diff options
author | netblue30 <netblue30@yahoo.com> | 2016-10-25 09:32:10 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-10-25 09:32:10 -0400 |
commit | a42208976ea2042872987e2824d97a9f2a740e1f (patch) | |
tree | e25f6b92e099321c517c35ff12a31ffd9ba6da56 | |
parent | Merge pull request #870 from Fred-Barclay/spotify-tighten (diff) | |
parent | squash attempt 2 (diff) | |
download | firejail-a42208976ea2042872987e2824d97a9f2a740e1f.tar.gz firejail-a42208976ea2042872987e2824d97a9f2a740e1f.tar.zst firejail-a42208976ea2042872987e2824d97a9f2a740e1f.zip |
Merge pull request #871 from Fred-Barclay/alphabetise
Alphabetise
52 files changed, 171 insertions, 160 deletions
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index 9a8d93875..fa0b316bb 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile | |||
@@ -8,8 +8,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | 10 | netfilter |
11 | nonewprivs | ||
12 | nogroups | 11 | nogroups |
12 | nonewprivs | ||
13 | noroot | 13 | noroot |
14 | nosound | 14 | nosound |
15 | protocol unix,inet,inet6,netlink | 15 | protocol unix,inet,inet6,netlink |
diff --git a/etc/atom.profile b/etc/atom.profile index 3cb86847e..61930d5c1 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -8,8 +8,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | 10 | netfilter |
11 | nonewprivs | ||
12 | nogroups | 11 | nogroups |
12 | nonewprivs | ||
13 | noroot | 13 | noroot |
14 | nosound | 14 | nosound |
15 | protocol unix,inet,inet6,netlink | 15 | protocol unix,inet,inet6,netlink |
diff --git a/etc/atril.profile b/etc/atril.profile index d9e10b072..fbcca0c1b 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -7,8 +7,8 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | nonewprivs | ||
11 | nogroups | 10 | nogroups |
11 | nonewprivs | ||
12 | noroot | 12 | noroot |
13 | nosound | 13 | nosound |
14 | protocol unix | 14 | protocol unix |
diff --git a/etc/audacity.profile b/etc/audacity.profile index be3fac9be..827fa4301 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -8,8 +8,8 @@ include /etc/firejail/disable-programs.inc | |||
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | 10 | netfilter |
11 | nonewprivs | ||
12 | nogroups | 11 | nogroups |
12 | nonewprivs | ||
13 | noroot | 13 | noroot |
14 | protocol unix | 14 | protocol unix |
15 | seccomp | 15 | seccomp |
diff --git a/etc/aweather.profile b/etc/aweather.profile index 4e5c36f50..fa8654f1e 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
@@ -11,8 +11,8 @@ whitelist ~/.config/aweather | |||
11 | 11 | ||
12 | caps.drop all | 12 | caps.drop all |
13 | netfilter | 13 | netfilter |
14 | nonewprivs | ||
15 | nogroups | 14 | nogroups |
15 | nonewprivs | ||
16 | noroot | 16 | noroot |
17 | nosound | 17 | nosound |
18 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index ec6d0d69d..139dec8ec 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -9,11 +9,10 @@ include /etc/firejail/disable-passwdmgr.inc | |||
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | netfilter | 11 | netfilter |
12 | nogroups | ||
12 | nonewprivs | 13 | nonewprivs |
13 | noroot | 14 | noroot |
14 | nosound | 15 | nosound |
15 | seccomp | 16 | seccomp |
16 | protocol unix,inet,inet6,netlink | 17 | protocol unix,inet,inet6,netlink |
17 | tracelog | 18 | tracelog |
18 | |||
19 | |||
diff --git a/etc/eog.profile b/etc/eog.profile index 32b54a042..7eb7fd127 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -9,9 +9,9 @@ include /etc/firejail/disable-passwdmgr.inc | |||
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | netfilter | 11 | netfilter |
12 | nogroups | ||
12 | nonewprivs | 13 | nonewprivs |
13 | noroot | 14 | noroot |
14 | nogroups | ||
15 | protocol unix | 15 | protocol unix |
16 | seccomp | 16 | seccomp |
17 | shell none | 17 | shell none |
@@ -20,4 +20,3 @@ private-bin eog | |||
20 | private-dev | 20 | private-dev |
21 | private-etc fonts | 21 | private-etc fonts |
