summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar Tad <tad@spotco.us>2017-09-16 15:35:55 -0400
committerLibravatar Tad <tad@spotco.us>2017-09-18 18:24:13 -0400
commit78bb84ddf277dab653a08f97303894e35433402f (patch)
treed19d0b56218a18d99fd26068c750b247184a495a
parentUpdate disable-programs.inc (diff)
downloadfirejail-78bb84ddf277dab653a08f97303894e35433402f.tar.gz
firejail-78bb84ddf277dab653a08f97303894e35433402f.tar.zst
firejail-78bb84ddf277dab653a08f97303894e35433402f.zip
Misc fixes
Thanks to @Fred-Barclay, @smitsohu and @reinerh for a bunch of these
Diffstat
-rw-r--r--etc/Viber.profile3
-rw-r--r--etc/amule.profile1
-rw-r--r--etc/ardour5.profile3
-rw-r--r--etc/cin.profile2
-rw-r--r--etc/disable-programs.inc5
-rw-r--r--etc/dooble.profile6
-rw-r--r--etc/fetchmail.profile2
-rw-r--r--etc/google-earth.profile17
-rw-r--r--etc/kdenlive.profile3
-rw-r--r--etc/krita.profile2
-rw-r--r--etc/mpd.profile1
-rw-r--r--etc/natron.profile6
-rw-r--r--etc/teamspeak3.profile2
-rw-r--r--etc/tor-browser-en.profile35
-rw-r--r--etc/torbrowser-launcher.profile11
-rw-r--r--etc/x-terminal-emulator.profile1
-rw-r--r--etc/zart.profile1
17 files changed, 45 insertions, 56 deletions
diff --git a/etc/Viber.profile b/etc/Viber.profile
index 468199dd8..03e5f1086 100644
--- a/etc/Viber.profile
+++ b/etc/Viber.profile
@@ -25,11 +25,12 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28protocol unix,inet,inet6
28seccomp 29seccomp
29shell none 30shell none
30 31
31disable-mnt 32disable-mnt
32private-bin sh,dig,awk 33private-bin sh,bash,dash,dig,awk,Viber
33private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf 34private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf
34private-tmp 35private-tmp
35 36
diff --git a/etc/amule.profile b/etc/amule.profile
index c59377850..98ec52015 100644
--- a/etc/amule.profile
+++ b/etc/amule.profile
@@ -28,6 +28,7 @@ noroot
28nosound 28nosound
29notv 29notv
30novideo 30novideo
31protocol unix,inet,inet6
31seccomp 32seccomp
32shell none 33shell none
33 34
diff --git a/etc/ardour5.profile b/etc/ardour5.profile
index 738b5990a..69b3dde46 100644
--- a/etc/ardour5.profile
+++ b/etc/ardour5.profile
@@ -24,10 +24,11 @@ nogroups
24nonewprivs 24nonewprivs
25noroot 25noroot
26notv 26notv
27protocol unix
27seccomp 28seccomp
28shell none 29shell none
29 30
30#private-bin sh,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm 31#private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm
31private-dev 32private-dev
32#private-etc pulse,X11,alternatives,ardour4,ardour5,fonts 33#private-etc pulse,X11,alternatives,ardour4,ardour5,fonts
33private-tmp 34private-tmp
diff --git a/etc/cin.profile b/etc/cin.profile
index 93a94c910..eeeda476f 100644
--- a/etc/cin.profile
+++ b/etc/cin.profile
@@ -24,7 +24,7 @@ protocol unix
24seccomp 24seccomp
25shell none 25shell none
26 26
27private-bin cin 27#private-bin cin
28private-dev 28private-dev
29 29
30noexec ${HOME} 30noexec ${HOME}
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index e22fb6fa3..88b7e7d32 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -208,7 +208,10 @@ blacklist ${HOME}/.frozen-bubble
208blacklist ${HOME}/.gimp* 208blacklist ${HOME}/.gimp*
209blacklist ${HOME}/.git-credential-cache 209blacklist ${HOME}/.git-credential-cache
210blacklist ${HOME}/.gitconfig 210blacklist ${HOME}/.gitconfig
211blacklist ${HOME}/.googleearth 211blacklist ${HOME}/.googleearth/Cache/
212blacklist ${HOME}/.googleearth/Temp/
213blacklist ${HOME}/.googleearth/myplaces.backup.kml
214blacklist ${HOME}/.googleearth/myplaces.kml
212blacklist ${HOME}/.gradle 215blacklist ${HOME}/.gradle
213blacklist ${HOME}/.guayadeque 216blacklist ${HOME}/.guayadeque
214blacklist ${HOME}/.hedgewars 217blacklist ${HOME}/.hedgewars
diff --git a/etc/dooble.profile b/etc/dooble.profile
index aabfcd8bb..2a57b0ef3 100644
--- a/etc/dooble.profile
+++ b/etc/dooble.profile
@@ -1,4 +1,4 @@
1# Firejail profile for dooble-qt4 1# Firejail profile for dooble
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dooble-qt4.local 4include /etc/firejail/dooble-qt4.local
@@ -6,7 +6,7 @@ include /etc/firejail/dooble-qt4.local
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8 8
9noblacklist ~/.dooble 9noblacklist ${HOME}/.dooble
10 10
11include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc 12include /etc/firejail/disable-devel.inc
@@ -15,7 +15,7 @@ include /etc/firejail/disable-programs.inc
15 15
16mkdir ${HOME}/.dooble 16mkdir ${HOME}/.dooble
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ~/.dooble 18whitelist ${HOME}/.dooble
19include /etc/firejail/whitelist-common.inc 19include /etc/firejail/whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile
index 9ee59f453..3fd7f3d75 100644
--- a/etc/fetchmail.profile
+++ b/etc/fetchmail.profile
@@ -25,5 +25,5 @@ protocol unix,inet,inet6
25seccomp 25seccomp
26shell none 26shell none
27 27
28# private-bin fetchmail,procmail,bash,chmod 28#private-bin fetchmail,procmail,bash,chmod
29private-dev 29private-dev
diff --git a/etc/google-earth.profile b/etc/google-earth.profile
index 32da9a5a8..b60f5b3a5 100644
--- a/etc/google-earth.profile
+++ b/etc/google-earth.profile
@@ -6,7 +6,10 @@ include /etc/firejail/google-earth.local
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.config/Google 8noblacklist ${HOME}/.config/Google
9noblacklist ${HOME}/.googleearth 9noblacklist ${HOME}/.googleearth/Cache/
10noblacklist ${HOME}/.googleearth/Temp/
11noblacklist ${HOME}/.googleearth/myplaces.backup.kml
12noblacklist ${HOME}/.googleearth/myplaces.kml
10 13
11include /etc/firejail/disable-common.inc 14include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc 15include /etc/firejail/disable-devel.inc
@@ -14,9 +17,15 @@ include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 17include /etc/firejail/disable-programs.inc
15 18
16mkdir ${HOME}/.config/Google 19mkdir ${HOME}/.config/Google
17mkdir ${HOME}/.googleearth 20mkdir ${HOME}/.googleearth/Cache/
21mkdir ${HOME}/.googleearth/Temp/
22mkfile ${HOME}/.googleearth/myplaces.backup.kml
23mkfile ${HOME}/.googleearth/myplaces.kml
18whitelist ${HOME}/.config/Google 24whitelist ${HOME}/.config/Google
19whitelist ${HOME}/.googleearth 25whitelist ${HOME}/.googleearth/Cache/
26whitelist ${HOME}/.googleearth/Temp/
27whitelist ${HOME}/.googleearth/myplaces.backup.kml
28whitelist ${HOME}/.googleearth/myplaces.kml
20include /etc/firejail/whitelist-common.inc 29include /etc/firejail/whitelist-common.inc
21 30
22caps.drop all 31caps.drop all
@@ -32,7 +41,7 @@ protocol unix,inet,inet6
32seccomp 41seccomp
33shell none 42shell none
34 43
35private-bin google-earth,sh,grep,sed,ls,dirname 44private-bin google-earth,sh,bash,dash,grep,sed,ls,dirname
36private-dev 45private-dev
37 46
38noexec ${HOME} 47noexec ${HOME}
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile
index 56bb729e1..a1a5f957c 100644
--- a/etc/kdenlive.profile
+++ b/etc/kdenlive.profile
@@ -25,3 +25,6 @@ shell none
25private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper 25private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper
26private-dev 26private-dev
27#private-etc fonts,alternatives,X11,pulse,passwd 27#private-etc fonts,alternatives,X11,pulse,passwd
28
29noexec ${HOME}
30noexec /tmp
diff --git a/etc/krita.profile b/etc/krita.profile
index 2dfd084ef..e91f5b242 100644
--- a/etc/krita.profile
+++ b/etc/krita.profile
@@ -28,5 +28,5 @@ shell none
28private-dev 28private-dev
29private-tmp 29private-tmp
30 30
31noexec /home 31noexec ${HOME}
32noexec /tmp 32noexec /tmp
diff --git a/etc/mpd.profile b/etc/mpd.profile
index 601861083..7bfa47d77 100644
--- a/etc/mpd.profile
+++ b/etc/mpd.profile
@@ -17,7 +17,6 @@ caps.drop all
17netfilter 17netfilter
18no3d 18no3d
19nodvd 19nodvd
20nogroups
21nonewprivs 20nonewprivs
22noroot 21noroot
23notv 22notv
diff --git a/etc/natron.profile b/etc/natron.profile
index 49eaf2f0d..d77539d83 100644
--- a/etc/natron.profile
+++ b/etc/natron.profile
@@ -7,9 +7,9 @@ include /etc/firejail/globals.local
7 7
8 8
9noblacklist ${HOME}/.Natron 9noblacklist ${HOME}/.Natron
10noblacklist ${HOME}/.cache/INRIA/Natron/ 10noblacklist ${HOME}/.cache/INRIA/Natron
11noblacklist ${HOME}/.config/INRIA/ 11noblacklist ${HOME}/.config/INRIA
12noblacklist /opt/natron/ 12noblacklist /opt/natron
13 13
14include /etc/firejail/disable-common.inc 14include /etc/firejail/disable-common.inc
15include /etc/firejail/disable-devel.inc 15include /etc/firejail/disable-devel.inc
diff --git a/etc/teamspeak3.profile b/etc/teamspeak3.profile
index f8afff551..86f96ba50 100644
--- a/etc/teamspeak3.profile
+++ b/etc/teamspeak3.profile
@@ -5,7 +5,6 @@ include /etc/firejail/teamspeak3.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${DOWNLOADS}
9noblacklist ${HOME}/.ts3client 8noblacklist ${HOME}/.ts3client
10 9
11include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -33,7 +32,6 @@ seccomp
33shell none 32shell none
34 33
35disable-mnt 34disable-mnt
36private
37private-dev 35private-dev
38private-tmp 36private-tmp
39 37
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile
index 75a079a2e..bf3a80139 100644
--- a/etc/tor-browser-en.profile
+++ b/etc/tor-browser-en.profile
@@ -1,35 +1,6 @@
1# Firejail profile for tor-browser-en 1# Firejail profile alias for torbrowser-launcher
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/tor-browser-en.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7 3
8 4
9noblacklist ${HOME}/.tor-browser-en 5# Redirect
10 6include /etc/firejail/torbrowser-launcher.profile
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16whitelist ${HOME}/.tor-browser-en
17include /etc/firejail/whitelist-common.inc
18
19caps.drop all
20netfilter
21nodvd
22nogroups
23nonewprivs
24noroot
25notv
26novideo
27protocol unix,inet,inet6
28seccomp
29shell none
30
31disable-mnt
32private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
33private-tmp
34
35noexec /tmp
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 763c2d051..3b6b65bec 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -5,17 +5,20 @@ include /etc/firejail/torbrowser-launcher.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8 8noblacklist ~/.tor-browser-en
9noblacklist ~/.config/torbrowser 9noblacklist ~/.config/torbrowser
10whitelist ~/.config/torbrowser
11noblacklist ~/.local/share/torbrowser 10noblacklist ~/.local/share/torbrowser
12whitelist ~/.local/share/torbrowser
13 11
14include /etc/firejail/disable-common.inc 12include /etc/firejail/disable-common.inc
15include /etc/firejail/disable-devel.inc 13include /etc/firejail/disable-devel.inc
16include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 15include /etc/firejail/disable-programs.inc
18 16
17whitelist ~/.tor-browser-en
18whitelist ~/.config/torbrowser
19whitelist ~/.local/share/torbrowser
20include /etc/firejail/whitelist-common.inc
21
19caps.drop all 22caps.drop all
20netfilter 23netfilter
21nodvd 24nodvd
@@ -29,7 +32,7 @@ seccomp
29shell none 32shell none
30tracelog 33tracelog
31 34
32private-bin torbrowser-launcher,python2.7,python,bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf 35private-bin bash,cp,dash,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python,python2.7,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher
33private-dev 36private-dev
34private-etc fonts 37private-etc fonts
35private-tmp 38private-tmp
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile
index aca0d7144..1395b81c9 100644
--- a/etc/x-terminal-emulator.profile
+++ b/etc/x-terminal-emulator.profile
@@ -12,6 +12,7 @@ net none
12netfilter 12netfilter
13nogroups 13nogroups
14noroot 14noroot
15protocol unix
15seccomp 16seccomp
16 17
17private-dev 18private-dev
diff --git a/etc/zart.profile b/etc/zart.profile
index b5897f4a9..6e136d0c9 100644
--- a/etc/zart.profile
+++ b/etc/zart.profile
@@ -19,7 +19,6 @@ nogroups
19nonewprivs 19nonewprivs
20noroot 20noroot
21notv 21notv
22novideo
23protocol unix 22protocol unix
24seccomp 23seccomp
25shell none 24shell none
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-05 23:59:52 +0000