From e3abab47dcda4dba4a1412261e35cb1608ffd900 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 10 Jun 2016 10:41:57 -0400 Subject: private-bin conversion --- etc/cherrytree.profile | 9 +++++++++ etc/disable-devel.inc | 2 +- etc/evince.profile | 3 +++ etc/fbreader.profile | 3 +++ etc/gnome-mplayer.profile | 3 +++ etc/gthumb.profile | 2 +- etc/vlc.profile | 2 +- 7 files changed, 21 insertions(+), 3 deletions(-) (limited to 'etc') diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index bc6fe1d86..7b6238d98 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile @@ -24,3 +24,12 @@ protocol unix,inet,inet6,netlink tracelog include /etc/firejail/whitelist-common.inc + +# no private-bin support for various reasons: +#10:25:34 exec 11249 (root) NEW SANDBOX: /usr/bin/firejail /usr/bin/cherrytree +#10:25:34 exec 11252 (netblue) /bin/bash -c "/usr/bin/cherrytree" +#10:25:34 exec 11252 (netblue) /usr/bin/python /usr/bin/cherrytree +#10:25:34 exec 11253 (netblue) sh -c /sbin/ldconfig -p 2>/dev/null +#10:25:34 exec 11255 (netblue) sh -c if type gcc >/dev/null 2>&1; then CC=gcc; elif type cc >/dev/null 2>&1; then CC=cc;else exit 10; fi;LANG=C LC_ALL=C $CC -Wl,-t -o /tmp/tmpiYr44S 2>&1 -llibc +# it requires acces to browser to show the online help +# it doesn't play nicely with expect diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 8c18ec2c3..071a82f76 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc @@ -37,7 +37,7 @@ blacklist /usr/lib/php* blacklist /usr/bin/ruby blacklist /usr/lib/ruby -# Programs using python: deluge, some firefox addons, filezilla +# Programs using python: deluge, firefox addons, filezilla, cherrytree # Python 2 #blacklist /usr/bin/python2* #blacklist /usr/lib/python2* diff --git a/etc/evince.profile b/etc/evince.profile index 8c84a1daa..8671c1251 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -10,3 +10,6 @@ noroot nosound protocol unix,inet,inet6 seccomp + +shell none +private-bin evince,evince-previewer,evince-thumbnailer diff --git a/etc/fbreader.profile b/etc/fbreader.profile index c4d84691c..df359e50a 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile @@ -13,3 +13,6 @@ noroot nosound protocol unix,inet,inet6 seccomp + +shell none +private-bin fbreader,FBReader \ No newline at end of file diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index f15778534..1caea177d 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile @@ -9,3 +9,6 @@ nonewprivs noroot protocol unix,inet,inet6 seccomp + +shell none +private-bin gnome-mplayer diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 55041b5cc..68d6a52d9 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile @@ -13,5 +13,5 @@ noroot protocol unix,inet,inet6 seccomp -private-bin gthumb shell none +private-bin gthumb diff --git a/etc/vlc.profile b/etc/vlc.profile index e225e80e9..1a6e5a151 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile @@ -16,4 +16,4 @@ seccomp # to test shell none -private-bin vlc +private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc -- cgit v1.2.3-70-g09d2