From d43eb028d90d3417a70e9a5eb5e44ea3e3faa5a0 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 5 Nov 2016 09:44:50 -0400 Subject: profile fixes --- README | 4 ++++ README.md | 2 +- etc/evince.profile | 2 +- etc/firefox.profile | 3 +-- etc/mupdf.profile | 2 +- platform/debian/conffiles | 1 + 6 files changed, 9 insertions(+), 5 deletions(-) diff --git a/README b/README index 50bc00099..7599f4cf1 100644 --- a/README +++ b/README @@ -80,6 +80,8 @@ Fred-Barclay (https://github.com/Fred-Barclay) - evince profile enhancement - tightened Spotify profile - added xiphos and Tor Browser Bundle profiles +BogDan Vatra (https://github.com/bog-dan-ro) + - zoom profile Impyy (https://github.com/Impyy) - added mumble profile valoq (https://github.com/valoq) @@ -88,6 +90,8 @@ valoq (https://github.com/valoq) - added support for /srv in --whitelist feature - Eye of GNOME, Evolution, display (imagemagik) and Wire profiles - blacklist suid binaries in disable-common.inc + - fix man pages + - various profile improvements Vadim A. Misbakh-Soloviov (https://github.com/msva) - profile fixes Rafael Cavalcanti (https://github.com/rccavalcanti) diff --git a/README.md b/README.md index c6484d3b7..931b27ef3 100644 --- a/README.md +++ b/README.md @@ -52,5 +52,5 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is ````` ## New Profiles -xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble +xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom diff --git a/etc/evince.profile b/etc/evince.profile index 9a9113c70..cbb2083f4 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -6,7 +6,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter -net none +#net none - creates some problems on some distributions nogroups nonewprivs noroot diff --git a/etc/firefox.profile b/etc/firefox.profile index 7875ca6b9..3fb56fd0e 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -47,8 +47,7 @@ whitelist ~/.config/pipelight-silverlight5.1 include /etc/firejail/whitelist-common.inc # experimental features - -private-bin firefox,which,sh,dbus-launch,dbus-send,env +#private-bin firefox,which,sh,dbus-launch,dbus-send,env private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse private-dev private-tmp diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 65e6a8978..e022866e8 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile @@ -16,7 +16,7 @@ net none shell none tracelog -seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev +#seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev private-bin mupdf private-tmp diff --git a/platform/debian/conffiles b/platform/debian/conffiles index df660ab4f..ae8db5a67 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -171,3 +171,4 @@ /etc/firejail/display.profile /etc/firejail/Wire.profile /etc/firejail/mumble.profile +/etc/firejail/zoom.profile -- cgit v1.2.3-54-g00ecf