From 90f527234a62021466991c3f349e45cefbf79acd Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Sun, 19 Jun 2016 09:29:50 +1000 Subject: [PATCH] added libreoffice profile --- Makefile.in | 1 + README | 1 + README.md | 2 +- RELNOTES | 2 +- etc/disable-programs.inc | 1 + etc/libreoffice.profile | 14 ++++++++++++++ platform/debian/conffiles | 1 + src/firecfg/firecfg.config | 1 + 8 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 etc/libreoffice.profile diff --git a/Makefile.in b/Makefile.in index 8726e4211..7f21811f5 100644 --- a/Makefile.in +++ b/Makefile.in @@ -196,6 +196,7 @@ realinstall: install -c -m 0644 .etc/gthumb.profile $(DESTDIR)/$(sysconfdir)/firejail/. install -c -m 0644 .etc/mpv.profile $(DESTDIR)/$(sysconfdir)/firejail/. install -c -m 0644 .etc/franz.profile $(DESTDIR)/$(sysconfdir)/firejail/. + install -c -m 0644 .etc/libreoffice.profile $(DESTDIR)/$(sysconfdir)/firejail/. sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/. rm -fr .etc diff --git a/README b/README index 0f825fd8e..8c15b17a2 100644 --- a/README +++ b/README @@ -87,6 +87,7 @@ Fred-Barclay (https://github.com/Fred-Barclay) - added Brave profile - added Gitter profile - various organising + - added Libreoffice profile Petter Reinholdtsen (pere@hungry.com) - Opera profile patch n1trux (https://github.com/n1trux) diff --git a/README.md b/README.md index 69890ffaf..c53823304 100644 --- a/README.md +++ b/README.md @@ -77,4 +77,4 @@ Office: evince, gthumb, fbreader ## New security profiles -Gitter, gThumb, mpv, Franz messenger +Gitter, gThumb, mpv, Franz messenger, LibreOffice diff --git a/RELNOTES b/RELNOTES index 04a9d7cbb..4a698620b 100644 --- a/RELNOTES +++ b/RELNOTES @@ -3,7 +3,7 @@ firejail (0.9.41) baseline; urgency=low * compile time and run time support to disable whitelists * compile time support to disable global configuration file * some profiles have been converted to private-bin - * new profiles: Gitter, gThumb, mpv, Franz messenger + * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice -- netblue30 Tue, 31 May 2016 08:00:00 -0500 firejail (0.9.40) baseline; urgency=low diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6e79b3be0..6c166c186 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -16,6 +16,7 @@ blacklist ${HOME}/.config/stellarium blacklist ${HOME}/.config/atril blacklist ${HOME}/.config/xreader blacklist ${HOME}/.config/xviewer +blacklist $(HOME)/.config/libreoffice blacklist ${HOME}/.kde/share/apps/okular blacklist ${HOME}/.kde/share/config/okularrc blacklist ${HOME}/.kde/share/config/okularpartrc diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile new file mode 100644 index 000000000..9056b1df2 --- /dev/null +++ b/etc/libreoffice.profile @@ -0,0 +1,14 @@ +# Firejail profile for LibreOffice +noblacklist ~/.config/libreoffice +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6,netlink +seccomp +tracelog diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 3ada0256a..6635a594b 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -106,3 +106,4 @@ /etc/firejail/gthumb.profile /etc/firejail/mpv.profile /etc/firejail/franz.profile +/etc/firejail/libreoffice.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index e31a7c12a..eeac7a088 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -106,6 +106,7 @@ evince fbreader gwenview gthumb +LibreOffice Mathematica mathematica okular