From cc57e0ceecb2abe71aa5b7a4512e0c36a564b81f Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Wed, 29 Jan 2020 20:35:17 +0100 Subject: Add profiles for the WPS-Office --- README.md | 2 +- RELNOTES | 2 +- etc/disable-programs.inc | 3 +++ etc/et.profile | 11 +++++++++++ etc/wpp.profile | 14 ++++++++++++++ etc/wps.profile | 47 ++++++++++++++++++++++++++++++++++++++++++++++ etc/wpspdf.profile | 11 +++++++++++ src/firecfg/firecfg.config | 4 ++++ 8 files changed, 92 insertions(+), 2 deletions(-) create mode 100644 etc/et.profile create mode 100644 etc/wpp.profile create mode 100644 etc/wps.profile create mode 100644 etc/wpspdf.profile diff --git a/README.md b/README.md index f9b730a36..f6ce3b68f 100644 --- a/README.md +++ b/README.md @@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe ### New profiles: -gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe +gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et diff --git a/RELNOTES b/RELNOTES index bf4b752f4..9541cef74 100644 --- a/RELNOTES +++ b/RELNOTES @@ -3,7 +3,7 @@ firejail (0.9.63) baseline; urgency=low * DHCP client support * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab * new profiles: gnome-passwordsafe, bibtex, gummi, latex - * new profiles: pdflatex, tex + * new profiles: pdflatex, tex, wpp, wpspdf, wps, et firejail (0.9.62) baseline; urgency=low * added file-copy-limit in /etc/firejail/firejail.config diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 48f137f3d..baa9c3fab 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -85,6 +85,7 @@ blacklist ${HOME}/.config/Gpredict blacklist ${HOME}/.config/INRIA blacklist ${HOME}/.config/InSilmaril blacklist ${HOME}/.config/Kid3 +blacklist ${HOME}/.config/Kingsoft blacklist ${HOME}/.config/Luminance blacklist ${HOME}/.config/Meltytech blacklist ${HOME}/.config/Mendeley Ltd. @@ -459,6 +460,7 @@ blacklist ${HOME}/.kde4/share/config/ktorrentrc blacklist ${HOME}/.kde4/share/config/okularpartrc blacklist ${HOME}/.kde4/share/config/okularrc blacklist ${HOME}/.killingfloor +blacklist ${HOME}/.kingsoft blacklist ${HOME}/.kino-history blacklist ${HOME}/.kinorc blacklist ${HOME}/.klatexformula @@ -475,6 +477,7 @@ blacklist ${HOME}/.local/share/Anki2 blacklist ${HOME}/.local/share/Empathy blacklist ${HOME}/.local/share/Enpass blacklist ${HOME}/.local/share/JetBrains +blacklist ${HOME}/.local/share/Kingsoft blacklist ${HOME}/.local/share/Mendeley Ltd. blacklist ${HOME}/.local/share/Mumble blacklist ${HOME}/.local/share/PBE diff --git a/etc/et.profile b/etc/et.profile new file mode 100644 index 000000000..4e70bb114 --- /dev/null +++ b/etc/et.profile @@ -0,0 +1,11 @@ +# Firejail profile for et +# Description: WPS Office - Spreadsheets +# This file is overwritten after every install/update +# Persistent local customizations +include et.local +# Persistent global definitions +# added by included profile +#include globals.local + +# Redirect +include wps.profile diff --git a/etc/wpp.profile b/etc/wpp.profile new file mode 100644 index 000000000..a219397a9 --- /dev/null +++ b/etc/wpp.profile @@ -0,0 +1,14 @@ +# Firejail profile for wpp +# Description: WPS Office - Presentation +# This file is overwritten after every install/update +# Persistent local customizations +include wpp.local +# Persistent global definitions +# added by included profile +#include globals.local + +ignore machine-id +ignore nosound + +# Redirect +include wps.profile diff --git a/etc/wps.profile b/etc/wps.profile new file mode 100644 index 000000000..47bba2dda --- /dev/null +++ b/etc/wps.profile @@ -0,0 +1,47 @@ +# Firejail profile for wps +# Description: WPS Office - Writer +# This file is overwritten after every install/update +# Persistent local customizations +include wps.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.kingsoft +noblacklist ${HOME}/.config/Kingsoft +noblacklist ${HOME}/.local/share/Kingsoft + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc + +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +machine-id +# Uncomment the next line (or add to wps.local) if you don't use network features. +#net none +netfilter +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +# seccomp cause some minor issues, if you can live with them enable it. +#seccomp +shell none +tracelog + +private-cache +private-dev +private-tmp diff --git a/etc/wpspdf.profile b/etc/wpspdf.profile new file mode 100644 index 000000000..82080acbc --- /dev/null +++ b/etc/wpspdf.profile @@ -0,0 +1,11 @@ +# Firejail profile for wpspdf +# Description: Kingsoft Pdf Reader +# This file is overwritten after every install/update +# Persistent local customizations +include et.local +# Persistent global definitions +# added by included profile +#include globals.local + +# Redirect +include wps.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 8088f771c..8153b151a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -180,6 +180,7 @@ eog eom ephemeral #epiphany +et etr evince evince-previewer @@ -687,6 +688,9 @@ wire-desktop wireshark wireshark-gtk wireshark-qt +wpp +wps +wpspdf xcalc xchat xed -- cgit v1.2.3-54-g00ecf