github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

new profiles

Browse source
This commit is contained in:
netblue30 2021-05-20 08:21:45 -04:00
parent b79e4416fe
commit eb30ce54e7
9 changed files with 175 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -335,4 +335,4 @@ pcsxr, PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2, bcompare, b2sum, c
sha256sum, sha384sum, sha512sum, sum, librewold-nightly, Quodlibet, tmux, sway, alienarena, alienarena-wrapper,
ballbuster, ballbuster-wrapper, colorful, colorful-wrapper, gl-117, gl-117-wrapper, glaxium, glaxium-wrapper,
pinball, pinball-wrapper, etr-wrapper, neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, firedragon
neochat, node, nvm, cargo
neochat, node, nvm, cargo, LibreCAD, blobby, funnyboat

2
RELNOTES
View file

@ -29,7 +29,7 @@ firejail (0.9.65) baseline; urgency=low
* colorful, colorful-wrapper, gl-117, gl-117-wrapper, glaxium,
* glaxium-wrapper, pinball, pinball-wrapper, etr-wrapper, firedragon
* neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, neochat,
* cargo
* cargo, LibreCAD, blobby, funnyboat
-- netblue30 <netblue30@yahoo.com> Tue, 9 Feb 2021 09:00:00 -0500
firejail (0.9.64.4) baseline; urgency=low

4
etc/inc/disable-programs.inc
View file

@ -57,6 +57,7 @@ blacklist ${HOME}/.balsa
blacklist ${HOME}/.bcast5
blacklist ${HOME}/.bibletime
blacklist ${HOME}/.bitcoin
blacklist ${HOME}/.blobby
blacklist ${HOME}/.bogofilter
blacklist ${HOME}/.bzf
blacklist ${HOME}/.cargo/advisory-db
@ -109,6 +110,7 @@ blacklist ${HOME}/.config/Jitsi Meet
blacklist ${HOME}/.config/KDE/neochat
blacklist ${HOME}/.config/Kid3
blacklist ${HOME}/.config/Kingsoft
blacklist ${HOME}/.config/LibreCAD
blacklist ${HOME}/.config/Loop_Hero
blacklist ${HOME}/.config/Luminance
blacklist ${HOME}/.config/LyX
@ -494,6 +496,7 @@ blacklist ${HOME}/.freecol
blacklist ${HOME}/.freemind
blacklist ${HOME}/.frogatto
blacklist ${HOME}/.frozen-bubble
blacklist ${HOME}/.funnyboat
blacklist ${HOME}/.gimp*
blacklist ${HOME}/.gist
blacklist ${HOME}/.gitconfig
@ -606,6 +609,7 @@ blacklist ${HOME}/.local/share/Flavio Tordini
blacklist ${HOME}/.local/share/JetBrains
blacklist ${HOME}/.local/share/KDE/neochat
blacklist ${HOME}/.local/share/Kingsoft
blacklist ${HOME}/.local/share/LibreCAD
blacklist ${HOME}/.local/share/Mendeley Ltd.
blacklist ${HOME}/.local/share/Mumble
blacklist ${HOME}/.local/share/Nextcloud

52
etc/profile-a-l/blobby.profile Normal file
View file

@ -0,0 +1,52 @@
# Firejail profile for blobby
# Persistent local customizations
include blobby.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.blobby
include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-shell.inc
include disable-xdg.inc
mkdir ${HOME}/.blobby
whitelist ${HOME}/.blobby
include whitelist-common.inc
whitelist /usr/share/blobby
include whitelist-usr-share-common.inc
include whitelist-var-common.inc
apparmor
caps.drop all
ipc-namespace
netfilter
nodvd
nogroups
noinput
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet,netlink,
netfilter
seccomp
shell none
tracelog
disable-mnt
private-bin blobby,
private-lib
private-dev
private-etc hosts,group,asound.conf,alsa,machine-id,pulse,drirc,login.defs,passwd,
private-tmp
dbus-user none
dbus-system none
memory-deny-write-execute

2
etc/profile-a-l/etr.profile
View file

@ -20,6 +20,8 @@ include disable-xdg.inc
mkdir ${HOME}/.etr
whitelist ${HOME}/.etr
whitelist /usr/share/etr
# Debian version
whitelist /usr/share/games/etr
include whitelist-common.inc
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc

57
etc/profile-a-l/funnyboat.profile Normal file
View file

@ -0,0 +1,57 @@
# Firejail profile for default
# This file is overwritten after every install/update
# Persistent local customizations
include funnyboat.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.funnyboat
include disable-common.inc
include disable-devel.inc
ignore noexec /dev/shm
include disable-exec.inc
include allow-python2.inc
include allow-python3.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
# include disable-shell.inc
include disable-write-mnt.inc
include disable-xdg.inc
mkdir ${HOME}/.funnyboat
whitelist ${HOME}/.funnyboat
include whitelist-common.inc
include whitelist-runuser-common.inc
whitelist /usr/share/funnyboat
# Debian:
whitelist /usr/share/games/funnyboat
include whitelist-usr-share-common.inc
include whitelist-var-common.inc
apparmor
caps.drop all
ipc-namespace
netfilter
nodvd
nogroups
noinput
nonewprivs
noroot
notv
novideo
protocol unix,inet,inet6
seccomp
shell none
# tracelog
disable-mnt
private-cache
private-dev
private-tmp
dbus-user none
dbus-system none
memory-deny-write-execute

50
etc/profile-a-l/librecad.profile Normal file
View file

@ -0,0 +1,50 @@
# Firejail profile for librecad
# Persistent local customizations
include librecad.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.config/LibreCAD
noblacklist ${HOME}/.local/share/LibreCAD
include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-shell.inc
include disable-xdg.inc
whitelist /usr/share/librecad
include whitelist-usr-share-common.inc
include whitelist-var-common.inc
apparmor
caps.drop all
ipc-namespace
netfilter
nodvd
#nogroups
#noinput
nonewprivs
noroot
notv
#nou2f
novideo
protocol unix,inet,inet6,
netfilter
seccomp
shell none
#tracelog
#disable-mnt
private-bin librecad,
#private-lib
private-dev
# private-etc cups,drirc,fonts,xdg,passwd,
private-tmp
dbus-user none
dbus-system none
memory-deny-write-execute

10
src/fbuilder/main.c
View file

@ -39,7 +39,7 @@ printf("\n");
int i;
int prog_index = 0;
FILE *fp = stdout;
int prof_file = 0;
char *prof_file = NULL;
// parse arguments and extract program index
for (i = 1; i < argc; i++) {
@ -70,8 +70,7 @@ printf("\n");
fprintf(stderr, "Error: cannot open profile file.\n");
exit(1);
}
prof_file = 1;
// do nothing, this is passed down from firejail
prof_file = argv[i] + 8;
}
else {
if (*argv[i] == '-') {
@ -87,8 +86,11 @@ printf("\n");
if (prog_index == 0) {
fprintf(stderr, "Error : program and arguments required\n");
usage();
if (prof_file)
if (prof_file) {
fclose(fp);
int rv = unlink(prof_file);
(void) rv;
}
exit(1);
}

2
src/firecfg/firecfg.config
View file

@ -271,6 +271,7 @@ freetube
freshclam
frogatto
frozen-bubble
funnyboat
gajim
gajim-history-manager
galculator
@ -443,6 +444,7 @@ kube
kwrite
leafpad
# less - breaks man
librecad
libreoffice
librewolf
librewolf-nightly