diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-18 17:36:58 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-08-18 17:36:58 -0400 |
commit | 7e0f080595dc20191ec2ea6d27f1f79b97890afe (patch) | |
tree | 2119ea6e4dbee2542dffe5644c96abf5d3a842f5 | |
parent | firemon fixes (diff) | |
parent | 'icecat.profile' updated. (diff) | |
download | firejail-7e0f080595dc20191ec2ea6d27f1f79b97890afe.tar.gz firejail-7e0f080595dc20191ec2ea6d27f1f79b97890afe.tar.zst firejail-7e0f080595dc20191ec2ea6d27f1f79b97890afe.zip |
Merge pull request #727 from icaroperseo/contrib
Small fixes (icecat.profile, disable-common.inc and whitelist-common.inc)
-rw-r--r-- | etc/disable-common.inc | 3 | ||||
-rw-r--r-- | etc/icecat.profile | 51 | ||||
-rw-r--r-- | etc/whitelist-common.inc | 3 |
3 files changed, 56 insertions, 1 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index d18ee0287..ed6ee315b 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -14,6 +14,7 @@ blacklist /etc/xdg/autostart | |||
14 | blacklist ${HOME}/.kde4/Autostart | 14 | blacklist ${HOME}/.kde4/Autostart |
15 | blacklist ${HOME}/.kde4/share/autostart | 15 | blacklist ${HOME}/.kde4/share/autostart |
16 | blacklist ${HOME}/.kde/Autostart | 16 | blacklist ${HOME}/.kde/Autostart |
17 | blacklist ${HOME}/.kde/share/autostart | ||
17 | blacklist ${HOME}/.config/plasma-workspace/shutdown | 18 | blacklist ${HOME}/.config/plasma-workspace/shutdown |
18 | blacklist ${HOME}/.config/plasma-workspace/env | 19 | blacklist ${HOME}/.config/plasma-workspace/env |
19 | blacklist ${HOME}/.config/lxsession/LXDE/autostart | 20 | blacklist ${HOME}/.config/lxsession/LXDE/autostart |
@@ -168,3 +169,5 @@ blacklist ${PATH}/roxterm-config | |||
168 | blacklist ${PATH}/terminix | 169 | blacklist ${PATH}/terminix |
169 | blacklist ${PATH}/urxvtc | 170 | blacklist ${PATH}/urxvtc |
170 | blacklist ${PATH}/urxvtcd | 171 | blacklist ${PATH}/urxvtcd |
172 | blacklist ${PATH}/konsole | ||
173 | blacklist ${PATH}/yakuake | ||
diff --git a/etc/icecat.profile b/etc/icecat.profile index 25d426ad2..2f8e2df7f 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile | |||
@@ -1,2 +1,51 @@ | |||
1 | # Firejail profile for GNU Icecat | 1 | # Firejail profile for GNU Icecat |
2 | include /etc/firejail/firefox.profile | 2 | |
3 | noblacklist ~/.mozilla | ||
4 | noblacklist ~/.cache/mozilla | ||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | ||
15 | tracelog | ||
16 | |||
17 | whitelist ${DOWNLOADS} | ||
18 | mkdir ~/.mozilla | ||
19 | whitelist ~/.mozilla | ||
20 | mkdir ~/.cache/mozilla/icecat | ||
21 | whitelist ~/.cache/mozilla/icecat | ||
22 | whitelist ~/dwhelper | ||
23 | whitelist ~/.zotero | ||
24 | whitelist ~/.vimperatorrc | ||
25 | whitelist ~/.vimperator | ||
26 | whitelist ~/.pentadactylrc | ||
27 | whitelist ~/.pentadactyl | ||
28 | whitelist ~/.keysnail.js | ||
29 | whitelist ~/.config/gnome-mplayer | ||
30 | whitelist ~/.cache/gnome-mplayer/plugin | ||
31 | whitelist ~/.pki | ||
32 | |||
33 | # lastpass, keepassx | ||
34 | whitelist ~/.keepassx | ||
35 | whitelist ~/.config/keepassx | ||
36 | whitelist ~/keepassx.kdbx | ||
37 | whitelist ~/.lastpass | ||
38 | whitelist ~/.config/lastpass | ||
39 | |||
40 | |||
41 | #silverlight | ||
42 | whitelist ~/.wine-pipelight | ||
43 | whitelist ~/.wine-pipelight64 | ||
44 | whitelist ~/.config/pipelight-widevine | ||
45 | whitelist ~/.config/pipelight-silverlight5.1 | ||
46 | |||
47 | include /etc/firejail/whitelist-common.inc | ||
48 | |||
49 | # experimental features | ||
50 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | ||
51 | |||
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index 2317133c5..abbb4a9fc 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
@@ -20,8 +20,11 @@ whitelist ~/.cache/fontconfig | |||
20 | # gtk | 20 | # gtk |
21 | whitelist ~/.gtkrc | 21 | whitelist ~/.gtkrc |
22 | whitelist ~/.gtkrc-2.0 | 22 | whitelist ~/.gtkrc-2.0 |
23 | whitelist ~/.config/gtk-2.0 | ||
23 | whitelist ~/.config/gtk-3.0 | 24 | whitelist ~/.config/gtk-3.0 |
24 | whitelist ~/.themes | 25 | whitelist ~/.themes |
26 | whitelist ~/.kde/share/config/gtkrc | ||
27 | whitelist ~/.kde/share/config/gtkrc-2.0 | ||
25 | 28 | ||
26 | # dconf | 29 | # dconf |
27 | mkdir ~/.config/dconf | 30 | mkdir ~/.config/dconf |