summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar smitsohu <smitsohu@gmail.com>2019-06-28 15:59:33 +0200
committerLibravatar smitsohu <smitsohu@gmail.com>2019-06-28 15:59:33 +0200
commit9ed832429026b7814802da9d389e19051907c925 (patch)
tree0d2af7c0b8536d27462db766ed70c5f742b153d6
parentsimplify octal esc conversion, minor adjustments (diff)
parentAdd fonts to private-etc in udiskie profile (diff)
downloadfirejail-9ed832429026b7814802da9d389e19051907c925.tar.gz
firejail-9ed832429026b7814802da9d389e19051907c925.tar.zst
firejail-9ed832429026b7814802da9d389e19051907c925.zip
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat
-rw-r--r--.github/pull_request_template.md17
-rw-r--r--Makefile.in1
-rw-r--r--README6
-rw-r--r--README.md9
-rw-r--r--RELNOTES2
-rwxr-xr-xconfigure111
-rw-r--r--configure.ac30
-rwxr-xr-xcontrib/sort.py115
-rw-r--r--etc/Builder.profile1
-rw-r--r--etc/Cheese.profile1
-rw-r--r--etc/Cyberfox.profile1
-rw-r--r--etc/Discord.profile3
-rw-r--r--etc/DiscordCanary.profile3
-rw-r--r--etc/Documents.profile1
-rw-r--r--etc/FossaMail.profile1
-rw-r--r--etc/Gitter.profile1
-rw-r--r--etc/Logs.profile1
-rw-r--r--etc/Maps.profile1
-rw-r--r--etc/Natron.profile1
-rw-r--r--etc/PPSSPPQt.profile9
-rw-r--r--etc/Telegram.profile1
-rw-r--r--etc/VirtualBox.profile1
-rw-r--r--etc/abrowser.profile1
-rw-r--r--etc/ardour4.profile1
-rw-r--r--etc/atom-beta.profile6
-rw-r--r--etc/atril-previewer.profile4
-rw-r--r--etc/atril-thumbnailer.profile4
-rw-r--r--etc/autokey-gtk.profile2
-rw-r--r--etc/autokey-qt.profile2
-rw-r--r--etc/autokey-run.profile2
-rw-r--r--etc/autokey-shell.profile2
-rw-r--r--etc/baloo_filemetadata_temp_extractor.profile3
-rw-r--r--etc/beaker.profile3
-rw-r--r--etc/blender-2.8.profile1
-rw-r--r--etc/bsdcat.profile1
-rw-r--r--etc/bsdcpio.profile1
-rw-r--r--etc/calligraauthor.profile1
-rw-r--r--etc/calligraconverter.profile1
-rw-r--r--etc/calligraflow.profile1
-rw-r--r--etc/calligraplan.profile1
-rw-r--r--etc/calligraplanwork.profile1
-rw-r--r--etc/calligrasheets.profile1
-rw-r--r--etc/calligrastage.profile1
-rw-r--r--etc/calligrawords.profile1
-rw-r--r--etc/chromium-browser.profile1
-rw-r--r--etc/chromium-common.profile2
-rw-r--r--etc/cinelerra.profile1
-rw-r--r--etc/clamdscan.profile1
-rw-r--r--etc/clamdtop.profile1
-rw-r--r--etc/clamscan.profile1
-rw-r--r--etc/clocks.profile1
-rw-r--r--etc/cryptocat.profile1
-rw-r--r--etc/curl.profile5
-rw-r--r--etc/cvlc.profile3
-rw-r--r--etc/disable-programs.inc1
-rw-r--r--etc/discord-canary.profile3
-rw-r--r--etc/discord-common.profile2
-rw-r--r--etc/discord.profile3
-rw-r--r--etc/dnscrypt-proxy.profile5
-rw-r--r--etc/dooble-qt4.profile1
-rw-r--r--etc/eo-common.profile2
-rw-r--r--etc/evince-previewer.profile1
-rw-r--r--etc/evince-thumbnailer.profile1
-rw-r--r--etc/ffplay.profile1
-rw-r--r--etc/ffprobe.profile1
-rw-r--r--etc/firefox-beta.profile4
-rw-r--r--etc/firefox-common.profile2
-rw-r--r--etc/firefox-developer-edition.profile4
-rw-r--r--etc/firefox-esr.profile4
-rw-r--r--etc/firefox-nightly.profile4
-rw-r--r--etc/firefox-wayland.profile4
-rw-r--r--etc/fossamail.profile3
-rw-r--r--etc/freecadcmd.profile1
-rw-r--r--etc/gconf-editor.profile1
-rw-r--r--etc/gconf-merge-schema.profile1
-rw-r--r--etc/gconf-merge-tree.profile1
-rw-r--r--etc/gconfpkg.profile1
-rw-r--r--etc/gconftool-2.profile1
-rw-r--r--etc/ghb.profile1
-rw-r--r--etc/gimp-2.10.profile1
-rw-r--r--etc/gimp-2.8.profile1
-rw-r--r--etc/google-chrome-stable.profile1
-rw-r--r--etc/google-earth-pro.profile7
-rw-r--r--etc/gsettings-data-convert.profile1
-rw-r--r--etc/gsettings-schema-convert.profile1
-rw-r--r--etc/gtar.profile1
-rw-r--r--etc/handbrake-gtk.profile1
-rw-r--r--etc/icedove.profile3
-rw-r--r--etc/iceweasel.profile3
-rw-r--r--etc/idea.profile4
-rw-r--r--etc/ideaIC.profile4
-rw-r--r--etc/inkview.profile3
-rw-r--r--etc/iridium-browser.profile1
-rw-r--r--etc/jdownloader.profile4
-rw-r--r--etc/jerry.profile41
-rw-r--r--etc/karbon.profile1
-rw-r--r--etc/keepass2.profile1
-rw-r--r--etc/keepassxc-cli.profile1
-rw-r--r--etc/keepassxc-proxy.profile1
-rw-r--r--etc/knotes.profile4
-rw-r--r--etc/lbunzip2.profile1
-rw-r--r--etc/lbzcat.profile1
-rw-r--r--etc/lbzip2.profile1
-rw-r--r--etc/lobase.profile1
-rw-r--r--etc/localc.profile1
-rw-r--r--etc/lodraw.profile1
-rw-r--r--etc/loffice.profile1
-rw-r--r--etc/lofromtemplate.profile1
-rw-r--r--etc/loimpress.profile1
-rw-r--r--etc/lomath.profile1
-rw-r--r--etc/loweb.profile1
-rw-r--r--etc/lowriter.profile1
-rw-r--r--etc/lrunzip.profile1
-rw-r--r--etc/lrz.profile1
-rw-r--r--etc/lrzcat.profile1
-rw-r--r--etc/lrzip.profile1
-rw-r--r--etc/lrztar.profile1
-rw-r--r--etc/lrzuntar.profile1
-rw-r--r--etc/lzcat.profile1
-rw-r--r--etc/lzcmp.profile1
-rw-r--r--etc/lzdiff.profile1
-rw-r--r--etc/lzegrep.profile1
-rw-r--r--etc/lzfgrep.profile1
-rw-r--r--etc/lzgrep.profile1
-rw-r--r--etc/lzip.profile1
-rw-r--r--etc/lzless.profile1
-rw-r--r--etc/lzma.profile1
-rw-r--r--etc/lzmadec.profile1
-rw-r--r--etc/lzmainfo.profile1
-rw-r--r--etc/lzmore.profile1
-rw-r--r--etc/masterpdfeditor4.profile1
-rw-r--r--etc/masterpdfeditor5.profile1
-rw-r--r--etc/mate-calculator.profile1
-rw-r--r--etc/mathematica.profile1
-rw-r--r--etc/mp3wrap.profile3
-rw-r--r--etc/ms-excel.profile3
-rw-r--r--etc/ms-onenote.profile3
-rw-r--r--etc/ms-outlook.profile3
-rw-r--r--etc/ms-powerpoint.profile3
-rw-r--r--etc/ms-word.profile3
-rw-r--r--etc/neverputt.profile9
-rw-r--r--etc/nitroshare-cli.profile1
-rw-r--r--etc/nitroshare-nmh.profile1
-rw-r--r--etc/nitroshare-send.profile1
-rw-r--r--etc/nitroshare-ui.profile1
-rw-r--r--etc/oggsplt.profile3
-rw-r--r--etc/openshot-qt.profile1
-rw-r--r--etc/qt-faststart.profile1
-rw-r--r--etc/riot-desktop.profile3
-rw-r--r--etc/riot-web.profile3
-rw-r--r--etc/rnano.profile2
-rw-r--r--etc/rocketchat.profile3
-rw-r--r--etc/runenpass.sh.profile1
-rw-r--r--etc/rview.profile4
-rw-r--r--etc/rvim.profile4
-rw-r--r--etc/seamonkey-bin.profile1
-rw-r--r--etc/soffice.profile1
-rw-r--r--etc/ssh-agent.profile1
-rw-r--r--etc/ssh.profile1
-rw-r--r--etc/start-tor-browser.desktop.profile3
-rw-r--r--etc/steam-native.profile1
-rw-r--r--etc/studio.sh.profile1
-rw-r--r--etc/sysprof-cli.profile1
-rw-r--r--etc/telegram-desktop.profile1
-rw-r--r--etc/thunar.profile1
-rw-r--r--etc/transmission-create.profile1
-rw-r--r--etc/transmission-edit.profile1
-rw-r--r--etc/transmission-remote-cli.profile1
-rw-r--r--etc/transmission-remote-gtk.profile1
-rw-r--r--etc/udiskie.profile2
-rw-r--r--etc/unbound.profile6
-rw-r--r--etc/unlzma.profile1
-rw-r--r--etc/unxz.profile1
-rw-r--r--etc/vimcat.profile4
-rw-r--r--etc/vimdiff.profile4
-rw-r--r--etc/vimpager.profile4
-rw-r--r--etc/vimtutor.profile4
-rw-r--r--etc/vivaldi-beta.profile1
-rw-r--r--etc/vivaldi-stable.profile1
-rw-r--r--etc/vscodium.profile1
-rw-r--r--etc/weechat-curses.profile1
-rw-r--r--etc/wireshark-gtk.profile1
-rw-r--r--etc/wireshark-qt.profile1
-rw-r--r--etc/xlinks.profile3
-rw-r--r--etc/xonotic-glx.profile1
-rw-r--r--etc/xonotic-sdl.profile1
-rw-r--r--etc/xplayer-audio-preview.profile4
-rw-r--r--etc/xplayer-video-thumbnailer.profile4
-rw-r--r--etc/xreader-previewer.profile4
-rw-r--r--etc/xreader-thumbnailer.profile4
-rw-r--r--etc/xxd.profile4
-rw-r--r--etc/xz.profile1
-rw-r--r--etc/xzcat.profile1
-rw-r--r--etc/xzcmp.profile1
-rw-r--r--etc/xzdiff.profile1
-rw-r--r--etc/xzegrep.profile1
-rw-r--r--etc/xzfgrep.profile1
-rw-r--r--etc/xzgrep.profile1
-rw-r--r--etc/xzless.profile1
-rw-r--r--etc/xzmore.profile1
-rw-r--r--src/common.mk.in3
-rw-r--r--src/firecfg/firecfg.config3
-rw-r--r--src/firejail/checkcfg.c8
-rw-r--r--src/firejail/main.c3
-rw-r--r--src/firejail/x11.c18
-rwxr-xr-xtest/compile/compile.sh20
206 files changed, 504 insertions, 236 deletions
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 000000000..28ee1c436
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,17 @@
1If you make a PR for new profiles or changeing profiles please do the following:
2 - The ordering of options follow the rules descripted in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template).
3 Hint: The profile-template is very new, if you install firejail with your package-manager, it maybe missing, therefore, and to follow the latest rules, it is recommended to use the template from the repository.
4 - Order the arguments of options alphabetical, you can easy do this with the [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py).
5 The path to it depends on your distro:
6
7 | Distro | Path |
8 | ------ | ---- |
9 | Arch/Fedora | `/lib64/firejail/sort.py` |
10 | Debian/Ubuntu/Mint | `/usr/lib/x86_64-linux-gnu/firejail/sort.py` |
11 | local git clone | `contrib/sort.py` |
12
13 Note also that the sort.py script exists only since firejail `0.9.61`.
14
15If you have no idea how to do one of these, you can open the PR anyway.
16
17See also [CONTRIBUTING.md](/CONTRIBUTING.md).
diff --git a/Makefile.in b/Makefile.in
index 9d0dd69b1..9d21419bc 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -115,6 +115,7 @@ ifeq ($(HAVE_CONTRIB_INSTALL),yes)
115 install -c -m 0755 contrib/fjdisplay.py $(DESTDIR)/$(libdir)/firejail/. 115 install -c -m 0755 contrib/fjdisplay.py $(DESTDIR)/$(libdir)/firejail/.
116 install -c -m 0755 contrib/fjresize.py $(DESTDIR)/$(libdir)/firejail/. 116 install -c -m 0755 contrib/fjresize.py $(DESTDIR)/$(libdir)/firejail/.
117 install -c -m 0755 contrib/fj-mkdeb.py $(DESTDIR)/$(libdir)/firejail/. 117 install -c -m 0755 contrib/fj-mkdeb.py $(DESTDIR)/$(libdir)/firejail/.
118 install -c -m 0755 contrib/sort.py $(DESTDIR)/$(libdir)/firejail/.
