From d141e59d67390e1377623dec8178080c289c2b5b Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Mon, 3 Jul 2023 21:38:45 +0000 Subject: disable-programs.inc: add support for rssguard --- etc/inc/disable-programs.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index b4a01638f..84f49bfd4 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -334,6 +334,7 @@ blacklist ${HOME}/.config/Riot blacklist ${HOME}/.config/Rocket.Chat blacklist ${HOME}/.config/RogueLegacy blacklist ${HOME}/.config/RogueLegacyStorageContainer +blacklist ${HOME}/.config/RSS Guard 4 blacklist ${HOME}/.config/Seafile blacklist ${HOME}/.config/Signal blacklist ${HOME}/.config/Sinew Software Systems -- cgit v1.2.3-54-g00ecf From 46dc993c56f58840e385c19ed685936e5e706253 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Mon, 3 Jul 2023 21:40:57 +0000 Subject: Create rssguard.profile --- etc/profile-m-z/rssguard.profile | 57 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 etc/profile-m-z/rssguard.profile diff --git a/etc/profile-m-z/rssguard.profile b/etc/profile-m-z/rssguard.profile new file mode 100644 index 000000000..bad641eb8 --- /dev/null +++ b/etc/profile-m-z/rssguard.profile @@ -0,0 +1,57 @@ +# Firejail profile for rssguard +# Description: Simple (yet powerful) Qt feed reader +# This file is overwritten after every install/update +# Persistent local customizations +include rssguard.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/RSS Guard 4 + +include allow-nodejs.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-proc.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.config/RSS Guard 4 +whitelist ${HOME}/.config/RSS Guard 4 +whitelist ${DOWNLOADS} +include whitelist-common.inc +include whitelist-run-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +# no3d +nodvd +nogroups +noinput +nonewprivs +noroot +# nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +tracelog + +disable-mnt +private-bin node,rssguard +private-dev +private-etc @network,@sound,@tls-ca,@x11,mime.types +private-tmp + +dbus-user none +dbus-system none + +restrict-namespaces -- cgit v1.2.3-54-g00ecf From c0ad9ef6bfd520e5581e1e46a8c96b42e35964fc Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Mon, 3 Jul 2023 21:43:59 +0000 Subject: RELNOTES: add rssguard to 'new profiles' section --- RELNOTES | 1 + 1 file changed, 1 insertion(+) diff --git a/RELNOTES b/RELNOTES index 718ac17a4..68ec2220d 100644 --- a/RELNOTES +++ b/RELNOTES @@ -48,6 +48,7 @@ firejail (0.9.73) baseline; urgency=low * legal: selinux.c: Split Copyright notice & use same license as upstream (#5667) * new profiles: fix-qdf, qpdf, zlib-flate, standard-notes, url-eater + * new profiles: rssguard -- netblue30 Mon, 17 Jan 2023 09:00:00 -0500 firejail (0.9.72) baseline; urgency=low -- cgit v1.2.3-54-g00ecf From c6593c8b51a0201d1645e0ff385ba874de48b315 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Mon, 3 Jul 2023 21:45:34 +0000 Subject: firecfg.config: add rssguard --- src/firecfg/firecfg.config | 1 + 1 file changed, 1 insertion(+) diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index dac5794b4..2755968c9 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -734,6 +734,7 @@ ripperx ristretto rocketchat rpcs3 +rssguard rtorrent runenpass.sh sayonara -- cgit v1.2.3-54-g00ecf From c96ac104f66bc93160bf879f5be349b1a15e9740 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Mon, 3 Jul 2023 22:25:44 +0000 Subject: disable-programs.inc: fix rssguard entree Apparently a path containing whitespace and ending with a single digit breaks CI: https://github.com/netblue30/firejail/actions/runs/5448790502. --- etc/inc/disable-programs.