22 | private-tmp | 22 | private-tmp |
23 | |||
diff --git a/etc/evolution.profile b/etc/evolution.profile index cf581643d..d097c0f34 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
@@ -14,9 +14,9 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nogroups | ||
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
19 | nogroups | ||
20 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
21 | seccomp | 21 | seccomp |
22 | shell none | 22 | shell none |
diff --git a/etc/feh.profile b/etc/feh.profile index 5fcb6bf25..e3b1ec528 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -5,14 +5,14 @@ include /etc/firejail/disable-devel.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | ||
9 | protocol unix | ||
10 | netfilter | 8 | netfilter |
11 | net none | 9 | net none |
10 | nogroups | ||
12 | nonewprivs | 11 | nonewprivs |
13 | noroot | 12 | noroot |
14 | nogroups | ||
15 | nosound | 13 | nosound |
14 | protocol unix | ||
15 | seccomp | ||
16 | shell none | 16 | shell none |
17 | 17 | ||
18 | private-bin feh | 18 | private-bin feh |
diff --git a/etc/file.profile b/etc/file.profile index 2e54030b1..199a97fad 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -1,16 +1,17 @@ | |||
1 | # file profile | 1 | # file profile |
2 | quiet | ||
3 | ignore noroot | 2 | ignore noroot |
4 | include /etc/firejail/default.profile | 3 | include /etc/firejail/default.profile |
5 | 4 | ||
6 | tracelog | 5 | blacklist /tmp/.X11-unix |
6 | |||
7 | hostname file | ||
7 | net none | 8 | net none |
9 | no3d | ||
10 | nosound | ||
11 | quiet | ||
8 | shell none | 12 | shell none |
13 | tracelog | ||
14 | |||
15 | private-dev | ||
9 | private-bin file | 16 | private-bin file |
10 | private-etc magic.mgc,magic,localtime | 17 | private-etc magic.mgc,magic,localtime |
11 | hostname file | ||
12 | private-dev | ||
13 | nosound | ||
14 | no3d | ||
15 | blacklist /tmp/.X11-unix | ||
16 | |||
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 551c17a78..fe1d9d20d 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -13,10 +13,9 @@ noroot | |||
13 | nosound | 13 | nosound |
14 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
15 | seccomp | 15 | seccomp |
16 | |||
17 | shell none | 16 | shell none |
17 | |||
18 | private-bin filezilla,uname,sh,python,lsb_release,fzputtygen,fzsftp | 18 | private-bin filezilla,uname,sh,python,lsb_release,fzputtygen,fzsftp |
19 | whitelist /tmp/.X11-unix | ||
20 | private-dev | 19 | private-dev |
21 | nosound | ||
22 | 20 | ||
21 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/flowblade.profile b/etc/flowblade.profile index e1ec291bd..12afdb0aa 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # OpenShot profile | 1 | # FlowBlade profile |
2 | noblacklist ${HOME}/.flowblade | 2 | noblacklist ${HOME}/.flowblade |
3 | noblacklist ${HOME}/.config/flowblade | 3 | noblacklist ${HOME}/.config/flowblade |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
diff --git a/etc/franz.profile b/etc/franz.profile index 3cb7942ab..0b3be551b 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
@@ -6,12 +6,12 @@ include /etc/firejail/disable-programs.inc | |||
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | ||
10 | protocol unix,inet,inet6,netlink | ||
11 | netfilter | 9 | netfilter |
12 | #tracelog | ||
13 | nonewprivs | 10 | nonewprivs |
14 | noroot | 11 | noroot |
12 | protocol unix,inet,inet6,netlink | ||
13 | seccomp | ||
14 | #tracelog | ||
15 | 15 | ||
16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
17 | mkdir ~/.config/Franz | 17 | mkdir ~/.config/Franz |
diff --git a/etc/gajim.profile b/etc/gajim.profile index 04902a734..809378ef9 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
@@ -22,8 +22,8 @@ include /etc/firejail/disable-devel.inc | |||
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | nonewprivs | ||
26 | nogroups | 25 | nogroups |
26 | nonewprivs | ||