118endif 119endif
119 # documents 120 # documents
120 install -m 0755 -d $(DESTDIR)/$(DOCDIR) 121 install -m 0755 -d $(DESTDIR)/$(DOCDIR)
diff --git a/README b/README
index 4d488dbae..55edc0ebe 100644
--- a/README
+++ b/README
@@ -23,9 +23,11 @@ $ git clone https://github.com/netblue30/firejail.git
23$ cd firejail 23$ cd firejail
24$ ./configure && make && sudo make install-strip 24$ ./configure && make && sudo make install-strip
25 25
26On Debian/Ubuntu you will need to install git and a compiler: 26On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor
27development libraries and pkg-config are required when using --apparmor
28./configure option:
27 29
28$ sudo apt-get install build-essential 30$ sudo apt-get install git build-essential libapparmor-dev pkg-config
29 31
30 32
31 33
diff --git a/README.md b/README.md
index 46370e6a5..e1a79120a 100644
--- a/README.md
+++ b/README.md
@@ -45,9 +45,11 @@ $ git clone https://github.com/netblue30/firejail.git
45$ cd firejail 45$ cd firejail
46$ ./configure && make && sudo make install-strip 46$ ./configure && make && sudo make install-strip
47````` 47`````
48On Debian/Ubuntu you will need to install git and a compiler: 48On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor
49development libraries and pkg-config are required when using --apparmor
50./configure option:
49````` 51`````
50$ sudo apt-get install git build-essential 52$ sudo apt-get install git build-essential libapparmor-dev pkg-config
51````` 53`````
52 54
53 55
@@ -113,4 +115,5 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
113 115
114## New profiles: 116## New profiles:
115 117
116klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark, keepassxc-cli, keepassxc-proxy, newsbeuter, rhythmbox-client 118klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark, keepassxc-cli, keepassxc-proxy, newsbeuter, rhythmbox-client,
119jerry
diff --git a/RELNOTES b/RELNOTES
index 0a3a0a011..a00a27b32 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -4,7 +4,7 @@ firejail (0.9.61) baseline; urgency=low
4 * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks 4 * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
5 * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder 5 * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
6 * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli 6 * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli
7 * new profiles: keepassxc-proxy, rhythmbox-client 7 * new profiles: keepassxc-proxy, rhythmbox-client, jerry
8 -- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500 8 -- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500
9 9
10firejail (0.9.60) baseline; urgency=low 10firejail (0.9.60) baseline; urgency=low
diff --git a/configure b/configure
index 6102a470e..fda292896 100755
--- a/configure
+++ b/configure
@@ -642,6 +642,7 @@ HAVE_GLOBALCFG
642HAVE_CHROOT 642HAVE_CHROOT
643HAVE_SECCOMP 643HAVE_SECCOMP
644HAVE_PRIVATE_HOME 644HAVE_PRIVATE_HOME
645HAVE_FIRETUNNEL
645HAVE_OVERLAYFS 646HAVE_OVERLAYFS
646EXTRA_LDFLAGS 647EXTRA_LDFLAGS
647EXTRA_CFLAGS 648EXTRA_CFLAGS
@@ -681,7 +682,6 @@ infodir
681docdir 682docdir
682oldincludedir 683oldincludedir
683includedir 684includedir
684runstatedir
685localstatedir 685localstatedir
686sharedstatedir 686sharedstatedir
687sysconfdir 687sysconfdir
@@ -706,6 +706,7 @@ ac_user_opts='
706enable_option_checking 706enable_option_checking
707enable_apparmor 707enable_apparmor
708enable_overlayfs 708enable_overlayfs
709enable_firetunnel
709enable_private_home 710enable_private_home
710enable_seccomp 711enable_seccomp
711enable_chroot 712enable_chroot
@@ -773,7 +774,6 @@ datadir='${datarootdir}'
773sysconfdir='${prefix}/etc' 774sysconfdir='${prefix}/etc'
774sharedstatedir='${prefix}/com' 775sharedstatedir='${prefix}/com'
775localstatedir='${prefix}/var' 776localstatedir='${prefix}/var'
776runstatedir='${localstatedir}/run'
777includedir='${prefix}/include' 777includedir='${prefix}/include'
778oldincludedir='/usr/include' 778oldincludedir='/usr/include'
779docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' 779docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1026,15 +1026,6 @@ do
1026 | -silent | --silent | --silen | --sile | --sil) 1026 | -silent | --silent | --silen | --sile | --sil)
1027 silent=yes ;; 1027 silent=yes ;;
1028 1028
1029 -runstatedir | --runstatedir | --runstatedi | --runstated \
1030 | --runstate | --runstat | --runsta | --runst | --runs \
1031 | --run | --ru | --r)
1032 ac_prev=runstatedir ;;
1033 -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
1034 | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
1035 | --run=* | --ru=* | --r=*)
1036 runstatedir=$ac_optarg ;;
1037
1038 -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) 1029 -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
1039 ac_prev=sbindir ;; 1030 ac_prev=sbindir ;;
1040 -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ 1031 -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1172,7 +1163,7 @@ fi
1172for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ 1163for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
1173 datadir sysconfdir sharedstatedir localstatedir includedir \ 1164 datadir sysconfdir sharedstatedir localstatedir includedir \
1174 oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ 1165 oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
1175 libdir localedir mandir runstatedir 1166 libdir localedir mandir
1176do 1167do
1177 eval ac_val=\$$ac_var 1168 eval ac_val=\$$ac_var
1178 # Remove trailing slashes. 1169 # Remove trailing slashes.
@@ -1325,7 +1316,6 @@ Fine tuning of the installation directories:
1325 --sysconfdir=DIR read-only single-machine data [PREFIX/etc] 1316 --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
1326 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] 1317 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
1327 --localstatedir=DIR modifiable single-machine data [PREFIX/var] 1318 --localstatedir=DIR modifiable single-machine data [PREFIX/var]
1328 --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
1329 --libdir=DIR object code libraries [EPREFIX/lib] 1319 --libdir=DIR object code libraries [EPREFIX/lib]
1330 --includedir=DIR C header files [PREFIX/include] 1320 --includedir=DIR C header files [PREFIX/include]
1331 --oldincludedir=DIR C header files for non-gcc [/usr/include] 1321 --oldincludedir=DIR C header files for non-gcc [/usr/include]
@@ -1357,6 +1347,7 @@ Optional Features:
1357 --enable-FEATURE[=ARG] include FEATURE [ARG=yes] 1347 --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
1358 --enable-apparmor enable apparmor 1348 --enable-apparmor enable apparmor
1359 --disable-overlayfs disable overlayfs 1349 --disable-overlayfs disable overlayfs
1350 --disable-firetunnel disable firetunnel
1360 --disable-private-home disable private home feature 1351 --disable-private-home disable private home feature
1361 --disable-seccomp disable seccomp 1352 --disable-seccomp disable seccomp
1362 --disable-chroot disable chroot 1353 --disable-chroot disable chroot
@@ -3191,6 +3182,78 @@ else
3191 : 3182 :
3192fi 3183fi
3193 3184
3185{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-clash-protection" >&5
3186$as_echo_n "checking whether C compiler accepts -fstack-clash-protection... " >&6; }
3187if ${ax_cv_check_cflags___fstack_clash_protection+:} false; then :
3188 $as_echo_n "(cached) " >&6
3189else
3190
3191 ax_check_save_flags=$CFLAGS
3192 CFLAGS="$CFLAGS -fstack-clash-protection"
3193 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3194/* end confdefs.h. */
3195
3196int
3197main ()
3198{
3199
3200 ;
3201 return 0;
3202}
3203_ACEOF
3204if ac_fn_c_try_compile "$LINENO"; then :
3205 ax_cv_check_cflags___fstack_clash_protection=yes
3206else
3207 ax_cv_check_cflags___fstack_clash_protection=no
3208fi
3209rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3210 CFLAGS=$ax_check_save_flags
3211fi
3212{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_clash_protection" >&5
3213$as_echo "$ax_cv_check_cflags___fstack_clash_protection" >&6; }
3214if test "x$ax_cv_check_cflags___fstack_clash_protection" = xyes; then :
3215 HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-clash-protection"
3216
3217else
3218 :
3219fi
3220
3221{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-strong" >&5
3222$as_echo_n "checking whether C compiler accepts -fstack-protector-strong... " >&6; }
3223if ${ax_cv_check_cflags___fstack_protector_strong+:} false; then :
3224 $as_echo_n "(cached) " >&6
3225else
3226
3227 ax_check_save_flags=$CFLAGS
3228 CFLAGS="$CFLAGS -fstack-protector-strong"
3229 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3230/* end confdefs.h. */
3231
3232int
3233main ()
3234{
3235
3236 ;
3237 return 0;
3238}
3239_ACEOF
3240if ac_fn_c_try_compile "$LINENO"; then :
3241 ax_cv_check_cflags___fstack_protector_strong=yes
3242else
3243 ax_cv_check_cflags___fstack_protector_strong=no
3244fi
3245rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3246 CFLAGS=$ax_check_save_flags
3247fi
3248{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_strong" >&5
3249$as_echo "$ax_cv_check_cflags___fstack_protector_strong" >&6; }
3250if test "x$ax_cv_check_cflags___fstack_protector_strong" = xyes; then :
3251 HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-protector-strong"
3252
3253else
3254 :
3255fi
3256
3194 3257
3195HAVE_APPARMOR="" 3258HAVE_APPARMOR=""
3196# Check whether --enable-apparmor was given. 3259# Check whether --enable-apparmor was given.
@@ -3323,8 +3386,8 @@ if test "x$enable_apparmor" = "xyes"; then :
3323 HAVE_APPARMOR="-DHAVE_APPARMOR" 3386 HAVE_APPARMOR="-DHAVE_APPARMOR"
3324 3387
3325pkg_failed=no 3388pkg_failed=no
3326{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for AA" >&5 3389{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libapparmor" >&5
3327$as_echo_n "checking for AA... " >&6; } 3390$as_echo_n "checking for libapparmor... " >&6; }
3328 3391
3329if test -n "$AA_CFLAGS"; then 3392if test -n "$AA_CFLAGS"; then
3330 pkg_cv_AA_CFLAGS="$AA_CFLAGS" 3393 pkg_cv_AA_CFLAGS="$AA_CFLAGS"
@@ -3364,7 +3427,7 @@ fi
3364 3427
3365 3428
3366if test $pkg_failed = yes; then 3429if test $pkg_failed = yes; then
3367 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 3430 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3368$as_echo "no" >&6; } 3431$as_echo "no" >&6; }
3369 3432
3370if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then 3433if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
@@ -3391,7 +3454,7 @@ Alternatively, you may set the environment variables AA_CFLAGS
3391and AA_LIBS to avoid the need to call pkg-config. 3454and AA_LIBS to avoid the need to call pkg-config.
3392See the pkg-config man page for more details." "$LINENO" 5 3455See the pkg-config man page for more details." "$LINENO" 5
3393elif test $pkg_failed = untried; then 3456elif test $pkg_failed = untried; then
3394 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 3457 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3395$as_echo "no" >&6; } 3458$as_echo "no" >&6; }
3396 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 3459 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3397$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} 3460$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -3433,6 +3496,19 @@ if test "x$enable_overlayfs" != "xno"; then :
3433 3496
3434fi 3497fi
3435 3498
3499HAVE_FIRETUNNEL=""
3500# Check whether --enable-firetunnel was given.
3501if test "${enable_firetunnel+set}" = set; then :
3502 enableval=$enable_firetunnel;
3503fi
3504
3505if test "x$enable_firetunnel" != "xno"; then :
3506
3507 HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL"
3508
3509
3510fi
3511
3436HAVE_PRIVATEHOME="" 3512HAVE_PRIVATEHOME=""
3437# Check whether --enable-private-home was given. 3513# Check whether --enable-private-home was given.
3438if test "${enable_private_home+set}" = set; then : 3514if test "${enable_private_home+set}" = set; then :
@@ -5280,6 +5356,7 @@ echo " whitelisting: $HAVE_WHITELIST"
5280echo " private home support: $HAVE_PRIVATE_HOME" 5356echo " private home support: $HAVE_PRIVATE_HOME"
5281echo " file transfer support: $HAVE_FILE_TRANSFER" 5357echo " file transfer support: $HAVE_FILE_TRANSFER"
5282echo " overlayfs support: $HAVE_OVERLAYFS" 5358echo " overlayfs support: $HAVE_OVERLAYFS"
5359echo " firetunnel support: $HAVE_FIRETUNNEL"
5283echo " busybox workaround: $BUSYBOX_WORKAROUND" 5360echo " busybox workaround: $BUSYBOX_WORKAROUND"
5284echo " Spectre compiler patch: $HAVE_SPECTRE" 5361echo " Spectre compiler patch: $HAVE_SPECTRE"
5285echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" 5362echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS"
diff --git a/configure.ac b/configure.ac
index c3ca7d912..27dcb39c5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,3 +1,16 @@
1#
2# Note:
3#
4# If for any reason autoconf fails, run "autoreconf -i --install " and try again.
5# This is how the error looks like on Arch Linux:
6# ./configure: line 3064: syntax error near unexpected token `newline'
7# ./configure: line 3064: `AX_CHECK_COMPILE_FLAG('
8#
9# We rely solely on autoconf, without automake. Apparently, in this case
10# the macros from m4 directory are not picked up by default by automake.
11# "autoreconf -i --install" seems to fix the problem.
