Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add strawberry profile #3459

Merged
merged 10 commits into from
Jun 11, 2020
Merged

Add strawberry profile #3459

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
b302d0f
Add strawberry profile
aminvakil Jun 8, 2020
f73f4c6
Fix comment
aminvakil Jun 8, 2020
53501b9
Add to disable-programs.inc & firecfg.config
aminvakil Jun 8, 2020
0df862a
Add /home/amin/.local/share/strawberry to profile and disable-programs
aminvakil Jun 8, 2020
baeed81
Various hardening for strawberry profile
aminvakil Jun 9, 2020
6846d47
Change nodbus to dbus-system none in strawberry profile
aminvakil Jun 9, 2020
7672c81
Add dbus-user none to strawberry profile
aminvakil Jun 9, 2020
511f68c
Add whitelist-var-common, sort private-etc
aminvakil Jun 9, 2020
fd13b8f
Sort, Add wruc, Add netlink to protocol in strawberry profile
aminvakil Jun 9, 2020
5657221
Remove dbus-user none to allow using gnome functions for various usag…
aminvakil Jun 9, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions etc/inc/disable-programs.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,7 @@ blacklist ${HOME}/.config/specialmailcollectionsrc
blacklist ${HOME}/.config/spotify
blacklist ${HOME}/.config/sqlitebrowser
blacklist ${HOME}/.config/stellarium
blacklist ${HOME}/.config/strawberry
blacklist ${HOME}/.config/supertuxkart
blacklist ${HOME}/.config/synfig
blacklist ${HOME}/.config/teams
Expand Down Expand Up @@ -644,6 +645,7 @@ blacklist ${HOME}/.local/share/scribus
blacklist ${HOME}/.local/share/signal-cli
blacklist ${HOME}/.local/share/spotify
blacklist ${HOME}/.local/share/steam
blacklist ${HOME}/.local/share/strawberry
blacklist ${HOME}/.local/share/supertux2
blacklist ${HOME}/.local/share/supertuxkart
blacklist ${HOME}/.local/share/swell-foop
Expand Down Expand Up @@ -897,6 +899,7 @@ blacklist ${HOME}/.cache/simple-scan
blacklist ${HOME}/.cache/slimjet
blacklist ${HOME}/.cache/snox
blacklist ${HOME}/.cache/spotify
blacklist ${HOME}/.cache/strawberry
blacklist ${HOME}/.cache/supertuxkart
blacklist ${HOME}/.cache/systemsettings
blacklist ${HOME}/.cache/telepathy
Expand Down
49 changes: 49 additions & 0 deletions etc/profile-m-z/strawberry.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Firejail profile for strawberry
# Description: A music player and music collection organizer
# This file is overwritten after every install/update
# Persistent local customizations
include strawberry.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/.cache/strawberry
noblacklist ${HOME}/.config/strawberry
aminvakil marked this conversation as resolved.
Show resolved Hide resolved
noblacklist ${HOME}/.local/share/strawberry
noblacklist ${MUSIC}

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
aminvakil marked this conversation as resolved.
Show resolved Hide resolved
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc

include whitelist-usr-share-common.inc
include whitelist-var-common.inc

apparmor
caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet,inet6
# blacklisting of ioprio_set system calls breaks strawberry
seccomp !ioprio_set
aminvakil marked this conversation as resolved.
Show resolved Hide resolved
shell none
tracelog

private-bin strawberry,strawberry-tagreader
private-cache
private-dev
rusty-snake marked this conversation as resolved.
Show resolved Hide resolved
private-etc ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,nsswitch.conf,pki,resolv.conf,ssl
disable-mnt
aminvakil marked this conversation as resolved.
Show resolved Hide resolved
private-tmp
aminvakil marked this conversation as resolved.
Show resolved Hide resolved

dbus-user none
dbus-system none
1 change: 1 addition & 0 deletions src/firecfg/firecfg.config
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -635,6 +635,7 @@ steam
steam-native
steam-runtime
stellarium
strawberry
strings
studio.sh
subdownloader
Expand Down