From 11edb11c0d1620f753d43b1676077793a169b2d1 Mon Sep 17 00:00:00 2001 From: curiosity-seeker Date: Wed, 17 Apr 2019 07:00:13 +0000 Subject: Profiles for gramps, newsboat and freeoffice (#2652) * Update firecfg.config * Create gramps.profile * Update disable-programs.inc * Create newsboat.profile * Update disable-programs.inc * Update firecfg.config * Create freeoffice-planmaker * Create freeoffice-textmaker * Create freeoffice-presentations * Update disable-programs.inc * Update firecfg.config * Update newsboat.profile * Update newsboat.profile * Update gramps.profile * Update freeoffice-textmaker * Update freeoffice-planmaker * Update freeoffice-presentations * Update freeoffice-planmaker * Update freeoffice-presentations * Update freeoffice-textmaker * Rename freeoffice-planmaker to freeoffice-planmaker.profile * Rename freeoffice-presentations to freeoffice-presentations.profile * Rename freeoffice-textmaker to freeoffice-textmaker.profile * Update gramps.profile * Update freeoffice-planmaker.profile * Update freeoffice-presentations.profile * Update freeoffice-textmaker.profile * Update freeoffice-textmaker.profile * Update freeoffice-presentations.profile * Update newsboat.profile * Update gramps.profile * Update freeoffice-planmaker.profile * Update freeoffice-presentations.profile * Update freeoffice-textmaker.profile --- etc/disable-programs.inc | 3 ++ etc/freeoffice-planmaker.profile | 40 ++++++++++++++++++++++++++ etc/freeoffice-presentations.profile | 40 ++++++++++++++++++++++++++ etc/freeoffice-textmaker.profile | 40 ++++++++++++++++++++++++++ etc/gramps.profile | 55 ++++++++++++++++++++++++++++++++++++ etc/newsboat.profile | 48 +++++++++++++++++++++++++++++++ 6 files changed, 226 insertions(+) create mode 100644 etc/freeoffice-planmaker.profile create mode 100644 etc/freeoffice-presentations.profile create mode 100644 etc/freeoffice-textmaker.profile create mode 100644 etc/gramps.profile create mode 100644 etc/newsboat.profile (limited to 'etc') diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 41c6eb53e..7e12b97b2 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -5,6 +5,7 @@ include disable-programs.local blacklist ${HOME}/Arduino blacklist ${HOME}/Monero/wallets blacklist ${HOME}/Nextcloud/Notes +blacklist ${HOME}/SoftMaker blacklist ${HOME}/Standard Notes Backups blacklist ${HOME}/wallet.dat blacklist ${HOME}/.*coin @@ -339,6 +340,7 @@ blacklist ${HOME}/.googleearth/Temp/ blacklist ${HOME}/.googleearth/myplaces.backup.kml blacklist ${HOME}/.googleearth/myplaces.kml blacklist ${HOME}/.gradle +blacklist ${HOME}/.gramps blacklist ${HOME}/.guayadeque blacklist ${HOME}/.hashcat blacklist ${HOME}/.hedgewars @@ -549,6 +551,7 @@ blacklist ${HOME}/.multimc5 blacklist ${HOME}/.nanorc blacklist ${HOME}/.netactview blacklist ${HOME}/.neverball +blacklist ${HOME}/.newsboat blacklist ${HOME}/.nv blacklist ${HOME}/.nylas-mail blacklist ${HOME}/.opencity diff --git a/etc/freeoffice-planmaker.profile b/etc/freeoffice-planmaker.profile new file mode 100644 index 000000000..e00acb278 --- /dev/null +++ b/etc/freeoffice-planmaker.profile @@ -0,0 +1,40 @@ +# Firejail profile for freeoffice-planmaker +# This file is overwritten after every install/update +# Persistent local customizations +include freeoffice-planmaker.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/SoftMaker + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +# include disable-xdg.inc + +apparmor +caps.drop all +ipc-namespace +net none +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +private-cache +private-dev +private-tmp + + diff --git a/etc/freeoffice-presentations.profile b/etc/freeoffice-presentations.profile new file mode 100644 index 000000000..c71418cce --- /dev/null +++ b/etc/freeoffice-presentations.profile @@ -0,0 +1,40 @@ +# Firejail profile for freeoffice-presentations +# This file is overwritten after every install/update +# Persistent local customizations +include freeoffice-presentations.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/SoftMaker + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +# include disable-xdg.inc + +apparmor +caps.drop all +ipc-namespace +net none +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +private-cache +private-dev +private-tmp + + diff --git a/etc/freeoffice-textmaker.profile b/etc/freeoffice-textmaker.profile new file mode 100644 index 000000000..0965cc70e --- /dev/null +++ b/etc/freeoffice-textmaker.profile @@ -0,0 +1,40 @@ +# Firejail profile for freeoffice-textmaker +# This file is overwritten after every install/update +# Persistent local customizations +include freeoffice-textmaker.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/SoftMaker + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +# include disable-xdg.inc + +apparmor +caps.drop all +ipc-namespace +net none +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +private-cache +private-dev +private-tmp + + diff --git a/etc/gramps.profile b/etc/gramps.profile new file mode 100644 index 000000000..46337d269 --- /dev/null +++ b/etc/gramps.profile @@ -0,0 +1,55 @@ +# Firejail profile for gramps +# Description: genealogy program +# This file is overwritten after every install/update +# Persistent local customizations +include gramps.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.gramps + +# Allow python (blacklisted by disable-interpreters.inc) +#noblacklist ${PATH}/python2* +noblacklist ${PATH}/python3* +#noblacklist /usr/lib/python2* +noblacklist /usr/lib/python3* +#noblacklist /usr/local/lib/python2* +noblacklist /usr/local/lib/python3* + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.gramps +whitelist ${HOME}/.gramps +include whitelist-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +netfilter +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none + +disable-mnt +private-cache +private-dev +private-tmp + + diff --git a/etc/newsboat.profile b/etc/newsboat.profile new file mode 100644 index 000000000..0fed5bd06 --- /dev/null +++ b/etc/newsboat.profile @@ -0,0 +1,48 @@ +# Firejail profile for Newsboat +# Description: RSS program +# This file is overwritten after every install/update +# Persistent local customizations +include newsboat.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.newsboat + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.newsboat +whitelist ${HOME}/.newsboat +include whitelist-common.inc +include whitelist-var-common.inc + +caps.drop all +ipc-namespace +netfilter +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol inet,inet6 +seccomp +shell none + +disable-mnt +private-bin newsboat +private-cache +private-dev +private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,terminfo +private-tmp + +memory-deny-write-execute + -- cgit v1.2.3-70-g09d2