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 84f49bfd4..1e6a765c9 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -334,7 +334,7 @@ blacklist ${HOME}/.config/Riot blacklist ${HOME}/.config/Rocket.Chat blacklist ${HOME}/.config/RogueLegacy blacklist ${HOME}/.config/RogueLegacyStorageContainer -blacklist ${HOME}/.config/RSS Guard 4 +blacklist ${HOME}/.config/RSS Guard* blacklist ${HOME}/.config/Seafile blacklist ${HOME}/.config/Signal blacklist ${HOME}/.config/Sinew Software Systems -- cgit v1.2.3-54-g00ecf From 5fa4a70d0c340990e71d7e3647deee4bdab4647f Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Mon, 3 Jul 2023 22:31:37 +0000 Subject: disable-programs.inc: fix ordering rssguard entree Grrrr --- etc/inc/disable-programs.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 1e6a765c9..33bcbc51b 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -329,12 +329,12 @@ blacklist ${HOME}/.config/Qlipper blacklist ${HOME}/.config/QuiteRss blacklist ${HOME}/.config/QuiteRssrc blacklist ${HOME}/.config/Quotient +blacklist ${HOME}/.config/RSS Guard 4 blacklist ${HOME}/.config/Rambox blacklist ${HOME}/.config/Riot blacklist ${HOME}/.config/Rocket.Chat blacklist ${HOME}/.config/RogueLegacy blacklist ${HOME}/.config/RogueLegacyStorageContainer -blacklist ${HOME}/.config/RSS Guard* blacklist ${HOME}/.config/Seafile blacklist ${HOME}/.config/Signal blacklist ${HOME}/.config/Sinew Software Systems -- cgit v1.2.3-54-g00ecf From 698935530d4ed2cfa5fa057879abf9a136cdb48c Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Tue, 4 Jul 2023 12:29:08 +0000 Subject: rssguard.profile: add seccomp.block-secondary --- etc/profile-m-z/rssguard.profile | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/profile-m-z/rssguard.profile b/etc/profile-m-z/rssguard.profile index bad641eb8..ab42718b0 100644 --- a/etc/profile-m-z/rssguard.profile +++ b/etc/profile-m-z/rssguard.profile @@ -43,6 +43,7 @@ nou2f novideo protocol unix,inet,inet6 seccomp +seccomp.block-secondary tracelog disable-mnt -- cgit v1.2.3-54-g00ecf From e447e630d36ed3c881be871a04e916760c14abea Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Wed, 5 Jul 2023 22:40:46 +0000 Subject: rssguard.profile: add netlink to protocol --- etc/profile-m-z/rssguard.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-m-z/rssguard.profile b/etc/profile-m-z/rssguard.profile index ab42718b0..81381c205 100644 --- a/etc/profile-m-z/rssguard.profile +++ b/etc/profile-m-z/rssguard.profile @@ -41,7 +41,7 @@ noroot notv nou2f novideo -protocol unix,inet,inet6 +protocol unix,inet,inet6,netlink seccomp seccomp.block-secondary tracelog -- cgit v1.2.3-54-g00ecf From a164c239bbe6d39b0cc6ef0ea693d58627c8b760 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Thu, 6 Jul 2023 17:15:26 +0000 Subject: RELNOTES: revert adding rssguard to new profiles section As per review https://github.com/netblue30/firejail/pull/5881#pullrequestreview-1515652336 --- RELNOTES | 1 - 1 file changed, 1 deletion(-) diff --git a/RELNOTES b/RELNOTES index 68ec2220d..718ac17a4 100644 --- a/RELNOTES +++ b/RELNOTES @@ -48,7 +48,6 @@ firejail (0.9.73) baseline; urgency=low * legal: selinux.c: Split Copyright notice & use same license as upstream (#5667) * new profiles: fix-qdf, qpdf, zlib-flate, standard-notes, url-eater - * new profiles: rssguard -- netblue30 Mon, 17 Jan 2023 09:00:00 -0500 firejail (0.9.72) baseline; urgency=low -- cgit v1.2.3-54-g00ecf