github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #732] New profiles #497

New issue

Closed

opened 2026-05-05 05:58:56 -06:00 by gitea-mirror · 8 comments

gitea-mirror commented

2026-05-05 05:58:56 -06:00

Owner

Originally created by @nyancat18 on GitHub (Aug 19, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/732

Hi, could you add profiles for these softwares?: Openshot and Scribus.

Best regards

Originally created by @nyancat18 on GitHub (Aug 19, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/732 Hi, could you add profiles for these softwares?: Openshot and Scribus. Best regards

gitea-mirror

2026-05-05 05:58:56 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 05:59:05 -06:00

Author

Owner

@nyancat18 commented on GitHub (Aug 19, 2016):

openshot --noprofile
http://gpaste.us/10fa5eb8

openshot
http://gpaste.us/39acb542

scribus
http://gpaste.us/9582a448

scribus --noprofile
http://gpaste.us/00a59ba9

@nyancat18 commented on GitHub (Aug 19, 2016): openshot --noprofile http://gpaste.us/10fa5eb8 openshot http://gpaste.us/39acb542 scribus http://gpaste.us/9582a448 scribus --noprofile http://gpaste.us/00a59ba9

gitea-mirror commented

2026-05-05 05:59:07 -06:00

Author

Owner

@lheckemann commented on GitHub (Aug 19, 2016):

You should use firejail --noprofile openshot, because otherwise --noprofile would be interpreted as an option for openshot (while it's actually intended for firejail).

It also seems like openshot isn't starting because it's not found. Scribus is also missing some files. Which distro are you running and how did you install Scribus and Openshot?

Side note, please use some other site than gpaste.us which is almost completely dysfunctional as a result of its adverts/popups. Beyond that, it claims to be secure while still enabling unencrypted HTTP connections... GitHub Gist is a nicer option.

@lheckemann commented on GitHub (Aug 19, 2016): You should use `firejail --noprofile openshot`, because otherwise `--noprofile` would be interpreted as an option for openshot (while it's actually intended for firejail). It also seems like openshot isn't starting because it's not found. Scribus is also missing some files. Which distro are you running and how did you install Scribus and Openshot? Side note, please use some other site than gpaste.us which is almost completely dysfunctional as a result of its adverts/popups. Beyond that, it claims to be secure while still enabling unencrypted HTTP connections... [GitHub Gist](https://gist.github.com/) is a nicer option.

gitea-mirror commented

2026-05-05 05:59:11 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Aug 20, 2016):

For Openshot, at least, this one seems to do the trick:

# Blacklist/Whitelist

blacklist /usr/local/bin
blacklist /usr/local/sbin
blacklist /media
blacklist /mnt
blacklist /boot

# I use Downloads as my data transfer directory
whitelist ${HOME}/Downloads/
whitelist ${HOME}/Videos/

# Config files
whitelist ${HOME}/.openshot/
whitelist ${HOME}/.gtkrc-2.0
# My GTK 2.0 config is in two files
# whitelist ${HOME}/.gtkrc.mine

private-bin openshot,python,dbus-launch
private-tmp

noroot
protocol unix
shell none
seccomp
caps.drop all

Note that I haven't tested the profile extensively, so some random things may break 😉

@chiraag-nataraj commented on GitHub (Aug 20, 2016): For Openshot, at least, this one seems to do the trick: ``` # Blacklist/Whitelist blacklist /usr/local/bin blacklist /usr/local/sbin blacklist /media blacklist /mnt blacklist /boot # I use Downloads as my data transfer directory whitelist ${HOME}/Downloads/ whitelist ${HOME}/Videos/ # Config files whitelist ${HOME}/.openshot/ whitelist ${HOME}/.gtkrc-2.0 # My GTK 2.0 config is in two files # whitelist ${HOME}/.gtkrc.mine private-bin openshot,python,dbus-launch private-tmp noroot protocol unix shell none seccomp caps.drop all ``` Note that I haven't tested the profile extensively, so some random things may break :wink:

gitea-mirror commented

2026-05-05 05:59:13 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Aug 20, 2016):

Here's a profile for Scribus:

