From 8cddf9dc2e3292d1abfdc7ea0a92acac08a6c70c Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Thu, 30 Jul 2020 20:41:02 +0000 Subject: add profile for sushi (#3558) --- README.md | 2 +- RELNOTES | 1 + .../org.gnome.NautilusPreviewer.profile | 10 +++++ etc/profile-m-z/sushi.profile | 48 ++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 5 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 etc/profile-m-z/org.gnome.NautilusPreviewer.profile create mode 100644 etc/profile-m-z/sushi.profile diff --git a/README.md b/README.md index c370368d7..1cbe84a62 100644 --- a/README.md +++ b/README.md @@ -196,4 +196,4 @@ gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnom penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword, four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars, hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers, -seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication, xonotic-sdl-wrapper, openarena_ded, cawbird, freetube, homebank, mattermost-desktop, newsflash, com.gitlab.newsflash, element-desktop +seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication, xonotic-sdl-wrapper, openarena_ded, cawbird, freetube, homebank, mattermost-desktop, newsflash, com.gitlab.newsflash, element-desktop, sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer diff --git a/RELNOTES b/RELNOTES index d0cf88d4d..e77db8cf8 100644 --- a/RELNOTES +++ b/RELNOTES @@ -39,6 +39,7 @@ firejail (0.9.63) baseline; urgency=low * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper * new profiles: gapplication, openarena_ded, element-desktop, cawbird, freetube * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash + * new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer -- netblue30 Tue, 21 Apr 2020 08:00:00 -0500 firejail (0.9.62) baseline; urgency=low diff --git a/etc/profile-m-z/org.gnome.NautilusPreviewer.profile b/etc/profile-m-z/org.gnome.NautilusPreviewer.profile new file mode 100644 index 000000000..eb75add58 --- /dev/null +++ b/etc/profile-m-z/org.gnome.NautilusPreviewer.profile @@ -0,0 +1,10 @@ +# Firejail profile alias for sushi +# This file is overwritten after every install/update +# Persistent local customizations +include org.gnome.NautilusPreviewer.local +# Persistent global definitions +# added by included profile +#include globals.local + +# Redirect +include sushi.profile diff --git a/etc/profile-m-z/sushi.profile b/etc/profile-m-z/sushi.profile new file mode 100644 index 000000000..68abd8c94 --- /dev/null +++ b/etc/profile-m-z/sushi.profile @@ -0,0 +1,48 @@ +# Firejail profile for sushi +# Description: A quick previewer for Nautilus +# This file is overwritten after every install/update +# Persistent local customizations +include sushi.local +# Persistent global definitions +include globals.local + +# Allow gjs (blacklisted by disable-interpreters.inc) +include allow-gjs.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +# include disable-programs.inc +include disable-shell.inc + +include whitelist-runuser-common.inc + +apparmor +caps.drop all +net none +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +private-bin gjs,sushi +private-dev +private-tmp + +dbus-system none + +read-only / +read-only /mnt +read-only /media +read-only /run/mount +read-only /run/media +read-only ${HOME} diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index ee0def5aa..77b0596e9 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -663,6 +663,7 @@ subdownloader supertux2 supertuxkart surf +sushi swell-foop sylpheed synfigstudio -- cgit v1.2.3-70-g09d2