diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-06-15 03:52:47 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-06-15 03:52:47 +0000 |
commit | ce41919d3683440db76045c023b1b3c4741d3e5f (patch) | |
tree | 4dccfec17f1561335f498b840f4ed37988e6f389 | |
parent | Remove private-cache in aria2c profile (diff) | |
download | firejail-ce41919d3683440db76045c023b1b3c4741d3e5f.tar.gz firejail-ce41919d3683440db76045c023b1b3c4741d3e5f.tar.zst firejail-ce41919d3683440db76045c023b1b3c4741d3e5f.zip |
Refactoring as whitelist profile (#2773)
* Refactor artha as whitelist profile
* Refactor clipit as whitelist profile
* Refactor devilspie as whitelist profile
* Refactor devilspie2 as whitelist profile
* Refactor exfalso as whitelist profile
* Refactor pavucontrol as whitelist profile
* Refactor pdftotext as whitelist profile
* Refactor redshift as whitelist profile
* Refactor soundconverter as whitelist profile
-rw-r--r-- | etc/artha.profile | 7 | ||||
-rw-r--r-- | etc/clipit.profile | 7 | ||||
-rw-r--r-- | etc/devilspie.profile | 5 | ||||
-rw-r--r-- | etc/devilspie2.profile | 5 | ||||
-rw-r--r-- | etc/exfalso.profile | 8 | ||||
-rw-r--r-- | etc/pavucontrol.profile | 3 | ||||
-rw-r--r-- | etc/pdftotext.profile | 2 | ||||
-rw-r--r-- | etc/redshift.profile | 3 | ||||
-rw-r--r-- | etc/soundconverter.profile | 7 |
9 files changed, 45 insertions, 2 deletions
diff --git a/etc/artha.profile b/etc/artha.profile index 8ef5124de..f4fd0d201 100644 --- a/etc/artha.profile +++ b/etc/artha.profile | |||
@@ -16,6 +16,13 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.config/artha.conf | ||
20 | mkdir ${HOME}/.config/enchant | ||
21 | whitelist ${HOME}/.config/artha.conf | ||
22 | whitelist ${HOME}/.config/enchant | ||
23 | include whitelist-common.inc | ||
24 | include whitelist-var-common.inc | ||
25 | |||
19 | apparmor | 26 | apparmor |
20 | caps.drop all | 27 | caps.drop all |
21 | ipc-namespace | 28 | ipc-namespace |
diff --git a/etc/clipit.profile b/etc/clipit.profile index 6e4d3fbaf..44cda0665 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile | |||
@@ -17,6 +17,13 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/clipit | ||
21 | mkdir ${HOME}/.local/share/clipit | ||
22 | whitelist ${HOME}/.config/clipit | ||
23 | whitelist ${HOME}/.local/share/clipit | ||
24 | include whitelist-common.inc | ||
25 | include whitelist-var-common.inc | ||
26 | |||
20 | apparmor | 27 | apparmor |
21 | caps.drop all | 28 | caps.drop all |
22 | ipc-namespace | 29 | ipc-namespace |
diff --git a/etc/devilspie.profile b/etc/devilspie.profile index 2d100c4b0..ca617983d 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile | |||
@@ -16,6 +16,11 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.devilspie | ||
20 | whitelist ${HOME}/.devilspie | ||
21 | include whitelist-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
19 | apparmor | 24 | apparmor |
20 | caps.drop all | 25 | caps.drop all |
21 | ipc-namespace | 26 | ipc-namespace |
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index 9d67ee76e..74b0dc939 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile | |||
@@ -19,6 +19,11 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/devilspie2 | ||
23 | whitelist ${HOME}/.config/devilspie2 | ||
24 | include whitelist-common.inc | ||
25 | include whitelist-var-common.inc | ||
26 | |||
22 | apparmor | 27 | apparmor |
23 | caps.drop all | 28 | caps.drop all |
24 | ipc-namespace | 29 | ipc-namespace |
diff --git a/etc/exfalso.profile b/etc/exfalso.profile index ff6398b94..b5eda059f 100644 --- a/etc/exfalso.profile +++ b/etc/exfalso.profile | |||
@@ -13,6 +13,9 @@ noblacklist ${MUSIC} | |||
13 | include allow-python2.inc | 13 | include allow-python2.inc |
14 | include allow-python3.inc | 14 | include allow-python3.inc |
15 | 15 | ||
16 | whitelist ${DOWNLOADS} | ||
17 | whitelist ${MUSIC} | ||
18 | |||
16 | include disable-common.inc | 19 | include disable-common.inc |
17 | include disable-devel.inc | 20 | include disable-devel.inc |
18 | include disable-exec.inc | 21 | include disable-exec.inc |
@@ -21,6 +24,11 @@ include disable-passwdmgr.inc | |||
21 | include disable-programs.inc | 24 | include disable-programs.inc |
22 | include disable-xdg.inc | 25 | include disable-xdg.inc |
23 | 26 | ||
27 | mkdir ${HOME}/.quodlibet | ||
28 | whitelist ${HOME}/.quodlibet | ||
29 | include whitelist-common.inc | ||
30 | include whitelist-var-common.inc | ||
31 | |||
24 | caps.drop all | 32 | caps.drop all |
25 | machine-id | 33 | machine-id |
26 | netfilter | 34 | netfilter |
diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile index 18b9b7fc6..3fd4f3668 100644 --- a/etc/pavucontrol.profile +++ b/etc/pavucontrol.profile | |||
@@ -16,6 +16,9 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.config/pavucontrol.ini | ||
20 | whitelist ${HOME}/.config/pavucontrol.ini | ||
21 | include whitelist-common.inc | ||
19 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
20 | 23 | ||
21 | apparmor | 24 | apparmor |
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 85e28372e..87d7a87f1 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -16,6 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist ${DOCUMENTS} | ||
20 | whitelist ${DOWNLOADS} | ||
19 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
20 | 22 | ||
21 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/redshift.profile b/etc/redshift.profile index e60877172..0f6d34ed0 100644 --- a/etc/redshift.profile +++ b/etc/redshift.profile | |||
@@ -18,6 +18,9 @@ include disable-interpreters.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/redshift | ||
22 | whitelist ${HOME}/.config/redshift | ||
23 | whitelist ${HOME}/.config/redshift.conf | ||
21 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
22 | 25 | ||
23 | apparmor | 26 | apparmor |
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index d875146de..efd600eb2 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile | |||
@@ -6,12 +6,12 @@ include soundconverter.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | ||
10 | |||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 9 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 10 | include allow-python2.inc |
13 | include allow-python3.inc | 11 | include allow-python3.inc |
14 | 12 | ||
13 | noblacklist ${MUSIC} | ||
14 | |||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
@@ -20,6 +20,9 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | whitelist ${DOWNLOADS} | ||
24 | whitelist ${MUSIC} | ||
25 | include whitelist-common.inc | ||
23 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
24 | 27 | ||
25 | apparmor | 28 | apparmor |