diff options
author | Tad <tad@spotco.us> | 2018-07-24 08:43:40 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-07-24 08:54:45 -0400 |
commit | 94a0123568785386f907cd0fef7d5fc80ffb7d75 (patch) | |
tree | e60c82fd5d4e7185c788ee3eca5ad8ae887a8d64 | |
parent | Add disable-xdg.inc (diff) | |
download | firejail-94a0123568785386f907cd0fef7d5fc80ffb7d75.tar.gz firejail-94a0123568785386f907cd0fef7d5fc80ffb7d75.tar.zst firejail-94a0123568785386f907cd0fef7d5fc80ffb7d75.zip |
Initial adding of disable-xdg.inc
-rw-r--r-- | etc/2048-qt.profile | 5 | ||||
-rw-r--r-- | etc/Fritzing.profile | 2 | ||||
-rw-r--r-- | etc/android-studio.profile | 2 | ||||
-rw-r--r-- | etc/aosp.profile | 1 | ||||
-rw-r--r-- | etc/apktool.profile | 1 | ||||
-rw-r--r-- | etc/arch-audit.profile | 1 | ||||
-rw-r--r-- | etc/archaudit-report.profile | 1 | ||||
-rw-r--r-- | etc/disable-xdg.inc | 2 | ||||
-rw-r--r-- | etc/gnome-books.profile | 2 | ||||
-rw-r--r-- | etc/gnome-calculator.profile | 1 | ||||
-rw-r--r-- | etc/gnome-chess.profile | 1 | ||||
-rw-r--r-- | etc/gnome-clocks.profile | 1 | ||||
-rw-r--r-- | etc/gnome-contacts.profile | 3 | ||||
-rw-r--r-- | etc/gnome-documents.profile | 2 | ||||
-rw-r--r-- | etc/gnome-font-viewer.profile | 1 | ||||
-rw-r--r-- | etc/gnome-logs.profile | 1 | ||||
-rw-r--r-- | etc/gnome-maps.profile | 1 | ||||
-rw-r--r-- | etc/gnome-weather.profile | 1 |
18 files changed, 27 insertions, 2 deletions
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index 2e74e74e3..1e7472bd9 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile | |||
@@ -14,6 +14,11 @@ include /etc/firejail/disable-interpreters.inc | |||
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.config/2048-qt | ||
18 | mkdir ${HOME}/.config/xiaoyong | ||
19 | whitelist ${HOME}/.config/2048-qt | ||
20 | whitelist ${HOME}/.config/xiaoyong | ||
21 | include /etc/firejail/whitelist-common.inc | ||
17 | include /etc/firejail/whitelist-var-common.inc | 22 | include /etc/firejail/whitelist-var-common.inc |
18 | 23 | ||
19 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/Fritzing.profile b/etc/Fritzing.profile index 453b9979e..1eb103b47 100644 --- a/etc/Fritzing.profile +++ b/etc/Fritzing.profile | |||
@@ -6,12 +6,14 @@ include /etc/firejail/Fritzing.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Fritzing | 8 | noblacklist ${HOME}/.config/Fritzing |
9 | noblacklist ${DOCUMENTS} | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-interpreters.inc | 13 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-xdg.inc | ||
15 | 17 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
17 | 19 | ||
diff --git a/etc/android-studio.profile b/etc/android-studio.profile index d845bd4b9..a69bf3966 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile | |||
@@ -15,10 +15,12 @@ noblacklist ${HOME}/.java | |||
15 | noblacklist ${HOME}/.local/share/JetBrains | 15 | noblacklist ${HOME}/.local/share/JetBrains |
16 | noblacklist ${HOME}/.ssh | 16 | noblacklist ${HOME}/.ssh |
17 | noblacklist ${HOME}/.tooling | 17 | noblacklist ${HOME}/.tooling |
18 | noblacklist ${DOCUMENTS} | ||
18 | 19 | ||
19 | include /etc/firejail/disable-common.inc | 20 | include /etc/firejail/disable-common.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 21 | include /etc/firejail/disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 22 | include /etc/firejail/disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | ||
22 | 24 | ||
23 | caps.drop all | 25 | caps.drop all |
24 | netfilter | 26 | netfilter |
diff --git a/etc/aosp.profile b/etc/aosp.profile index 5ceef9348..8622d6acd 100644 --- a/etc/aosp.profile +++ b/etc/aosp.profile | |||
@@ -21,6 +21,7 @@ noblacklist ${HOME}/.tooling | |||
21 | include /etc/firejail/disable-common.inc | 21 | include /etc/firejail/disable-common.inc |
22 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
23 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | ||
24 | 25 | ||
25 | include /etc/firejail/whitelist-var-common.inc | 26 | include /etc/firejail/whitelist-var-common.inc |
26 | 27 | ||
diff --git a/etc/apktool.profile b/etc/apktool.profile index ded17ca58..2203d7b8c 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
@@ -9,6 +9,7 @@ include /etc/firejail/globals.local | |||
9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
11 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
12 | include /etc/firejail/disable-xdg.inc | ||
12 | 13 | ||
13 | caps.drop all | 14 | caps.drop all |
14 | net none | 15 | net none |
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index 0987ce149..956f0d63a 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc | |||
14 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
17 | 18 | ||
18 | caps.drop all | 19 | caps.drop all |
19 | ipc-namespace | 20 | ipc-namespace |
diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile index f4340faf3..27b15412f 100644 --- a/etc/archaudit-report.profile +++ b/etc/archaudit-report.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc | |||
