aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar startx2017 <vradu.startx@yandex.com>2018-10-18 08:56:41 -0400
committerLibravatar startx2017 <vradu.startx@yandex.com>2018-10-18 08:56:41 -0400
commite71146b47b82c8cfa6e3b3657401f977f3e9efb6 (patch)
treeca14815dc4f44248c7bd4fbc578d4ed19f918fb5
parentmainline merge: Fix docs on default seccomp list: change mfsservctl -> nfsser... (diff)
downloadfirejail-e71146b47b82c8cfa6e3b3657401f977f3e9efb6.tar.gz
firejail-e71146b47b82c8cfa6e3b3657401f977f3e9efb6.tar.zst
firejail-e71146b47b82c8cfa6e3b3657401f977f3e9efb6.zip
mainline merge: update profiles as of Oct 13
Diffstat
-rw-r--r--etc/QMediathekView.profile54
-rw-r--r--etc/aria2c.profile45
-rw-r--r--etc/artha.profile46
-rw-r--r--etc/authenticator.profile49
-rw-r--r--etc/bsdcat.profile6
-rw-r--r--etc/bsdcpio.profile6
-rw-r--r--etc/bsdtar.profile2
-rw-r--r--etc/checkbashisms.profile49
-rw-r--r--etc/claws-mail.profile3
-rw-r--r--etc/desktop.profile44
-rw-r--r--etc/devilspie.profile49
-rw-r--r--etc/devilspie2.profile49
-rw-r--r--etc/disable-common.inc21
-rw-r--r--etc/disable-passwdmgr.inc1
-rw-r--r--etc/disable-programs.inc17
-rw-r--r--etc/discord-common.profile2
-rw-r--r--etc/easystroke.profile45
-rw-r--r--etc/evince.profile2
-rw-r--r--etc/file.profile5
-rw-r--r--etc/gnome-pie.profile43
-rw-r--r--etc/krunner.profile4
-rw-r--r--etc/lbunzip2.profile7
-rw-r--r--etc/lbzcat.profile7
-rw-r--r--etc/lbzip2.profile7
-rw-r--r--etc/lzcat.profile7
-rw-r--r--etc/lzcmp.profile7
-rw-r--r--etc/lzdiff.profile7
-rw-r--r--etc/lzegrep.profile7
-rw-r--r--etc/lzfgrep.profile7
-rw-r--r--etc/lzgrep.profile7
-rw-r--r--etc/lzip.profile7
-rw-r--r--etc/lzless.profile7
-rw-r--r--etc/lzma.profile7
-rw-r--r--etc/lzmadec.profile7
-rw-r--r--etc/lzmainfo.profile7
-rw-r--r--etc/lzmore.profile7
-rw-r--r--etc/masterpdfeditor.profile50
-rw-r--r--etc/masterpdfeditor4.profile12
-rw-r--r--etc/masterpdfeditor5.profile12
-rw-r--r--etc/mencoder.profile28
-rw-r--r--etc/min.profile50
-rw-r--r--etc/nitroshare-cli.profile7
-rw-r--r--etc/nitroshare-nmh.profile7
-rw-r--r--etc/nitroshare-send.profile7
-rw-r--r--etc/nitroshare-ui.profile7
-rw-r--r--etc/nitroshare.profile50
-rw-r--r--etc/steam.profile2
-rw-r--r--etc/strings.profile4
-rw-r--r--etc/unlzma.profile7
-rw-r--r--etc/unxz.profile7
-rw-r--r--etc/xzcat.profile7
-rw-r--r--etc/xzcmp.profile7
-rw-r--r--etc/xzdiff.profile7
-rw-r--r--etc/xzegrep.profile7
-rw-r--r--etc/xzfgrep.profile7
-rw-r--r--etc/xzgrep.profile7
-rw-r--r--etc/xzless.profile7
-rw-r--r--etc/xzmore.profile7
58 files changed, 936 insertions, 17 deletions
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile
new file mode 100644
index 000000000..558f62f0e
--- /dev/null
+++ b/etc/QMediathekView.profile
@@ -0,0 +1,54 @@
1# Firejail profile for QMediathekView
2# Description: Search, download or stream files from mediathek.de
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/QMediathekView.local
6# Persistent global definitions
7include /etc/firejail/globals.local
8
9noblacklist ${HOME}/.config/QMediathekView
10noblacklist ${HOME}/.local/share/QMediathekView
11
12noblacklist ${HOME}/.config/mpv
13noblacklist ${HOME}/.config/smplayer
14noblacklist ${HOME}/.config/totem
15noblacklist ${HOME}/.config/vlc
16noblacklist ${HOME}/.config/xplayer
17noblacklist ${HOME}/.local/share/totem
18noblacklist ${HOME}/.local/share/xplayer
19noblacklist ${HOME}/.mplayer
20
21include /etc/firejail/disable-common.inc
22include /etc/firejail/disable-devel.inc
23include /etc/firejail/disable-interpreters.inc
24include /etc/firejail/disable-passwdmgr.inc
25include /etc/firejail/disable-programs.inc
26
27include /etc/firejail/whitelist-var-common.inc
28
29caps.drop all
30netfilter
31# no3d
32# nodbus
33nodvd
34nogroups
35nonewprivs
36noroot
37notv
38nou2f
39protocol unix,inet,inet6
40seccomp
41shell none
42tracelog
43
44disable-mnt
45private-bin QMediathekView,mplayer,mpv,smplayer,totem,vlc,xplayer
46private-cache
47private-dev
48# private-etc none
49# private-lib
50private-tmp
51
52# memory-deny-write-execute - breaks on Arch
53noexec ${HOME}
54noexec /tmp
diff --git a/etc/aria2c.profile b/etc/aria2c.profile
new file mode 100644
index 000000000..4231c58ff
--- /dev/null
+++ b/etc/aria2c.profile
@@ -0,0 +1,45 @@
1# Firejail profile for aria2c
2# Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/aria2c.local
6# Persistent global definitions
7include /etc/firejail/globals.local
8
9noblacklist ${HOME}/.aria2
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc
16include /etc/firejail/disable-xdg.inc
17
18caps.drop all
