From 8201711defc8a51c196508c4f6793174425fb973 Mon Sep 17 00:00:00 2001 From: Fred Barclay Date: Sat, 15 Apr 2017 11:51:19 -0500 Subject: BibleTime profile --- README | 1 + README.md | 2 +- RELNOTES | 2 +- etc/bibletime.profile | 35 +++++++++++++++++++++++++++++++++++ etc/disable-programs.inc | 2 ++ platform/debian/conffiles | 1 + src/firecfg/firecfg.config | 1 + 7 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 etc/bibletime.profile diff --git a/README b/README index 1b1cda252..f501cb5f1 100644 --- a/README +++ b/README @@ -183,6 +183,7 @@ Fred-Barclay (https://github.com/Fred-Barclay) - tighten keepassx - added Thunar profile - added mousepad, qpicview, and cvlc profiles + - addedd BibleTime profile G4JC (http://sourceforge.net/u/gaming4jc/profile/) - ARM support - profile fixes diff --git a/README.md b/README.md index 7fcf0e540..89f459798 100644 --- a/README.md +++ b/README.md @@ -196,4 +196,4 @@ simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, -Nylas,dino +Nylas, dino, BibleTime diff --git a/RELNOTES b/RELNOTES index 8736a8e34..d2c4d7cd9 100644 --- a/RELNOTES +++ b/RELNOTES @@ -36,7 +36,7 @@ firejail (0.9.46-rc1) baseline; urgency=low * new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa, * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, - * new profiles: baloo_file, Nylas,dino + * new profiles: baloo_file, Nylas, dino, BibleTime * bugfixes -- netblue30 Fri, 7 Apr 2017 08:00:00 -0500 diff --git a/etc/bibletime.profile b/etc/bibletime.profile new file mode 100644 index 000000000..19beb5aed --- /dev/null +++ b/etc/bibletime.profile @@ -0,0 +1,35 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/bibletime.local + +# Firejail profile for BibleTime +noblacklist ~/.sword +noblacklist ~/.bibletime + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +whitelist ${HOME}/.config/qt5ct +whitelist ${HOME}/.sword +whitelist ${HOME}/.bibletime + +blacklist ~/.bashrc +blacklist ~/.Xauthority + +caps.drop all +netfilter +nogroups +nonewprivs +noroot +nosound +protocol unix,inet,inet6,netlink +seccomp +shell none +tracelog + +#private-bin bibletime,qt5ct +private-etc fonts,resolv.conf,sword,sword.conf,passwd +private-dev +private-tmp diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 87f8e13b9..bad1f0263 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -18,6 +18,7 @@ blacklist ${HOME}/.atom blacklist ${HOME}/.attic blacklist ${HOME}/.audacity-data blacklist ${HOME}/.bcast5 +blacklist ${HOME}/.bibletime blacklist ${HOME}/.claws-mail blacklist ${HOME}/.config/0ad blacklist ${HOME}/.config/Atom @@ -107,6 +108,7 @@ blacklist ${HOME}/.config/pix blacklist ${HOME}/.config/pluma blacklist ${HOME}/.config/psi+ blacklist ${HOME}/.config/qpdfview +blacklist ${HOME}/.config/qt5ct blacklist ${HOME}/.config/qutebrowser blacklist ${HOME}/.config/ranger blacklist ${HOME}/.config/redshift.conf diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 4e6904b6a..5f994128a 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -15,6 +15,7 @@ /etc/firejail/audacity.profile /etc/firejail/aweather.profile /etc/firejail/baloo_file.profile +/etc/firejail/bibletime.profile /etc/firejail/bitlbee.profile /etc/firejail/bleachbit.profile /etc/firejail/brasero.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 7fb64144a..4a40402d7 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -194,6 +194,7 @@ eog atom atom-beta baloo_file +bibletime ranger keepass keepass2 -- cgit v1.2.3-70-g09d2