From bc5a06e9970fe03325f28e0cdef96ea5c596113f Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Tue, 19 Apr 2016 00:06:13 +1000 Subject: added gpredict profile --- Makefile.in | 1 + README | 3 ++- README.md | 2 +- etc/disable-programs.inc | 1 + etc/gpredict.profile | 23 +++++++++++++++++++++++ platform/debian/conffiles | 2 +- src/firecfg/firecfg.config | 3 +++ 7 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 etc/gpredict.profile diff --git a/Makefile.in b/Makefile.in index bc8061985..cb897c23d 100644 --- a/Makefile.in +++ b/Makefile.in @@ -168,6 +168,7 @@ realinstall: install -c -m 0644 .etc/warzone2100.profile $(DESTDIR)/$(sysconfdir)/firejail/. install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/. install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/. + install -c -m 0644 .etc/gpredict.profile $(DESTDIR)/$(sysconfdir)/firejail/. sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" rm -fr .etc diff --git a/README b/README index e4ad5a49f..d0a7aaf8d 100644 --- a/README +++ b/README @@ -31,9 +31,10 @@ Fred-Barclay (https://github.com/Fred-Barclay) - added PaleMoon profile - split Icedove and Thunderbird profiles - added 0ad profile - - fixed version for deb packages + - fixed version for .deb packages - added Warzone2100 profile - blacklisted VeraCrypt + - added Gpredict profile avoidr (https://github.com/avoidr) - whitelist fix - recently-used.xbel fix diff --git a/README.md b/README.md index afa1fa35c..ca7927fff 100644 --- a/README.md +++ b/README.md @@ -282,5 +282,5 @@ $ man firejail-profile ## New security profiles lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf, -Warzone2100, okular, gwenview +Warzone2100, okular, gwenview, Gpredict diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 23dd8e025..6c5515894 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -8,6 +8,7 @@ blacklist ${HOME}/.Wolfram Research blacklist ${HOME}/.config/mupen64plus blacklist ${HOME}/.config/transmission blacklist ${HOME}/.config/uGet +blacklist ${HOME}/.config/Gpredict blacklist ~/.kde/share/apps/okular blacklist ~/.kde/share/config/okularrc blacklist ~/.kde/share/config/okularpartrc diff --git a/etc/gpredict.profile b/etc/gpredict.profile new file mode 100644 index 000000000..f53cb1b4f --- /dev/null +++ b/etc/gpredict.profile @@ -0,0 +1,23 @@ +# Firejail profile for gpredict. + +# Noblacklist +noblacklist ~/.config/Gpredict + +# Include +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +# Call these options +caps.drop all +netfilter +noroot +protocol unix,inet,inet6,netlink +seccomp +tracelog + +# Whitelist +mkdir ~/.config +mkdir ~/.config/Gpredict +whitelist ~/.config/Gpredict diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 1ea112301..6f5b564a0 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -87,4 +87,4 @@ /etc/firejail/warzone2100.profile /etc/firejail/okular.profile /etc/firejail/gwenview.profile - +/etc/firejail/gpredict.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index d732796e9..8bebf76af 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -2,6 +2,9 @@ # This is the list of programs handled by firecfg utility # +# astronomy +gpredict + # browsers/email firefox iceweasel -- cgit v1.2.3-54-g00ecf