19ipc-namespace
20netfilter
21no3d
22nodbus
23nodvd
24nogroups
25nonewprivs
26noroot
27nosound
28notv
29novideo
30protocol unix,inet,inet6
31seccomp
32shell none
33
34disable-mnt
35# private
36private-bin aria2c,gzip
37private-cache
38private-dev
39private-etc ca-certificates,ssl
40private-lib libreadline.so.*
41private-tmp
42
43memory-deny-write-execute
44noexec ${HOME}
45noexec /tmp
diff --git a/etc/artha.profile b/etc/artha.profile
new file mode 100644
index 000000000..befe9295f
--- /dev/null
+++ b/etc/artha.profile
@@ -0,0 +1,46 @@
1# Firejail profile for artha
2# Description: A free cross-platform English thesaurus based on WordNet
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/artha.local
6# Persistent global definitions
7include /etc/firejail/globals.local
8
9noblacklist ${HOME}/.config/artha.conf
10noblacklist ${HOME}/.config/enchant
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc
17
18caps.drop all
19ipc-namespace
20machine-id
21net none
22no3d
23# nodbus
24nodvd
25nogroups
26nonewprivs
27noroot
28nosound
29notv
30nou2f
31novideo
32protocol unix
33seccomp
34shell none
35
36disable-mnt
37private-bin artha,enchant,notify-send
38private-cache
39private-dev
40private-etc fonts
41private-lib libnotify.so.*
42private-tmp
43
44memory-deny-write-execute
45noexec ${HOME}
46noexec /tmp
diff --git a/etc/authenticator.profile b/etc/authenticator.profile
new file mode 100644
index 000000000..f10abdda8
--- /dev/null
+++ b/etc/authenticator.profile
@@ -0,0 +1,49 @@
1# Firejail profile for authenticator
2# Description: 2FA code generator for GNOME
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/authenticator.local
6# Persistent global definitions
7include /etc/firejail/globals.local
8
9# blacklisted in 'disable-programs.local'
10noblacklist ${HOME}/.config/Authenticator
11
12# Allow python 3.x (blacklisted by disable-interpreters.inc)
13noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python3*
15
16include /etc/firejail/disable-common.inc
17include /etc/firejail/disable-devel.inc
18include /etc/firejail/disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc
21
22# apparmor
23caps.drop all
24net none
25no3d
26# nodbus - makes settings immutable
27nodvd
28nogroups
29nonewprivs
30noroot
31nosound
32notv
33# novideo
34nou2f
35protocol unix
36seccomp
37shell none
38
39disable-mnt
40# private-bin authenticator
41private-cache
42private-dev
43private-etc fonts,ld.so.cache
44# private-lib
45private-tmp
46
47# memory-deny-write-execute - breaks on Arch
48noexec ${HOME}
49noexec /tmp
diff --git a/etc/bsdcat.profile b/etc/bsdcat.profile
new file mode 100644
index 000000000..b900eb4bf
--- /dev/null
+++ b/etc/bsdcat.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for bsdtar
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/bsdtar.profile
diff --git a/etc/bsdcpio.profile b/etc/bsdcpio.profile
new file mode 100644
index 000000000..b900eb4bf
--- /dev/null
+++ b/etc/bsdcpio.profile
@@ -0,0 +1,6 @@
1# Firejail profile alias for bsdtar
2# This file is overwritten after every install/update
3
4
5# Redirect
6include /etc/firejail/bsdtar.profile
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile
index d8ace6aaf..57220ef4a 100644
--- a/etc/bsdtar.profile
+++ b/etc/bsdtar.profile
@@ -34,6 +34,6 @@ shell none
34tracelog 34tracelog
35 35
36# support compressed archives 36# support compressed archives
37private-bin sh,bash,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive 37private-bin sh,bash,bsdcat,bsdcpio,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive
38private-dev 38private-dev
39private-etc passwd,group,localtime 39private-etc passwd,group,localtime
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile
new file mode 100644
index 000000000..c8b8be04e
--- /dev/null
+++ b/etc/checkbashisms.profile
@@ -0,0 +1,49 @@
1# Firejail profile for checkbashisms
2# Description: Lint tool for shell scripts
3# This file is overwritten after every install/update
4quiet
5# Persistent local customizations
6include /etc/firejail/checkbashisms.local
7# Persistent global definitions
8include /etc/firejail/globals.local
9
10noblacklist ${DOCUMENTS}
11
12# Allow perl (blacklisted by disable-interpreters.inc)
13noblacklist ${PATH}/cpan*
14noblacklist ${PATH}/core_perl
15noblacklist ${PATH}/perl
16noblacklist /usr/lib/perl*
17noblacklist /usr/share/perl*
18
19include /etc/firejail/disable-common.inc
20include /etc/firejail/disable-devel.inc
21include /etc/firejail/disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc
24include /etc/firejail/disable-xdg.inc
