, geany + - fixed profiles: vim, emacs, pycharm-community, gedit - hardened profiles: disable-common.inc, disable-programs.inc - hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox - hardened profiles: gnome-clocks, meld, minetest, youtube-dl - gnome-mpv was renamed to celluloid - - updates for ~/.cargo and ~/.python-history Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) - fixed ktorrent profile sarneaud (https://github.com/sarneaud) diff --git a/README.md b/README.md index 429f3362c..8509bf44d 100644 --- a/README.md +++ b/README.md @@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe ## Current development version: 0.9.59 ## New profiles: -anki, assogiate, autokey-gtk, autokey-qt, autokey-run, autokey-shell, bzflag, celluoid, code-oss, crawl, crawl-tiles, crow, d-feet, dconf, dconf-editor, devhelp, exfalso, font-manager, freeciv, freecol, freemind, gconf-editor, geekbench, gnome-keyring, gnome-nettool, gnome-system-log, gsettings, kid3, kid3-cli, kid3-qt, klavaro, lincity-ng, lugaru, Maelstrom, manaplus, megaglest, mpdris2, mypaint, nano, netactview, nomacs, nyx, opencity, openclonk, openttd, ostrichriders, pavucontrol, pioneer, pragha, redshift, regextester, seahorse, seahorse-tool, scorched3d, secret-tool, simplescreenrecorder, slashem, subdownloader, sysprof, sysprof-cli, teeworlds, torcs, tremulous, transgui, vulturesclaw, vultureseye, warsow, widelands, xfce4-mixer +anki, assogiate, autokey-gtk, autokey-qt, autokey-run, autokey-shell, bzflag, celluoid, code-oss, crawl, crawl-tiles, crow, d-feet, dconf, dconf-editor, devhelp, exfalso, font-manager, freeciv, freecol, freemind, gconf-editor, geekbench, gnome-keyring, gnome-nettool, gnome-system-log, gsettings, kid3, kid3-cli, kid3-qt, klavaro, lincity-ng, lugaru, Maelstrom, manaplus, megaglest, mpdris2, mypaint, nano, netactview, nomacs, nyx, opencity, openclonk, openttd, ostrichriders, pavucontrol, pioneer, pragha, redshift, regextester, seahorse, seahorse-tool, scorched3d, secret-tool, simplescreenrecorder, slashem, subdownloader, sysprof, sysprof-cli, teeworlds, torcs, tremulous, transgui, vulturesclaw, vultureseye, warsow, widelands, xfce4-mixer, cheese diff --git a/RELNOTES b/RELNOTES index a3cf6bea0..2238ee57d 100644 --- a/RELNOTES +++ b/RELNOTES @@ -11,7 +11,7 @@ firejail (0.9.59) baseline; urgency=low * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem - * new profiles: vultureseye, vulturesclaw, anki + * new profiles: vultureseye, vulturesclaw, anki, cheese * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell * memory-deny-write-execute now also blocks memfd_create * drop support for flatpak/snap packages diff --git a/etc/Cheese.profile b/etc/Cheese.profile new file mode 100644 index 000000000..4bfce53a9 --- /dev/null +++ b/etc/Cheese.profile @@ -0,0 +1,7 @@ +# Firejail profile for cheese +# This file is overwritten after every install/update + + +# Temporary fix for https://github.com/netblue30/firejail/issues/2624 +# Redirect +include cheese.profile diff --git a/etc/cheese.profile b/etc/cheese.profile new file mode 100644 index 000000000..b6cb0c9ce --- /dev/null +++ b/etc/cheese.profile @@ -0,0 +1,43 @@ +# Firejail profile for cheese +# Description: taking pictures and movies from a webcam +# This file is overwritten after every install/update +# Persistent local customizations +include cheese.local +# Persistent global definitions +include globals.local + +noblacklist ${VIDEOS} + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +whitelist ${VIDEOS} +include whitelist-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +machine-id +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private-bin cheese +private-cache +private-etc alternatives,fonts,drirc,clutter-1.0,gtk-3.0,dconf +private-tmp -- cgit v1.2.3-70-g09d2 From 65eac73723cf4b137160249242b24e7ed93230e0 Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Sat, 13 Apr 2019 13:46:54 +0200 Subject: Add to firecfg --- README | 2 +- src/firecfg/firecfg.config | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README b/README index a06ffe535..08b5180d2 100644 --- a/README +++ b/README @@ -549,7 +549,7 @@ rusty-snake (https://github.com/rusty-snake) - fixed profiles: libreoffice, gnome-maps, wget, seahorse-tool - fixed profiles: gnome-logs, atom, brackets, gnome-builder, geany - fixed profiles: vim, emacs, pycharm-community, gedit, klavaro - - fixed profiles: default + - fixed profiles: default - hardened profiles: disable-common.inc, disable-programs.inc - hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox - hardened profiles: gnome-clocks, meld, minetest, youtube-dl diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 7aec0f82a..097d03235 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -5,6 +5,7 @@ 0ad 2048-qt Builder +Cheese Cryptocat Cyberfox Discord @@ -93,6 +94,7 @@ calligrawords catfish celluloid checkbashisms +cheese cherrytree chromium chromium-browser -- cgit v1.2.3-70-g09d2