aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2017-09-02 11:24:14 -0400
committerLibravatar GitHub <noreply@github.com>2017-09-02 11:24:14 -0400
commit9a4d18ecd528a2ba9245fc8dffa05f767d726573 (patch)
treee9cc5a26b1dc303844fd95317f838a0aca9120a1
parentmerges (diff)
parentMerge branch 'master' into yb (diff)
downloadfirejail-9a4d18ecd528a2ba9245fc8dffa05f767d726573.tar.gz
firejail-9a4d18ecd528a2ba9245fc8dffa05f767d726573.tar.zst
firejail-9a4d18ecd528a2ba9245fc8dffa05f767d726573.zip
Merge pull request #1519 from SpotComms/yb
Add a profile for Yandex Browser
Diffstat
-rw-r--r--etc/disable-programs.inc4
-rw-r--r--etc/yandex-browser.profile52
2 files changed, 37 insertions, 19 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 736ac1e89..b833a3f68 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -178,6 +178,8 @@ blacklist ${HOME}/.config/xmms2
178blacklist ${HOME}/.config/xplayer 178blacklist ${HOME}/.config/xplayer
179blacklist ${HOME}/.config/xreader 179blacklist ${HOME}/.config/xreader
180blacklist ${HOME}/.config/xviewer 180blacklist ${HOME}/.config/xviewer
181blacklist ${HOME}/.config/yandex-browser
182blacklist ${HOME}/.config/yandex-browser-beta
181blacklist ${HOME}/.config/zathura 183blacklist ${HOME}/.config/zathura
182blacklist ${HOME}/.config/zoomus.conf 184blacklist ${HOME}/.config/zoomus.conf
183blacklist ${HOME}/.conkeror.mozdev.org 185blacklist ${HOME}/.conkeror.mozdev.org
@@ -427,3 +429,5 @@ blacklist ${HOME}/.cache/vivaldi
427blacklist ${HOME}/.cache/wesnoth 429blacklist ${HOME}/.cache/wesnoth
428blacklist ${HOME}/.cache/xmms2 430blacklist ${HOME}/.cache/xmms2
429blacklist ${HOME}/.cache/xreader 431blacklist ${HOME}/.cache/xreader
432blacklist ${HOME}/.cache/yandex-browser
433blacklist ${HOME}/.cache/yandex-browser-beta
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile
index b1a26c3ea..bfb7b9d87 100644
--- a/etc/yandex-browser.profile
+++ b/etc/yandex-browser.profile
@@ -1,28 +1,42 @@
1# Chromium browser profile 1# Firejail profile for yandex-browser
2noblacklist ~/.config/yandex-browser-beta 2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/yandex-browser.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ~/.cache/yandex-browser
3noblacklist ~/.cache/yandex-browser-beta 9noblacklist ~/.cache/yandex-browser-beta
10noblacklist ~/.config/yandex-browser
11noblacklist ~/.config/yandex-browser-beta
12noblacklist ~/.pki
13
4include /etc/firejail/disable-common.inc 14include /etc/firejail/disable-common.inc
15include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-programs.inc 16include /etc/firejail/disable-programs.inc
6 17
7# chromium is distributed with a perl script on Arch 18mkdir ~/.cache/yandex-browser
8# include /etc/firejail/disable-devel.inc
9#
10
11netfilter
12
13whitelist ${DOWNLOADS}
14mkdir ~/.config/yandex-browser-beta
15whitelist ~/.config/yandex-browser-beta
16mkdir ~/.cache/yandex-browser-beta 19mkdir ~/.cache/yandex-browser-beta
17whitelist ~/.cache/yandex-browser-beta 20mkdir ~/.config/yandex-browser
21mkdir ~/.config/yandex-browser-beta
18mkdir ~/.pki 22mkdir ~/.pki
23whitelist ${DOWNLOADS}
24whitelist ~/.cache/yandex-browser
25whitelist ~/.cache/yandex-browser-beta
26whitelist ~/.config/yandex-browser
27whitelist ~/.config/yandex-browser-beta
19whitelist ~/.pki 28whitelist ~/.pki
29include /etc/firejail/whitelist-common.inc
30
31caps.keep sys_chroot,sys_admin
32netfilter
33nodvd
34nogroups
35notv
36shell none
20 37
21# lastpass, keepassx 38private-dev
22whitelist ~/.keepassx 39# private-tmp - problems with multiple browser sessions
23whitelist ~/.config/keepassx
24whitelist ~/keepassx.kdbx
25whitelist ~/.lastpass
26whitelist ~/.config/lastpass
27 40
28include /etc/firejail/whitelist-common.inc 41noexec ${HOME}
42noexec /tmp
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 23:22:21 +0000