From b51d44a29a07772cf4b38b6133aad343e76185d8 Mon Sep 17 00:00:00 2001 From: Fred Barclay Date: Sun, 26 Mar 2017 13:37:13 -0500 Subject: GPicViewer profile --- README.md | 6 +++--- RELNOTES | 2 +- etc/disable-programs.inc | 1 + etc/gpicview.profile | 27 +++++++++++++++++++++++++++ platform/debian/conffiles | 1 + src/firecfg/firecfg.config | 1 + 6 files changed, 34 insertions(+), 4 deletions(-) create mode 100644 etc/gpicview.profile diff --git a/README.md b/README.md index 8987b1fd0..6efa2ed69 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,7 @@ Added AppImage type 2 support, and support for passing command line arguments to Example: $ firejail --hosts-file=~/myhosts firefox - + --writable-var-log Use the real /var/log directory, not a clone. By default, a tmpfs is mounted on top of /var/log directory, and a skeleton @@ -120,7 +120,7 @@ Added AppImage type 2 support, and support for passing command line arguments to Example: $ sudo firejail --writable-var-log - + --git-install Download, compile and install mainline git version of Firejail from the official repository on GitHub. The software is @@ -195,4 +195,4 @@ goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nau simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, -Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad +Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview diff --git a/RELNOTES b/RELNOTES index 4775cf0f6..4766fdceb 100644 --- a/RELNOTES +++ b/RELNOTES @@ -41,7 +41,7 @@ firejail (0.9.45) baseline; urgency=low * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, * new profies: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa - * new profiles: Scribus, mousepad + * new profiles: Scribus, mousepad, gpicview * bugfixes -- netblue30 Sun, 23 Oct 2016 08:00:00 -0500 diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 00c6e195a..6b2b1d994 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -70,6 +70,7 @@ blacklist ${HOME}/.config/gedit blacklist ${HOME}/.config/google-chrome blacklist ${HOME}/.config/google-chrome-beta blacklist ${HOME}/.config/google-chrome-unstable +blacklist ${HOME}./config/gpicview blacklist ${HOME}/.config/gthumb blacklist ${HOME}/.config/hexchat blacklist ${HOME}/.config/inox diff --git a/etc/gpicview.profile b/etc/gpicview.profile new file mode 100644 index 000000000..7a8188665 --- /dev/null +++ b/etc/gpicview.profile @@ -0,0 +1,27 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/gpicview.local + +# Firejail profile for GPicView +noblacklist ~/.config/gpicview + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +net none +nogroups +nonewprivs +noroot +nosound +protocol unix +seccomp +shell none +tracelog + +private-bin gpicview +private-dev +private-etc fonts +private-tmp diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 253af3f01..a31f13200 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -90,6 +90,7 @@ /etc/firejail/gpa.profile /etc/firejail/gpg-agent.profile /etc/firejail/gpg.profile +/etc/firejail/gpicview.profile /etc/firejail/gpredict.profile /etc/firejail/gtar.profile /etc/firejail/gthumb.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 1db8736e9..5bfd94736 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -123,6 +123,7 @@ gnome-mplayer gnome-music goobox google-play-music-desktop-player +gpicview img2txt k3b mediainfo -- cgit v1.2.3-54-g00ecf