12#
13
1AC_PREREQ([2.68]) 14AC_PREREQ([2.68])
2AC_INIT(firejail, 0.9.61, netblue30@yahoo.com, , https://firejail.wordpress.com) 15AC_INIT(firejail, 0.9.61, netblue30@yahoo.com, , https://firejail.wordpress.com)
3AC_CONFIG_SRCDIR([src/firejail/main.c]) 16AC_CONFIG_SRCDIR([src/firejail/main.c])
@@ -17,6 +30,14 @@ AX_CHECK_COMPILE_FLAG(
17 [-mretpoline], 30 [-mretpoline],
18 [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"] 31 [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"]
19) 32)
33AX_CHECK_COMPILE_FLAG(
34 [-fstack-clash-protection],
35 [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-clash-protection"]
36)
37AX_CHECK_COMPILE_FLAG(
38 [-fstack-protector-strong],
39 [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-protector-strong"]
40)
20 41
21HAVE_APPARMOR="" 42HAVE_APPARMOR=""
22AC_ARG_ENABLE([apparmor], 43AC_ARG_ENABLE([apparmor],
@@ -39,6 +60,14 @@ AS_IF([test "x$enable_overlayfs" != "xno"], [
39 AC_SUBST(HAVE_OVERLAYFS) 60 AC_SUBST(HAVE_OVERLAYFS)
40]) 61])
41 62
63HAVE_FIRETUNNEL=""
64AC_ARG_ENABLE([firetunnel],
65 AS_HELP_STRING([--disable-firetunnel], [disable firetunnel]))
66AS_IF([test "x$enable_firetunnel" != "xno"], [
67 HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL"
68 AC_SUBST(HAVE_FIRETUNNEL)
69])
70
42HAVE_PRIVATEHOME="" 71HAVE_PRIVATEHOME=""
43AC_ARG_ENABLE([private-home], 72AC_ARG_ENABLE([private-home],
44 AS_HELP_STRING([--disable-private-home], [disable private home feature])) 73 AS_HELP_STRING([--disable-private-home], [disable private home feature]))
@@ -186,6 +215,7 @@ echo " whitelisting: $HAVE_WHITELIST"
186echo " private home support: $HAVE_PRIVATE_HOME" 215echo " private home support: $HAVE_PRIVATE_HOME"
187echo " file transfer support: $HAVE_FILE_TRANSFER" 216echo " file transfer support: $HAVE_FILE_TRANSFER"
188echo " overlayfs support: $HAVE_OVERLAYFS" 217echo " overlayfs support: $HAVE_OVERLAYFS"
218echo " firetunnel support: $HAVE_FIRETUNNEL"
189echo " busybox workaround: $BUSYBOX_WORKAROUND" 219echo " busybox workaround: $BUSYBOX_WORKAROUND"
190echo " Spectre compiler patch: $HAVE_SPECTRE" 220echo " Spectre compiler patch: $HAVE_SPECTRE"
191echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" 221echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS"
diff --git a/contrib/sort.py b/contrib/sort.py
new file mode 100755
index 000000000..d0fcabac2
--- /dev/null
+++ b/contrib/sort.py
@@ -0,0 +1,115 @@
1#!/usr/bin/env python3
2"""
3Sort the items of multi-item options in profiles, the following options are supported:
4 private-bin, private-etc, private-lib, caps.drop, caps.keep, seccomp.drop, seccomp.drop, protocol
5
6Usage:
7 $ ./sort.py /path/to/profile [ /path/to/profile2 /path/to/profile3 ... ]
8Keep in mind that this will overwrite your profile(s).
9
10Examples:
11 $ ./sort.py MyAwesomeProfile.profile
12 $ ./sort.py new_profile.profile second_new_profile.profile
13 $ ./sort.py ~/.config/firejail/*.{profile,inc,local}
14 $ sudo ./sort.py /etc/firejail/*.{profile,inc,local}
15
16Exit-Codes:
17 0: No Error; No Profile Fixed.
18 1: Error, one or more profiles were not processed correctly.
19 101: No Error; One or more profile were fixed.
20"""
21
22# Requirements:
23# python >= 3.6
24from sys import argv
25
26def sort_alphabetical(raw_items):
27 items = raw_items.split(",")
28 items.sort(key=lambda s: s.casefold())
29 return ",".join(items)
30
31def sort_protocol(protocols):
32 """sort the given protocole into this scheme: unix,inet,inet6,netlink,packet"""
33 # shortcut for common protocol lines
34 if protocols in ("unix", "unix,inet,inet6"):
35 return protocols
36 fixed_protocols = ""
37 present_protocols = {
38 "unix": False,
39 "inet": False,
40 "inet6": False,
41 "netlink": False,
42 "packet": False,
43 }
44 for protocol in protocols.split(","):
45 if protocol == "unix":
46 present_protocols["unix"] = True
47 elif protocol == "inet":
48 present_protocols["inet"] = True
49 elif protocol == "inet6":
50 present_protocols["inet6"] = True
51 elif protocol == "netlink":
52 present_protocols["netlink"] = True
53 elif protocol == "packet":
54 present_protocols["packet"] = True
55 if present_protocols["unix"]:
56 fixed_protocols += "unix,"
57 if present_protocols["inet"]:
58 fixed_protocols += "inet,"
59 if present_protocols["inet6"]:
60 fixed_protocols += "inet6,"
61 if present_protocols["netlink"]:
62 fixed_protocols += "netlink,"
63 if present_protocols["packet"]:
64 fixed_protocols += "packet,"
65 return fixed_protocols[:-1]
66
67def fix_profile(filename):
68 with open(filename, "r+") as profile:
69 lines = profile.read().split("\n")
70 was_fixed = False
71 fixed_profile = []
72 for line in lines:
73 if line[:12] in ("private-bin ", "private-etc ", "private-lib "):
74 fixed_line = f"{line[:12]}{sort_alphabetical(line[12:])}"
75 elif line[:13] in ("seccomp.drop ", "seccomp.keep "):
76 fixed_line = f"{line[:13]}{sort_alphabetical(line[13:])}"
77 elif line[:10] in ("caps.drop ", "caps.keep "):
78 fixed_line = f"{line[:10]}{sort_alphabetical(line[10:])}"
79 elif line[:8] == "protocol":
80 fixed_line = f"protocol {sort_protocol(line[9:])}"
81 else:
82 fixed_line = line
83 if fixed_line != line:
84 was_fixed = True
85 fixed_profile.append(fixed_line)
86 if was_fixed:
87 profile.seek(0)
88 profile.truncate()
89 profile.write("\n".join(fixed_profile))
90 profile.flush()
91 print(f"[ Fixed ] {filename}")
92 return 101
93 return 0
94
95def main(args):
96 exit_code = 0
97 for filename in args:
98 try:
99 if exit_code not in (1, 101):
100 exit_code = fix_profile(filename)
101 else:
102 fix_profile(filename)
103 except FileNotFoundError:
104 print(f"[ Error ] Can't find {filename}")
105 exit_code = 1
106 except PermissionError:
107 print(f"[ Error ] Can't read/write {filename}")
108 exit_code = 1
109 except:
110 print(f"[ Error ] An error occurred while processing {filename}")
111 exit_code = 1
112 return exit_code
113
114if __name__ == "__main__":
115 exit(main(argv[1:]))
diff --git a/etc/Builder.profile b/etc/Builder.profile
index 128e0dfe3..54b437441 100644
--- a/etc/Builder.profile
+++ b/etc/Builder.profile
@@ -1,7 +1,6 @@
1# Firejail profile for gnome-builder 1# Firejail profile for gnome-builder
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Temporary fix for https://github.com/netblue30/firejail/issues/2624 4# Temporary fix for https://github.com/netblue30/firejail/issues/2624
6# Redirect 5# Redirect
7include gnome-builder.profile 6include gnome-builder.profile
diff --git a/etc/Cheese.profile b/etc/Cheese.profile
index 4bfce53a9..5bb5064f0 100644
--- a/etc/Cheese.profile
+++ b/etc/Cheese.profile
@@ -1,7 +1,6 @@
1# Firejail profile for cheese 1# Firejail profile for cheese
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Temporary fix for https://github.com/netblue30/firejail/issues/2624 4# Temporary fix for https://github.com/netblue30/firejail/issues/2624
6# Redirect 5# Redirect
7include cheese.profile 6include cheese.profile
diff --git a/etc/Cyberfox.profile b/etc/Cyberfox.profile
index 2fb21e3cf..26a4348c9 100644
--- a/etc/Cyberfox.profile
+++ b/etc/Cyberfox.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for cyberfox 1# Firejail profile alias for cyberfox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include cyberfox.profile 5include cyberfox.profile
diff --git a/etc/Discord.profile b/etc/Discord.profile
index 9a8957265..3f274b21c 100644
--- a/etc/Discord.profile
+++ b/etc/Discord.profile
@@ -5,7 +5,6 @@ include Discord.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8
9noblacklist ${HOME}/.config/discord 8noblacklist ${HOME}/.config/discord
10 9
11mkdir ${HOME}/.config/discord 10mkdir ${HOME}/.config/discord
@@ -14,5 +13,5 @@ whitelist ${HOME}/.config/discord
14private-bin Discord 13private-bin Discord
15private-opt Discord 14private-opt Discord
16 15
17#Redirect 16# Redirect
18include discord-common.profile 17include discord-common.profile
diff --git a/etc/DiscordCanary.profile b/etc/DiscordCanary.profile
index 0624ff949..d24e73ed8 100644
--- a/etc/DiscordCanary.profile
+++ b/etc/DiscordCanary.profile
@@ -5,7 +5,6 @@ include DiscordCanary.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8
9noblacklist ${HOME}/.config/discordcanary 8noblacklist ${HOME}/.config/discordcanary
10 9
11mkdir ${HOME}/.config/discordcanary 10mkdir ${HOME}/.config/discordcanary
@@ -14,5 +13,5 @@ whitelist ${HOME}/.config/discordcanary
14private-bin DiscordCanary 13private-bin DiscordCanary
15private-opt DiscordCanary 14private-opt DiscordCanary
16 15
17#Redirect 16# Redirect
18include discord-common.profile 17include discord-common.profile
diff --git a/etc/Documents.profile b/etc/Documents.profile
index c965c55a8..171ab4357 100644
--- a/etc/Documents.profile
+++ b/etc/Documents.profile
@@ -1,7 +1,6 @@
1# Firejail profile for gnome-documents 1# Firejail profile for gnome-documents
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Temporary fix for https://github.com/netblue30/firejail/issues/2624 4# Temporary fix for https://github.com/netblue30/firejail/issues/2624
6# Redirect 5# Redirect
7include gnome-documents.profile 6include gnome-documents.profile
diff --git a/etc/FossaMail.profile b/etc/FossaMail.profile
index 55fd43515..9e1f61421 100644
--- a/etc/FossaMail.profile
+++ b/etc/FossaMail.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for fossamail 1# Firejail profile alias for fossamail
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include fossamail.profile 5include fossamail.profile
diff --git a/etc/Gitter.profile b/etc/Gitter.profile
index 53e66d108..a8bcb6a54 100644
--- a/etc/Gitter.profile
+++ b/etc/Gitter.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for Gitter 1# Firejail profile alias for Gitter
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include gitter.profile 5include gitter.profile
diff --git a/etc/Logs.profile b/etc/Logs.profile
index f82722ed4..431439f17 100644
--- a/etc/Logs.profile
+++ b/etc/Logs.profile
@@ -1,7 +1,6 @@
1# Firejail profile for gnome-logs 1# Firejail profile for gnome-logs
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Temporary fix for https://github.com/netblue30/firejail/issues/2624 4# Temporary fix for https://github.com/netblue30/firejail/issues/2624
6# Redirect 5# Redirect
7include gnome-logs.profile 6include gnome-logs.profile
diff --git a/etc/Maps.profile b/etc/Maps.profile
index b3fc03e38..c52d2f2da 100644
--- a/etc/Maps.profile
+++ b/etc/Maps.profile
@@ -1,7 +1,6 @@
1# Firejail profile for gnome-maps 1# Firejail profile for gnome-maps
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Temporary fix for https://github.com/netblue30/firejail/issues/2624 4# Temporary fix for https://github.com/netblue30/firejail/issues/2624
6# Redirect 5# Redirect
7include gnome-maps.profile 6include gnome-maps.profile
diff --git a/etc/Natron.profile b/etc/Natron.profile
index aadd68c5c..42c22bf67 100644
--- a/etc/Natron.profile
+++ b/etc/Natron.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for natron 1# Firejail profile alias for natron
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include natron.profile 5include natron.profile
diff --git a/etc/PPSSPPQt.profile b/etc/PPSSPPQt.profile
new file mode 100644
index 000000000..c5592f99c
--- /dev/null
+++ b/etc/PPSSPPQt.profile
@@ -0,0 +1,9 @@
1# Firejail profile for PPSSPPQt
2# This file is overwritten after every install/update
3# Persistent local customizations
4include PPSSPPQt.local
5# added by included profile
6#include globals.local
7
8# Redirect
9include ppsspp.profile
diff --git a/etc/Telegram.profile b/etc/Telegram.profile
index 51e4d9765..310e0237e 100644
--- a/etc/Telegram.profile
+++ b/etc/Telegram.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for telegram 1# Firejail profile alias for telegram
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include telegram.profile 5include telegram.profile
diff --git a/etc/VirtualBox.profile b/etc/VirtualBox.profile
index 5fe8f1c57..4c99ae9a3 100644
--- a/etc/VirtualBox.profile
+++ b/etc/VirtualBox.profile
@@ -2,6 +2,5 @@
2# Description: x86 virtualization solution 2# Description: x86 virtualization solution
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include virtualbox.profile 6include virtualbox.profile
diff --git a/etc/abrowser.profile b/etc/abrowser.profile
index 010247c6b..2e6e8f1af 100644
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@@ -16,6 +16,5 @@ whitelist ${HOME}/.mozilla
16# private-etc must first be enabled in firefox-common.profile 16# private-etc must first be enabled in firefox-common.profile
17#private-etc abrowser 17#private-etc abrowser
18 18
19
20# Redirect 19# Redirect
21include firefox-common.profile 20include firefox-common.profile
diff --git a/etc/ardour4.profile b/etc/ardour4.profile
index 5c22b57d0..4ad8dd456 100644
--- a/etc/ardour4.profile
+++ b/etc/ardour4.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for ardour5 1# Firejail profile alias for ardour5
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include ardour5.profile 5include ardour5.profile
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile
index 36baee5c4..c0ee2c492 100644
--- a/etc/atom-beta.profile
+++ b/etc/atom-beta.profile
@@ -2,5 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include atom-beta.local 4include atom-beta.local
5# Profile redirect 5# Persistent global definitions
6# added by included profile
7#include globals.local
8
9# Redirect
6include atom.profile 10include atom.profile
diff --git a/etc/atril-previewer.profile b/etc/atril-previewer.profile
index 3f24acefa..7f4697357 100644
--- a/etc/atril-previewer.profile
+++ b/etc/atril-previewer.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include atril-previewer.local 4include atril-previewer.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include atril.profile 10include atril.profile
diff --git a/etc/atril-thumbnailer.profile b/etc/atril-thumbnailer.profile
index de4a52514..8f6129ea6 100644
--- a/etc/atril-thumbnailer.profile
+++ b/etc/atril-thumbnailer.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include atril-thumbnailer.local 4include atril-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include atril.profile 10include atril.profile
diff --git a/etc/autokey-gtk.profile b/etc/autokey-gtk.profile
index 86168ba0d..7e398fc6b 100644
--- a/etc/autokey-gtk.profile
+++ b/etc/autokey-gtk.profile
@@ -7,5 +7,5 @@ include autokey-gtk.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10#Redirect 10# Redirect
11include autokey-common.profile 11include autokey-common.profile
diff --git a/etc/autokey-qt.profile b/etc/autokey-qt.profile
index f3877d829..1a2365681 100644
--- a/etc/autokey-qt.profile
+++ b/etc/autokey-qt.profile
@@ -7,5 +7,5 @@ include autokey-qt.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10#Redirect 10# Redirect
11include autokey-common.profile 11include autokey-common.profile
diff --git a/etc/autokey-run.profile b/etc/autokey-run.profile
index b70239022..dca1f4548 100644
--- a/etc/autokey-run.profile
+++ b/etc/autokey-run.profile
@@ -7,5 +7,5 @@ include autokey-run.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10#Redirect 10# Redirect
11include autokey-common.profile 11include autokey-common.profile
diff --git a/etc/autokey-shell.profile b/etc/autokey-shell.profile
index 5745fce77..def5809c2 100644
--- a/etc/autokey-shell.profile
+++ b/etc/autokey-shell.profile
@@ -7,5 +7,5 @@ include autokey-shell.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10#Redirect 10# Redirect
11include autokey-common.profile 11include autokey-common.profile
diff --git a/etc/baloo_filemetadata_temp_extractor.profile b/etc/baloo_filemetadata_temp_extractor.profile