# Blacklist/Whitelist

blacklist /usr/local/bin
blacklist /usr/local/sbin
blacklist /media
blacklist /mnt
blacklist /boot

# I use Downloads as my data transfer directory
whitelist ${HOME}/Downloads/
whitelist ${HOME}/Documents/

# Config files
whitelist ${HOME}/.scribus/
whitelist ${HOME}/.gtkrc-2.0
# My GTK 2.0 config is in two files
# whitelist ${HOME}/.gtkrc.mine
whitelist ${HOME}/.config/Trolltech.conf

private-bin scribus,dbus-launch,gs
private-tmp

noroot
protocol unix
shell none
seccomp
caps.drop all

Same disclaimer as above.

@chiraag-nataraj commented on GitHub (Aug 20, 2016): Here's a profile for Scribus: ``` # Blacklist/Whitelist blacklist /usr/local/bin blacklist /usr/local/sbin blacklist /media blacklist /mnt blacklist /boot # I use Downloads as my data transfer directory whitelist ${HOME}/Downloads/ whitelist ${HOME}/Documents/ # Config files whitelist ${HOME}/.scribus/ whitelist ${HOME}/.gtkrc-2.0 # My GTK 2.0 config is in two files # whitelist ${HOME}/.gtkrc.mine whitelist ${HOME}/.config/Trolltech.conf private-bin scribus,dbus-launch,gs private-tmp noroot protocol unix shell none seccomp caps.drop all ``` Same disclaimer as above.

gitea-mirror commented

2026-05-05 05:59:16 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Aug 20, 2016):

The ones above are probably too restrictive to include @netblue30 but...I think they work pretty well and are super-tight profiles

@chiraag-nataraj commented on GitHub (Aug 20, 2016): The ones above are probably too restrictive to include @netblue30 but...I think they work pretty well and are super-tight profiles

gitea-mirror commented

2026-05-05 05:59:19 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Aug 22, 2016):

@triceratops1 Do the profiles I gave above work for you?

@chiraag-nataraj commented on GitHub (Aug 22, 2016): @triceratops1 Do the profiles I gave above work for you?

gitea-mirror commented

2026-05-05 05:59:24 -06:00

Author

Owner

@nyancat18 commented on GitHub (Aug 29, 2016):

yes, but i have a small question
for openshot-qt this would work?

  # Blacklist/Whitelist

blacklist /usr/local/bin
blacklist /usr/local/sbin
blacklist /media
blacklist /mnt
blacklist /boot

# I use Downloads as my data transfer directory
whitelist ${HOME}/Downloads/
whitelist ${HOME}/Videos/

# Config files
whitelist ${HOME}/.openshot-qt/
whitelist ${HOME}/.kde4
# My GTK 2.0 config is in two files
# whitelist ${HOME}/.kde4/share/config/kdebugrc

private-bin openshot-qt,python,dbus-launch
private-tmp

noroot
protocol unix
shell none
seccomp
caps.drop all

pd, your profiles "scribus + openshot" works very fine, thanks

@nyancat18 commented on GitHub (Aug 29, 2016): yes, but i have a small question for openshot-qt this would work? ``` # Blacklist/Whitelist blacklist /usr/local/bin blacklist /usr/local/sbin blacklist /media blacklist /mnt blacklist /boot # I use Downloads as my data transfer directory whitelist ${HOME}/Downloads/ whitelist ${HOME}/Videos/ # Config files whitelist ${HOME}/.openshot-qt/ whitelist ${HOME}/.kde4 # My GTK 2.0 config is in two files # whitelist ${HOME}/.kde4/share/config/kdebugrc private-bin openshot-qt,python,dbus-launch private-tmp noroot protocol unix shell none seccomp caps.drop all ``` pd, your profiles "scribus + openshot" works very fine, thanks

gitea-mirror commented

2026-05-05 05:59:26 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 1, 2016):

Moved to https://github.com/netblue30/firejail/issues/825

@netblue30 commented on GitHub (Oct 1, 2016): Moved to https://github.com/netblue30/firejail/issues/825

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#497

No description provided.

Rows
Columns