diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2023-07-25 19:30:19 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-25 19:30:19 +0000 |
commit | 67f5ae8a4f80bffe2452f5fa406d7e49e61cd2c2 (patch) | |
tree | 458e156d574070bfb3f1109f8f13fbfd70c41e26 | |
parent | update mov-cli (#5924) (diff) | |
download | firejail-67f5ae8a4f80bffe2452f5fa406d7e49e61cd2c2.tar.gz firejail-67f5ae8a4f80bffe2452f5fa406d7e49e61cd2c2.tar.zst firejail-67f5ae8a4f80bffe2452f5fa406d7e49e61cd2c2.zip |
firefox(-based) profiles: refactor wusc (#5914)
-rw-r--r-- | etc/profile-a-l/abrowser.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/basilisk.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/cachy-browser.profile | 7 | ||||
-rw-r--r-- | etc/profile-a-l/cliqz.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/cyberfox.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/firedragon.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/firefox-common-addons.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/firefox-common.profile | 5 | ||||
-rw-r--r-- | etc/profile-a-l/firefox.profile | 5 | ||||
-rw-r--r-- | etc/profile-a-l/icecat.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/librewolf.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/palemoon.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/thunderbird.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/waterfox.profile | 1 |
14 files changed, 16 insertions, 20 deletions
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile index 2e6e8f1af..8b70756ba 100644 --- a/etc/profile-a-l/abrowser.profile +++ b/etc/profile-a-l/abrowser.profile | |||
@@ -12,6 +12,7 @@ mkdir ${HOME}/.cache/mozilla/abrowser | |||
12 | mkdir ${HOME}/.mozilla | 12 | mkdir ${HOME}/.mozilla |
13 | whitelist ${HOME}/.cache/mozilla/abrowser | 13 | whitelist ${HOME}/.cache/mozilla/abrowser |
14 | whitelist ${HOME}/.mozilla | 14 | whitelist ${HOME}/.mozilla |
15 | whitelist /usr/share/abrowser | ||
15 | 16 | ||
16 | # private-etc must first be enabled in firefox-common.profile | 17 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc abrowser | 18 | #private-etc abrowser |
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile index a962bfe02..7d2fe143c 100644 --- a/etc/profile-a-l/basilisk.profile +++ b/etc/profile-a-l/basilisk.profile | |||
@@ -12,6 +12,7 @@ mkdir ${HOME}/.cache/moonchild productions/basilisk | |||
12 | mkdir ${HOME}/.moonchild productions | 12 | mkdir ${HOME}/.moonchild productions |
13 | whitelist ${HOME}/.cache/moonchild productions/basilisk | 13 | whitelist ${HOME}/.cache/moonchild productions/basilisk |
14 | whitelist ${HOME}/.moonchild productions | 14 | whitelist ${HOME}/.moonchild productions |
15 | whitelist /usr/share/basilisk | ||
15 | 16 | ||
16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) | 17 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) |
17 | seccomp | 18 | seccomp |
diff --git a/etc/profile-a-l/cachy-browser.profile b/etc/profile-a-l/cachy-browser.profile index 7a14d9464..4b486913e 100644 --- a/etc/profile-a-l/cachy-browser.profile +++ b/etc/profile-a-l/cachy-browser.profile | |||
@@ -13,6 +13,7 @@ mkdir ${HOME}/.cache/cachy | |||
13 | mkdir ${HOME}/.cachy | 13 | mkdir ${HOME}/.cachy |
14 | whitelist ${HOME}/.cache/cachy | 14 | whitelist ${HOME}/.cache/cachy |
15 | whitelist ${HOME}/.cachy | 15 | whitelist ${HOME}/.cachy |
16 | whitelist /usr/share/cachy-browser | ||
16 | 17 | ||
17 | # Add the next lines to your cachy-browser.local if you want to use the migration wizard. | 18 | # Add the next lines to your cachy-browser.local if you want to use the migration wizard. |
18 | #noblacklist ${HOME}/.mozilla | 19 | #noblacklist ${HOME}/.mozilla |
@@ -23,12 +24,6 @@ whitelist ${HOME}/.cachy | |||
23 | #whitelist ${RUNUSER}/kpxc_server | 24 | #whitelist ${RUNUSER}/kpxc_server |
24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 25 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
25 | 26 | ||
26 | whitelist /usr/share/doc | ||
27 | whitelist /usr/share/gtk-doc/html | ||
28 | whitelist /usr/share/mozilla | ||
29 | whitelist /usr/share/webext | ||
30 | include whitelist-usr-share-common.inc | ||
31 | |||
32 | # Add the next line to your cachy-browser.local to enable private-bin (Arch Linux). | 27 | # Add the next line to your cachy-browser.local to enable private-bin (Arch Linux). |
33 | #private-bin dbus-launch,dbus-send,cachy-browser,sh | 28 | #private-bin dbus-launch,dbus-send,cachy-browser,sh |
34 | # Add the next line to your cachy-browser.local to enable private-etc. | 29 | # Add the next line to your cachy-browser.local to enable private-etc. |
