Merge pull request #457 from Fred-Barclay/proposed

Aweather && Stellarium

Makefile.in

@@ -169,6 +169,8 @@ realinstall:
 	install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/gpredict.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/aweather.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/stellarium.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
 	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
 	rm -fr .etc

README

@@ -19,9 +19,9 @@ Firejail Authors:
 
 netblue30 (netblue30@yahoo.com)
 curiosity-seeker (https://github.com/curiosity-seeker)
-        - tightening unbound and dnscrypt-proxy profiles
-        - dnsmasq profile
-        - okular and gwenview profiles
+    - tightening unbound and dnscrypt-proxy profiles
+    - dnsmasq profile
+    - okular and gwenview profiles
 Matthew Gyurgyik (https://github.com/pyther)
 	- rpm spec and several fixes
 Joan Figueras (https://github.com/figue)
@@ -35,6 +35,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
 	- added Warzone2100 profile
 	- blacklisted VeraCrypt
 	- added Gpredict profile
+	- added Aweather, Stellarium profiles
 avoidr (https://github.com/avoidr)
 	- whitelist fix
 	- recently-used.xbel fix

README.md

@@ -282,5 +282,5 @@ $ man firejail-profile
 ## New security profiles
 lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
 OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,
-Warzone2100, okular, gwenview, Gpredict
+Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium
 

etc/aweather.profile

@@ -0,0 +1,23 @@
+# Firejail profile for aweather.
+
+# Noblacklist
+noblacklist ~/.config/aweather
+
+# Include
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+# Call these options
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+
+# Whitelist
+mkdir ~/.config
+mkdir ~/.config/aweather
+whitelist ~/.config/aweather

etc/disable-programs.inc

@@ -5,10 +5,13 @@ blacklist ${HOME}/.FBReader
 blacklist ${HOME}/.wine
 blacklist ${HOME}/.Mathematica
 blacklist ${HOME}/.Wolfram Research
+blacklist ${HOME}/.stellarium
 blacklist ${HOME}/.config/mupen64plus
 blacklist ${HOME}/.config/transmission
 blacklist ${HOME}/.config/uGet
 blacklist ${HOME}/.config/Gpredict
+blacklist ${HOME}/.config/aweather
+blacklist ${HOME}/.config/stellarium
 blacklist ~/.kde/share/apps/okular
 blacklist ~/.kde/share/config/okularrc
 blacklist ~/.kde/share/config/okularpartrc

etc/stellarium.profile

@@ -0,0 +1,27 @@
+# Firejail profile for Stellarium.
+
+# Noblacklist
+noblacklist ~/.stellarium
+noblacklist ~/.config/stellarium
+
+# Include
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+# Call these options
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+
+# Whitelist
+mkdir ~/.stellarium
+whitelist ~/.stellarium
+
+mkdir ~/.config
+mkdir ~/.config/stellarium
+whitelist ~/.config/stellarium

platform/debian/conffiles

@@ -88,3 +88,5 @@
 /etc/firejail/okular.profile
 /etc/firejail/gwenview.profile
 /etc/firejail/gpredict.profile
+/etc/firejail/aweather.profile
+/etc/firejail/stellarium.profile

src/firecfg/firecfg.config

@@ -4,6 +4,10 @@
 
 # astronomy
 gpredict
+stellarium
+
+# weather/climate
+aweather
 
 # browsers/email
 firefox
@@ -78,6 +82,7 @@ quassel
 xchat
 
 # games
+0ad
 hedgewars
 wesnot
 warzone2100