25
26include /etc/firejail/whitelist-var-common.inc
27
28caps.drop all
29ipc-namespace
30net none
31no3d
32nodbus
33nodvd
34nogroups
35nonewprivs
36noroot
37nosound
38notv
39novideo
40protocol unix
41seccomp
42shell none
43
44private-dev
45private-tmp
46
47memory-deny-write-execute
48noexec ${HOME}
49noexec /tmp
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile
index cb8ae6a80..f7f0fccca 100644
--- a/etc/claws-mail.profile
+++ b/etc/claws-mail.profile
@@ -18,17 +18,20 @@ include /etc/firejail/disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
21no3d
21nodvd 22nodvd
22nogroups 23nogroups
23nonewprivs 24nonewprivs
24noroot 25noroot
25nosound 26nosound
26notv 27notv
28nou2f
27novideo 29novideo
28protocol unix,inet,inet6 30protocol unix,inet,inet6
29seccomp 31seccomp
30shell none 32shell none
31 33
34private-cache
32private-dev 35private-dev
33private-tmp 36private-tmp
34 37
diff --git a/etc/desktop.profile b/etc/desktop.profile
new file mode 100644
index 000000000..8bfa885a3
--- /dev/null
+++ b/etc/desktop.profile
@@ -0,0 +1,44 @@
1# Firejail profile for desktop
2# Description: Extend your GitHub workflow beyond your browser with GitHub Desktop
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/github-desktop.local
6# Persistent global definitions
7include /etc/firejail/globals.local
8
9whitelist ${HOME}/.gitconfig
10whitelist ${HOME}/.config/GitHub Desktop
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15include /etc/firejail/disable-devel.inc
16include /etc/firejail/disable-interpreters.inc
17
18include /etc/firejail/whitelist-common.inc
19
20caps.drop all
21netfilter
22# no3d
23nodvd
24nogroups
25nonewprivs
26noroot
27nosound
28notv
29nou2f
30novideo
31protocol unix,inet,inet6,netlink
32seccomp
33
34disable-mnt
35# private-bin Atom,desktop
36# private-cache
37# private-dev
38# private-etc none
39# private-lib
40# private-tmp
41
42# memory-deny-write-execute
43# noexec ${HOME}
44# noexec /tmp
diff --git a/etc/devilspie.profile b/etc/devilspie.profile
new file mode 100644
index 000000000..dbfb05798
--- /dev/null
+++ b/etc/devilspie.profile
@@ -0,0 +1,49 @@
1# Firejail profile for devilspie
2# Description: Window matching daemon
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/devilspie.local
6# Persistent global definitions
7include /etc/firejail/globals.local
8
9noblacklist ${HOME}/.devilspie
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc
16
17caps.drop all
18ipc-namespace
19machine-id
20net none
21no3d
22nodbus
23nodvd
24nogroups
25nonewprivs
26noroot
27nosound
28notv
29nou2f
30novideo
31protocol unix
32seccomp
33shell none
34tracelog
35
36disable-mnt
37private-bin devilspie
38private-cache
39private-dev
40private-etc none
41private-lib gconv
42private-tmp
43
44memory-deny-write-execute
45noexec ${HOME}
46noexec /tmp
47
48# devilspie will never write anything
49read-only ${HOME}
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile
new file mode 100644
index 000000000..3a9a9659a
--- /dev/null
+++ b/etc/devilspie2.profile
@@ -0,0 +1,49 @@
1# Firejail profile for devilspie2
2# Description: Window matching daemon (Lua)
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/devilspie2.local
6# Persistent global definitions
7include /etc/firejail/globals.local
8
9noblacklist ${HOME}/.config/devilspie2
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc
16
17caps.drop all
18ipc-namespace
19machine-id
20net none
21no3d
22nodbus
23nodvd
24nogroups
25nonewprivs
26noroot
27nosound
28notv
29nou2f
30novideo
31protocol unix
32seccomp
33shell none
34tracelog
35
36disable-mnt
37private-bin devilspie2
38private-cache
39private-dev
40private-etc none
41private-lib gconv
42private-tmp
43
44memory-deny-write-execute
45noexec ${HOME}
46noexec /tmp
47
48# devilspie2 will never write anything
49read-only ${HOME}
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 94254931e..ceca17826 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -273,6 +273,9 @@ blacklist ${HOME}/.local/share/Trash
273read-only ${HOME}/.config/menus 273read-only ${HOME}/.config/menus
274read-only ${HOME}/.local/share/applications 274read-only ${HOME}/.local/share/applications
275 275
276# Write-protection for thumbnailer dir
277read-only ${HOME}/.local/share/thumbnailers
278
276# top secret 279# top secret
277blacklist ${HOME}/*.kdb 280blacklist ${HOME}/*.kdb
278blacklist ${HOME}/*.kdbx 281blacklist ${HOME}/*.kdbx
@@ -314,9 +317,11 @@ blacklist /var/backup
314# cloud provider configuration 317# cloud provider configuration
315blacklist ${HOME}/.aws 318blacklist ${HOME}/.aws
