diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-13 08:49:08 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-13 08:49:08 -0400 |
commit | d222023bd1ffdd92d02b6a7bbe6076b74cdb158f (patch) | |
tree | 320b859e3c2d906639307ccd0e75d54f75334556 | |
parent | --private-bin fixes (diff) | |
parent | delete blacklist wine from profiles (diff) | |
download | firejail-d222023bd1ffdd92d02b6a7bbe6076b74cdb158f.tar.gz firejail-d222023bd1ffdd92d02b6a7bbe6076b74cdb158f.tar.zst firejail-d222023bd1ffdd92d02b6a7bbe6076b74cdb158f.zip |
Merge pull request #428 from avoidr/profile_cleanup
Profile cleanup
32 files changed, 82 insertions, 84 deletions
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index 52fd62ada..05131df43 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile | |||
@@ -1,4 +1,7 @@ | |||
1 | # Mathematica profile | 1 | # Mathematica profile |
2 | noblacklist ${HOME}/.Mathematica | ||
3 | noblacklist ${HOME}/.Wolfram Research | ||
4 | |||
2 | mkdir ~/.Mathematica | 5 | mkdir ~/.Mathematica |
3 | whitelist ~/.Mathematica | 6 | whitelist ~/.Mathematica |
4 | mkdir ~/.Wolfram Research | 7 | mkdir ~/.Wolfram Research |
diff --git a/etc/atril.profile b/etc/atril.profile index f142f50bc..e078c1d20 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -4,12 +4,9 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 7 | caps.drop all |
10 | seccomp | 8 | seccomp |
11 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
12 | netfilter | 10 | netfilter |
13 | noroot | 11 | noroot |
14 | tracelog | 12 | tracelog |
15 | |||
diff --git a/etc/audacious.profile b/etc/audacious.profile index 0c79d02ac..290faa260 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -4,10 +4,7 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 7 | caps.drop all |
10 | seccomp | 8 | seccomp |
11 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
12 | noroot | 10 | noroot |
13 | |||
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 3cc384b37..7bcc61e98 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -4,8 +4,6 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | whitelist ${HOME}/cherrytree | 7 | whitelist ${HOME}/cherrytree |
10 | mkdir ~/.config | 8 | mkdir ~/.config |
11 | mkdir ~/.config/cherrytree | 9 | mkdir ~/.config/cherrytree |
diff --git a/etc/clementine.profile b/etc/clementine.profile index a02e05f9c..c6271e6e3 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -4,8 +4,6 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 7 | caps.drop all |
10 | seccomp | 8 | seccomp |
11 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index dbf4531c4..2810e5323 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -1,13 +1,12 @@ | |||
1 | # DeaDBeeF media player profile | 1 | # DeaDBeeF media player profile |
2 | noblacklist ${HOME}/.config/deadbeef | ||
3 | |||
2 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
6 | 8 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | 10 | seccomp |
11 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | noroot | 12 | noroot |
13 | |||
diff --git a/etc/deluge.profile b/etc/deluge.profile index 9b2c65656..d8ffc8ec5 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -4,13 +4,9 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 7 | caps.drop all |
10 | seccomp | 8 | seccomp |
11 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
12 | netfilter | 10 | netfilter |
13 | noroot | 11 | noroot |
14 | nosound | 12 | nosound |
15 | |||
16 | |||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0cd1ed123..7faf75638 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -1,10 +1,19 @@ | |||
1 | # various programs | 1 | # various programs |
2 | blacklist ${HOME}/.config/vlc | ||
3 | blacklist ${HOME}/.remmina | 2 | blacklist ${HOME}/.remmina |
4 | blacklist ${HOME}/.tconn | 3 | blacklist ${HOME}/.tconn |
5 | blacklist ${HOME}/.FBReader | 4 | blacklist ${HOME}/.FBReader |
