Commit 2ded013d authored by CoffeeFou's avatar CoffeeFou Committed by Lorenzo "Palinuro" Faletra
Browse files

Import Debian changes 0.9.56-2parrot2

firejail (0.9.56-2parrot2) testing; urgency=medium

  [ CoffeeFou ]
  * Fix discord profile.

  [ Lorenzo "Palinuro" Faletra ]
  * Fix torbrowser-launcher startup.
  * Fix firefox profile (dbus and qbittorrent integration).
  * Disable torbrowser-launcher profile (let's use apparmor for it).
parent 44ff19cd
firejail (0.9.56-2parrot2) testing; urgency=medium
[ CoffeeFou ]
* Fix discord profile.
[ Lorenzo "Palinuro" Faletra ]
* Fix torbrowser-launcher startup.
* Fix firefox profile (dbus and qbittorrent integration).
* Disable torbrowser-launcher profile (let's use apparmor for it).
-- CoffeeFou <coffeefou@protonmail.com> Thu, 18 Oct 2018 14:20:22 +0200
firejail (0.9.56-2parrot1) testing; urgency=medium
* Import new Debian patch to disable unwanted tests.
......
Description: Adjust firejail profiles for Parrot OS
Author: Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org>
Last-Update: 2018-09-26
Description: <short summary of the patch>
TODO: Put a short summary on the line above and replace this paragraph
with a longer explanation of this change. Complete the meta-information
with other relevant fields (see below for details). To make it easier, the
information below has been extracted from the changelog. Adjust it or drop
it.
.
firejail (0.9.56-2parrot2) testing; urgency=medium
.
[ CoffeeFou ]
* Fix discord profile.
.
[ Lorenzo "Palinuro" Faletra ]
* Fix torbrowser-launcher startup.
* Fix firefox profile (dbus and qbittorrent integration).
* Disable torbrowser-launcher profile (let's use apparmor for it).
Author: CoffeeFou <coffeefou@protonmail.com>
---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:
Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: 2018-10-18
Index: firejail-0.9.56/etc/android-studio.profile
===================================================================
--- firejail-0.9.56.orig/etc/android-studio.profile
+++ firejail-0.9.56/etc/android-studio.profile
@@ -15,6 +15,9 @@ noblacklist ${HOME}/.java
......@@ -13,11 +38,9 @@ Index: firejail-0.9.56/etc/android-studio.profile
+noblacklist ${DOWNLOADS}
+noblacklist ${DESKTOP}
+noblacklist ${DOCUMENTS}
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-passwdmgr.inc
Index: firejail-0.9.56/etc/ardour5.profile
===================================================================
--- firejail-0.9.56.orig/etc/ardour5.profile
+++ firejail-0.9.56/etc/ardour5.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/ardour5
......@@ -26,25 +49,46 @@ Index: firejail-0.9.56/etc/ardour5.profile
noblacklist ${DOCUMENTS}
+noblacklist ${DOWNLOADS}
noblacklist ${MUSIC}
include /etc/firejail/disable-common.inc
@@ -34,7 +35,7 @@ shell none
#private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm
private-cache
-private-dev
+#private-dev
#private-etc pulse,X11,alternatives,ardour4,ardour5,fonts,machine-id,asound.conf
private-tmp
Index: firejail-0.9.56/etc/bleachbit.profile
===================================================================
--- firejail-0.9.56.orig/etc/atril.profile
+++ firejail-0.9.56/etc/atril.profile
@@ -9,6 +9,8 @@ include /etc/firejail/globals.local
noblacklist ${HOME}/.cache/atril
noblacklist ${HOME}/.config/atril
noblacklist ${DOCUMENTS}
+noblacklist ${DESKTOP}
+noblacklist ${DOWNLOADS}
#noblacklist ${HOME}/.local/share
# it seems to use only ${HOME}/.local/share/webkitgtk
@@ -38,9 +40,9 @@ seccomp
shell none
tracelog
-private-bin atril, atril-previewer, atril-thumbnailer