27 | noroot | 27 | noroot |
28 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
29 | seccomp | 29 | seccomp |
diff --git a/etc/gimp.profile b/etc/gimp.profile index 23361b771..cb441fc9d 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -6,13 +6,15 @@ include /etc/firejail/disable-passwdmgr.inc | |||
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | netfilter | 8 | netfilter |
9 | nogroups | ||
9 | nonewprivs | 10 | nonewprivs |
10 | noroot | 11 | noroot |
12 | nosound | ||
11 | protocol unix | 13 | protocol unix |
12 | seccomp | 14 | seccomp |
13 | private-dev | 15 | |
14 | private-tmp | ||
15 | noexec ${HOME} | 16 | noexec ${HOME} |
16 | noexec /tmp | 17 | noexec /tmp |
17 | nogroups | 18 | |
18 | nosound | 19 | private-dev |
20 | private-tmp | ||
diff --git a/etc/git.profile b/etc/git.profile index 2fb55377d..73122d347 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -12,15 +12,15 @@ include /etc/firejail/disable-common.inc | |||
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | 14 | ||
15 | quiet | ||
16 | 15 | ||
17 | caps.drop all | 16 | caps.drop all |
18 | netfilter | 17 | netfilter |
18 | nogroups | ||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nogroups | ||
22 | nosound | 21 | nosound |
23 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
23 | quiet | ||
24 | seccomp | 24 | seccomp |
25 | shell none | 25 | shell none |
26 | 26 | ||
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 353ecceae..0cc6c416b 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -11,8 +11,8 @@ whitelist ~/.config/Gpredict | |||
11 | 11 | ||
12 | caps.drop all | 12 | caps.drop all |
13 | netfilter | 13 | netfilter |
14 | nonewprivs | ||
15 | nogroups | 14 | nogroups |
15 | nonewprivs | ||
16 | noroot | 16 | noroot |
17 | nosound | 17 | nosound |
18 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 67f10c4e1..c866c9e63 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -7,14 +7,15 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | nogroups | ||
10 | nonewprivs | 11 | nonewprivs |
11 | noroot | 12 | noroot |
12 | nogroups | ||
13 | private-dev | ||
14 | protocol unix | 13 | protocol unix |
15 | seccomp | 14 | seccomp |
16 | nosound | 15 | nosound |
17 | 16 | ||
17 | private-dev | ||
18 | |||
18 | #Experimental: | 19 | #Experimental: |
19 | #shell none | 20 | #shell none |
20 | #private-bin gwenview | 21 | #private-bin gwenview |
diff --git a/etc/gzip.profile b/etc/gzip.profile index 5e73969c4..d51b9a951 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -1,12 +1,14 @@ | |||
1 | # gzip profile | 1 | # gzip profile |
2 | quiet | ||
3 | ignore noroot | 2 | ignore noroot |
4 | include /etc/firejail/default.profile | 3 | include /etc/firejail/default.profile |
5 | tracelog | 4 | |
6 | net none | ||
7 | shell none | ||
8 | blacklist /tmp/.X11-unix | 5 | blacklist /tmp/.X11-unix |
9 | private-dev | 6 | |
10 | nosound | 7 | net none |
11 | no3d | 8 | no3d |
9 | nosound | ||
10 | quiet | ||
11 | shell none | ||
12 | tracelog | ||
12 | 13 | ||
14 | private-dev | ||
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index cf885fba2..a0e86b6c9 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -6,13 +6,15 @@ include /etc/firejail/disable-passwdmgr.inc | |||
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | netfilter | 8 | netfilter |
9 | nogroups | ||
9 | nonewprivs | 10 | nonewprivs |
10 | noroot | 11 | noroot |
12 | nosound | ||
11 | protocol unix | 13 | protocol unix |
12 | seccomp | 14 | seccomp |
13 | private-dev | 15 | |
14 | private-tmp | ||
15 | noexec ${HOME} | 16 | noexec ${HOME} |
16 | noexec /tmp | 17 | noexec /tmp |
17 | nogroups | 18 | |
18 | nosound | 19 | private-dev |
20 | private-tmp | ||
diff --git a/etc/jitsi.profile b/etc/jitsi.profile index c61158f8b..046499abe 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile | |||
@@ -6,8 +6,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | nonewprivs | ||