6 | blacklist ${HOME}/.wine | 5 | blacklist ${HOME}/.wine |
6 | blacklist ${HOME}/.Mathematica | ||
7 | blacklist ${HOME}/.Wolfram Research | ||
8 | blacklist ${HOME}/.config/mupen64plus | ||
9 | blacklist ${HOME}/.config/transmission | ||
10 | blacklist ${HOME}/.config/uGet | ||
11 | |||
12 | # Media players | ||
7 | blacklist ${HOME}/.config/cmus | 13 | blacklist ${HOME}/.config/cmus |
14 | blacklist ${HOME}/.config/deadbeef | ||
15 | blacklist ${HOME}/.config/spotify | ||
16 | blacklist ${HOME}/.config/vlc | ||
8 | 17 | ||
9 | # HTTP / FTP / Mail | 18 | # HTTP / FTP / Mail |
10 | blacklist ${HOME}/.icedove | 19 | blacklist ${HOME}/.icedove |
@@ -19,20 +28,14 @@ blacklist ${HOME}/.config/google-chrome-unstable | |||
19 | blacklist ${HOME}/.config/opera | 28 | blacklist ${HOME}/.config/opera |
20 | blacklist ${HOME}/.config/opera-beta | 29 | blacklist ${HOME}/.config/opera-beta |
21 | blacklist ${HOME}/.opera | 30 | blacklist ${HOME}/.opera |
22 | blacklist ~/.config/vivaldi | 31 | blacklist ${HOME}/.config/vivaldi |
23 | blacklist ${HOME}/.filezilla | 32 | blacklist ${HOME}/.filezilla |
24 | blacklist ${HOME}/.config/filezilla | 33 | blacklist ${HOME}/.config/filezilla |
25 | blacklist ~/.dillo | 34 | blacklist ${HOME}/.dillo |
26 | 35 | blacklist ${HOME}/.conkeror.mozdev.org | |
27 | # cache | 36 | blacklist ${HOME}/.config/epiphany |
28 | blacklist ~/.cache/mozilla | 37 | blacklist ${HOME}/.config/slimjet |
29 | blacklist ~/.cache/chromium | 38 | blacklist ${HOME}/.config/qutebrowser |
30 | blacklist ~/.cache/google-chrome | ||
31 | blacklist ~/.cache/google-chrome-beta | ||
32 | blacklist ~/.cache/google-chrome-unstable | ||
33 | blacklist ~/.cache/opera | ||
34 | blacklist ~/.cache/opera-beta | ||
35 | blacklist ~/.cache/vivaldi | ||
36 | 39 | ||
37 | # Instant Messaging | 40 | # Instant Messaging |
38 | blacklist ${HOME}/.config/hexchat | 41 | blacklist ${HOME}/.config/hexchat |
@@ -44,6 +47,12 @@ blacklist ${HOME}/.weechat | |||
44 | blacklist ${HOME}/.config/xchat | 47 | blacklist ${HOME}/.config/xchat |
45 | blacklist ${HOME}/.Skype | 48 | blacklist ${HOME}/.Skype |
46 | blacklist ${HOME}/.config/tox | 49 | blacklist ${HOME}/.config/tox |
50 | blacklist ${HOME}/.TelegramDesktop | ||
51 | |||
52 | # Games | ||
53 | blacklist ${HOME}/.hedgewars | ||
54 | blacklist ${HOME}/.steam | ||
55 | blacklist ${HOME}/.config/wesnoth | ||
47 | 56 | ||
48 | # Cryptocoins | 57 | # Cryptocoins |
49 | blacklist ${HOME}/.*coin | 58 | blacklist ${HOME}/.*coin |
@@ -55,3 +64,27 @@ blacklist ${HOME}/.subversion | |||
55 | blacklist ${HOME}/.gitconfig | 64 | blacklist ${HOME}/.gitconfig |
56 | blacklist ${HOME}/.git-credential-cache | 65 | blacklist ${HOME}/.git-credential-cache |
57 | 66 | ||
67 | # cache | ||
68 | blacklist ${HOME}/.cache/mozilla | ||
69 | blacklist ${HOME}/.cache/chromium | ||
70 | blacklist ${HOME}/.cache/google-chrome | ||
71 | blacklist ${HOME}/.cache/google-chrome-beta | ||
72 | blacklist ${HOME}/.cache/google-chrome-unstable | ||
73 | blacklist ${HOME}/.cache/opera | ||
74 | blacklist ${HOME}/.cache/opera-beta | ||
75 | blacklist ${HOME}/.cache/vivaldi | ||
76 | blacklist ${HOME}/.cache/epiphany | ||
77 | blacklist ${HOME}/.cache/slimjet | ||
78 | blacklist ${HOME}/.cache/qutebrowser | ||
79 | blacklist ${HOME}/.cache/spotify | ||
80 | blacklist ${HOME}/.cache/thunderbird | ||
81 | blacklist ${HOME}/.cache/icedove | ||
82 | blacklist ${HOME}/.cache/transmission | ||
83 | blacklist ${HOME}/.cache/wesnoth | ||
84 | |||
85 | # share | ||
86 | blacklist ${HOME}/.local/share/epiphany | ||
87 | blacklist ${HOME}/.local/share/mupen64plus | ||
88 | blacklist ${HOME}/.local/share/spotify | ||
89 | blacklist ${HOME}/.local/share/steam | ||
90 | blacklist ${HOME}/.local/share/wesnoth | ||
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index ea0dc1fcb..a0a944dce 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -3,10 +3,7 @@ include /etc/firejail/disable-common.inc | |||
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-passwdmgr.inc | 4 | include /etc/firejail/disable-passwdmgr.inc |
5 | 5 | ||
6 | blacklist ${HOME}/.wine | ||
7 | |||
8 | caps | 6 | caps |
9 | seccomp | 7 | seccomp |
10 | protocol unix,inet,inet6 | 8 | protocol unix,inet,inet6 |
11 | noroot | 9 | noroot |
12 | |||
diff --git a/etc/empathy.profile b/etc/empathy.profile index 37277e3d1..789bdda08 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -3,10 +3,7 @@ include /etc/firejail/disable-common.inc | |||
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | 5 | ||
6 | blacklist ${HOME}/.wine | ||
7 | |||
8 | caps.drop all | 6 | caps.drop all |
9 | seccomp | 7 | seccomp |
10 | protocol unix,inet,inet6 | 8 | protocol unix,inet,inet6 |
11 | netfilter | 9 | netfilter |
12 | |||
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 319d2b177..95a673bf9 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
@@ -1,4 +1,8 @@ | |||
1 | # Epiphany browser profile | 1 | # Epiphany browser profile |
2 | noblacklist ${HOME}/.config/epiphany | ||
3 | noblacklist ${HOME}/.cache/epiphany | ||
4 | noblacklist ${HOME}/.local/share/epiphany | ||
5 | |||
2 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 7 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 8 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/evince.profile b/etc/evince.profile index 693593713..c390dcaf3 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -4,11 +4,8 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 7 | caps.drop all |
10 | seccomp | 8 | seccomp |
11 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
12 | noroot | 10 | noroot |
13 | nosound | 11 | nosound |
14 | |||
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index c45acc901..cfbae1c74 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -1,16 +1,14 @@ | |||
1 | # fbreader ebook reader profile | 1 | # fbreader ebook reader profile |
2 | noblacklist ${HOME}/.FBReader | 2 | noblacklist ${HOME}/.FBReader |
3 | |||
3 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
7 | 8 | ||
8 | blacklist ${HOME}/.wine | ||
9 | |||
10 | caps.drop all | 9 | caps.drop all |
11 | seccomp | 10 | seccomp |
12 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
13 | netfilter | 12 | netfilter |
14 | noroot | 13 | noroot |
15 | nosound | 14 | nosound |
16 | |||
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index dc677542f..8542de284 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -1,18 +1,14 @@ | |||
1 | # FileZilla ftp profile | 1 | # FileZilla ftp profile |
2 | noblacklist ${HOME}/.filezilla | 2 | noblacklist ${HOME}/.filezilla |
3 | noblacklist ${HOME}/.config/filezilla | 3 | noblacklist ${HOME}/.config/filezilla |
4 | |||
4 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
7 | 8 | ||
8 | blacklist ${HOME}/.wine | ||
9 | |||
10 | caps.drop all | 9 | caps.drop all |
11 | seccomp | 10 | seccomp |
12 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
13 | noroot | 12 | noroot |
14 | netfilter | 13 | netfilter |
15 | nosound | 14 | nosound |
16 | |||
17 | |||
18 | |||
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index a96b19ec3..ec3698ac8 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
@@ -4,8 +4,6 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 7 | caps.drop all |
10 | seccomp | 8 | seccomp |
11 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 53d0c2eaf..5ab7cfe72 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # whitelist profile for Hedgewars (game) | 1 | # whitelist profile for Hedgewars (game) |
2 | noblacklist ${HOME}/.hedgewars | ||
2 | 3 | ||
3 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/kmail.profile b/etc/kmail.profile index 67a7b4eb1..a7079661b 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -1,17 +1,14 @@ | |||
1 | # kmail profile | 1 | # kmail profile |
