From dfa025636778ee99a1c663a92cce1e061370156a Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 3 Oct 2016 11:33:22 -0400 Subject: keepass, keepassx, 7z profiles --- README | 2 +- README.md | 4 ++-- RELNOTES | 2 +- etc/7z.profile | 10 ++++++++++ etc/keepass.profile | 22 ++++++++++++++++++++++ etc/keepassx.profile | 23 +++++++++++++++++++++++ platform/debian/conffiles | 3 +++ src/firecfg/firecfg.config | 2 ++ 8 files changed, 64 insertions(+), 4 deletions(-) create mode 100644 etc/7z.profile create mode 100644 etc/keepass.profile create mode 100644 etc/keepassx.profile diff --git a/README b/README index 325ef2aa5..043e7445a 100644 --- a/README +++ b/README @@ -78,7 +78,7 @@ Fred-Barclay (https://github.com/Fred-Barclay) - added DOSBox profile - evince profile enhancement vismir2 (https://github.com/vismir2) - - feh, ranger and zathura profiles + - feh, ranger, 7z, keepass, keepassx and zathura profiles - lots of profile fixes graywolf (https://github.com/graywolf) - spelling fix diff --git a/README.md b/README.md index 43aa183ef..6e50a7645 100644 --- a/README.md +++ b/README.md @@ -106,9 +106,9 @@ If you keep your Firejail profiles in a public repository, please give us a link ## New profile commands -x11 xpra, x11 xephyr, x11 none, x11 xorg allusers, join-or-start +x11 xpra, x11 xephyr, x11 none, x11 xorg, allusers, join-or-start ## New profiles -qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape, feh, ranger, zathura +qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape, feh, ranger, zathura, 7z, keepass, keepassx diff --git a/RELNOTES b/RELNOTES index df495c31a..bdafb6ff0 100644 --- a/RELNOTES +++ b/RELNOTES @@ -16,7 +16,7 @@ firejail (0.9.43) baseline; urgency=low * feature: disable 3D hardware acceleration (--no3d) * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape - * new profiles: feh, ranger, zathura + * new profiles: feh, ranger, zathura, 7z, keepass, keepassx * bugfixes -- netblue30 Fri, 9 Sept 2016 08:00:00 -0500 diff --git a/etc/7z.profile b/etc/7z.profile new file mode 100644 index 000000000..c9455317a --- /dev/null +++ b/etc/7z.profile @@ -0,0 +1,10 @@ +# p7zip crompression tool profile +quiet +ignore noroot +include /etc/firejail/default.profile +tracelog +net none +shell none +private-dev +private-tmp +nosound diff --git a/etc/keepass.profile b/etc/keepass.profile new file mode 100644 index 000000000..b2085f53d --- /dev/null +++ b/etc/keepass.profile @@ -0,0 +1,22 @@ +# keepass password manager profile + +noblacklist ${HOME}/.config/keepass +noblacklist ${HOME}/.keepass + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +nogroups +nonewprivs +noroot +nosound +protocol unix +seccomp +netfilter +shell none + +private-tmp +private-dev diff --git a/etc/keepassx.profile b/etc/keepassx.profile new file mode 100644 index 000000000..415160df3 --- /dev/null +++ b/etc/keepassx.profile @@ -0,0 +1,23 @@ +# keepassx password manager profile + +noblacklist ${HOME}/.config/keepassx +noblacklist ${HOME}/.keepassx +noblacklist ${HOME}/keepassx.kdbx + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +nogroups +nonewprivs +noroot +nosound +protocol unix +seccomp +netfilter +shell none + +private-tmp +private-dev diff --git a/platform/debian/conffiles b/platform/debian/conffiles index af8e74ba8..03fb2fe75 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -152,3 +152,6 @@ /etc/firejail/xz.profile /etc/firejail/xzdec.profile /etc/firejail/zathura.profile +/etc/firejail/7z.profile +/etc/firejail/keepass.profile +/etc/firejail/keepassx.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 9e5ff7f12..95d3d5caa 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -142,6 +142,8 @@ ssh atom-beta atom ranger +keepass +keepassx # weather/climate aweather -- cgit v1.2.3-54-g00ecf