10 | nogroups | 9 | nogroups |
10 | nonewprivs | ||
11 | noroot | 11 | noroot |
12 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
13 | seccomp | 13 | seccomp |
diff --git a/etc/kmail.profile b/etc/kmail.profile index 8c8fd18c4..bc21ba604 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -8,8 +8,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | 10 | netfilter |
11 | nonewprivs | ||
12 | nogroups | 11 | nogroups |
12 | nonewprivs | ||
13 | noroot | 13 | noroot |
14 | protocol unix,inet,inet6,netlink | 14 | protocol unix,inet,inet6,netlink |
15 | seccomp | 15 | seccomp |
diff --git a/etc/less.profile b/etc/less.profile index 6dfae027e..08758aead 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -2,8 +2,10 @@ | |||
2 | quiet | 2 | quiet |
3 | ignore noroot | 3 | ignore noroot |
4 | include /etc/firejail/default.profile | 4 | include /etc/firejail/default.profile |
5 | tracelog | 5 | |
6 | net none | 6 | net none |
7 | nosound | ||
7 | shell none | 8 | shell none |
9 | tracelog | ||
10 | |||
8 | private-dev | 11 | private-dev |
9 | nosound | ||
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index 6e059ea52..76e864e0c 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile | |||
@@ -5,17 +5,19 @@ include /etc/firejail/disable-programs.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | ipc-namespace | ||
8 | netfilter | 9 | netfilter |
9 | protocol unix | 10 | nogroups |
10 | nonewprivs | 11 | nonewprivs |
11 | noroot | 12 | noroot |
13 | nosound | ||
14 | protocol unix | ||
12 | seccomp | 15 | seccomp |
13 | shell none | 16 | shell none |
14 | tracelog | 17 | tracelog |
15 | private-tmp | 18 | |
16 | private-dev | ||
17 | noexec ${HOME} | 19 | noexec ${HOME} |
18 | noexec /tmp | 20 | noexec /tmp |
19 | nogroups | 21 | |
20 | nosound | 22 | private-tmp |
21 | ipc-namespace | 23 | private-dev |
diff --git a/etc/okular.profile b/etc/okular.profile index df142ccfc..b43a5fbea 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -9,14 +9,15 @@ include /etc/firejail/disable-devel.inc | |||
9 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | nonewprivs | ||
13 | nogroups | 12 | nogroups |
13 | nonewprivs | ||
14 | noroot | 14 | noroot |
15 | private-dev | ||
16 | protocol unix | 15 | protocol unix |
17 | seccomp | 16 | seccomp |
18 | nosound | 17 | nosound |
19 | 18 | ||
19 | private-dev | ||
20 | |||
20 | #Experimental: | 21 | #Experimental: |
21 | #net none | 22 | #net none |
22 | #shell none | 23 | #shell none |
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 47be2b6ea..850706145 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -8,8 +8,8 @@ include /etc/firejail/disable-programs.inc | |||
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | 10 | netfilter |
11 | nonewprivs | ||
12 | nogroups | 11 | nogroups |
12 | nonewprivs | ||
13 | noroot | 13 | noroot |
14 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
15 | seccomp | 15 | seccomp |
diff --git a/etc/pix.profile b/etc/pix.profile index 80c05fd09..e21ddadc6 100644 --- a/etc/pix.profile +++ b/etc/pix.profile | |||
@@ -8,8 +8,8 @@ include /etc/firejail/disable-devel.inc | |||
8 | include /etc/firejail/disable-passwdmgr.inc | 8 | include /etc/firejail/disable-passwdmgr.inc |
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | nonewprivs | ||
12 | nogroups | 11 | nogroups |
12 | nonewprivs | ||
13 | noroot | 13 | noroot |
14 | nosound | 14 | nosound |
15 | protocol unix | 15 | protocol unix |
@@ -20,4 +20,3 @@ tracelog | |||
20 | private-bin pix | 20 | private-bin pix |
21 | whitelist /tmp/.X11-unix | 21 | whitelist /tmp/.X11-unix |
22 | private-dev | 22 | private-dev |
23 | |||
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 22c5bafc5..a9323448b 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile | |||
@@ -14,10 +14,10 @@ whitelist ~/.local/share/psi+ | |||
14 | mkdir ~/.cache/psi+ | 14 | mkdir ~/.cache/psi+ |
15 | whitelist ~/.cache/psi+ | 15 | whitelist ~/.cache/psi+ |
16 | 16 | ||
17 | include /etc/firejail/whitelist-common.inc | ||
18 | |||
19 | caps.drop all | 17 | caps.drop all |
20 | netfilter | 18 | netfilter |
21 | noroot | 19 | noroot |
22 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
23 | seccomp | 21 | seccomp |
22 | |||
23 | include /etc/firejail/whitelist-common.inc | ||
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 138b6db55..67829c9ca 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -15,6 +15,6 @@ seccomp | |||
15 | # there are some problems with "Open destination folder", see bug #536 | 15 | # there are some problems with "Open destination folder", see bug #536 |
16 | #shell none | 16 | #shell none |
17 | #private-bin qbittorrent | 17 | #private-bin qbittorrent |
18 | whitelist /tmp/.X11-unix | ||
19 | private-dev | 18 | private-dev |
20 | nosound | 19 | |
20 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 07ea173e6..06c0db206 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile | |||
@@ -18,5 +18,5 @@ shell none | |||
18 | tracelog | 18 | tracelog |
19 | 19 | ||
20 | private-bin qpdfview | 20 | private-bin qpdfview |
21 | private-tmp | ||
22 | private-dev | 21 | private-dev |
22 | private-tmp | ||
diff --git a/etc/qtox.profile b/etc/qtox.profile index 927487037..81d8aa10e 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -11,8 +11,8 @@ whitelist ${DOWNLOADS} | |||
11 | 11 | ||
12 | caps.drop all | 12 | caps.drop all |
13 | netfilter | 13 | netfilter |
14 | nonewprivs | ||
15 | nogroups | 14 | nogroups |
15 | nonewprivs | ||
16 | noroot | 16 | noroot |
17 | protocol unix,inet,inet6 | 17 | protocol unix,inet,inet6 |
18 | seccomp | 18 | seccomp |
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 2ab5d8a8e..2b28fce73 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
@@ -14,16 +14,17 @@ whitelist ${HOME}/.cache/QuiteRss | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nonewprivs | ||
18 | nogroups | 17 | nogroups |
18 | nonewprivs | ||
19 | noroot | 19 | noroot |
20 | private-bin quiterss | ||
21 | private-dev | ||
22 | nosound | 20 | nosound |
23 | #private-etc X11,ssl | ||
24 | protocol unix,inet,inet6 | 21 | protocol unix,inet,inet6 |
25 | seccomp | 22 | seccomp |
26 | shell none | 23 | shell none |
27 | tracelog | 24 | tracelog |
28 | 25 | ||
26 | private-bin quiterss | ||
27 | private-dev | ||
28 | #private-etc X11,ssl | ||
29 | |||
29 | include /etc/firejail/whitelist-common.inc | 30 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/ranger.profile b/etc/ranger.profile index a040cd6bc..323e64dee 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile | |||
@@ -12,13 +12,12 @@ include /etc/firejail/disable-passwdmgr.inc | |||
12 | caps.drop all | 12 | caps.drop all |
13 | netfilter | 13 | netfilter |
14 | net none | 14 | net none |
15 | nogroups | ||
15 | nonewprivs | 16 | nonewprivs |
16 | noroot | 17 | noroot |
17 | nogroups | ||
18 | protocol unix | 18 | protocol unix |
19 | seccomp | 19 | seccomp |
20 | nosound | 20 | nosound |
21 | 21 | ||
22 | private-tmp | 22 | private-tmp |
23 | private-dev | 23 | private-dev |
24 | |||
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 0e8527ae7..e5e192486 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/disable-devel.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | nogroups | ||
9 | netfilter | 8 | netfilter |
9 | nogroups | ||
10 | nonewprivs | 10 | nonewprivs |
11 | noroot | 11 | noroot |
12 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 15df2c374..1226a51cd 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -16,4 +16,3 @@ shell none | |||
16 | private-bin rtorrent | 16 | private-bin rtorrent |
17 | whitelist /tmp/.X11-unix | 17 | whitelist /tmp/.X11-unix |
18 | private-dev | 18 | private-dev |
19 | nosound | ||
diff --git a/etc/server.profile b/etc/server.profile index 22cef0a3c..b8a34feb2 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -6,11 +6,12 @@ include /etc/firejail/disable-common.inc | |||
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | private | ||
10 | private-dev | ||
11 | nosound | ||
12 | no3d | ||
13 | private-tmp | ||
14 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | |||
11 | no3d | ||
12 | nosound | ||
15 | seccomp | 13 | seccomp |
16 | 14 | ||
15 | private | ||
16 | private-dev | ||
17 | private-tmp | ||
diff --git a/etc/slack.profile b/etc/slack.profile index 1009f7ee0..a85a28f03 100644 --- a/etc/slack.profile +++ b/etc/slack.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | # Firejail profile for Slack | ||
1 | noblacklist ${HOME}/.config/Slack | 2 | noblacklist ${HOME}/.config/Slack |
2 | noblacklist ${HOME}/Downloads | 3 | noblacklist ${HOME}/Downloads |
3 | 4 | ||
@@ -6,25 +7,25 @@ include /etc/firejail/disable-programs.inc | |||
6 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
7 | include /etc/firejail/disable-passwdmgr.inc | 8 | include /etc/firejail/disable-passwdmgr.inc |
8 | 9 | ||
9 | mkdir ${HOME}/.config | ||
10 | mkdir ${HOME}/.config/Slack | ||
11 | whitelist ${HOME}/.config/Slack | ||
12 | whitelist ${HOME}/Downloads | ||
13 | |||
14 | protocol unix,inet,inet6,netlink | ||
15 | private-dev | ||
16 | private-tmp | ||
17 | private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime | ||
18 | name slack | ||
19 | blacklist /var | 10 | blacklist /var |
20 | 11 | ||
21 | include /etc/firejail/whitelist-common.inc | ||
22 | |||
23 | caps.drop all | 12 | caps.drop all |
24 | seccomp | 13 | name slack |
25 | netfilter | 14 | netfilter |
26 | nonewprivs | ||
27 | nogroups | 15 | nogroups |
16 | nonewprivs | ||
28 | noroot | 17 | noroot |
18 | protocol unix,inet,inet6,netlink | ||
19 | seccomp | ||
29 | shell none | 20 | shell none |
21 | |||
30 | private-bin slack | 22 | private-bin slack |
23 | private-dev | ||
24 | private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime | ||
25 | private-tmp | ||
26 | |||
27 | mkdir ${HOME}/.config | ||
28 | mkdir ${HOME}/.config/Slack | ||
29 | whitelist ${HOME}/.config/Slack | ||
30 | whitelist ${HOME}/Downloads | ||
31 | include /etc/firejail/whitelist-common.inc | ||
diff --git a/etc/strings.profile b/etc/strings.profile index f99a65009..7c464bf88 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -1,10 +1,11 @@ | |||
1 | # strings profile | 1 | # strings profile |
2 | quiet | ||
3 | ignore noroot | 2 | ignore noroot |
4 | include /etc/firejail/default.profile | 3 | include /etc/firejail/default.profile |
5 | tracelog | 4 | |
6 | net none | 5 | net none |
7 | shell none | ||
8 | private-dev | ||
9 | nosound | 6 | nosound |
7 | quiet | ||
8 | shell none | ||
9 | tracelog | ||
10 | 10 | ||
11 | private-dev | ||
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index d46467b99..69b2a0db2 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile | |||
@@ -11,7 +11,9 @@ nonewprivs | |||
11 | noroot | 11 | noroot |
12 | protocol unix | 12 | protocol unix |
13 | seccomp | 13 | seccomp |
14 | private-dev | 14 | |
15 | private-tmp | ||
16 | noexec ${HOME} | 15 | noexec ${HOME} |
17 | noexec /tmp | 16 | noexec /tmp |
17 | |||
18 | private-dev | ||
19 | private-tmp | ||
diff --git a/etc/tar.profile b/etc/tar.profile index 663ac3805..91fdaf48d 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -1,18 +1,18 @@ | |||
1 | # tar profile | 1 | # tar profile |
2 | quiet | ||
3 | ignore noroot | 2 | ignore noroot |
4 | include /etc/firejail/default.profile | 3 | include /etc/firejail/default.profile |
5 | 4 | ||
6 | tracelog | 5 | blacklist /tmp/.X11-unix |
6 | |||
7 | hostname tar | ||
7 | net none | 8 | net none |
9 | no3d | ||
10 | nosound | ||
11 | quiet | ||
8 | shell none | 12 | shell none |
13 | tracelog | ||
9 | 14 | ||
10 | # support compressed archives | 15 | # support compressed archives |