2 | noblacklist ${HOME}/.gnupg | 2 | noblacklist ${HOME}/.gnupg |
3 | |||
3 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
7 | 8 | ||
8 | blacklist ${HOME}/.wine | ||
9 | |||
10 | caps.drop all | 9 | caps.drop all |
11 | seccomp | 10 | seccomp |
12 | protocol unix,inet,inet6,netlink | 11 | protocol unix,inet,inet6,netlink |
13 | netfilter | 12 | netfilter |
14 | noroot | 13 | noroot |
15 | tracelog | 14 | tracelog |
16 | |||
17 | |||
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index 101074c24..7b38b411a 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -1,5 +1,8 @@ | |||
1 | # mupen64plus profile | 1 | # mupen64plus profile |
2 | # manually whitelist ROM files | 2 | # manually whitelist ROM files |
3 | noblacklist ${HOME}/.config/mupen64plus | ||
4 | noblacklist ${HOME}/.local/share/mupen64plus | ||
5 | |||
3 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 7 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 8 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index ea5d82103..fd497f082 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -1,11 +1,10 @@ | |||
1 | # Pidgin profile | 1 | # Pidgin profile |
2 | noblacklist ${HOME}/.purple | 2 | noblacklist ${HOME}/.purple |
3 | |||
3 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
6 | 7 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 8 | caps.drop all |
10 | seccomp | 9 | seccomp |
11 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 121d08a13..8bdc745fb 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -4,13 +4,9 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 7 | caps.drop all |
10 | seccomp | 8 | seccomp |
11 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
12 | netfilter | 10 | netfilter |
13 | noroot | 11 | noroot |
14 | nosound | 12 | nosound |
15 | |||
16 | |||
diff --git a/etc/quassel.profile b/etc/quassel.profile index 1fba23784..72004da7f 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
@@ -3,11 +3,8 @@ include /etc/firejail/disable-common.inc | |||
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | 5 | ||
6 | blacklist ${HOME}/.wine | ||
7 | |||
8 | caps.drop all | 6 | caps.drop all |
9 | seccomp | 7 | seccomp |
10 | protocol unix,inet,inet6 | 8 | protocol unix,inet,inet6 |
11 | noroot | 9 | noroot |
12 | netfilter | 10 | netfilter |
13 | |||
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index a3204c5f9..782cd3832 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -4,11 +4,8 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 7 | caps.drop all |
10 | seccomp | 8 | seccomp |
11 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
12 | noroot | 10 | noroot |
13 | netfilter | 11 | netfilter |
14 | |||
diff --git a/etc/spotify.profile b/etc/spotify.profile index dfe298e1d..fd4586dd5 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -1,4 +1,7 @@ | |||
1 | # Spotify media player profile | 1 | # Spotify media player profile |
2 | noblacklist ${HOME}/.config/spotify | ||
3 | noblacklist ${HOME}/.cache/spotify | ||
4 | noblacklist ${HOME}/.local/share/spotify | ||
2 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/ssh.profile b/etc/ssh.profile index 7e105724e..7b282bde6 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -1,14 +1,12 @@ | |||
1 | # ssh client | 1 | # ssh client |
2 | noblacklist ~/.ssh | 2 | noblacklist ~/.ssh |
3 | |||
3 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 6 | include /etc/firejail/disable-passwdmgr.inc |
6 | 7 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 8 | caps.drop all |
10 | seccomp | 9 | seccomp |
11 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
12 | netfilter | 11 | netfilter |
13 | noroot | 12 | noroot |
14 | |||
diff --git a/etc/totem.profile b/etc/totem.profile index 5eeeb4402..4d87cbb85 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -4,8 +4,6 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 7 | caps.drop all |