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile index d0b8cc0ef..d0bf9797e 100644 --- a/etc/profile-a-l/cliqz.profile +++ b/etc/profile-a-l/cliqz.profile | |||
@@ -15,6 +15,7 @@ mkdir ${HOME}/.config/cliqz | |||
15 | whitelist ${HOME}/.cache/cliqz | 15 | whitelist ${HOME}/.cache/cliqz |
16 | whitelist ${HOME}/.cliqz | 16 | whitelist ${HOME}/.cliqz |
17 | whitelist ${HOME}/.config/cliqz | 17 | whitelist ${HOME}/.config/cliqz |
18 | whitelist /usr/share/cliqz | ||
18 | 19 | ||
19 | # private-etc must first be enabled in firefox-common.profile | 20 | # private-etc must first be enabled in firefox-common.profile |
20 | #private-etc cliqz | 21 | #private-etc cliqz |
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile index d1fff0004..a303c5979 100644 --- a/etc/profile-a-l/cyberfox.profile +++ b/etc/profile-a-l/cyberfox.profile | |||
@@ -12,6 +12,8 @@ mkdir ${HOME}/.8pecxstudios | |||
12 | mkdir ${HOME}/.cache/8pecxstudios | 12 | mkdir ${HOME}/.cache/8pecxstudios |
13 | whitelist ${HOME}/.8pecxstudios | 13 | whitelist ${HOME}/.8pecxstudios |
14 | whitelist ${HOME}/.cache/8pecxstudios | 14 | whitelist ${HOME}/.cache/8pecxstudios |
15 | whitelist /usr/share/8pecxstudios | ||
16 | whitelist /usr/share/cyberfox | ||
15 | 17 | ||
16 | # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which | 18 | # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which |
17 | # private-etc must first be enabled in firefox-common.profile | 19 | # private-etc must first be enabled in firefox-common.profile |
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile index 77487161e..3177fb989 100644 --- a/etc/profile-a-l/firedragon.profile +++ b/etc/profile-a-l/firedragon.profile | |||
@@ -13,6 +13,7 @@ mkdir ${HOME}/.cache/firedragon | |||
13 | mkdir ${HOME}/.firedragon | 13 | mkdir ${HOME}/.firedragon |
14 | whitelist ${HOME}/.cache/firedragon | 14 | whitelist ${HOME}/.cache/firedragon |
15 | whitelist ${HOME}/.firedragon | 15 | whitelist ${HOME}/.firedragon |
16 | whitelist /usr/share/firedragon | ||
16 | 17 | ||
17 | # Add the next lines to your firedragon.local if you want to use the migration wizard. | 18 | # Add the next lines to your firedragon.local if you want to use the migration wizard. |
18 | #noblacklist ${HOME}/.mozilla | 19 | #noblacklist ${HOME}/.mozilla |
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile index 6dc1fca8a..f12750fda 100644 --- a/etc/profile-a-l/firefox-common-addons.profile +++ b/etc/profile-a-l/firefox-common-addons.profile | |||
@@ -74,7 +74,6 @@ whitelist ${HOME}/.zotero | |||
74 | whitelist ${HOME}/dwhelper | 74 | whitelist ${HOME}/dwhelper |
75 | whitelist /usr/share/lua | 75 | whitelist /usr/share/lua |
76 | whitelist /usr/share/lua* | 76 | whitelist /usr/share/lua* |
77 | whitelist /usr/share/vulkan | ||
78 | 77 | ||
79 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python | 78 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python |
80 | noblacklist ${HOME}/.local/share/gnome-shell | 79 | noblacklist ${HOME}/.local/share/gnome-shell |
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 42d12c5d9..9c8601e7b 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -29,9 +29,14 @@ mkdir ${HOME}/.pki | |||
29 | whitelist ${DOWNLOADS} | 29 | whitelist ${DOWNLOADS} |
30 | whitelist ${HOME}/.local/share/pki | 30 | whitelist ${HOME}/.local/share/pki |
31 | whitelist ${HOME}/.pki | 31 | whitelist ${HOME}/.pki |
32 | whitelist /usr/share/doc | ||
33 | whitelist /usr/share/gtk-doc/html | ||
34 | whitelist /usr/share/mozilla | ||
35 | whitelist /usr/share/webext | ||
32 | include whitelist-common.inc | 36 | include whitelist-common.inc |
33 | include whitelist-run-common.inc | 37 | include whitelist-run-common.inc |
34 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
39 | include whitelist-usr-share-common.inc | ||
35 | include whitelist-var-common.inc | 40 | include whitelist-var-common.inc |
36 | 41 | ||
37 | apparmor | 42 | apparmor |
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile index 1fcbf0562..c5fb15f74 100644 --- a/etc/profile-a-l/firefox.profile +++ b/etc/profile-a-l/firefox.profile | |||
@@ -34,15 +34,10 @@ whitelist ${HOME}/.mozilla | |||
34 | #whitelist ${RUNUSER}/kpxc_server | 34 | #whitelist ${RUNUSER}/kpxc_server |
35 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 35 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
36 | 36 | ||
37 | whitelist /usr/share/doc | ||
38 | whitelist /usr/share/firefox | 37 | whitelist /usr/share/firefox |
39 | whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini | 38 | whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini |
40 | whitelist /usr/share/gtk-doc/html | ||
41 | whitelist /usr/share/mozilla | ||
42 | whitelist /usr/share/webext | ||
43 | whitelist ${RUNUSER}/*firefox* | 39 | whitelist ${RUNUSER}/*firefox* |
44 | whitelist ${RUNUSER}/psd/*firefox* | 40 | whitelist ${RUNUSER}/psd/*firefox* |
45 | include whitelist-usr-share-common.inc | ||
46 | 41 | ||
47 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. | 42 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. |
48 | #private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which | 43 | #private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which |
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile index 660343a29..b0a42fb77 100644 --- a/etc/profile-a-l/icecat.profile +++ b/etc/profile-a-l/icecat.profile | |||
@@ -12,6 +12,7 @@ mkdir ${HOME}/.cache/mozilla/icecat | |||
12 | mkdir ${HOME}/.mozilla | 12 | mkdir ${HOME}/.mozilla |
13 | whitelist ${HOME}/.cache/mozilla/icecat | 13 | whitelist ${HOME}/.cache/mozilla/icecat |
14 | whitelist ${HOME}/.mozilla | 14 | whitelist ${HOME}/.mozilla |
15 | whitelist /usr/share/icecat | ||
15 | 16 | ||
16 | # private-etc must first be enabled in firefox-common.profile | 17 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc icecat | 18 | #private-etc icecat |
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index b84cbb119..7ddbda18c 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile | |||
@@ -23,12 +23,7 @@ whitelist ${HOME}/.librewolf | |||
23 | #whitelist ${RUNUSER}/kpxc_server | 23 | #whitelist ${RUNUSER}/kpxc_server |
24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
25 | 25 | ||
26 | whitelist /usr/share/doc | ||
27 | whitelist /usr/share/gtk-doc/html | ||
28 | whitelist /usr/share/librewolf | 26 | whitelist /usr/share/librewolf |
29 | whitelist /usr/share/mozilla | ||
30 | whitelist /usr/share/webext | ||
31 | include whitelist-usr-share-common.inc | ||
32 | 27 | ||
33 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). | 28 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). |
34 | #private-bin dbus-launch,dbus-send,librewolf,sh | 29 | #private-bin dbus-launch,dbus-send,librewolf,sh |
diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile index 24701b657..ab4e24595 100644 --- a/etc/profile-m-z/palemoon.profile +++ b/etc/profile-m-z/palemoon.profile | |||
@@ -12,6 +12,8 @@ mkdir ${HOME}/.cache/moonchild productions/pale moon | |||
12 | mkdir ${HOME}/.moonchild productions | 12 | mkdir ${HOME}/.moonchild productions |
13 | whitelist ${HOME}/.cache/moonchild productions/pale moon | 13 | whitelist ${HOME}/.cache/moonchild productions/pale moon |
14 | whitelist ${HOME}/.moonchild productions | 14 | whitelist ${HOME}/.moonchild productions |
15 | whitelist /usr/share/moonchild productions | ||
16 | whitelist /usr/share/palemoon | ||
15 | 17 | ||
16 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) | 18 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) |
17 | seccomp | 19 | seccomp |
diff --git a/etc/profile-m-z/thunderbird.profile b/etc/profile-m-z/thunderbird.profile index 5df207e25..f2405a7d3 100644 --- a/etc/profile-m-z/thunderbird.profile +++ b/etc/profile-m-z/thunderbird.profile | |||
@@ -47,10 +47,7 @@ whitelist ${HOME}/.thunderbird | |||
47 | 47 | ||
48 | whitelist /usr/share/gnupg | 48 | whitelist /usr/share/gnupg |
49 | whitelist /usr/share/gnupg2 | 49 | whitelist /usr/share/gnupg2 |
50 | whitelist /usr/share/mozilla | ||
51 | whitelist /usr/share/thunderbird | 50 | whitelist /usr/share/thunderbird |
52 | whitelist /usr/share/webext | ||
53 | include whitelist-usr-share-common.inc | ||
54 | 51 | ||
55 | # machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required | 52 | # machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required |
56 | #machine-id | 53 | #machine-id |
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile index 18f1ca79a..bf6f45e41 100644 --- a/etc/profile-m-z/waterfox.profile +++ b/etc/profile-m-z/waterfox.profile | |||
@@ -12,6 +12,7 @@ mkdir ${HOME}/.cache/waterfox | |||
12 | mkdir ${HOME}/.waterfox | 12 | mkdir ${HOME}/.waterfox |
13 | whitelist ${HOME}/.cache/waterfox | 13 | whitelist ${HOME}/.cache/waterfox |
14 | whitelist ${HOME}/.waterfox | 14 | whitelist ${HOME}/.waterfox |
15 | whitelist /usr/share/waterfox | ||
15 | 16 | ||
16 | # Add the next lines to your watefox.local if you want to use the migration wizard. | 17 | # Add the next lines to your watefox.local if you want to use the migration wizard. |
17 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |