aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar SYN-cook <syncookongit@gmail.com>2017-05-02 16:39:13 +0200
committerLibravatar Fred Barclay <Fred-Barclay@users.noreply.github.com>2017-05-02 09:39:13 -0500
commit444e153aab9830247c74f20247868612b5fbce7b (patch)
tree3543cd7915935216f59016c1ad3a523a8cc493dd
parentadding knotes profile (diff)
downloadfirejail-444e153aab9830247c74f20247868612b5fbce7b.tar.gz
firejail-444e153aab9830247c74f20247868612b5fbce7b.tar.zst
firejail-444e153aab9830247c74f20247868612b5fbce7b.zip
blacklist file-manager python scripts (#1260)
* blacklist python scripts in caja ~/.local/share/caja is not used by Caja, so it can be removed * blacklist python scripts in nautilus * blacklist python scripts in nemo * permit access to Trash * blacklist file-manager python bindings
Diffstat
-rw-r--r--etc/caja.profile4
-rw-r--r--etc/disable-programs.inc3
-rw-r--r--etc/nautilus.profile4
-rw-r--r--etc/nemo.profile3
4 files changed, 10 insertions, 4 deletions
diff --git a/etc/caja.profile b/etc/caja.profile
index 8994f39fd..aa8bee538 100644
--- a/etc/caja.profile
+++ b/etc/caja.profile
@@ -8,8 +8,8 @@ include /etc/firejail/caja.local
8# is already a caja process running on MATE desktops firejail will have no effect. 8# is already a caja process running on MATE desktops firejail will have no effect.
9 9
10noblacklist ~/.config/caja 10noblacklist ~/.config/caja
11noblacklist ~/.local/share/caja 11noblacklist ~/.local/share/caja-python
12noblacklist ${HOME}/.local/share/Trash 12noblacklist ~/.local/share/Trash
13 13
14include /etc/firejail/disable-common.inc 14include /etc/firejail/disable-common.inc
15# caja needs to be able to start arbitrary applications so we cannot blacklist their files 15# caja needs to be able to start arbitrary applications so we cannot blacklist their files
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index ddbc3f1fb..0f2a9b461 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -236,6 +236,7 @@ blacklist ${HOME}/.local/share/Terraria
236blacklist ${HOME}/.local/share/TpLogger 236blacklist ${HOME}/.local/share/TpLogger
237blacklist ${HOME}/.local/share/aspyr-media 237blacklist ${HOME}/.local/share/aspyr-media
238blacklist ${HOME}/.local/share/baloo 238blacklist ${HOME}/.local/share/baloo
239blacklist ${HOME}/.local/share/caja-python
239blacklist ${HOME}/.local/share/cdprojektred 240blacklist ${HOME}/.local/share/cdprojektred
240blacklist ${HOME}/.local/share/data/Mumble 241blacklist ${HOME}/.local/share/data/Mumble
241blacklist ${HOME}./local/share/dino 242blacklist ${HOME}./local/share/dino
@@ -255,7 +256,9 @@ blacklist ${HOME}/.local/share/meld
255blacklist ${HOME}/.local/share/multimc5 256blacklist ${HOME}/.local/share/multimc5
256blacklist ${HOME}/.local/share/mupen64plus 257blacklist ${HOME}/.local/share/mupen64plus
257blacklist ${HOME}/.local/share/nautilus 258blacklist ${HOME}/.local/share/nautilus
259blacklist ${HOME}/.local/share/nautilus-python
258blacklist ${HOME}/.local/share/nemo 260blacklist ${HOME}/.local/share/nemo
261blacklist ${HOME}/.local/share/nemo-python
259blacklist ${HOME}/.local/share/okular 262blacklist ${HOME}/.local/share/okular
260blacklist ${HOME}/.local/share/orage 263blacklist ${HOME}/.local/share/orage
261blacklist ${HOME}/.local/share/org.kde.gwenview 264blacklist ${HOME}/.local/share/org.kde.gwenview
diff --git a/etc/nautilus.profile b/etc/nautilus.profile
index 8b86efbd2..49b3ccffd 100644
--- a/etc/nautilus.profile
+++ b/etc/nautilus.profile
@@ -5,10 +5,12 @@ include /etc/firejail/nautilus.local
5# nautilus profile 5# nautilus profile
6 6
7# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there 7# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there
8 # is already a nautilus process running on gnome desktops firejail will have no effect. 8# is already a nautilus process running on gnome desktops firejail will have no effect.
9 9
10noblacklist ~/.config/nautilus 10noblacklist ~/.config/nautilus
11noblacklist ~/.local/share/nautilus 11noblacklist ~/.local/share/nautilus
12noblacklist ~/.local/share/nautilus-python
13noblacklist ~/.local/share/Trash
12 14
13include /etc/firejail/disable-common.inc 15include /etc/firejail/disable-common.inc
14# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files 16# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
diff --git a/etc/nemo.profile b/etc/nemo.profile
index eb0e79aed..c1327faea 100644
--- a/etc/nemo.profile
+++ b/etc/nemo.profile
@@ -2,8 +2,9 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/nemo.local 3include /etc/firejail/nemo.local
4 4
5noblacklist ${HOME}/.local/share/nemo
6noblacklist ${HOME}/.config/nemo 5noblacklist ${HOME}/.config/nemo
6noblacklist ${HOME}/.local/share/nemo
7noblacklist ${HOME}/.local/share/nemo-python
7noblacklist ${HOME}/.local/share/Trash 8noblacklist ${HOME}/.local/share/Trash
8 9
9include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-05 18:38:47 +0000