index 94496ede8..ff10e9965 100644
--- a/etc/baloo_filemetadata_temp_extractor.profile
+++ b/etc/baloo_filemetadata_temp_extractor.profile
@@ -4,7 +4,8 @@ quiet
4# Persistent local customizations 4# Persistent local customizations
5include baloo_filemetadata_temp_extractor.local 5include baloo_filemetadata_temp_extractor.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7# added by included profile
8#include globals.local
8 9
9ignore read-write 10ignore read-write
10read-only ${HOME} 11read-only ${HOME}
diff --git a/etc/beaker.profile b/etc/beaker.profile
index d18429408..21eeac4b3 100644
--- a/etc/beaker.profile
+++ b/etc/beaker.profile
@@ -3,7 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include beaker.local 4include beaker.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7#include globals.local
7 8
8noblacklist ${HOME}/.config/Beaker Browser 9noblacklist ${HOME}/.config/Beaker Browser
9 10
diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile
index 9da0cb921..b7242c443 100644
--- a/etc/blender-2.8.profile
+++ b/etc/blender-2.8.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for blender 1# Firejail profile alias for blender
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include blender.profile 5include blender.profile
diff --git a/etc/bsdcat.profile b/etc/bsdcat.profile
index e95dfdf2d..5271ee5d6 100644
--- a/etc/bsdcat.profile
+++ b/etc/bsdcat.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for bsdtar 1# Firejail profile alias for bsdtar
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include bsdtar.profile 5include bsdtar.profile
diff --git a/etc/bsdcpio.profile b/etc/bsdcpio.profile
index e95dfdf2d..5271ee5d6 100644
--- a/etc/bsdcpio.profile
+++ b/etc/bsdcpio.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for bsdtar 1# Firejail profile alias for bsdtar
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include bsdtar.profile 5include bsdtar.profile
diff --git a/etc/calligraauthor.profile b/etc/calligraauthor.profile
index b9c06a588..7804a3b97 100644
--- a/etc/calligraauthor.profile
+++ b/etc/calligraauthor.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for calligra 1# Firejail profile alias for calligra
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include calligra.profile 5include calligra.profile
diff --git a/etc/calligraconverter.profile b/etc/calligraconverter.profile
index b9c06a588..7804a3b97 100644
--- a/etc/calligraconverter.profile
+++ b/etc/calligraconverter.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for calligra 1# Firejail profile alias for calligra
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include calligra.profile 5include calligra.profile
diff --git a/etc/calligraflow.profile b/etc/calligraflow.profile
index b9c06a588..7804a3b97 100644
--- a/etc/calligraflow.profile
+++ b/etc/calligraflow.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for calligra 1# Firejail profile alias for calligra
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include calligra.profile 5include calligra.profile
diff --git a/etc/calligraplan.profile b/etc/calligraplan.profile
index b9c06a588..7804a3b97 100644
--- a/etc/calligraplan.profile
+++ b/etc/calligraplan.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for calligra 1# Firejail profile alias for calligra
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include calligra.profile 5include calligra.profile
diff --git a/etc/calligraplanwork.profile b/etc/calligraplanwork.profile
index b9c06a588..7804a3b97 100644
--- a/etc/calligraplanwork.profile
+++ b/etc/calligraplanwork.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for calligra 1# Firejail profile alias for calligra
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include calligra.profile 5include calligra.profile
diff --git a/etc/calligrasheets.profile b/etc/calligrasheets.profile
index b9c06a588..7804a3b97 100644
--- a/etc/calligrasheets.profile
+++ b/etc/calligrasheets.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for calligra 1# Firejail profile alias for calligra
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include calligra.profile 5include calligra.profile
diff --git a/etc/calligrastage.profile b/etc/calligrastage.profile
index b9c06a588..7804a3b97 100644
--- a/etc/calligrastage.profile
+++ b/etc/calligrastage.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for calligra 1# Firejail profile alias for calligra
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include calligra.profile 5include calligra.profile
diff --git a/etc/calligrawords.profile b/etc/calligrawords.profile
index b9c06a588..7804a3b97 100644
--- a/etc/calligrawords.profile
+++ b/etc/calligrawords.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for calligra 1# Firejail profile alias for calligra
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include calligra.profile 5include calligra.profile
diff --git a/etc/chromium-browser.profile b/etc/chromium-browser.profile
index b2c6f58fd..f83052d9a 100644
--- a/etc/chromium-browser.profile
+++ b/etc/chromium-browser.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for chromium 1# Firejail profile alias for chromium
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include chromium.profile 5include chromium.profile
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile
index ba6f9d88c..7b88e417a 100644
--- a/etc/chromium-common.profile
+++ b/etc/chromium-common.profile
@@ -3,7 +3,7 @@
3# Persistent local customizations 3# Persistent local customizations
4include chromium-common.local 4include chromium-common.local
5# Persistent global definitions 5# Persistent global definitions
6# already included by caller profile 6# added by caller profile
7#include globals.local 7#include globals.local
8 8
9# noexec ${HOME} breaks DRM binaries. 9# noexec ${HOME} breaks DRM binaries.
diff --git a/etc/cinelerra.profile b/etc/cinelerra.profile
index 26f782384..88a65037e 100644
--- a/etc/cinelerra.profile
+++ b/etc/cinelerra.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for cin 1# Firejail profile alias for cin
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include cin.profile 5include cin.profile
diff --git a/etc/clamdscan.profile b/etc/clamdscan.profile
index df78d8c4c..4c6c56c5f 100644
--- a/etc/clamdscan.profile
+++ b/etc/clamdscan.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for clamav 1# Firejail profile alias for clamav
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include clamav.profile 5include clamav.profile
diff --git a/etc/clamdtop.profile b/etc/clamdtop.profile
index df78d8c4c..4c6c56c5f 100644
--- a/etc/clamdtop.profile
+++ b/etc/clamdtop.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for clamav 1# Firejail profile alias for clamav
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include clamav.profile 5include clamav.profile
diff --git a/etc/clamscan.profile b/etc/clamscan.profile
index df78d8c4c..4c6c56c5f 100644
--- a/etc/clamscan.profile
+++ b/etc/clamscan.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for clamav 1# Firejail profile alias for clamav
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include clamav.profile 5include clamav.profile
diff --git a/etc/clocks.profile b/etc/clocks.profile
index dd234ce44..da50e7d49 100644
--- a/etc/clocks.profile
+++ b/etc/clocks.profile
@@ -1,7 +1,6 @@
1# Firejail profile for gnome-clocks 1# Firejail profile for gnome-clocks
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Temporary fix for https://github.com/netblue30/firejail/issues/2624 4# Temporary fix for https://github.com/netblue30/firejail/issues/2624
6# Redirect 5# Redirect
7include gnome-clocks.profile 6include gnome-clocks.profile
diff --git a/etc/cryptocat.profile b/etc/cryptocat.profile
index 7a9039ea4..69aa39de2 100644
--- a/etc/cryptocat.profile
+++ b/etc/cryptocat.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for Cryptocat 1# Firejail profile alias for Cryptocat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include Cryptocat.profile 5include Cryptocat.profile
diff --git a/etc/curl.profile b/etc/curl.profile
index 76beee46a..d8282b972 100644
--- a/etc/curl.profile
+++ b/etc/curl.profile
@@ -17,8 +17,11 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20ipc-namespace
21machine-id
20netfilter 22netfilter
21no3d 23no3d
24nodbus
22nodvd 25nodvd
23nogroups 26nogroups
24nonewprivs 27nonewprivs
@@ -27,7 +30,7 @@ nosound
27notv 30notv
28nou2f 31nou2f
29novideo 32novideo
30protocol unix,inet,inet6 33protocol inet,inet6
31seccomp 34seccomp
32shell none 35shell none
33 36
diff --git a/etc/cvlc.profile b/etc/cvlc.profile
index 1070b602c..56c0d965c 100644
--- a/etc/cvlc.profile
+++ b/etc/cvlc.profile
@@ -3,7 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include cvlc.local 4include cvlc.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7#include globals.local
7 8
8# cvlc doesn't like private-bin 9# cvlc doesn't like private-bin
9ignore private-bin 10ignore private-bin
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index fb7e02d0b..679a8c0a0 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -151,6 +151,7 @@ blacklist ${HOME}/.config/digikam
151blacklist ${HOME}/.config/digikamrc 151blacklist ${HOME}/.config/digikamrc
152blacklist ${HOME}/.config/discord 152blacklist ${HOME}/.config/discord
153blacklist ${HOME}/.config/discordcanary 153blacklist ${HOME}/.config/discordcanary
154blacklist ${HOME}/.config/dkl
154blacklist ${HOME}/.config/dnox 155blacklist ${HOME}/.config/dnox
155blacklist ${HOME}/.config/dolphinrc 156blacklist ${HOME}/.config/dolphinrc
156blacklist ${HOME}/.config/dragonplayerrc 157blacklist ${HOME}/.config/dragonplayerrc
diff --git a/etc/discord-canary.profile b/etc/discord-canary.profile
index 12b5433b2..3e9dacd1e 100644
--- a/etc/discord-canary.profile
+++ b/etc/discord-canary.profile
@@ -5,7 +5,6 @@ include discord-canary.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8
9noblacklist ${HOME}/.config/discordcanary 8noblacklist ${HOME}/.config/discordcanary
10 9
11mkdir ${HOME}/.config/discordcanary 10mkdir ${HOME}/.config/discordcanary
@@ -14,5 +13,5 @@ whitelist ${HOME}/.config/discordcanary
14private-bin discord-canary 13private-bin discord-canary
15private-opt discord-canary 14private-opt discord-canary
16 15
17#Redirect 16# Redirect
18include discord-common.profile 17include discord-common.profile
diff --git a/etc/discord-common.profile b/etc/discord-common.profile
index 82dd0475c..a6e730937 100644
--- a/etc/discord-common.profile
+++ b/etc/discord-common.profile
@@ -3,7 +3,7 @@
3# Persistent local customizations 3# Persistent local customizations
4include discord-common.local 4include discord-common.local
5# Persistent global definitions 5# Persistent global definitions
6# already included by caller profile 6# added by caller profile
7#include globals.local 7#include globals.local
8 8
9include disable-common.inc 9include disable-common.inc
diff --git a/etc/discord.profile b/etc/discord.profile
index 62c4a5658..8ef02a30f 100644
--- a/etc/discord.profile
+++ b/etc/discord.profile
@@ -5,7 +5,6 @@ include discord.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8
9noblacklist ${HOME}/.config/discord 8noblacklist ${HOME}/.config/discord
10 9
11mkdir ${HOME}/.config/discord 10mkdir ${HOME}/.config/discord
@@ -14,5 +13,5 @@ whitelist ${HOME}/.config/discord
14private-bin discord 13private-bin discord
15private-opt discord 14private-opt discord
16 15
17#Redirect 16# Redirect
18include discord-common.profile 17include discord-common.profile
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index ae248f2e8..169b23f5f 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -13,19 +13,24 @@ blacklist /tmp/.X11-unix
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
16include disable-exec.inc
16include disable-interpreters.inc 17include disable-interpreters.inc
17include disable-passwdmgr.inc 18include disable-passwdmgr.inc
18include disable-programs.inc 19include disable-programs.inc
19include disable-xdg.inc 20include disable-xdg.inc
20 21
21caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot 22caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
23ipc-namespace
24machine-id
22no3d 25no3d
26nodbus
23nodvd 27nodvd
24nonewprivs 28nonewprivs
25nosound 29nosound
26notv 30notv
27nou2f 31nou2f
28novideo 32novideo
33protocol inet,inet6
29seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice 34seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice
30 35
31disable-mnt 36disable-mnt
diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile
index 075a24c92..70a21e11c 100644
--- a/etc/dooble-qt4.profile
+++ b/etc/dooble-qt4.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for dooble 1# Firejail profile alias for dooble
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include dooble.profile 5include dooble.profile
diff --git a/etc/eo-common.profile b/etc/eo-common.profile
index 2a65de5e1..f4b263f50 100644
--- a/etc/eo-common.profile
+++ b/etc/eo-common.profile
@@ -4,7 +4,7 @@
4# Persistent local customizations 4# Persistent local customizations
5include eo-common.local 5include eo-common.local
6# Persistent global definitions 6# Persistent global definitions
7# already included by caller profile 7# added by caller profile
8#include globals.local 8#include globals.local
9 9
10noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
diff --git a/etc/evince-previewer.profile b/etc/evince-previewer.profile
index bd1ea6aa9..3857d6f7b 100644
--- a/etc/evince-previewer.profile
+++ b/etc/evince-previewer.profile
@@ -6,6 +6,5 @@ include evince-previewer.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9
10# Redirect 9# Redirect
11include evince.profile 10include evince.profile
diff --git a/etc/evince-thumbnailer.profile b/etc/evince-thumbnailer.profile
index d11d4e1e1..080a04a52 100644
--- a/etc/evince-thumbnailer.profile
+++ b/etc/evince-thumbnailer.profile
@@ -6,6 +6,5 @@ include evince-thumbnailer.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9
10# Redirect 9# Redirect
11include evince.profile 10include evince.profile
diff --git a/etc/ffplay.profile b/etc/ffplay.profile
index 00da400bd..b42cc29bc 100644
--- a/etc/ffplay.profile
+++ b/etc/ffplay.profile
@@ -9,6 +9,5 @@ include ffplay.local
9 9
10private-bin ffplay 10private-bin ffplay
11 11
12
13# Redirect 12# Redirect
14include ffmpeg.profile 13include ffmpeg.profile
diff --git a/etc/ffprobe.profile b/etc/ffprobe.profile
index 166cc8b46..bd8643206 100644
--- a/etc/ffprobe.profile
+++ b/etc/ffprobe.profile
@@ -9,6 +9,5 @@ include ffprobe.local
9 9
10private-bin ffprobe 10private-bin ffprobe
11 11
12
13# Redirect 12# Redirect
14include ffmpeg.profile 13include ffmpeg.profile
diff --git a/etc/firefox-beta.profile b/etc/firefox-beta.profile
index ee158703d..fa8bbb1f5 100644
--- a/etc/firefox-beta.profile
+++ b/etc/firefox-beta.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include firefox-beta.local 4include firefox-beta.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include firefox.profile 10include firefox.profile
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile
index 961b338e7..6ad4a9bc2 100644
--- a/etc/firefox-common.profile
+++ b/etc/firefox-common.profile
@@ -3,7 +3,7 @@
3# Persistent local customizations 3# Persistent local customizations
4include firefox-common.local 4include firefox-common.local
5# Persistent global definitions 5# Persistent global definitions
6# already included by caller profile 6# added by caller profile
7#include globals.local 7#include globals.local
8 8
9# noexec ${HOME} breaks DRM binaries. 9# noexec ${HOME} breaks DRM binaries.