316blacklist ${HOME}/.boto 319blacklist ${HOME}/.boto
317blacklist /etc/boto.cfg
318blacklist ${HOME}/.config/gcloud 320blacklist ${HOME}/.config/gcloud
319blacklist ${HOME}/.kube 321blacklist ${HOME}/.kube
322blacklist ${HOME}/.passwd-s3fs
323blacklist ${HOME}/.s3cmd
324blacklist /etc/boto.cfg
320 325
321# system directories 326# system directories
322blacklist /sbin 327blacklist /sbin
@@ -388,14 +393,14 @@ blacklist /vmlinuz*
388# snapshot files 393# snapshot files
389blacklist /.snapshots 394blacklist /.snapshots
390 395
391# complement noexec ${HOME} and noexec /tmp
392noexec /tmp/.X11-unix
393
394# flatpak 396# flatpak
395blacklist ${HOME}/*.config/flatpak 397blacklist ${HOME}/.config/flatpak
396blacklist ${HOME}/*.var 398blacklist ${HOME}/.local/share/flatpak
397blacklist ${HOME}/*.local/share/flatpak 399blacklist ${HOME}/.var
398blacklist /var/lib/flatpak
399blacklist /usr/share/flatpak 400blacklist /usr/share/flatpak
401blacklist /var/lib/flatpak
400# most of the time bwrap is SUID binary 402# most of the time bwrap is SUID binary
401blacklist ${PATH}/bwrap 403blacklist ${PATH}/bwrap
404
405# complement noexec ${HOME} and noexec /tmp
406noexec /tmp/.X11-unix
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc
index 6ef11780e..19fd871d3 100644
--- a/etc/disable-passwdmgr.inc
+++ b/etc/disable-passwdmgr.inc
@@ -2,6 +2,7 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-passwdmgr.local 3include /etc/firejail/disable-passwdmgr.local
4 4
5blacklist ${HOME}/.config/Bitwarden
5blacklist ${HOME}/.config/KeePass 6blacklist ${HOME}/.config/KeePass
6blacklist ${HOME}/.config/keepass 7blacklist ${HOME}/.config/keepass
7blacklist ${HOME}/.config/keepassx 8blacklist ${HOME}/.config/keepassx
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 1213e4f24..0f48a320b 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -32,6 +32,7 @@ blacklist ${HOME}/.aMule
32blacklist ${HOME}/.android 32blacklist ${HOME}/.android
33blacklist ${HOME}/.anydesk 33blacklist ${HOME}/.anydesk
34blacklist ${HOME}/.arduino15 34blacklist ${HOME}/.arduino15
35blacklist ${HOME}/.aria2
35blacklist ${HOME}/.arm 36blacklist ${HOME}/.arm
36blacklist ${HOME}/.asunder_album_genre 37blacklist ${HOME}/.asunder_album_genre
37blacklist ${HOME}/.asunder_album_title 38blacklist ${HOME}/.asunder_album_title
@@ -46,15 +47,18 @@ blacklist ${HOME}/.config/0ad
46blacklist ${HOME}/.config/2048-qt 47blacklist ${HOME}/.config/2048-qt
47blacklist ${HOME}/.config/Atom 48blacklist ${HOME}/.config/Atom
48blacklist ${HOME}/.config/Audaciousrc 49blacklist ${HOME}/.config/Audaciousrc
50blacklist ${HOME}/.config/Authenticator
49blacklist ${HOME}/.config/Beaker Browser 51blacklist ${HOME}/.config/Beaker Browser
50blacklist ${HOME}/.config/Brackets 52blacklist ${HOME}/.config/Brackets
51blacklist ${HOME}/.config/Clementine 53blacklist ${HOME}/.config/Clementine
52blacklist ${HOME}/.config/Code 54blacklist ${HOME}/.config/Code
55blacklist ${HOME}/.config/Code Industry
53blacklist ${HOME}/.config/Cryptocat 56blacklist ${HOME}/.config/Cryptocat
54blacklist ${HOME}/.config/Franz 57blacklist ${HOME}/.config/Franz
55blacklist ${HOME}/.config/FreeCAD 58blacklist ${HOME}/.config/FreeCAD
56blacklist ${HOME}/.config/Fritzing 59blacklist ${HOME}/.config/Fritzing
57blacklist ${HOME}/.config/GIMP 60blacklist ${HOME}/.config/GIMP
61blacklist ${HOME}/.config/GitHub Desktop
58blacklist ${HOME}/.config/Gitter 62blacklist ${HOME}/.config/Gitter
59blacklist ${HOME}/.config/Google 63blacklist ${HOME}/.config/Google
60blacklist ${HOME}/.config/Google Play Music Desktop Player 64blacklist ${HOME}/.config/Google Play Music Desktop Player
@@ -63,13 +67,16 @@ blacklist ${HOME}/.config/INRIA
63blacklist ${HOME}/.config/InSilmaril 67blacklist ${HOME}/.config/InSilmaril
64blacklist ${HOME}/.config/Luminance 68blacklist ${HOME}/.config/Luminance
65blacklist ${HOME}/.config/Meltytech 69blacklist ${HOME}/.config/Meltytech
70blacklist ${HOME}/.config/Min
66blacklist ${HOME}/.config/Mousepad 71blacklist ${HOME}/.config/Mousepad
67blacklist ${HOME}/.config/Mumble 72blacklist ${HOME}/.config/Mumble
68blacklist ${HOME}/.config/MusE 73blacklist ${HOME}/.config/MusE
69blacklist ${HOME}/.config/MuseScore 74blacklist ${HOME}/.config/MuseScore
70blacklist ${HOME}/.config/MusicBrainz 75blacklist ${HOME}/.config/MusicBrainz
76blacklist ${HOME}/.config/Nathan Osman
71blacklist ${HOME}/.config/Nylas Mail 77blacklist ${HOME}/.config/Nylas Mail
72blacklist ${HOME}/.config/Qlipper 78blacklist ${HOME}/.config/Qlipper
79blacklist ${HOME}/.config/QMediathekView