14 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
17 | 18 | ||
18 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
19 | 20 | ||
diff --git a/etc/disable-xdg.inc b/etc/disable-xdg.inc index 5d29fa8d3..554e3a7d5 100644 --- a/etc/disable-xdg.inc +++ b/etc/disable-xdg.inc | |||
@@ -4,7 +4,7 @@ include /etc/firejail/disable-xdg.local | |||
4 | 4 | ||
5 | #blacklist ${DESKTOP} | 5 | #blacklist ${DESKTOP} |
6 | blacklist ${DOCUMENTS} | 6 | blacklist ${DOCUMENTS} |
7 | blacklist ${DOWNLOADS} | 7 | #blacklist ${DOWNLOADS} |
8 | blacklist ${MUSIC} | 8 | blacklist ${MUSIC} |
9 | blacklist ${PICTURES} | 9 | blacklist ${PICTURES} |
10 | blacklist ${VIDEOS} | 10 | blacklist ${VIDEOS} |
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 4274981b5..6fc2671d8 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile | |||
@@ -8,12 +8,14 @@ include /etc/firejail/globals.local | |||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/org.gnome.Books | 10 | noblacklist ${HOME}/.cache/org.gnome.Books |
11 | noblacklist ${DOCUMENTS} | ||
11 | 12 | ||
12 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
17 | 19 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 20 | include /etc/firejail/whitelist-var-common.inc |
19 | 21 | ||
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index b915b0bce..6ace0b3ec 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | include /etc/firejail/disable-xdg.inc | ||
14 | 15 | ||
15 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
16 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 59a3d59af..8422e1836 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
15 | 16 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
17 | 18 | ||
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index 103a5ff73..4251f70ed 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-interpreters.inc | 11 | include /etc/firejail/disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | include /etc/firejail/disable-xdg.inc | ||
14 | 15 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
16 | 17 | ||
diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile index d4d670998..0e6f70e04 100644 --- a/etc/gnome-contacts.profile +++ b/etc/gnome-contacts.profile | |||
@@ -5,15 +5,16 @@ include /etc/firejail/gnome-contacts.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 12 | include /etc/firejail/disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-xdg.inc | ||
14 | 16 | ||
15 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
16 | |||
17 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
18 | 19 | ||
19 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index 8a67d6e5c..a7ebb48c8 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile | |||
@@ -8,12 +8,14 @@ include /etc/firejail/globals.local | |||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/libreoffice | 10 | noblacklist ${HOME}/.config/libreoffice |
11 | noblacklist ${DOCUMENTS} | ||
11 | 12 | ||
12 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-interpreters.inc | 15 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | include /etc/firejail/disable-xdg.inc | ||
17 | 19 | ||
18 | caps.drop all | 20 | caps.drop all |
19 | netfilter | 21 | netfilter |
diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile index ebd937f9b..71cd06643 100644 --- a/etc/gnome-font-viewer.profile +++ b/etc/gnome-font-viewer.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-interpreters.inc | 11 | include /etc/firejail/disable-interpreters.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | include /etc/firejail/disable-xdg.inc | ||
14 | 15 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
16 | 17 | ||
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile index ca4e5f204..f08142113 100644 --- a/etc/gnome-logs.profile +++ b/etc/gnome-logs.profile | |||
@@ -10,6 +10,7 @@ include /etc/firejail/disable-devel.inc | |||
10 | include /etc/firejail/disable-interpreters.inc | 10 | include /etc/firejail/disable-interpreters.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | include /etc/firejail/disable-xdg.inc | ||
13 | 14 | ||
14 | whitelist /var/log/journal | 15 | whitelist /var/log/journal |
15 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index b5364e48d..da73d9450 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc | |||
14 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
17 | 18 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
19 | 20 | ||
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 64482b246..28c9e6d86 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc | |||
14 | include /etc/firejail/disable-interpreters.inc | 14 | include /etc/firejail/disable-interpreters.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | ||
17 | 18 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
19 | 20 | ||