diff --git a/etc/firefox-developer-edition.profile b/etc/firefox-developer-edition.profile
index 56a0485cb..8c7ca3887 100644
--- a/etc/firefox-developer-edition.profile
+++ b/etc/firefox-developer-edition.profile
@@ -4,8 +4,8 @@
4# Persistent local customizations 4# Persistent local customizations
5include firefox-developer-edition.local 5include firefox-developer-edition.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7# added by included profile
8 8#include globals.local
9 9
10# Redirect 10# Redirect
11include firefox.profile 11include firefox.profile
diff --git a/etc/firefox-esr.profile b/etc/firefox-esr.profile
index 0ba04d9c1..6c1d77986 100644
--- a/etc/firefox-esr.profile
+++ b/etc/firefox-esr.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include firefox-esr.local 4include firefox-esr.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include firefox.profile 10include firefox.profile
diff --git a/etc/firefox-nightly.profile b/etc/firefox-nightly.profile
index 6f3838e33..96d2bf898 100644
--- a/etc/firefox-nightly.profile
+++ b/etc/firefox-nightly.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include firefox-nightly.local 4include firefox-nightly.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include firefox.profile 10include firefox.profile
diff --git a/etc/firefox-wayland.profile b/etc/firefox-wayland.profile
index e47ca32f9..068da5ee3 100644
--- a/etc/firefox-wayland.profile
+++ b/etc/firefox-wayland.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include firefox-wayland.local 4include firefox-wayland.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include firefox.profile 10include firefox.profile
diff --git a/etc/fossamail.profile b/etc/fossamail.profile
index e821f6f65..2d700d336 100644
--- a/etc/fossamail.profile
+++ b/etc/fossamail.profile
@@ -3,7 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include fossamail.local 4include fossamail.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7#include globals.local
7 8
8noblacklist ${HOME}/.cache/fossamail 9noblacklist ${HOME}/.cache/fossamail
9noblacklist ${HOME}/.fossamail 10noblacklist ${HOME}/.fossamail
diff --git a/etc/freecadcmd.profile b/etc/freecadcmd.profile
index d98b05e65..44bf62cfe 100644
--- a/etc/freecadcmd.profile
+++ b/etc/freecadcmd.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for freecad 1# Firejail profile alias for freecad
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include freecad.profile 5include freecad.profile
diff --git a/etc/gconf-editor.profile b/etc/gconf-editor.profile
index e9756f8af..1b84bf536 100644
--- a/etc/gconf-editor.profile
+++ b/etc/gconf-editor.profile
@@ -7,6 +7,5 @@ include gconf-editor.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include gconf.profile 11include gconf.profile
diff --git a/etc/gconf-merge-schema.profile b/etc/gconf-merge-schema.profile
index 411b7b815..619f801b0 100644
--- a/etc/gconf-merge-schema.profile
+++ b/etc/gconf-merge-schema.profile
@@ -7,6 +7,5 @@ include gconf-merge-schema.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include gconf.profile 11include gconf.profile
diff --git a/etc/gconf-merge-tree.profile b/etc/gconf-merge-tree.profile
index 66a4226ca..2f6bfe5e5 100644
--- a/etc/gconf-merge-tree.profile
+++ b/etc/gconf-merge-tree.profile
@@ -7,6 +7,5 @@ include gconf-merge-tree.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include gconf.profile 11include gconf.profile
diff --git a/etc/gconfpkg.profile b/etc/gconfpkg.profile
index 1793ce072..5bfc1250a 100644
--- a/etc/gconfpkg.profile
+++ b/etc/gconfpkg.profile
@@ -7,6 +7,5 @@ include gconfpkg.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include gconf.profile 11include gconf.profile
diff --git a/etc/gconftool-2.profile b/etc/gconftool-2.profile
index 59a2242a7..947e4252f 100644
--- a/etc/gconftool-2.profile
+++ b/etc/gconftool-2.profile
@@ -7,6 +7,5 @@ include gconftool-2.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include gconf.profile 11include gconf.profile
diff --git a/etc/ghb.profile b/etc/ghb.profile
index 1cb09ddde..1e7ce2350 100644
--- a/etc/ghb.profile
+++ b/etc/ghb.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for handbrake 1# Firejail profile alias for handbrake
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include handbrake.profile 5include handbrake.profile
diff --git a/etc/gimp-2.10.profile b/etc/gimp-2.10.profile
index d42307710..dbf49ac22 100644
--- a/etc/gimp-2.10.profile
+++ b/etc/gimp-2.10.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for gimp 1# Firejail profile alias for gimp
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include gimp.profile 5include gimp.profile
diff --git a/etc/gimp-2.8.profile b/etc/gimp-2.8.profile
index d42307710..dbf49ac22 100644
--- a/etc/gimp-2.8.profile
+++ b/etc/gimp-2.8.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for gimp 1# Firejail profile alias for gimp
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include gimp.profile 5include gimp.profile
diff --git a/etc/google-chrome-stable.profile b/etc/google-chrome-stable.profile
index 55868e0b7..a456e8d61 100644
--- a/etc/google-chrome-stable.profile
+++ b/etc/google-chrome-stable.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for google-chrome 1# Firejail profile alias for google-chrome
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include google-chrome.profile 5include google-chrome.profile
diff --git a/etc/google-earth-pro.profile b/etc/google-earth-pro.profile
index d62319fa2..c1f919769 100644
--- a/etc/google-earth-pro.profile
+++ b/etc/google-earth-pro.profile
@@ -1,4 +1,7 @@
1# Redirect 1# Firejail profile alias for google-earth
2include google-earth.profile 2# This file is overwritten after every install/update
3 3
4private-bin google-earth-pro 4private-bin google-earth-pro
5
6# Redirect
7include google-earth.profile
diff --git a/etc/gsettings-data-convert.profile b/etc/gsettings-data-convert.profile
index 21a232440..6f1d43939 100644
--- a/etc/gsettings-data-convert.profile
+++ b/etc/gsettings-data-convert.profile
@@ -7,6 +7,5 @@ include gsettings-data-convert.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include gconf.profile 11include gconf.profile
diff --git a/etc/gsettings-schema-convert.profile b/etc/gsettings-schema-convert.profile
index 2dbf4fb44..5c8b0e2e2 100644
--- a/etc/gsettings-schema-convert.profile
+++ b/etc/gsettings-schema-convert.profile
@@ -7,6 +7,5 @@ include gsettings-schema-convert.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include gconf.profile 11include gconf.profile
diff --git a/etc/gtar.profile b/etc/gtar.profile
index 12acb8356..2391c121b 100644
--- a/etc/gtar.profile
+++ b/etc/gtar.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for tar 1# Firejail profile alias for tar
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include tar.profile 5include tar.profile
diff --git a/etc/handbrake-gtk.profile b/etc/handbrake-gtk.profile
index 1cb09ddde..1e7ce2350 100644
--- a/etc/handbrake-gtk.profile
+++ b/etc/handbrake-gtk.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for handbrake 1# Firejail profile alias for handbrake
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include handbrake.profile 5include handbrake.profile
diff --git a/etc/icedove.profile b/etc/icedove.profile
index a66309bf1..19690cd5a 100644
--- a/etc/icedove.profile
+++ b/etc/icedove.profile
@@ -3,7 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include icedove.local 4include icedove.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7#include globals.local
7 8
8# Users have icedove set to open a browser by clicking a link in an email 9# Users have icedove set to open a browser by clicking a link in an email
9# We are not allowed to blacklist browser-specific directories 10# We are not allowed to blacklist browser-specific directories
diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile
index 24a2f4cc3..badd2648a 100644
--- a/etc/iceweasel.profile
+++ b/etc/iceweasel.profile
@@ -3,7 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include iceweasel.local 4include iceweasel.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7#include globals.local
7 8
8# private-etc must first be enabled in firefox-common.profile 9# private-etc must first be enabled in firefox-common.profile
9#private-etc iceweasel 10#private-etc iceweasel
diff --git a/etc/idea.profile b/etc/idea.profile
index d56dceb71..4e43bb629 100644
--- a/etc/idea.profile
+++ b/etc/idea.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include idea.local 4include idea.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include idea.sh.profile 10include idea.sh.profile
diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile
index b960b08e5..7e1778f58 100644
--- a/etc/ideaIC.profile
+++ b/etc/ideaIC.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include ideaIC.local 4include ideaIC.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include idea.sh.profile 10include idea.sh.profile
diff --git a/etc/inkview.profile b/etc/inkview.profile
index 6c0127f37..4f88b0258 100644
--- a/etc/inkview.profile
+++ b/etc/inkview.profile
@@ -3,6 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include inkview.local 5include inkview.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
6 9
7# Redirect 10# Redirect
8include inkscape.profile 11include inkscape.profile
diff --git a/etc/iridium-browser.profile b/etc/iridium-browser.profile
index 0a6418d5c..c7ee64d56 100644
--- a/etc/iridium-browser.profile
+++ b/etc/iridium-browser.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for iridium 1# Firejail profile alias for iridium
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include iridium.profile 5include iridium.profile
diff --git a/etc/jdownloader.profile b/etc/jdownloader.profile
index 037d92338..b5f892a9d 100644
--- a/etc/jdownloader.profile
+++ b/etc/jdownloader.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include jdownloader.local 4include jdownloader.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include JDownloader.profile 10include JDownloader.profile
diff --git a/etc/jerry.profile b/etc/jerry.profile
new file mode 100644
index 000000000..f6bfb9953
--- /dev/null
+++ b/etc/jerry.profile
@@ -0,0 +1,41 @@
1# Firejail profile for jerry
2# Description: Chess GUI
3# This file is overwritten after every install/update
4# Persistent local customizations
5include jerry.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/dkl
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19caps.drop all
20machine-id
21net none
22no3d
23nodbus
24nodvd
25nogroups
26nonewprivs
27noroot
28nosound
29notv
30novideo
31protocol unix
32seccomp
33shell none
34tracelog
35
36private-bin bash,jerry,sh,stockfish
37private-dev
38private-etc fonts,gtk-2.0,gtk-3.0
39private-tmp
40
41memory-deny-write-execute
diff --git a/etc/karbon.profile b/etc/karbon.profile
index e9e3c2a69..3b2e93b0a 100644
--- a/etc/karbon.profile
+++ b/etc/karbon.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for krita 1# Firejail profile alias for krita
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include krita.profile 5include krita.profile
diff --git a/etc/keepass2.profile b/etc/keepass2.profile
index 9e33e08db..aef236ccc 100644
--- a/etc/keepass2.profile
+++ b/etc/keepass2.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for keepass 1# Firejail profile alias for keepass
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include keepass.profile 5include keepass.profile
diff --git a/etc/keepassxc-cli.profile b/etc/keepassxc-cli.profile
index 6f657e7de..925609384 100644
--- a/etc/keepassxc-cli.profile
+++ b/etc/keepassxc-cli.profile
@@ -7,6 +7,5 @@ include keepassxc-cli.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include keepassxc.profile 11include keepassxc.profile
diff --git a/etc/keepassxc-proxy.profile b/etc/keepassxc-proxy.profile
index 79666aee2..b2b6763ee 100644
--- a/etc/keepassxc-proxy.profile
+++ b/etc/keepassxc-proxy.profile
@@ -6,6 +6,5 @@ include keepassxc-proxy.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9
10# Redirect 9# Redirect
11include keepassxc.profile 10include keepassxc.profile
diff --git a/etc/knotes.profile b/etc/knotes.profile
index e7ea04873..ababfcdb1 100644
--- a/etc/knotes.profile
+++ b/etc/knotes.profile
@@ -4,7 +4,8 @@
4# Persistent local customizations 4# Persistent local customizations
5include knotes.local 5include knotes.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7# added by included profile
8#include globals.local
8 9
9# knotes has problems launching akonadi in debian and ubuntu. 10# knotes has problems launching akonadi in debian and ubuntu.