73blacklist ${HOME}/.config/QuiteRss 80blacklist ${HOME}/.config/QuiteRss
74blacklist ${HOME}/.config/QuiteRssrc 81blacklist ${HOME}/.config/QuiteRssrc
75blacklist ${HOME}/.config/Rambox 82blacklist ${HOME}/.config/Rambox
@@ -86,6 +93,7 @@ blacklist ${HOME}/.config/akregatorrc
86blacklist ${HOME}/.config/ardour4 93blacklist ${HOME}/.config/ardour4
87blacklist ${HOME}/.config/ardour5 94blacklist ${HOME}/.config/ardour5
88blacklist ${HOME}/.config/arkrc 95blacklist ${HOME}/.config/arkrc
96blacklist ${HOME}/.config/artha.conf
89blacklist ${HOME}/.config/asunder 97blacklist ${HOME}/.config/asunder
90blacklist ${HOME}/.config/atril 98blacklist ${HOME}/.config/atril
91blacklist ${HOME}/.config/audacious 99blacklist ${HOME}/.config/audacious
@@ -111,6 +119,7 @@ blacklist ${HOME}/.config/corebird
111blacklist ${HOME}/.config/darktable 119blacklist ${HOME}/.config/darktable
112blacklist ${HOME}/.config/deadbeef 120blacklist ${HOME}/.config/deadbeef
113blacklist ${HOME}/.config/deluge 121blacklist ${HOME}/.config/deluge
122blacklist ${HOME}/.config/devilspie2
114blacklist ${HOME}/.config/digikam 123blacklist ${HOME}/.config/digikam
115blacklist ${HOME}/.config/digikamrc 124blacklist ${HOME}/.config/digikamrc
116blacklist ${HOME}/.config/discord 125blacklist ${HOME}/.config/discord
@@ -136,6 +145,7 @@ blacklist ${HOME}/.config/ghb
136blacklist ${HOME}/.config/globaltime 145blacklist ${HOME}/.config/globaltime
137blacklist ${HOME}/.config/gnome-mplayer 146blacklist ${HOME}/.config/gnome-mplayer
138blacklist ${HOME}/.config/gnome-mpv 147blacklist ${HOME}/.config/gnome-mpv
148blacklist ${HOME}/.config/gnome-pie
139blacklist ${HOME}/.config/google-chrome 149blacklist ${HOME}/.config/google-chrome
140blacklist ${HOME}/.config/google-chrome-beta 150blacklist ${HOME}/.config/google-chrome-beta
141blacklist ${HOME}/.config/google-chrome-unstable 151blacklist ${HOME}/.config/google-chrome-unstable
@@ -185,6 +195,7 @@ blacklist ${HOME}/.config/nautilus
185blacklist ${HOME}/.config/nemo 195blacklist ${HOME}/.config/nemo
186blacklist ${HOME}/.config/netsurf 196blacklist ${HOME}/.config/netsurf
187blacklist ${HOME}/.config/nheko 197blacklist ${HOME}/.config/nheko
198blacklist ${HOME}/.config/NitroShare
188blacklist ${HOME}/.config/okularpartrc 199blacklist ${HOME}/.config/okularpartrc
189blacklist ${HOME}/.config/okularrc 200blacklist ${HOME}/.config/okularrc
190blacklist ${HOME}/.config/onionshare 201blacklist ${HOME}/.config/onionshare
@@ -252,11 +263,13 @@ blacklist ${HOME}/.config/zoomus.conf
252blacklist ${HOME}/.conkeror.mozdev.org 263blacklist ${HOME}/.conkeror.mozdev.org
253blacklist ${HOME}/.curlrc 264blacklist ${HOME}/.curlrc
254blacklist ${HOME}/.dashcore 265blacklist ${HOME}/.dashcore
266blacklist ${HOME}/.devilspie
255blacklist ${HOME}/.dia 267blacklist ${HOME}/.dia
256blacklist ${HOME}/.dillo 268blacklist ${HOME}/.dillo
257blacklist ${HOME}/.dooble 269blacklist ${HOME}/.dooble
258blacklist ${HOME}/.dosbox 270blacklist ${HOME}/.dosbox
259blacklist ${HOME}/.dropbox* 271blacklist ${HOME}/.dropbox*
272blacklist ${HOME}/.easystroke
260blacklist ${HOME}/.electron-cache 273blacklist ${HOME}/.electron-cache
261blacklist ${HOME}/.electrum* 274blacklist ${HOME}/.electrum*
262blacklist ${HOME}/.elinks 275blacklist ${HOME}/.elinks
@@ -360,6 +373,7 @@ blacklist ${HOME}/.local/share/3909/PapersPlease
360blacklist ${HOME}/.local/share/Empathy 373blacklist ${HOME}/.local/share/Empathy
361blacklist ${HOME}/.local/share/JetBrains 374blacklist ${HOME}/.local/share/JetBrains
362blacklist ${HOME}/.local/share/Mumble 375blacklist ${HOME}/.local/share/Mumble
376blacklist ${HOME}/.local/share/QMediathekView
363blacklist ${HOME}/.local/share/QuiteRss 377blacklist ${HOME}/.local/share/QuiteRss
364blacklist ${HOME}/.local/share/Ricochet 378blacklist ${HOME}/.local/share/Ricochet
365blacklist ${HOME}/.local/share/Steam 379blacklist ${HOME}/.local/share/Steam
@@ -449,6 +463,7 @@ blacklist ${HOME}/.local/share/xplayer
449blacklist ${HOME}/.local/share/xreader 463blacklist ${HOME}/.local/share/xreader
450blacklist ${HOME}/.local/share/zathura 464blacklist ${HOME}/.local/share/zathura
451blacklist ${HOME}/.lv2 465blacklist ${HOME}/.lv2
466blacklist ${HOME}/.masterpdfeditor
452blacklist ${HOME}/.mcabber 467blacklist ${HOME}/.mcabber
453blacklist ${HOME}/.mcabberrc 468blacklist ${HOME}/.mcabberrc
454blacklist ${HOME}/.mediathek3 469blacklist ${HOME}/.mediathek3
@@ -469,7 +484,6 @@ blacklist ${HOME}/.openshot
469blacklist ${HOME}/.openshot_qt 484blacklist ${HOME}/.openshot_qt
470blacklist ${HOME}/.opera 485blacklist ${HOME}/.opera
471blacklist ${HOME}/.opera-beta 486blacklist ${HOME}/.opera-beta
472blacklist ${HOME}/.passwd-s3fs
473blacklist ${HOME}/.pingus 487blacklist ${HOME}/.pingus
474blacklist ${HOME}/.purple 488blacklist ${HOME}/.purple
475blacklist ${HOME}/.qemu-launcher 489blacklist ${HOME}/.qemu-launcher
@@ -479,7 +493,6 @@ blacklist ${HOME}/.remmina
479blacklist ${HOME}/.repo_.gitconfig.json 493blacklist ${HOME}/.repo_.gitconfig.json
480blacklist ${HOME}/.repoconfig 494blacklist ${HOME}/.repoconfig
481blacklist ${HOME}/.retroshare 495blacklist ${HOME}/.retroshare
482blacklist ${HOME}/.s3cmd
483blacklist ${HOME}/.scribus 496blacklist ${HOME}/.scribus
484blacklist ${HOME}/.scribusrc 497blacklist ${HOME}/.scribusrc
485blacklist ${HOME}/.simutrans 498blacklist ${HOME}/.simutrans
diff --git a/etc/discord-common.profile b/etc/discord-common.profile
index b835ce401..babef37b1 100644
--- a/etc/discord-common.profile
+++ b/etc/discord-common.profile
@@ -26,7 +26,7 @@ seccomp
26 26
27private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh 27private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh
28private-dev 28private-dev
29private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies 29private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf
30private-tmp 30private-tmp
31 31
32noexec ${HOME} 32noexec ${HOME}
diff --git a/etc/easystroke.profile b/etc/easystroke.profile
new file mode 100644
index 000000000..6fac08a5d
--- /dev/null
+++ b/etc/easystroke.profile
@@ -0,0 +1,45 @@
1# Firejail profile for easystroke
2# Description: Control your desktop using mouse gestures
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/easystroke.local
6# Persistent global definitions
7include /etc/firejail/globals.local
8
9noblacklist ${HOME}/.easystroke
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc
16
17caps.drop all
18ipc-namespace
19machine-id
20net none
21no3d
22# nodbus
23nodvd
24nogroups
25nonewprivs
26noroot
27nosound
28notv
29nou2f
30novideo
31protocol unix
32seccomp
33shell none
34
35disable-mnt
36private-bin easystroke
37private-cache
38private-dev
39private-etc fonts
40private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
41private-tmp
42
43memory-deny-write-execute
44noexec ${HOME}
45noexec /tmp
diff --git a/etc/evince.profile b/etc/evince.profile
index 2ade9c6f6..ea46ccc40 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -40,7 +40,7 @@ private-bin evince,evince-previewer,evince-thumbnailer
40private-dev 40private-dev
41private-etc fonts 41private-etc fonts
42 42
43private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.* 43private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv
44 44
45private-tmp 45private-tmp
46 46
diff --git a/etc/file.profile b/etc/file.profile
index 5d1227520..fbeea83a8 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -30,10 +30,11 @@ shell none
30tracelog 30tracelog
31x11 none 31x11 none
32 32
33private-bin file 33#private-bin file
34private-cache
34private-dev 35private-dev
35private-etc magic.mgc,magic,localtime 36private-etc magic.mgc,magic,localtime
36private-lib 37private-lib libmagic.so.*
37 38
38memory-deny-write-execute 39memory-deny-write-execute
39noexec ${HOME} 40noexec ${HOME}
diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile
new file mode 100644
index 000000000..41f6de346
--- /dev/null
+++ b/etc/gnome-pie.profile
@@ -0,0 +1,43 @@
1# Firejail profile for gnome-pie
2# Description: Alternative AppMenu
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/gnome-pie.local
6# Persistent global definitions
7include /etc/firejail/globals.local
8
9noblacklist ${HOME}/.config/gnome-pie
10
11#include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13#include /etc/firejail/disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc
15#include /etc/firejail/disable-programs.inc
16
17caps.drop all
18ipc-namespace
19machine-id
20net none
21no3d
22nodvd
23nogroups
24nonewprivs
25noroot
26nosound
27notv
28nou2f
29novideo
30protocol unix
31seccomp
32shell none
33
34disable-mnt
35private-cache
36private-dev
37private-etc fonts
38private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
39private-tmp
40
41memory-deny-write-execute
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/krunner.profile b/etc/krunner.profile
index 6b84e2c7c..0b1b9e5de 100644
--- a/etc/krunner.profile
+++ b/etc/krunner.profile
@@ -11,7 +11,7 @@ include /etc/firejail/globals.local
11# with its own profile, if it is sandboxed automatically. 11# with its own profile, if it is sandboxed automatically.
12 12
13# noblacklist ${HOME}/.cache/krunner 13# noblacklist ${HOME}/.cache/krunner
14# noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite 14# noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
15# noblacklist ${HOME}/.config/chromium 15# noblacklist ${HOME}/.config/chromium
16noblacklist ${HOME}/.config/krunnerrc 16noblacklist ${HOME}/.config/krunnerrc
17noblacklist ${HOME}/.kde/share/config/krunnerrc 17noblacklist ${HOME}/.kde/share/config/krunnerrc
@@ -34,3 +34,5 @@ nonewprivs
34noroot 34noroot
35protocol unix,inet,inet6 35protocol unix,inet,inet6
36seccomp 36seccomp
37
38# private-cache
diff --git a/etc/lbunzip2.profile b/etc/lbunzip2.profile
new file mode 100644
index 000000000..180eea2c8
--- /dev/null
+++ b/etc/lbunzip2.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for gzip
2# Description: GNU compression utilities
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/gzip.profile
diff --git a/etc/lbzcat.profile b/etc/lbzcat.profile
new file mode 100644
index 000000000..180eea2c8
--- /dev/null
+++ b/etc/lbzcat.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for gzip
2# Description: GNU compression utilities
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/gzip.profile
diff --git a/etc/lbzip2.profile b/etc/lbzip2.profile
new file mode 100644
index 000000000..180eea2c8
--- /dev/null
+++ b/etc/lbzip2.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for gzip
2# Description: GNU compression utilities
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/gzip.profile
diff --git a/etc/lzcat.profile b/etc/lzcat.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/lzcat.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/lzcmp.profile b/etc/lzcmp.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/lzcmp.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/lzdiff.profile b/etc/lzdiff.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/lzdiff.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/lzegrep.profile b/etc/lzegrep.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/lzegrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/lzfgrep.profile b/etc/lzfgrep.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/lzfgrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/lzgrep.profile b/etc/lzgrep.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/lzgrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/lzip.profile b/etc/lzip.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/lzip.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/lzless.profile b/etc/lzless.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/lzless.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/lzma.profile b/etc/lzma.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/lzma.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/lzmadec.profile b/etc/lzmadec.profile
new file mode 100644
index 000000000..7c26620dd
--- /dev/null
+++ b/etc/lzmadec.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for xzdec
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/xzdec.profile
diff --git a/etc/lzmainfo.profile b/etc/lzmainfo.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/lzmainfo.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/lzmore.profile b/etc/lzmore.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/lzmore.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile
new file mode 100644
index 000000000..cc80679fc
--- /dev/null
+++ b/etc/masterpdfeditor.profile
@@ -0,0 +1,50 @@
1# Firejail profile for masterpdfeditor
2# Description: A complete solution for creating and editing PDF files
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/masterpdfeditor.local
6# Persistent global definitions
7include /etc/firejail/globals.local
8
9noblacklist ${HOME}/.config/Code Industry
10noblacklist ${HOME}/.masterpdfeditor
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc
17
18include /etc/firejail/whitelist-var-common.inc
19
20caps.drop all
21ipc-namespace
22machine-id
23net none
24no3d
25nodbus
26nodvd
27nogroups
28nonewprivs
29noroot
30nosound
31notv
32nou2f
33novideo
34protocol unix
35seccomp
36shell none
37tracelog
38
39# disable-mnt
40# private
41private-bin masterpdfeditor*
42private-cache
43private-dev
44private-etc fonts
45# private-lib
46private-tmp
47
48# memory-deny-write-execute
49noexec ${HOME}
50noexec /tmp
diff --git a/etc/masterpdfeditor4.profile b/etc/masterpdfeditor4.profile
new file mode 100644
index 000000000..7ab9c9421
--- /dev/null
+++ b/etc/masterpdfeditor4.profile
@@ -0,0 +1,12 @@
1# Firejail profile for masterpdfeditor4
2# Description: A complete solution for creating and editing PDF files
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/masterpdfeditor4.local
6# Persistent global definitions
7# added by included profile
8#include /etc/firejail/globals.local
9
10
11# Redirect
12include /etc/firejail/masterpdfeditor.profile
diff --git a/etc/masterpdfeditor5.profile b/etc/masterpdfeditor5.profile
new file mode 100644
index 000000000..86faf5da0
--- /dev/null
+++ b/etc/masterpdfeditor5.profile
@@ -0,0 +1,12 @@
1# Firejail profile for masterpdfeditor5
2# Description: A complete solution for creating and editing PDF files
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/masterpdfeditor5.local
6# Persistent global definitions
7# added by included profile
8#include /etc/firejail/globals.local
9
10
11# Redirect
12include /etc/firejail/masterpdfeditor.profile
diff --git a/etc/mencoder.profile b/etc/mencoder.profile
new file mode 100644
index 000000000..9306d268e
--- /dev/null
+++ b/etc/mencoder.profile
@@ -0,0 +1,28 @@
1# Firejail profile for mencoder
2# Description: Free command line video decoding, encoding and filtering tool
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/mencoder.local
6# Persistent global definitions
7# added by included profile
8#include /etc/firejail/globals.local
9
10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16net none
17no3d
18nodbus
19nosound
20notv
21nou2f
22protocol unix
23seccomp
24shell none
25
26private-bin mencoder
27
28include /etc/firejail/mplayer.profile
diff --git a/etc/min.profile b/etc/min.profile
new file mode 100644
index 000000000..91c6fce3c
--- /dev/null
+++ b/etc/min.profile
@@ -0,0 +1,50 @@
1# Firejail profile for min
2# Description: A faster, smarter web browser.
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/min.local
6# Persistent global definitions
7include /etc/firejail/globals.local
8
9noblacklist ${HOME}/.config/Min
10
11noblacklist ${HOME}/.pki
12
13include /etc/firejail/disable-common.inc
14include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-interpreters.inc
16include /etc/firejail/disable-programs.inc
17
18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.pki
21include /etc/firejail/whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc
23
24caps.drop all
25# ipc-namespace
26# machine-id breaks pulse audio; it should work fine in setups where sound is not required
27#machine-id
28netfilter
29# no3d
30nodbus
31nodvd
32nogroups
33nonewprivs
34noroot
35notv
36protocol unix,inet,inet6
37seccomp
38shell none
39
40disable-mnt
41# private-bin min
42private-cache
43private-dev
44# private-etc below works fine on most distributions. There are some problems on CentOS.