+#private-bin atril, atril-previewer, atril-thumbnailer, alternatives
private-dev
-private-etc fonts,ld.so.cache
+private-etc fonts,ld.so.cache,alternatives
# atril uses webkit gtk to display epub files
# waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0
#private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit
--- firejail-0.9.56.orig/etc/bleachbit.profile
+++ firejail-0.9.56/etc/bleachbit.profile
@@ -12,9 +12,9 @@ noblacklist ${PATH}/python3*
noblacklist /usr/lib/python2*
noblacklist /usr/lib/python3*
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-interpreters.inc
......@@ -53,7 +97,7 @@ Index: firejail-0.9.56/etc/bleachbit.profile
+#include /etc/firejail/disable-interpreters.inc
include /etc/firejail/disable-passwdmgr.inc
# include /etc/firejail/disable-programs.inc
@@ -24,8 +24,8 @@ no3d
nodbus
nodvd
......@@ -65,27 +109,23 @@ Index: firejail-0.9.56/etc/bleachbit.profile
nosound
notv
novideo
Index: firejail-0.9.56/etc/discord-common.profile
===================================================================
--- firejail-0.9.56.orig/etc/discord-common.profile
+++ firejail-0.9.56/etc/discord-common.profile
@@ -26,7 +26,7 @@ seccomp
private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh
private-dev
-private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies
+private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,alternatives
+private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf
private-tmp
noexec ${HOME}
Index: firejail-0.9.56/etc/eom.profile
===================================================================
--- firejail-0.9.56.orig/etc/eom.profile
+++ firejail-0.9.56/etc/eom.profile
@@ -11,11 +11,11 @@ noblacklist ${HOME}/.config/mate/eom
noblacklist ${HOME}/.local/share/Trash
noblacklist ${HOME}/.steam
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-devel.inc
+#include /etc/firejail/disable-common.inc
......@@ -94,23 +134,40 @@ Index: firejail-0.9.56/etc/eom.profile
include /etc/firejail/disable-passwdmgr.inc
-include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-programs.inc
include /etc/firejail/whitelist-var-common.inc
@@ -42,6 +42,6 @@ private-etc fonts
private-lib
private-tmp
-#memory-deny-write-execute - breaks on Arch
+memory-deny-write-execute
noexec ${HOME}
noexec /tmp
Index: firejail-0.9.56/etc/firefox-common.profile
===================================================================
--- firejail-0.9.56.orig/etc/firefox-common-addons.inc
+++ firejail-0.9.56/etc/firefox-common-addons.inc
@@ -51,6 +51,7 @@ whitelist ${HOME}/.wine-pipelight
whitelist ${HOME}/.wine-pipelight64
whitelist ${HOME}/.zotero
whitelist ${HOME}/dwhelper
+whitelist ${HOME}/.config/qBittorrent
# GNOME Shell integration (chrome-gnome-shell) needs dbus and python 3 (blacklisted by disable-interpreters.inc)
noblacklist ${HOME}/.local/share/gnome-shell
--- firejail-0.9.56.orig/etc/firefox-common.profile
+++ firejail-0.9.56/etc/firefox-common.profile
@@ -7,7 +7,7 @@ include /etc/firejail/firefox-common.loc
#include /etc/firejail/globals.local
# uncomment the following line to allow access to common programs/addons/plugins
-#include /etc/firejail/firefox-common-addons.inc
+include /etc/firejail/firefox-common-addons.inc
noblacklist ${HOME}/.pki
@@ -18,6 +18,11 @@ include /etc/firejail/disable-programs.i
mkdir ${HOME}/.pki
whitelist ${DOWNLOADS}
+whitelist ${DOCUMENTS}
......@@ -121,9 +178,18 @@ Index: firejail-0.9.56/etc/firefox-common.profile
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc
include /etc/firejail/whitelist-var-common.inc
@@ -29,7 +34,7 @@ caps.drop all
netfilter
# Breaks Gnome connector - disable if you use that
# Also seems to break Ubuntu titlebar menu
-nodbus
+#nodbus
nodvd
nogroups
nonewprivs
@@ -42,9 +47,10 @@ shell none
#tracelog
disable-mnt
-private-dev
+#disabled because of u2f devices support
......@@ -132,21 +198,19 @@ Index: firejail-0.9.56/etc/firefox-common.profile
-#private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache
+private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache,alternatives
private-tmp
noexec ${HOME}
Index: firejail-0.9.56/etc/geany.profile
===================================================================
--- firejail-0.9.56.orig/etc/geany.profile
+++ firejail-0.9.56/etc/geany.profile
@@ -8,7 +8,7 @@ include /etc/firejail/globals.local
noblacklist ${HOME}/.config/geany
-include /etc/firejail/disable-common.inc
+#include /etc/firejail/disable-common.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
@@ -17,8 +17,8 @@ netfilter
no3d
nodvd
......@@ -159,34 +223,30 @@ Index: firejail-0.9.56/etc/geany.profile
notv
novideo
@@ -28,4 +28,4 @@ shell none
private-cache
private-dev
-private-tmp
+#private-tmp
Index: firejail-0.9.56/etc/keepassxc.profile
===================================================================
--- firejail-0.9.56.orig/etc/keepassxc.profile
+++ firejail-0.9.56/etc/keepassxc.profile
@@ -41,10 +41,10 @@ shell none
private-bin keepassxc
private-dev
-private-etc fonts,ld.so.cache,machine-id
+private-etc fonts,ld.so.cache,machine-id,alternatives
private-tmp
-# 2.2.4 crashes on database open
+# 2.3.1 does not seem to properly unlock the kdbx file
#memory-deny-write-execute
noexec ${HOME}
noexec /tmp
Index: firejail-0.9.56/etc/libreoffice.profile
===================================================================
--- firejail-0.9.56.orig/etc/libreoffice.profile
+++ firejail-0.9.56/etc/libreoffice.profile
@@ -26,7 +26,7 @@ include /etc/firejail/whitelist-var-comm
# Ubuntu 18.04 uses its own apparmor profile
# uncomment the next line if you are not on Ubuntu
-#apparmor
......@@ -194,8 +254,6 @@ Index: firejail-0.9.56/etc/libreoffice.profile
caps.drop all
machine-id
netfilter
Index: firejail-0.9.56/etc/qbittorrent.profile
===================================================================
--- firejail-0.9.56.orig/etc/qbittorrent.profile
+++ firejail-0.9.56/etc/qbittorrent.profile
@@ -26,7 +26,12 @@ include /etc/firejail/disable-programs.i
......@@ -212,21 +270,17 @@ Index: firejail-0.9.56/etc/qbittorrent.profile
whitelist ${HOME}/.cache/qBittorrent
whitelist ${HOME}/.config/qBittorrent
whitelist ${HOME}/.config/qBittorrentrc
Index: firejail-0.9.56/etc/steam.profile
===================================================================
--- firejail-0.9.56.orig/etc/steam.profile
+++ firejail-0.9.56/etc/steam.profile
@@ -71,7 +71,7 @@ shell none
#private-bin eog,eom,gthumb,pix,viewnior,xviewer
# private-dev should be commented for controllers
-private-dev
+#private-dev
# private-etc breaks a small selection of games on some systems, comment to support those
private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives,bumblebee,nvidia,os-release
private-tmp
Index: firejail-0.9.56/etc/thunderbird.profile
===================================================================
--- firejail-0.9.56.orig/etc/thunderbird.profile
+++ firejail-0.9.56/etc/thunderbird.profile
@@ -22,6 +22,9 @@ whitelist ${HOME}/.cache/thunderbird
......@@ -236,12 +290,12 @@ Index: firejail-0.9.56/etc/thunderbird.profile
+whitelist ${DOWNLOADS}
+whitelist ${DESKTOP}
+whitelist ${DOCUMENTS}
# We need the real /tmp for data exchange when xdg-open handles email attachments on KDE
ignore private-tmp
