From 0ea4ed8408f6fc506f9e4bef0f9e94fe14ea8d9c Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Sat, 16 Mar 2019 17:49:01 +0000 Subject: Seahorse revisited (#2600) * Refactor seahorse into a whitelist profile * Refactor seahorse-tool as a whitelist profile * Create seahorse-daemon.profile * Add seahorse-daemon to firecfg * Drop blacklist /tmp/.X11-unix from seahorse.profile Thanks to @rusty-snake for pointing out blacklisting /tmp/.X11-unix is ridiculous for GUI's. * Add non-GUI option to seahorse-daemon --- src/firecfg/firecfg.config | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index f1be8bfd9..7531206f5 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -432,6 +432,7 @@ scallion scribus sdat2img seahorse +seahorse-daemon seahorse-tool seamonkey seamonkey-bin -- cgit v1.2.3-54-g00ecf From 11dcc154cc301bdc44d109b73ca3c5fae569ac5c Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Sat, 16 Mar 2019 17:49:31 +0000 Subject: Follow-up on flatpak/snap support (#2601) * Remove obsolete snap support from disable-programs.inc * Remove obsolete snap support from pycharm-community.profile * Update RELNOTES to reflect non-existing/dropped flatpak/snap support * Update firejail.txt to reflect flatpak/snap packages are not supported --- RELNOTES | 1 + etc/disable-programs.inc | 1 - etc/pycharm-community.profile | 1 - src/man/firejail.txt | 4 ++++ 4 files changed, 5 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/RELNOTES b/RELNOTES index d780cc823..ff8c9eba9 100644 --- a/RELNOTES +++ b/RELNOTES @@ -8,6 +8,7 @@ firejail (0.9.59) baseline; urgency=low * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings * new profiles: code-oss, pragha * memory-deny-write-execute now also blocks memfd_create + * drop support for flatpak/snap packages firejail (0.9.58,2) baseline; urgency=low * cgroup flag in /etc/firejail/firejail.config file diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e2eaea38b..976c3610e 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -6,7 +6,6 @@ blacklist ${HOME}/Arduino blacklist ${HOME}/Monero/wallets blacklist ${HOME}/Nextcloud/Notes blacklist ${HOME}/Standard Notes Backups -blacklist ${HOME}/snap blacklist ${HOME}/wallet.dat blacklist ${HOME}/.*coin blacklist ${HOME}/.8pecxstudios diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index bfe8b614e..3caaacf09 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile @@ -5,7 +5,6 @@ include pycharm-community.local # Persistent global definitions include globals.local -noblacklist ${HOME}/snap noblacklist ${HOME}/.PyCharmCE* noblacklist ${HOME}/.python-history noblacklist ${HOME}/.java diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 8146d1a2e..048db098c 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -48,6 +48,10 @@ Firejail allows the user to manage application security using security profiles. Each profile defines a set of permissions for a specific application or group of applications. The software includes security profiles for a number of more common Linux programs, such as Mozilla Firefox, Chromium, VLC, Transmission etc. +.PP +Alternative sandbox technologies like snap (https://snapcraft.io/) and flatpak (https://flatpak.org/) +are not supported. Snap and flatpak packages have their own native management tools and will +not work when sandboxed with Firejail. .SH USAGE Without any options, the sandbox consists of a filesystem build in a new mount namespace, -- cgit v1.2.3-54-g00ecf