45private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache
46private-tmp
47
48# memory-deny-write-execute
49noexec ${HOME}
50noexec /tmp
diff --git a/etc/nitroshare-cli.profile b/etc/nitroshare-cli.profile
new file mode 100644
index 000000000..a9ad197e9
--- /dev/null
+++ b/etc/nitroshare-cli.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/nitroshare.profile
diff --git a/etc/nitroshare-nmh.profile b/etc/nitroshare-nmh.profile
new file mode 100644
index 000000000..a9ad197e9
--- /dev/null
+++ b/etc/nitroshare-nmh.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/nitroshare.profile
diff --git a/etc/nitroshare-send.profile b/etc/nitroshare-send.profile
new file mode 100644
index 000000000..a9ad197e9
--- /dev/null
+++ b/etc/nitroshare-send.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/nitroshare.profile
diff --git a/etc/nitroshare-ui.profile b/etc/nitroshare-ui.profile
new file mode 100644
index 000000000..a9ad197e9
--- /dev/null
+++ b/etc/nitroshare-ui.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/nitroshare.profile
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile
new file mode 100644
index 000000000..f02599ac6
--- /dev/null
+++ b/etc/nitroshare.profile
@@ -0,0 +1,50 @@
1# Firejail profile for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4# Persistent local customizations
5include /etc/firejail/nitroshare.local
6# Persistent global definitions
7include /etc/firejail/globals.local
8
9noblacklist ${HOME}/.config/Nathan Osman
10noblacklist ${HOME}/.config/NitroShare
11
12# Allow python (blacklisted by disable-interpreters.inc)
13noblacklist ${PATH}/python2*
14noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3*
17
18include /etc/firejail/disable-common.inc
19include /etc/firejail/disable-devel.inc
20include /etc/firejail/disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc
23
24caps.drop all
25netfilter
26no3d
27# nodbus
28nodvd
29nogroups
30nonewprivs
31noroot
32nosound
33notv
34nou2f
35novideo
36protocol unix,inet,inet6,netlink
37seccomp
38shell none
39
40disable-mnt
41private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui
42private-cache
43private-dev
44private-etc ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl
45# private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare
46private-tmp
47
48# memory-deny-write-execute
49noexec ${HOME}
50noexec /tmp
diff --git a/etc/steam.profile b/etc/steam.profile
index 6b985f4e8..903384ecf 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -64,7 +64,7 @@ shell none
64#tracelog 64#tracelog
65 65
66# private-bin is disabled while in testing, but has been tested working with multiple games 66# private-bin is disabled while in testing, but has been tested working with multiple games
67#private-bin awk,basename,bash,bsdtar,bzip2,cat,chmod,cksum,cmp,comm,compress,cp,curl,cut,date,dbus-launch,dbus-send,desktop-file-edit,desktop-file-install,desktop-file-validate,dirname,echo,env,expr,file,find,getopt,grep,gtar,gzip,head,hostname,id,lbzip2,ldconfig,ldd,ln,ls,lsb_release,lspci,lsof,lz4,lzip,lzma,lzop,md5sum,mkdir,mktemp,mv,netstat,ps,pulseaudio,python*,readlink,realpath,rm,sed,sh,sha1sum,sha256sum,sha512sum,sleep,sort,steam,steamdeps,steam-native,steam-runtime,sum,tail,tar,test,touch,tr,umask,uname,update-desktop-database,wc,wget,which,whoami,xterm,xz,zenity 67#private-bin awk,basename,bash,bsdtar,bzip2,cat,chmod,cksum,cmp,comm,compress,cp,curl,cut,date,dbus-launch,dbus-send,desktop-file-edit,desktop-file-install,desktop-file-validate,dirname,echo,env,expr,file,find,getopt,grep,gtar,gzip,head,hostname,id,lbzip2,ldconfig,ldd,ln,ls,lsb_release,lspci,lsof,lz4,lzip,lzma,lzop,md5sum,mkdir,mktemp,mv,netstat,ps,pulseaudio,python*,readlink,realpath,rm,sed,sh,sha1sum,sha256sum,sha512sum,sleep,sort,steam,steamdeps,steam-native,steam-runtime,sum,tail,tar,tclsh,test,touch,tr,umask,uname,update-desktop-database,wc,wget,which,whoami,xterm,xz,zenity
68# extra programs are available which might be needed for select games 68# extra programs are available which might be needed for select games
69#private-bin java,java-config,mono 69#private-bin java,java-config,mono
70# picture viewers are needed for viewing screenshots 70# picture viewers are needed for viewing screenshots
diff --git a/etc/strings.profile b/etc/strings.profile
index 5bea9525f..ae2fbf18f 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -21,9 +21,13 @@ shell none
21tracelog 21tracelog
22 22
23private-bin strings 23private-bin strings
24private-cache
24private-dev 25private-dev
26private-etc none
25private-lib 27private-lib
26 28
27memory-deny-write-execute 29memory-deny-write-execute
30noexec ${HOME}
31noexec /tmp
28 32
29include /etc/firejail/default.profile 33include /etc/firejail/default.profile
diff --git a/etc/unlzma.profile b/etc/unlzma.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/unlzma.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/unxz.profile b/etc/unxz.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/unxz.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/xzcat.profile b/etc/xzcat.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/xzcat.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/xzcmp.profile b/etc/xzcmp.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/xzcmp.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/xzdiff.profile b/etc/xzdiff.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/xzdiff.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/xzegrep.profile b/etc/xzegrep.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/xzegrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/xzfgrep.profile b/etc/xzfgrep.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/xzfgrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/xzgrep.profile b/etc/xzgrep.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/xzgrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/xzless.profile b/etc/xzless.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/xzless.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
diff --git a/etc/xzmore.profile b/etc/xzmore.profile
new file mode 100644
index 000000000..cd79eebc6
--- /dev/null
+++ b/etc/xzmore.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include /etc/firejail/cpio.profile
generated by cgit v1.2.3-54-g00ecf (git 2.44.0) at 2024-05-02 10:48:36 +0000