diff --git a/README b/README index 4284fb07d..e402ffe9b 100644 --- a/README +++ b/README @@ -96,6 +96,8 @@ BogDan Vatra (https://github.com/bog-dan-ro) Bruno Nova (https://github.com/brunonova) - whitelist fix - bash arguments fix +BytesTuner (https://github.com/BytesTuner) + - provided keepassxc profile Cat (https://github.com/ecat3) - prevent tmux connecting to an existing session creideiki (https://github.com/creideiki) diff --git a/README.md b/README.md index 6efa2ed69..6a0448c16 100644 --- a/README.md +++ b/README.md @@ -195,4 +195,4 @@ goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nau simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, -Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview +Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc diff --git a/RELNOTES b/RELNOTES index 4766fdceb..2bae5f254 100644 --- a/RELNOTES +++ b/RELNOTES @@ -41,7 +41,7 @@ firejail (0.9.45) baseline; urgency=low * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, * new profies: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa - * new profiles: Scribus, mousepad, gpicview + * new profiles: Scribus, mousepad, gpicview, keepassxc * bugfixes -- netblue30 Sun, 23 Oct 2016 08:00:00 -0500 diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index b5260e897..a61516771 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc @@ -2,10 +2,12 @@ # Persistent customizations should go in a .local file. include /etc/firejail/disable-passwdmgr.local -blacklist ${HOME}/.lastpass -blacklist ${HOME}/.keepassx -blacklist ${HOME}/.keepass -blacklist ${HOME}/.password-store -blacklist ${HOME}/.config/keepassx -blacklist ${HOME}/.config/keepass blacklist ${HOME}/.config/KeePass +blacklist ${HOME}/.config/keepass +blacklist ${HOME}/.config/keepassx +blacklist ${HOME}/.config/keepassxc +blacklist ${HOME}/.keepass +blacklist ${HOME}/.keepassx +blacklist ${HOME}/.keepassxc +blacklist ${HOME}/.lastpass +blacklist ${HOME}/.password-store diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile new file mode 100644 index 000000000..b11a0cc5d --- /dev/null +++ b/etc/keepassxc.profile @@ -0,0 +1,29 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/keepassxc.local + +# Firejail profile for KeepassXC +noblacklist ${HOME}/.config/keepassxc +noblacklist ${HOME}/.keepassxc +noblacklist ${HOME}/.*kdbx +noblacklist ${HOME}/.*kdb + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +net none +nogroups +nonewprivs +noroot +nosound +#protocol unix +seccomp +shell none + +private-bin keepassxc +#private-etc fonts +#private-dev +private-tmp diff --git a/platform/debian/conffiles b/platform/debian/conffiles index a31f13200..414d1bb93 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -113,6 +113,7 @@ /etc/firejail/keepass2.profile /etc/firejail/keepassx.profile /etc/firejail/keepassx2.profile +/etc/firejail/keepassxc.profile /etc/firejail/kmail.profile /etc/firejail/konversation.profile /etc/firejail/less.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 5bfd94736..d85d751f4 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -193,6 +193,7 @@ keepass keepass2 keepassx keepassx2 +keepassxc mousepad pluma Thunar