10# one solution is to have akonadi already running when knotes is started 11# one solution is to have akonadi already running when knotes is started
@@ -12,6 +13,5 @@ include globals.local
12noblacklist ${HOME}/.config/knotesrc 13noblacklist ${HOME}/.config/knotesrc
13noblacklist ${HOME}/.local/share/knotes 14noblacklist ${HOME}/.local/share/knotes
14 15
15
16# Redirect 16# Redirect
17include kmail.profile 17include kmail.profile
diff --git a/etc/lbunzip2.profile b/etc/lbunzip2.profile
index ec9a8f546..338d8c8bb 100644
--- a/etc/lbunzip2.profile
+++ b/etc/lbunzip2.profile
@@ -2,6 +2,5 @@
2# Description: GNU compression utilities 2# Description: GNU compression utilities
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include gzip.profile 6include gzip.profile
diff --git a/etc/lbzcat.profile b/etc/lbzcat.profile
index ec9a8f546..338d8c8bb 100644
--- a/etc/lbzcat.profile
+++ b/etc/lbzcat.profile
@@ -2,6 +2,5 @@
2# Description: GNU compression utilities 2# Description: GNU compression utilities
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include gzip.profile 6include gzip.profile
diff --git a/etc/lbzip2.profile b/etc/lbzip2.profile
index ec9a8f546..338d8c8bb 100644
--- a/etc/lbzip2.profile
+++ b/etc/lbzip2.profile
@@ -2,6 +2,5 @@
2# Description: GNU compression utilities 2# Description: GNU compression utilities
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include gzip.profile 6include gzip.profile
diff --git a/etc/lobase.profile b/etc/lobase.profile
index ea0f84631..8348a57fe 100644
--- a/etc/lobase.profile
+++ b/etc/lobase.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for libreoffice 1# Firejail profile alias for libreoffice
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include libreoffice.profile 5include libreoffice.profile
diff --git a/etc/localc.profile b/etc/localc.profile
index ea0f84631..8348a57fe 100644
--- a/etc/localc.profile
+++ b/etc/localc.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for libreoffice 1# Firejail profile alias for libreoffice
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include libreoffice.profile 5include libreoffice.profile
diff --git a/etc/lodraw.profile b/etc/lodraw.profile
index ea0f84631..8348a57fe 100644
--- a/etc/lodraw.profile
+++ b/etc/lodraw.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for libreoffice 1# Firejail profile alias for libreoffice
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include libreoffice.profile 5include libreoffice.profile
diff --git a/etc/loffice.profile b/etc/loffice.profile
index ea0f84631..8348a57fe 100644
--- a/etc/loffice.profile
+++ b/etc/loffice.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for libreoffice 1# Firejail profile alias for libreoffice
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include libreoffice.profile 5include libreoffice.profile
diff --git a/etc/lofromtemplate.profile b/etc/lofromtemplate.profile
index ea0f84631..8348a57fe 100644
--- a/etc/lofromtemplate.profile
+++ b/etc/lofromtemplate.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for libreoffice 1# Firejail profile alias for libreoffice
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include libreoffice.profile 5include libreoffice.profile
diff --git a/etc/loimpress.profile b/etc/loimpress.profile
index ea0f84631..8348a57fe 100644
--- a/etc/loimpress.profile
+++ b/etc/loimpress.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for libreoffice 1# Firejail profile alias for libreoffice
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include libreoffice.profile 5include libreoffice.profile
diff --git a/etc/lomath.profile b/etc/lomath.profile
index ea0f84631..8348a57fe 100644
--- a/etc/lomath.profile
+++ b/etc/lomath.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for libreoffice 1# Firejail profile alias for libreoffice
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include libreoffice.profile 5include libreoffice.profile
diff --git a/etc/loweb.profile b/etc/loweb.profile
index ea0f84631..8348a57fe 100644
--- a/etc/loweb.profile
+++ b/etc/loweb.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for libreoffice 1# Firejail profile alias for libreoffice
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include libreoffice.profile 5include libreoffice.profile
diff --git a/etc/lowriter.profile b/etc/lowriter.profile
index ea0f84631..8348a57fe 100644
--- a/etc/lowriter.profile
+++ b/etc/lowriter.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for libreoffice 1# Firejail profile alias for libreoffice
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include libreoffice.profile 5include libreoffice.profile
diff --git a/etc/lrunzip.profile b/etc/lrunzip.profile
index 96aeee770..72abec8bb 100644
--- a/etc/lrunzip.profile
+++ b/etc/lrunzip.profile
@@ -7,6 +7,5 @@ include lrunzip.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include cpio.profile 11include cpio.profile
diff --git a/etc/lrz.profile b/etc/lrz.profile
index 03de48104..c1f928bde 100644
--- a/etc/lrz.profile
+++ b/etc/lrz.profile
@@ -7,6 +7,5 @@ include lrz.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include cpio.profile 11include cpio.profile
diff --git a/etc/lrzcat.profile b/etc/lrzcat.profile
index 6d95c41a0..edcd7f8cd 100644
--- a/etc/lrzcat.profile
+++ b/etc/lrzcat.profile
@@ -7,6 +7,5 @@ include lrzcat.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include cpio.profile 11include cpio.profile
diff --git a/etc/lrzip.profile b/etc/lrzip.profile
index 148d23393..a69096e28 100644
--- a/etc/lrzip.profile
+++ b/etc/lrzip.profile
@@ -7,6 +7,5 @@ include lrzip.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include cpio.profile 11include cpio.profile
diff --git a/etc/lrztar.profile b/etc/lrztar.profile
index 90327c2bb..54b04b4ec 100644
--- a/etc/lrztar.profile
+++ b/etc/lrztar.profile
@@ -7,6 +7,5 @@ include lrztar.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include cpio.profile 11include cpio.profile
diff --git a/etc/lrzuntar.profile b/etc/lrzuntar.profile
index 6aa91cabd..f21169b24 100644
--- a/etc/lrzuntar.profile
+++ b/etc/lrzuntar.profile
@@ -7,6 +7,5 @@ include lrzuntar.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include cpio.profile 11include cpio.profile
diff --git a/etc/lzcat.profile b/etc/lzcat.profile
index 748dad2e3..f7410b928 100644
--- a/etc/lzcat.profile
+++ b/etc/lzcat.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/lzcmp.profile b/etc/lzcmp.profile
index 748dad2e3..f7410b928 100644
--- a/etc/lzcmp.profile
+++ b/etc/lzcmp.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/lzdiff.profile b/etc/lzdiff.profile
index 748dad2e3..f7410b928 100644
--- a/etc/lzdiff.profile
+++ b/etc/lzdiff.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/lzegrep.profile b/etc/lzegrep.profile
index 748dad2e3..f7410b928 100644
--- a/etc/lzegrep.profile
+++ b/etc/lzegrep.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/lzfgrep.profile b/etc/lzfgrep.profile
index 748dad2e3..f7410b928 100644
--- a/etc/lzfgrep.profile
+++ b/etc/lzfgrep.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/lzgrep.profile b/etc/lzgrep.profile
index 748dad2e3..f7410b928 100644
--- a/etc/lzgrep.profile
+++ b/etc/lzgrep.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/lzip.profile b/etc/lzip.profile
index 748dad2e3..f7410b928 100644
--- a/etc/lzip.profile
+++ b/etc/lzip.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/lzless.profile b/etc/lzless.profile
index 748dad2e3..f7410b928 100644
--- a/etc/lzless.profile
+++ b/etc/lzless.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/lzma.profile b/etc/lzma.profile
index 748dad2e3..f7410b928 100644
--- a/etc/lzma.profile
+++ b/etc/lzma.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/lzmadec.profile b/etc/lzmadec.profile
index 9ba22601b..0c5ec1b09 100644
--- a/etc/lzmadec.profile
+++ b/etc/lzmadec.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include xzdec.profile 6include xzdec.profile
diff --git a/etc/lzmainfo.profile b/etc/lzmainfo.profile
index 748dad2e3..f7410b928 100644
--- a/etc/lzmainfo.profile
+++ b/etc/lzmainfo.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/lzmore.profile b/etc/lzmore.profile
index 748dad2e3..f7410b928 100644
--- a/etc/lzmore.profile
+++ b/etc/lzmore.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/masterpdfeditor4.profile b/etc/masterpdfeditor4.profile
index 5612fdaa4..84e78171f 100644
--- a/etc/masterpdfeditor4.profile
+++ b/etc/masterpdfeditor4.profile
@@ -7,6 +7,5 @@ include masterpdfeditor4.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include masterpdfeditor.profile 11include masterpdfeditor.profile
diff --git a/etc/masterpdfeditor5.profile b/etc/masterpdfeditor5.profile
index 8669ceb11..057d343dd 100644
--- a/etc/masterpdfeditor5.profile
+++ b/etc/masterpdfeditor5.profile
@@ -7,6 +7,5 @@ include masterpdfeditor5.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include masterpdfeditor.profile 11include masterpdfeditor.profile
diff --git a/etc/mate-calculator.profile b/etc/mate-calculator.profile
index 442acf8ff..bb438f5f0 100644
--- a/etc/mate-calculator.profile
+++ b/etc/mate-calculator.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for mate-calc 1# Firejail profile alias for mate-calc
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include mate-calc.profile 5include mate-calc.profile
diff --git a/etc/mathematica.profile b/etc/mathematica.profile
index 5f29181cd..964060350 100644
--- a/etc/mathematica.profile
+++ b/etc/mathematica.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for Mathematica 1# Firejail profile alias for Mathematica
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include Mathematica.profile 5include Mathematica.profile
diff --git a/etc/mp3wrap.profile b/etc/mp3wrap.profile
index 2e7d97f72..9e48f7807 100644
--- a/etc/mp3wrap.profile
+++ b/etc/mp3wrap.profile
@@ -1,6 +1,9 @@
1# Firejail profile for mp3wrap 1# Firejail profile for mp3wrap
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3include mp3wrap.local 3include mp3wrap.local
4# Persistent global definitions
5# added by included profile
6#include globals.local
4 7
5# Redirect 8# Redirect
6include mp3splt.profile 9include mp3splt.profile
diff --git a/etc/ms-excel.profile b/etc/ms-excel.profile
index e103baf19..db24e8f9b 100644
--- a/etc/ms-excel.profile
+++ b/etc/ms-excel.profile
@@ -3,7 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include ms-excel.local 4include ms-excel.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7#include globals.local
7 8
8noblacklist ${HOME}/.cache/ms-excel-online 9noblacklist ${HOME}/.cache/ms-excel-online
9private-bin ms-excel 10private-bin ms-excel
diff --git a/etc/ms-onenote.profile b/etc/ms-onenote.profile
index 1259d55c8..9ea0637bd 100644
--- a/etc/ms-onenote.profile
+++ b/etc/ms-onenote.profile
@@ -3,7 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include ms-onenote.local 4include ms-onenote.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7#include globals.local
7 8
8noblacklist ${HOME}/.cache/ms-onenote-online 9noblacklist ${HOME}/.cache/ms-onenote-online
9private-bin ms-onenote 10private-bin ms-onenote
diff --git a/etc/ms-outlook.profile b/etc/ms-outlook.profile
index a9fadc2c1..fc3e7c009 100644
--- a/etc/ms-outlook.profile
+++ b/etc/ms-outlook.profile
@@ -3,7 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include ms-outlook.local 4include ms-outlook.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7#include globals.local
7 8
8noblacklist ${HOME}/.cache/ms-outlook-online 9noblacklist ${HOME}/.cache/ms-outlook-online
9private-bin ms-outlook 10private-bin ms-outlook
diff --git a/etc/ms-powerpoint.profile b/etc/ms-powerpoint.profile
index 4c096de4e..dadcd5b1e 100644
--- a/etc/ms-powerpoint.profile
+++ b/etc/ms-powerpoint.profile
@@ -3,7 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include ms-powerpoint.local 4include ms-powerpoint.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7#include globals.local
7 8
8noblacklist ${HOME}/.cache/ms-powerpoint-online 9noblacklist ${HOME}/.cache/ms-powerpoint-online
9private-bin ms-powerpoint 10private-bin ms-powerpoint
diff --git a/etc/ms-word.profile b/etc/ms-word.profile
index f21e987d4..5a617a893 100644
--- a/etc/ms-word.profile
+++ b/etc/ms-word.profile
@@ -3,7 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include ms-word.local 4include ms-word.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7#include globals.local
7 8
8noblacklist ${HOME}/.cache/ms-word-online 9noblacklist ${HOME}/.cache/ms-word-online
9private-bin ms-word 10private-bin ms-word
diff --git a/etc/neverputt.profile b/etc/neverputt.profile
new file mode 100644
index 000000000..93fb14e07
--- /dev/null
+++ b/etc/neverputt.profile
@@ -0,0 +1,9 @@
1# Firejail profile for neverputt
2# This file is overwritten after every install/update
3# Persistent local customizations
4include neverputt.local
5# added by included profile
6#include globals.local
7
8# Redirect
9include neverball.profile
diff --git a/etc/nitroshare-cli.profile b/etc/nitroshare-cli.profile
index 5ee683711..d9cb2edc5 100644
--- a/etc/nitroshare-cli.profile
+++ b/etc/nitroshare-cli.profile
@@ -2,6 +2,5 @@
2# Description: Network File Transfer Application 2# Description: Network File Transfer Application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include nitroshare.profile 6include nitroshare.profile
diff --git a/etc/nitroshare-nmh.profile b/etc/nitroshare-nmh.profile
index 5ee683711..d9cb2edc5 100644
--- a/etc/nitroshare-nmh.profile
+++ b/etc/nitroshare-nmh.profile
@@ -2,6 +2,5 @@
2# Description: Network File Transfer Application 2# Description: Network File Transfer Application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include nitroshare.profile 6include nitroshare.profile
diff --git a/etc/nitroshare-send.profile b/etc/nitroshare-send.profile
index 5ee683711..d9cb2edc5 100644
--- a/etc/nitroshare-send.profile
+++ b/etc/nitroshare-send.profile
@@ -2,6 +2,5 @@
2# Description: Network File Transfer Application 2# Description: Network File Transfer Application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include nitroshare.profile 6include nitroshare.profile
diff --git a/etc/nitroshare-ui.profile b/etc/nitroshare-ui.profile
index 5ee683711..d9cb2edc5 100644
--- a/etc/nitroshare-ui.profile
+++ b/etc/nitroshare-ui.profile
@@ -2,6 +2,5 @@
2# Description: Network File Transfer Application 2# Description: Network File Transfer Application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include nitroshare.profile 6include nitroshare.profile
diff --git a/etc/oggsplt.profile b/etc/oggsplt.profile
index 456412c30..5aedadde9 100644
--- a/etc/oggsplt.profile
+++ b/etc/oggsplt.profile
@@ -1,6 +1,9 @@
1# Firejail profile for oggsplt 1# Firejail profile for oggsplt
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3include oggsplt.local 3include oggsplt.local
4# Persistent global definitions
5# added by included profile
6#include globals.local
4 7
5# Redirect 8# Redirect
6include mp3splt.profile 9include mp3splt.profile
diff --git a/etc/openshot-qt.profile b/etc/openshot-qt.profile
index b86073b41..2f886d2ac 100644
--- a/etc/openshot-qt.profile
+++ b/etc/openshot-qt.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for openshot 1# Firejail profile alias for openshot
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include openshot.profile 5include openshot.profile
diff --git a/etc/qt-faststart.profile b/etc/qt-faststart.profile
index 51bc1b298..cf459472a 100644
--- a/etc/qt-faststart.profile
+++ b/etc/qt-faststart.profile
@@ -9,6 +9,5 @@ include qt-faststart.local
9 9
10private-bin qt-faststart 10private-bin qt-faststart
11 11
12
13# Redirect 12# Redirect
14include ffmpeg.profile 13include ffmpeg.profile
diff --git a/etc/riot-desktop.profile b/etc/riot-desktop.profile
index fececd850..e91d25196 100644
--- a/etc/riot-desktop.profile
+++ b/etc/riot-desktop.profile
@@ -4,7 +4,8 @@
4# Persistent local customizations 4# Persistent local customizations
5include riot-desktop.local 5include riot-desktop.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7# added by included profile
8#include globals.local
8 9
9# Redirect 10# Redirect
10include riot-web.profile 11include riot-web.profile
diff --git a/etc/riot-web.profile b/etc/riot-web.profile
index c9f597626..b930adf2b 100644
--- a/etc/riot-web.profile
+++ b/etc/riot-web.profile
@@ -4,7 +4,8 @@
4# Persistent local customizations 4# Persistent local customizations
5include riot-web.local 5include riot-web.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7# added by included profile
8#include globals.local
8 9
9noblacklist ${HOME}/.config/Riot 10noblacklist ${HOME}/.config/Riot
10 11
diff --git a/etc/rnano.profile b/etc/rnano.profile
index 89c1663c4..565c957e0 100644
--- a/etc/rnano.profile
+++ b/etc/rnano.profile
@@ -4,8 +4,8 @@
4# Persistent local customizations 4# Persistent local customizations
5include rnano.local 5include rnano.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included profile
7#include globals.local 8#include globals.local
8 9
9
10# Redirect 10# Redirect
11include nano.profile 11include nano.profile
diff --git a/etc/rocketchat.profile b/etc/rocketchat.profile
index 8170c62e7..a574e4e8b 100644
--- a/etc/rocketchat.profile
+++ b/etc/rocketchat.profile
@@ -3,7 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include rocketchat.local 4include rocketchat.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7#include globals.local
7 8
8noblacklist ${HOME}/.config/Rocket.Chat 9noblacklist ${HOME}/.config/Rocket.Chat
9 10
diff --git a/etc/runenpass.sh.profile b/etc/runenpass.sh.profile
index 794c38d6e..64432c171 100644
--- a/etc/runenpass.sh.profile
+++ b/etc/runenpass.sh.profile
@@ -1,6 +1,5 @@
1# Firejail alias profile for enpass 1# Firejail alias profile for enpass
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include enpass.profile 5include enpass.profile
diff --git a/etc/rview.profile b/etc/rview.profile
index b3a6bfbdc..fb72a00de 100644
--- a/etc/rview.profile
+++ b/etc/rview.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include rview.local 4include rview.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include vim.profile 10include vim.profile
diff --git a/etc/rvim.profile b/etc/rvim.profile
index 5481dfe43..7c6465d3c 100644
--- a/etc/rvim.profile
+++ b/etc/rvim.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include rvim.local 4include rvim.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include vim.profile 10include vim.profile
diff --git a/etc/seamonkey-bin.profile b/etc/seamonkey-bin.profile
index e420d8124..532294950 100644
--- a/etc/seamonkey-bin.profile
+++ b/etc/seamonkey-bin.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for seamonkey 1# Firejail profile alias for seamonkey
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include seamonkey.profile 5include seamonkey.profile
diff --git a/etc/soffice.profile b/etc/soffice.profile
index ea0f84631..8348a57fe 100644
--- a/etc/soffice.profile
+++ b/etc/soffice.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for libreoffice 1# Firejail profile alias for libreoffice
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include libreoffice.profile 5include libreoffice.profile
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
index 9af747b62..55df45a87 100644
--- a/etc/ssh-agent.profile
+++ b/etc/ssh-agent.profile
@@ -19,6 +19,7 @@ include disable-programs.inc
19caps.drop all 19caps.drop all
20netfilter 20netfilter
21no3d 21no3d
22nodbus
22nodvd 23nodvd
23nonewprivs 24nonewprivs
24noroot 25noroot
diff --git a/etc/ssh.profile b/etc/ssh.profile
index ce0e54a0d..7a9bb5abe 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -22,6 +22,7 @@ caps.drop all
22ipc-namespace 22ipc-namespace
23netfilter 23netfilter
24no3d 24no3d
25nodbus
25nodvd 26nodvd
26nogroups 27nogroups
27nonewprivs 28nonewprivs
diff --git a/etc/start-tor-browser.desktop.profile b/etc/start-tor-browser.desktop.profile
index d5d7a17e4..9c3175ad7 100644
--- a/etc/start-tor-browser.desktop.profile
+++ b/etc/start-tor-browser.desktop.profile
@@ -2,6 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include start-tor-browser.desktop.local 4include start-tor-browser.desktop.local
5# Persistent global definitions
6# added by included profile
7#include globals.local
5 8
6noblacklist ${HOME}/.tor-browser-* 9noblacklist ${HOME}/.tor-browser-*
7noblacklist ${HOME}/.tor-browser_* 10noblacklist ${HOME}/.tor-browser_*
diff --git a/etc/steam-native.profile b/etc/steam-native.profile
index 1419a10b5..47608ad28 100644
--- a/etc/steam-native.profile
+++ b/etc/steam-native.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for steam 1# Firejail profile alias for steam
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include steam.profile 5include steam.profile
diff --git a/etc/studio.sh.profile b/etc/studio.sh.profile
index c69297e29..79e879f36 100644
--- a/etc/studio.sh.profile
+++ b/etc/studio.sh.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for Android Studio 1# Firejail profile alias for Android Studio
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include android-studio.profile 5include android-studio.profile
diff --git a/etc/sysprof-cli.profile b/etc/sysprof-cli.profile
index 62672b22b..935c7e9ca 100644
--- a/etc/sysprof-cli.profile
+++ b/etc/sysprof-cli.profile
@@ -15,6 +15,5 @@ private-lib
15 15
16memory-deny-write-execute 16memory-deny-write-execute
17 17
18
19# Redirect 18# Redirect
20include sysprof.profile 19include sysprof.profile
diff --git a/etc/telegram-desktop.profile b/etc/telegram-desktop.profile
index ef60bdc8c..0cfa7114b 100644
--- a/etc/telegram-desktop.profile
+++ b/etc/telegram-desktop.profile
@@ -2,6 +2,5 @@
2# Description: Official Telegram Desktop client 2# Description: Official Telegram Desktop client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include telegram.profile 6include telegram.profile
diff --git a/etc/thunar.profile b/etc/thunar.profile
index 0c7a048c4..19993016a 100644
--- a/etc/thunar.profile
+++ b/etc/thunar.profile
@@ -2,6 +2,5 @@
2# Description: Modern file manager for Xfce 2# Description: Modern file manager for Xfce
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include Thunar.profile 6include Thunar.profile
diff --git a/etc/transmission-create.profile b/etc/transmission-create.profile
index 7aea44c3b..9b84bc33a 100644
--- a/etc/transmission-create.profile
+++ b/etc/transmission-create.profile
@@ -7,6 +7,5 @@ include transmission-create.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include transmission-cli.profile 11include transmission-cli.profile
diff --git a/etc/transmission-edit.profile b/etc/transmission-edit.profile
index 5bc81c231..07990aa15 100644
--- a/etc/transmission-edit.profile
+++ b/etc/transmission-edit.profile
@@ -7,6 +7,5 @@ include transmission-edit.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10
11# Redirect 10# Redirect
12include transmission-cli.profile 11include transmission-cli.profile
diff --git a/etc/transmission-remote-cli.profile b/etc/transmission-remote-cli.profile
index 7b7a47f14..98b875fc5 100644
--- a/etc/transmission-remote-cli.profile
+++ b/etc/transmission-remote-cli.profile
@@ -21,6 +21,5 @@ include whitelist-var-common.inc
21# private-bin python* 21# private-bin python*
22private-etc fonts 22private-etc fonts
23 23
24
25# Redirect 24# Redirect
26include transmission-remote.profile 25include transmission-remote.profile
diff --git a/etc/transmission-remote-gtk.profile b/etc/transmission-remote-gtk.profile
index 3ead56008..b7173def5 100644
--- a/etc/transmission-remote-gtk.profile
+++ b/etc/transmission-remote-gtk.profile
@@ -16,6 +16,5 @@ include whitelist-var-common.inc
16 16
17private-etc fonts 17private-etc fonts
18 18
19
20# Redirect 19# Redirect
21include transmission-remote.profile 20include transmission-remote.profile
diff --git a/etc/udiskie.profile b/etc/udiskie.profile
index 8cc443bff..f6e85d60e 100644
--- a/etc/udiskie.profile
+++ b/etc/udiskie.profile
@@ -41,5 +41,5 @@ private-bin awk,cut,dbus-send,egrep,file,grep,head,python*,readlink,sed,sh,udisk
41# private-bin thunar 41# private-bin thunar
42private-cache 42private-cache
43private-dev 43private-dev
44private-etc alternatives,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg 44private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg
45private-tmp 45private-tmp
diff --git a/etc/unbound.profile b/etc/unbound.profile
index e152ee7ea..7d1c36d2f 100644
--- a/etc/unbound.profile
+++ b/etc/unbound.profile
@@ -13,6 +13,7 @@ blacklist /tmp/.X11-unix
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
16include disable-exec.inc
16include disable-interpreters.inc 17include disable-interpreters.inc
17include disable-passwdmgr.inc 18include disable-passwdmgr.inc
18include disable-programs.inc 19include disable-programs.inc
@@ -22,13 +23,18 @@ whitelist /var/lib/unbound
22whitelist /var/run 23whitelist /var/run
23 24
24caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource 25caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource
26ipc-namespace
27machine-id
28netfilter
25no3d 29no3d
30nodbus
26nodvd 31nodvd
27nonewprivs 32nonewprivs
28nosound 33nosound
29notv 34notv
30nou2f 35nou2f
31novideo 36novideo
37protocol inet,inet6
32seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice 38seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice
33 39
34disable-mnt 40disable-mnt
diff --git a/etc/unlzma.profile b/etc/unlzma.profile
index 748dad2e3..f7410b928 100644
--- a/etc/unlzma.profile
+++ b/etc/unlzma.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/unxz.profile b/etc/unxz.profile
index 748dad2e3..f7410b928 100644
--- a/etc/unxz.profile
+++ b/etc/unxz.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/vimcat.profile b/etc/vimcat.profile
index a8f7758e0..73b76b5ab 100644
--- a/etc/vimcat.profile
+++ b/etc/vimcat.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include vimcat.local 4include vimcat.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include vim.profile 10include vim.profile
diff --git a/etc/vimdiff.profile b/etc/vimdiff.profile
index 53a5c6224..f09faf1d6 100644
--- a/etc/vimdiff.profile
+++ b/etc/vimdiff.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include vimdiff.local 4include vimdiff.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include vim.profile 10include vim.profile
diff --git a/etc/vimpager.profile b/etc/vimpager.profile
index ef2c20ef1..af7703752 100644
--- a/etc/vimpager.profile
+++ b/etc/vimpager.profile
@@ -4,8 +4,8 @@
4# Persistent local customizations 4# Persistent local customizations
5include vimpager.local 5include vimpager.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7# added by included profile
8 8#include globals.local
9 9
10# Redirect 10# Redirect
11include vim.profile 11include vim.profile
diff --git a/etc/vimtutor.profile b/etc/vimtutor.profile
index 7330d6da2..b9584cc49 100644
--- a/etc/vimtutor.profile
+++ b/etc/vimtutor.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include vimtutor.local 4include vimtutor.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include vim.profile 10include vim.profile
diff --git a/etc/vivaldi-beta.profile b/etc/vivaldi-beta.profile
index bee5d6be6..5de5682a3 100644
--- a/etc/vivaldi-beta.profile
+++ b/etc/vivaldi-beta.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for vivaldi 1# Firejail profile alias for vivaldi
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include vivaldi.profile 5include vivaldi.profile
diff --git a/etc/vivaldi-stable.profile b/etc/vivaldi-stable.profile
index bee5d6be6..5de5682a3 100644
--- a/etc/vivaldi-stable.profile
+++ b/etc/vivaldi-stable.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for vivaldi 1# Firejail profile alias for vivaldi
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include vivaldi.profile 5include vivaldi.profile
diff --git a/etc/vscodium.profile b/etc/vscodium.profile
index 954510113..b4728fb72 100644
--- a/etc/vscodium.profile
+++ b/etc/vscodium.profile
@@ -1,7 +1,6 @@
1# Firejail profile alias for Visual Studio Code 1# Firejail profile alias for Visual Studio Code
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5noblacklist ${HOME}/.VSCodium 4noblacklist ${HOME}/.VSCodium
6 5
7# Redirect 6# Redirect
diff --git a/etc/weechat-curses.profile b/etc/weechat-curses.profile
index 4e9d6826c..4719b9788 100644
--- a/etc/weechat-curses.profile
+++ b/etc/weechat-curses.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for weechat 1# Firejail profile alias for weechat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include weechat.profile 5include weechat.profile
diff --git a/etc/wireshark-gtk.profile b/etc/wireshark-gtk.profile
index 14978013d..3e2e1807e 100644
--- a/etc/wireshark-gtk.profile
+++ b/etc/wireshark-gtk.profile
@@ -2,6 +2,5 @@
2# Description: Network protocol analyzer 2# Description: Network protocol analyzer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include wireshark.profile 6include wireshark.profile
diff --git a/etc/wireshark-qt.profile b/etc/wireshark-qt.profile
index 14978013d..3e2e1807e 100644
--- a/etc/wireshark-qt.profile
+++ b/etc/wireshark-qt.profile
@@ -2,6 +2,5 @@
2# Description: Network protocol analyzer 2# Description: Network protocol analyzer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include wireshark.profile 6include wireshark.profile
diff --git a/etc/xlinks.profile b/etc/xlinks.profile
index ad1511791..7987af280 100644
--- a/etc/xlinks.profile
+++ b/etc/xlinks.profile
@@ -3,6 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include xlinks.local 5include xlinks.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
6 9
7noblacklist /tmp/.X11-unix 10noblacklist /tmp/.X11-unix
8noblacklist ${HOME}/.links 11noblacklist ${HOME}/.links
diff --git a/etc/xonotic-glx.profile b/etc/xonotic-glx.profile
index 8a44fb587..abb91e1ec 100644
--- a/etc/xonotic-glx.profile
+++ b/etc/xonotic-glx.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for xonotic 1# Firejail profile alias for xonotic
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include xonotic.profile 5include xonotic.profile
diff --git a/etc/xonotic-sdl.profile b/etc/xonotic-sdl.profile
index 8a44fb587..abb91e1ec 100644
--- a/etc/xonotic-sdl.profile
+++ b/etc/xonotic-sdl.profile
@@ -1,6 +1,5 @@
1# Firejail profile alias for xonotic 1# Firejail profile alias for xonotic
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4
5# Redirect 4# Redirect
6include xonotic.profile 5include xonotic.profile
diff --git a/etc/xplayer-audio-preview.profile b/etc/xplayer-audio-preview.profile
index 78252c134..0559b8183 100644
--- a/etc/xplayer-audio-preview.profile
+++ b/etc/xplayer-audio-preview.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include xplayer-audio-preview.local 4include xplayer-audio-preview.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include xplayer.profile 10include xplayer.profile
diff --git a/etc/xplayer-video-thumbnailer.profile b/etc/xplayer-video-thumbnailer.profile
index ac8986c69..6b2878476 100644
--- a/etc/xplayer-video-thumbnailer.profile
+++ b/etc/xplayer-video-thumbnailer.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include xplayer-video-thumbnailer.local 4include xplayer-video-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include xplayer.profile 10include xplayer.profile
diff --git a/etc/xreader-previewer.profile b/etc/xreader-previewer.profile
index 2d7e7644c..6e1dcb5d2 100644
--- a/etc/xreader-previewer.profile
+++ b/etc/xreader-previewer.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include xreader-previewer.local 4include xreader-previewer.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include xreader.profile 10include xreader.profile
diff --git a/etc/xreader-thumbnailer.profile b/etc/xreader-thumbnailer.profile
index d463787e6..a6925fcde 100644
--- a/etc/xreader-thumbnailer.profile
+++ b/etc/xreader-thumbnailer.profile
@@ -3,8 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include xreader-thumbnailer.local 4include xreader-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7 7#include globals.local
8 8
9# Redirect 9# Redirect
10include xreader.profile 10include xreader.profile
diff --git a/etc/xxd.profile b/etc/xxd.profile
index f5072da75..569f194d3 100644
--- a/etc/xxd.profile
+++ b/etc/xxd.profile
@@ -4,8 +4,8 @@
4# Persistent local customizations 4# Persistent local customizations
5include xxd.local 5include xxd.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7# added by included profile
8 8#include globals.local
9 9
10# Redirect 10# Redirect
11include vim.profile 11include vim.profile
diff --git a/etc/xz.profile b/etc/xz.profile
index 748dad2e3..f7410b928 100644
--- a/etc/xz.profile
+++ b/etc/xz.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/xzcat.profile b/etc/xzcat.profile
index 748dad2e3..f7410b928 100644
--- a/etc/xzcat.profile
+++ b/etc/xzcat.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/xzcmp.profile b/etc/xzcmp.profile
index 748dad2e3..f7410b928 100644
--- a/etc/xzcmp.profile
+++ b/etc/xzcmp.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/xzdiff.profile b/etc/xzdiff.profile
index 748dad2e3..f7410b928 100644
--- a/etc/xzdiff.profile
+++ b/etc/xzdiff.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/xzegrep.profile b/etc/xzegrep.profile
index 748dad2e3..f7410b928 100644
--- a/etc/xzegrep.profile
+++ b/etc/xzegrep.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/xzfgrep.profile b/etc/xzfgrep.profile
index 748dad2e3..f7410b928 100644
--- a/etc/xzfgrep.profile
+++ b/etc/xzfgrep.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/xzgrep.profile b/etc/xzgrep.profile
index 748dad2e3..f7410b928 100644
--- a/etc/xzgrep.profile
+++ b/etc/xzgrep.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/xzless.profile b/etc/xzless.profile
index 748dad2e3..f7410b928 100644
--- a/etc/xzless.profile
+++ b/etc/xzless.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/etc/xzmore.profile b/etc/xzmore.profile
index 748dad2e3..f7410b928 100644
--- a/etc/xzmore.profile
+++ b/etc/xzmore.profile
@@ -2,6 +2,5 @@
2# Description: Library and command line tools for XZ and LZMA compressed files 2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5
6# Redirect 5# Redirect
7include cpio.profile 6include cpio.profile
diff --git a/src/common.mk.in b/src/common.mk.in
index b9af977ae..1b6ad91a5 100644
--- a/src/common.mk.in
+++ b/src/common.mk.in
@@ -20,6 +20,7 @@ HAVE_WHITELIST=@HAVE_WHITELIST@
20HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ 20HAVE_GLOBALCFG=@HAVE_GLOBALCFG@
21HAVE_APPARMOR=@HAVE_APPARMOR@ 21HAVE_APPARMOR=@HAVE_APPARMOR@
22HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ 22HAVE_OVERLAYFS=@HAVE_OVERLAYFS@
23HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
23HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ 24HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@
24HAVE_GCOV=@HAVE_GCOV@ 25HAVE_GCOV=@HAVE_GCOV@
25 26
@@ -28,7 +29,7 @@ C_FILE_LIST = $(sort $(wildcard *.c))
28OBJS = $(C_FILE_LIST:.c=.o) 29OBJS = $(C_FILE_LIST:.c=.o)
29BINOBJS = $(foreach file, $(OBJS), $file) 30BINOBJS = $(foreach file, $(OBJS), $file)
30 31
31CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security 32CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
32LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread 33LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
33EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ 34EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
34EXTRA_CFLAGS +=@EXTRA_CFLAGS@ 35EXTRA_CFLAGS +=@EXTRA_CFLAGS@
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index b4efa3add..10293cb8f 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -20,6 +20,7 @@ Maelstrom
20Maps 20Maps
21Mathematica 21Mathematica
22Natron 22Natron
23PPSSPPQt
23QMediathekView 24QMediathekView
24QOwnNotes 25QOwnNotes
25Telegram 26Telegram
@@ -288,6 +289,7 @@ iridium
288iridium-browser 289iridium-browser
289jd-gui 290jd-gui
290jdownloader 291jdownloader
292jerry
291jitsi 293jitsi
292k3b 294k3b
293kaffeine 295kaffeine
@@ -402,6 +404,7 @@ netactview
402nethack 404nethack
403netsurf 405netsurf
404neverball 406neverball
407neverputt
405newsbeuter 408newsbeuter
406newsboat 409newsboat
407nheko 410nheko
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 7ca72bf30..b11d795a9 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -278,6 +278,14 @@ void print_compiletime_support(void) {
278#endif 278#endif
279 ); 279 );
280 280
281 printf("\t- firetunnel support is %s\n",
282#ifdef HAVE_FIRETUNNEL
283 "enabled"
284#else
285 "disabled"
286#endif
287 );
288
281 printf("\t- networking support is %s\n", 289 printf("\t- networking support is %s\n",
282#ifdef HAVE_NETWORK 290#ifdef HAVE_NETWORK
283 "enabled" 291 "enabled"
diff --git a/src/firejail/main.c b/src/firejail/main.c
index c50ed4dc4..2403cafa1 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1498,6 +1498,7 @@ int main(int argc, char **argv) {
1498 exit_err_feature("overlayfs"); 1498 exit_err_feature("overlayfs");
1499 } 1499 }
1500#endif 1500#endif
1501#ifdef HAVE_FIRETUNNEL
1501 else if (strcmp(argv[i], "--tunnel") == 0) { 1502 else if (strcmp(argv[i], "--tunnel") == 0) {
1502 // try to connect to the default client side of the tunnel 1503 // try to connect to the default client side of the tunnel
1503 // if this fails, try the default server side of the tunnel 1504 // if this fails, try the default server side of the tunnel
@@ -1523,7 +1524,7 @@ int main(int argc, char **argv) {
1523 exit(1); 1524 exit(1);
1524 } 1525 }
1525 } 1526 }
1526 1527#endif
1527 else if (strncmp(argv[i], "--profile=", 10) == 0) { 1528 else if (strncmp(argv[i], "--profile=", 10) == 0) {
1528 // multiple profile files are allowed! 1529 // multiple profile files are allowed!
1529 1530
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index 69a9a7bee..3beef3986 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -310,7 +310,7 @@ void x11_start_xvfb(int argc, char **argv) {
310 310
311 if (arg_debug) { 311 if (arg_debug) {
312 size_t i = 0; 312 size_t i = 0;
313 printf("\n*** Stating xvfb client:"); 313 printf("\n*** Starting xvfb client:");
314 while (jail_argv[i]!=NULL) { 314 while (jail_argv[i]!=NULL) {
315 printf(" \"%s\"", jail_argv[i]); 315 printf(" \"%s\"", jail_argv[i]);
316 i++; 316 i++;
@@ -838,7 +838,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) {
838 838
839 if (arg_debug) { 839 if (arg_debug) {
840 if (n == 10) 840 if (n == 10)
841 printf("failed to stop xpra server gratefully\n"); 841 printf("failed to stop xpra server gracefully\n");
842 else 842 else
843 printf("xpra server successfully stopped in %d secs\n", n); 843 printf("xpra server successfully stopped in %d secs\n", n);
844 } 844 }
@@ -1023,6 +1023,7 @@ void x11_start_xpra(int argc, char **argv) {
1023 if (!program_in_path("xpra")) { 1023 if (!program_in_path("xpra")) {
1024 fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n"); 1024 fprintf(stderr, "\nError: Xpra program was not found in /usr/bin directory, please install it:\n");
1025 fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n"); 1025 fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n");
1026 fprintf(stderr, " Arch: sudo pacman -S xpra\n");
1026 exit(0); 1027 exit(0);
1027 } 1028 }
1028 1029
@@ -1056,6 +1057,8 @@ void x11_start(int argc, char **argv) {
1056 fprintf(stderr, "\nError: Xpra or Xephyr not found in /usr/bin directory, please install one of them:\n"); 1057 fprintf(stderr, "\nError: Xpra or Xephyr not found in /usr/bin directory, please install one of them:\n");
1057 fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n"); 1058 fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xpra\n");
1058 fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xserver-xephyr\n"); 1059 fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xserver-xephyr\n");
1060 fprintf(stderr, " Arch: sudo pacman -S xpra\n");
1061 fprintf(stderr, " Arch: sudo pacman -S xorg-server-xephyr\n");
1059 exit(0); 1062 exit(0);
1060 } 1063 }
1061} 1064}
@@ -1087,7 +1090,8 @@ void x11_xorg(void) {
1087 struct stat s; 1090 struct stat s;
1088 if (stat("/usr/bin/xauth", &s) == -1) { 1091 if (stat("/usr/bin/xauth", &s) == -1) {
1089 fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n" 1092 fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n"
1090 " Debian/Ubuntu/Mint: sudo apt-get install xauth\n"); 1093 " Debian/Ubuntu/Mint: sudo apt-get install xauth\n"
1094 " Arch: sudo pacman -S xorg-xauth\n");
1091 exit(1); 1095 exit(1);
1092 } 1096 }
1093 if (s.st_uid != 0 && s.st_gid != 0) { 1097 if (s.st_uid != 0 && s.st_gid != 0) {
@@ -1128,8 +1132,14 @@ void x11_xorg(void) {
1128#ifdef HAVE_GCOV 1132#ifdef HAVE_GCOV
1129 __gcov_flush(); 1133 __gcov_flush();
1130#endif 1134#endif
1131 execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname, 1135 if (arg_debug) {
1136 execlp("/usr/bin/xauth", "/usr/bin/xauth", "-v", "-f", tmpfname,
1132 "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); 1137 "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL);
1138 }
1139 else {
1140 execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", tmpfname,
1141 "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL);
1142 }
1133 1143
1134 _exit(127); 1144 _exit(127);
1135 } 1145 }
diff --git a/test/compile/compile.sh b/test/compile/compile.sh
index adacab616..e662b4d30 100755
--- a/test/compile/compile.sh
+++ b/test/compile/compile.sh
@@ -3,7 +3,7 @@
3arr[1]="TEST 1: standard compilation" 3arr[1]="TEST 1: standard compilation"
4arr[2]="TEST 2: compile seccomp disabled" 4arr[2]="TEST 2: compile seccomp disabled"
5arr[3]="TEST 3: compile chroot disabled" 5arr[3]="TEST 3: compile chroot disabled"
6arr[4]="deprecated: TEST 4: compile bind disabled" 6arr[4]="TEST 4: compile firetunnel disabled"
7arr[5]="TEST 5: compile user namespace disabled" 7arr[5]="TEST 5: compile user namespace disabled"
8arr[6]="TEST 6: compile network disabled" 8arr[6]="TEST 6: compile network disabled"
9arr[7]="TEST 7: compile X11 disabled" 9arr[7]="TEST 7: compile X11 disabled"
@@ -108,6 +108,24 @@ cp output-make om3
108rm output-configure output-make 108rm output-configure output-make
109 109
110#***************************************************************** 110#*****************************************************************
111# TEST 4
112#*****************************************************************
113# - disable firetunnel configuration
114#*****************************************************************
115print_title "${arr[4]}"
116# seccomp
117cd firejail
118make distclean
119./configure --prefix=/usr --disable-firetunnel --enable-fatal-warnings 2>&1 | tee ../output-configure
120make -j4 2>&1 | tee ../output-make
121cd ..
122grep Warning output-configure output-make > ./report-test4
123grep Error output-configure output-make >> ./report-test4
124cp output-configure oc4
125cp output-make om4
126rm output-configure output-make
127
128#*****************************************************************
111# TEST 5 129# TEST 5
112#***************************************************************** 130#*****************************************************************
113# - disable user namespace configuration 131# - disable user namespace configuration
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-20 05:02:11 +0000