@@ -32,9 +35,9 @@ read-only ${HOME}/.config/mimeapps.list
writable-run-user
# If you want to read local mail stored in /var/mail, add the following to thunderbird.local:
-# noblacklist /var/mail
-# noblacklist /var/spool/mail
......@@ -249,11 +303,9 @@ Index: firejail-0.9.56/etc/thunderbird.profile
+noblacklist /var/mail
+noblacklist /var/spool/mail
+writable-var
# allow browsers
# Redirect
Index: firejail-0.9.56/etc/torbrowser-launcher.profile
===================================================================
--- firejail-0.9.56.orig/etc/torbrowser-launcher.profile
+++ firejail-0.9.56/etc/torbrowser-launcher.profile
@@ -35,11 +35,11 @@ netfilter
......@@ -277,14 +329,12 @@ Index: firejail-0.9.56/etc/torbrowser-launcher.profile
-private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache
+private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache,alternatives
private-tmp
noexec /tmp
Index: firejail-0.9.56/etc/uget-gtk.profile
===================================================================
--- firejail-0.9.56.orig/etc/uget-gtk.profile
+++ firejail-0.9.56/etc/uget-gtk.profile
@@ -14,6 +14,11 @@ include /etc/firejail/disable-programs.i
mkdir ${HOME}/.config/uGet
whitelist ${DOWNLOADS}
+whitelist ${DOCUMENTS}
......@@ -294,9 +344,7 @@ Index: firejail-0.9.56/etc/uget-gtk.profile
+whitelist ${DESKTOP}
whitelist ${HOME}/.config/uGet
include /etc/firejail/whitelist-common.inc
Index: firejail-0.9.56/etc/virtualbox.profile
===================================================================
--- firejail-0.9.56.orig/etc/virtualbox.profile
+++ firejail-0.9.56/etc/virtualbox.profile
@@ -22,6 +22,8 @@ mkdir ${HOME}/VirtualBox VMs
......@@ -307,9 +355,7 @@ Index: firejail-0.9.56/etc/virtualbox.profile
+whitelist ${DOCUMENTS}
include /etc/firejail/whitelist-common.inc
include /etc/firejail/whitelist-var-common.inc
Index: firejail-0.9.56/src/firecfg/firecfg.config
===================================================================
--- firejail-0.9.56.orig/src/firecfg/firecfg.config
+++ firejail-0.9.56/src/firecfg/firecfg.config
@@ -30,7 +30,7 @@ arch-audit
......@@ -339,28 +385,12 @@ Index: firejail-0.9.56/src/firecfg/firecfg.config
clamtk
claws-mail
clementine
Index: firejail-0.9.56/etc/atril.profile
===================================================================
--- firejail-0.9.56.orig/etc/atril.profile
+++ firejail-0.9.56/etc/atril.profile
@@ -9,6 +9,8 @@ include /etc/firejail/globals.local
noblacklist ${HOME}/.cache/atril
noblacklist ${HOME}/.config/atril
noblacklist ${DOCUMENTS}
+noblacklist ${DESKTOP}
+noblacklist ${DOWNLOADS}
#noblacklist ${HOME}/.local/share
# it seems to use only ${HOME}/.local/share/webkitgtk
@@ -38,9 +40,9 @@ seccomp
shell none
tracelog
-private-bin atril, atril-previewer, atril-thumbnailer
+#private-bin atril, atril-previewer, atril-thumbnailer, alternatives
private-dev
-private-etc fonts,ld.so.cache
+private-etc fonts,ld.so.cache,alternatives
# atril uses webkit gtk to display epub files
# waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0
#private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit
@@ -408,7 +408,7 @@ tor-browser-fr
tor-browser-it
tor-browser-ja
tor-browser-ko
-torbrowser-launcher
+#torbrowser-launcher
tor-browser-pl
tor-browser-pt-br
tor-browser-ru
......@@ -26,7 +26,7 @@ seccomp
private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh
private-dev
private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf
private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies
private-tmp
noexec ${HOME}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment