diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index a1fd91890..b4f33e922 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -112,7 +112,9 @@ blacklist ${HOME}/.cache/discover blacklist ${HOME}/.cache/dnox blacklist ${HOME}/.cache/dolphin blacklist ${HOME}/.cache/dolphin-emu +blacklist ${HOME}/.cache/efreet blacklist ${HOME}/.cache/ephemeral +blacklist ${HOME}/.cache/ephoto blacklist ${HOME}/.cache/epiphany blacklist ${HOME}/.cache/evolution blacklist ${HOME}/.cache/falkon @@ -458,6 +460,7 @@ blacklist ${HOME}/.config/emailidentities blacklist ${HOME}/.config/emilia blacklist ${HOME}/.config/enchant blacklist ${HOME}/.config/eog +blacklist ${HOME}/.config/ephoto blacklist ${HOME}/.config/epiphany blacklist ${HOME}/.config/equalx blacklist ${HOME}/.config/evince diff --git a/etc/profile-a-l/ephoto.profile b/etc/profile-a-l/ephoto.profile new file mode 100644 index 000000000..7706e8331 --- /dev/null +++ b/etc/profile-a-l/ephoto.profile @@ -0,0 +1,77 @@ +# Firejail profile for ephoto +# Description: A Comprehensive Image Viewer Using EFL +# This file is overwritten after every install/update +# Persistent local customizations +include ephoto.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.cache/efreet +noblacklist ${HOME}/.cache/ephoto +noblacklist ${HOME}/.config/ephoto +noblacklist ${DESKTOP} +noblacklist ${DOWNLOADS} +noblacklist ${PICTURES} + +# Allow lua (blacklisted by disable-interpreters.inc) +include allow-lua.inc + +blacklist /usr/libexec + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-proc.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.config/ephoto +whitelist ${HOME}/.cache/efreet +whitelist ${HOME}/.cache/ephoto +whitelist ${HOME}/.config/ephoto +whitelist ${DESKTOP} +whitelist ${DOWNLOADS} +whitelist ${PICTURES} +whitelist /usr/share/elementary +whitelist /usr/share/ephoto +include whitelist-common.inc +include whitelist-run-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +machine-id +net none +no3d +nodvd +nogroups +noinput +nonewprivs +noprinters +noroot +nosound +notv +nou2f +novideo +protocol unix +seccomp +seccomp.block-secondary +tracelog + +#disable-mnt +private-bin efreetd,ephoto +private-cache +private-dev +private-etc @x11 +private-tmp + +dbus-user none +dbus-system none + +memory-deny-write-execute +restrict-namespaces diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index b730a8f19..e22dd48d1 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -261,6 +261,7 @@ enpass eog eom ephemeral +ephoto #epiphany # see #2995 equalx erd