11 | private-bin sh,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop | 16 | private-bin sh,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop |
12 | private-dev | 17 | private-dev |
13 | nosound | ||
14 | no3d | ||
15 | private-etc passwd,group,localtime | 18 | private-etc passwd,group,localtime |
16 | hostname tar | ||
17 | blacklist /tmp/.X11-unix | ||
18 | |||
diff --git a/etc/telegram.profile b/etc/telegram.profile index 8e91e426b..7615c8eef 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile | |||
@@ -10,4 +10,3 @@ nonewprivs | |||
10 | noroot | 10 | noroot |
11 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | seccomp | 12 | seccomp |
13 | |||
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 0cfa4fcfc..316cdfec6 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -18,6 +18,6 @@ shell none | |||
18 | tracelog | 18 | tracelog |
19 | 19 | ||
20 | private-bin transmission-gtk | 20 | private-bin transmission-gtk |
21 | whitelist /tmp/.X11-unix | ||
22 | private-dev | 21 | private-dev |
23 | 22 | ||
23 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 754211a63..51c58e224 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -14,9 +14,10 @@ noroot | |||
14 | nosound | 14 | nosound |
15 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
16 | seccomp | 16 | seccomp |
17 | shell none | ||
17 | tracelog | 18 | tracelog |
18 | 19 | ||
19 | shell none | ||
20 | private-bin transmission-qt | 20 | private-bin transmission-qt |
21 | whitelist /tmp/.X11-unix | ||
22 | private-dev | 21 | private-dev |
22 | |||
23 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 522b4bd1e..f42e6c69a 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -9,17 +9,16 @@ caps.drop all | |||
9 | netfilter | 9 | netfilter |
10 | nonewprivs | 10 | nonewprivs |
11 | noroot | 11 | noroot |
12 | nosound | ||
12 | protocol unix,inet,inet6 | 13 | protocol unix,inet,inet6 |
13 | seccomp | 14 | seccomp |
15 | shell none | ||
14 | 16 | ||
17 | private-bin uget-gtk | ||
18 | private-dev | ||
19 | |||
20 | whitelist /tmp/.X11-unix | ||
15 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
16 | mkdir ~/.config/uGet | 22 | mkdir ~/.config/uGet |
17 | whitelist ~/.config/uGet | 23 | whitelist ~/.config/uGet |
18 | include /etc/firejail/whitelist-common.inc | 24 | include /etc/firejail/whitelist-common.inc |
19 | |||
20 | shell none | ||
21 | private-bin uget-gtk | ||
22 | whitelist /tmp/.X11-unix | ||
23 | private-dev | ||
24 | nosound | ||
25 | |||
diff --git a/etc/unrar.profile b/etc/unrar.profile index f29d1b51b..0700cafe9 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -1,17 +1,18 @@ | |||
1 | # unrar profile | 1 | # unrar profile |
2 | quiet | ||
3 | ignore noroot | 2 | ignore noroot |
4 | include /etc/firejail/default.profile | 3 | include /etc/firejail/default.profile |
5 | 4 | ||
6 | tracelog | 5 | blacklist /tmp/.X11-unix |
6 | |||
7 | hostname unrar | ||
7 | net none | 8 | net none |
9 | no3d | ||
10 | nosound | ||
11 | quiet | ||
8 | shell none | 12 | shell none |
13 | tracelog | ||
14 | |||
9 | private-bin unrar | 15 | private-bin unrar |
10 | private-dev | 16 | private-dev |
11 | nosound | ||
12 | no3d | ||
13 | private-etc passwd,group,localtime | 17 | private-etc passwd,group,localtime |
14 | hostname unrar | ||
15 | private-tmp | 18 | private-tmp |
16 | blacklist /tmp/.X11-unix | ||
17 | |||
diff --git a/etc/unzip.profile b/etc/unzip.profile index 07224855f..a43785795 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -1,16 +1,16 @@ | |||
1 | # unzip profile | 1 | # unzip profile |
2 | quiet | ||
3 | ignore noroot | 2 | ignore noroot |
4 | include /etc/firejail/default.profile | 3 | include /etc/firejail/default.profile |
4 | blacklist /tmp/.X11-unix | ||
5 | 5 | ||
6 | tracelog | 6 | hostname unzip |
7 | net none | 7 | net none |
8 | no3d | ||
9 | nosound | ||
10 | quiet | ||
8 | shell none | 11 | shell none |
12 | tracelog | ||
13 | |||
9 | private-bin unzip | 14 | private-bin unzip |
10 | private-etc passwd,group,localtime | ||
11 | hostname unzip | ||
12 | private-dev | 15 | private-dev |
13 | nosound | 16 | private-etc passwd,group,localtime |
14 | no3d | ||
15 | blacklist /tmp/.X11-unix | ||
16 | |||
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 8ea9d5163..5ba0896ab 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -1,15 +1,15 @@ | |||
1 | # uudeview profile | 1 | # uudeview profile |
2 | quiet | ||
3 | ignore noroot | 2 | ignore noroot |
4 | include /etc/firejail/default.profile | 3 | include /etc/firejail/default.profile |
5 | 4 | ||
6 | tracelog | 5 | blacklist /etc |
6 | |||
7 | hostname uudeview | ||
7 | net none | 8 | net none |
9 | nosound | ||
10 | quiet | ||
8 | shell none | 11 | shell none |
12 | tracelog | ||
13 | |||
9 | private-bin uudeview | 14 | private-bin uudeview |
10 | private-dev | 15 | private-dev |
11 | private-etc nonexisting_fakefile_for_empty_etc | ||
12 | hostname uudeview | ||
13 | nosound | ||
14 | uudeview | ||
15 | |||
diff --git a/etc/vim.profile b/etc/vim.profile index 3c1fefe41..b161fcbb0 100644 --- a/etc/vim.profile +++ b/etc/vim.profile | |||
@@ -1,5 +1,4 @@ | |||
1 | # vim profile | 1 | # vim profile |
2 | |||
3 | noblacklist ~/.vim | 2 | noblacklist ~/.vim |
4 | noblacklist ~/.vimrc | 3 | noblacklist ~/.vimrc |
5 | noblacklist ~/.viminfo | 4 | noblacklist ~/.viminfo |
@@ -10,8 +9,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
10 | 9 | ||
11 | caps.drop all | 10 | caps.drop all |
12 | netfilter | 11 | netfilter |
12 | nogroups | ||
13 | nonewprivs | 13 | nonewprivs |
14 | noroot | 14 | noroot |
15 | nogroups | ||
16 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
17 | seccomp | 16 | seccomp |
diff --git a/etc/xpdf.profile b/etc/xpdf.profile index e036fba21..7ea368bbe 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile | |||
@@ -7,15 +7,12 @@ include /etc/firejail/disable-programs.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | shell none | 10 | net none |
11 | nonewprivs | 11 | nonewprivs |
12 | noroot | 12 | noroot |
13 | protocol unix | 13 | protocol unix |
14 | shell none | ||
14 | seccomp | 15 | seccomp |
16 | |||
15 | private-dev | 17 | private-dev |
16 | private-tmp | 18 | private-tmp |
17 | net none | ||
18 | |||
19 | |||
20 | |||
21 | |||
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 54d5ed89b..191d2f67f 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -9,8 +9,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | netfilter | 11 | netfilter |
12 | nonewprivs | ||
13 | nogroups | 12 | nogroups |
13 | nonewprivs | ||
14 | noroot | 14 | noroot |
15 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
16 | seccomp | 16 | seccomp |
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index a9d027c38..04f98cef6 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -1,12 +1,14 @@ | |||
1 | # xzdec profile | 1 | # xzdec profile |
2 | quiet | ||
3 | ignore noroot | 2 | ignore noroot |
4 | include /etc/firejail/default.profile | 3 | include /etc/firejail/default.profile |
5 | tracelog | 4 | |
6 | net none | ||
7 | shell none | ||
8 | blacklist /tmp/.X11-unix | 5 | blacklist /tmp/.X11-unix |
9 | private-dev | 6 | |
10 | nosound | 7 | net none |
11 | no3d | 8 | no3d |
9 | nosound | ||
10 | quiet | ||
11 | shell none | ||
12 | tracelog | ||
12 | 13 | ||
14 | private-dev | ||
diff --git a/etc/zathura.profile b/etc/zathura.profile index 7093c52b2..ab2e99dbc 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -7,14 +7,14 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix | ||
12 | netfilter | 10 | netfilter |
11 | nogroups | ||
13 | nonewprivs | 12 | nonewprivs |
14 | noroot | 13 | noroot |
15 | nogroups | ||
16 | nosound | 14 | nosound |
17 | shell none | 15 | shell none |
16 | seccomp | ||
17 | protocol unix | ||
18 | 18 | ||
19 | private-bin zathura | 19 | private-bin zathura |
20 | private-dev | 20 | private-dev |