10 | seccomp | 8 | seccomp |
11 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 9e64c6d59..d61d36a8c 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -1,11 +1,12 @@ | |||
1 | # transmission-gtk profile | 1 | # transmission-gtk profile |
2 | noblacklist ${HOME}/.config/transmission | ||
3 | noblacklist ${HOME}/.cache/transmission | ||
4 | |||
2 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 8 | include /etc/firejail/disable-passwdmgr.inc |
6 | 9 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 10 | caps.drop all |
10 | seccomp | 11 | seccomp |
11 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
@@ -13,7 +14,3 @@ netfilter | |||
13 | noroot | 14 | noroot |
14 | tracelog | 15 | tracelog |
15 | nosound | 16 | nosound |
16 | |||
17 | |||
18 | |||
19 | |||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 1059ad3ee..3db7a5452 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -1,11 +1,12 @@ | |||
1 | # transmission-qt profile | 1 | # transmission-qt profile |
2 | noblacklist ${HOME}/.config/transmission | ||
3 | noblacklist ${HOME}/.cache/transmission | ||
4 | |||
2 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 8 | include /etc/firejail/disable-passwdmgr.inc |
6 | 9 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 10 | caps.drop all |
10 | seccomp | 11 | seccomp |
11 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
@@ -13,5 +14,3 @@ netfilter | |||
13 | noroot | 14 | noroot |
14 | tracelog | 15 | tracelog |
15 | nosound | 16 | nosound |
16 | |||
17 | |||
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 6593075c8..ef5aa7d4a 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -1,4 +1,6 @@ | |||
1 | # uGet profile | 1 | # uGet profile |
2 | noblacklist ${HOME}/.config/uGet | ||
3 | |||
2 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 0a7469339..061ae6f78 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -1,12 +1,11 @@ | |||
1 | # VLC media player profile | 1 | # VLC media player profile |
2 | noblacklist ${HOME}/.config/vlc | 2 | noblacklist ${HOME}/.config/vlc |
3 | |||
3 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
7 | 8 | ||
8 | blacklist ${HOME}/.wine | ||
9 | |||
10 | caps.drop all | 9 | caps.drop all |
11 | seccomp | 10 | seccomp |
12 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 24b245b6c..340ba0db5 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
@@ -1,4 +1,8 @@ | |||
1 | # Whitelist-based profile for "Battle for Wesnoth" (game). | 1 | # Whitelist-based profile for "Battle for Wesnoth" (game). |
2 | noblacklist ${HOME}/.config/wesnoth | ||
3 | noblacklist ${HOME}/.cache/wesnoth | ||
4 | noblacklist ${HOME}/.local/share/wesnoth | ||
5 | |||
2 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 7 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 8 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/wine.profile b/etc/wine.profile index f93fa6dc2..ea6db8511 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | noblacklist ${HOME}/.steam | 2 | noblacklist ${HOME}/.steam |
3 | noblacklist ${HOME}/.local/share/steam | 3 | noblacklist ${HOME}/.local/share/steam |
4 | noblacklist ${HOME}/.wine | 4 | noblacklist ${HOME}/.wine |
5 | |||
5 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 7 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 8 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/xchat.profile b/etc/xchat.profile index 7c11ba76c..fcea4245e 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
@@ -1,11 +1,10 @@ | |||
1 | # XChat IRC profile | 1 | # XChat IRC profile |
2 | noblacklist ${HOME}/.config/xchat | 2 | noblacklist ${HOME}/.config/xchat |
3 | |||
3 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
6 | 7 | ||
7 | blacklist ${HOME}/.wine | ||
8 | |||
9 | caps.drop all | 8 | caps.drop all |
10 | seccomp | 9 | seccomp |
11 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |