aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2017-03-26 11:34:23 -0400
committerLibravatar GitHub <noreply@github.com>2017-03-26 11:34:23 -0400
commit76b6fa1656b985606d5ac93787697c9c097dfbda (patch)
treebedd7d7d3b330d87b1ac79d8f0e9430cdc763bff
parentMerge pull request #1159 from irregulator/master (diff)
parentundo netlink addition (diff)
downloadfirejail-76b6fa1656b985606d5ac93787697c9c097dfbda.tar.gz
firejail-76b6fa1656b985606d5ac93787697c9c097dfbda.tar.zst
firejail-76b6fa1656b985606d5ac93787697c9c097dfbda.zip
Merge pull request #1156 from SYN-cook/master
profile enhancements
Diffstat
-rw-r--r--etc/audacious.profile8
-rw-r--r--etc/disable-common.inc1
-rw-r--r--etc/disable-passwdmgr.inc1
-rw-r--r--etc/disable-programs.inc5
-rw-r--r--etc/gwenview.profile6
-rw-r--r--etc/scribus.profile6
6 files changed, 23 insertions, 4 deletions
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 63ba9af9c..d12032166 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -4,13 +4,21 @@ include /etc/firejail/audacious.local
4 4
5# Audacious media player profile 5# Audacious media player profile
6noblacklist ~/.config/audacious 6noblacklist ~/.config/audacious
7noblacklist ~/.config/Audaciousrc
7include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
8include /etc/firejail/disable-programs.inc 9include /etc/firejail/disable-programs.inc
9include /etc/firejail/disable-devel.inc 10include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-passwdmgr.inc 11include /etc/firejail/disable-passwdmgr.inc
11 12
12caps.drop all 13caps.drop all
14netfilter
13nonewprivs 15nonewprivs
14noroot 16noroot
15protocol unix,inet,inet6 17protocol unix,inet,inet6
16seccomp 18seccomp
19shell none
20tracelog
21
22private-bin audacious
23private-dev
24private-tmp
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index be3144133..78b41371a 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -165,6 +165,7 @@ blacklist ${HOME}/*.key
165blacklist ${HOME}/.muttrc 165blacklist ${HOME}/.muttrc
166blacklist ${HOME}/.mutt/muttrc 166blacklist ${HOME}/.mutt/muttrc
167blacklist ${HOME}/.msmtprc 167blacklist ${HOME}/.msmtprc
168blacklist ${HOME}/.pki
168blacklist /etc/shadow 169blacklist /etc/shadow
169blacklist /etc/gshadow 170blacklist /etc/gshadow
170blacklist /etc/passwd- 171blacklist /etc/passwd-
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc
index c4112d4d5..b5260e897 100644
--- a/etc/disable-passwdmgr.inc
+++ b/etc/disable-passwdmgr.inc
@@ -2,7 +2,6 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-passwdmgr.local 3include /etc/firejail/disable-passwdmgr.local
4 4
5blacklist ${HOME}/.pki/nssdb
6blacklist ${HOME}/.lastpass 5blacklist ${HOME}/.lastpass
7blacklist ${HOME}/.keepassx 6blacklist ${HOME}/.keepassx
8blacklist ${HOME}/.keepass 7blacklist ${HOME}/.keepass
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 00c6e195a..39a8ed4f5 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -20,6 +20,7 @@ blacklist ${HOME}/.bcast5
20blacklist ${HOME}/.claws-mail 20blacklist ${HOME}/.claws-mail
21blacklist ${HOME}/.config/0ad 21blacklist ${HOME}/.config/0ad
22blacklist ${HOME}/.config/Atom 22blacklist ${HOME}/.config/Atom
23blacklist ${HOME}/.config/Audaciousrc
23blacklist ${HOME}/.config/Brackets 24blacklist ${HOME}/.config/Brackets
24blacklist ${HOME}/.config/Cryptocat 25blacklist ${HOME}/.config/Cryptocat
25blacklist ${HOME}/.config/Franz 26blacklist ${HOME}/.config/Franz
@@ -71,6 +72,7 @@ blacklist ${HOME}/.config/google-chrome
71blacklist ${HOME}/.config/google-chrome-beta 72blacklist ${HOME}/.config/google-chrome-beta
72blacklist ${HOME}/.config/google-chrome-unstable 73blacklist ${HOME}/.config/google-chrome-unstable
73blacklist ${HOME}/.config/gthumb 74blacklist ${HOME}/.config/gthumb
75blacklist ${HOME}/.config/gwenviewrc
74blacklist ${HOME}/.config/hexchat 76blacklist ${HOME}/.config/hexchat
75blacklist ${HOME}/.config/inox 77blacklist ${HOME}/.config/inox
76blacklist ${HOME}/.config/jd-gui.cfg 78blacklist ${HOME}/.config/jd-gui.cfg
@@ -88,6 +90,7 @@ blacklist ${HOME}/.config/nautilus
88blacklist ${HOME}/.config/netsurf 90blacklist ${HOME}/.config/netsurf
89blacklist ${HOME}/.config/opera 91blacklist ${HOME}/.config/opera
90blacklist ${HOME}/.config/opera-beta 92blacklist ${HOME}/.config/opera-beta
93blacklist ${HOME}/.config/org.kde.gwenviewrc
91blacklist ${HOME}/.config/pix 94blacklist ${HOME}/.config/pix
92blacklist ${HOME}/.config/pluma 95blacklist ${HOME}/.config/pluma
93blacklist ${HOME}/.config/psi+ 96blacklist ${HOME}/.config/psi+
@@ -224,12 +227,12 @@ blacklist ${HOME}/.openshot
224blacklist ${HOME}/.openshot_qt 227blacklist ${HOME}/.openshot_qt
225blacklist ${HOME}/.opera 228blacklist ${HOME}/.opera
226blacklist ${HOME}/.opera-beta 229blacklist ${HOME}/.opera-beta
227blacklist ${HOME}/.pki
228blacklist ${HOME}/.purple 230blacklist ${HOME}/.purple
229blacklist ${HOME}/.qemu-launcher 231blacklist ${HOME}/.qemu-launcher
230blacklist ${HOME}/.remmina 232blacklist ${HOME}/.remmina
231blacklist ${HOME}/.retroshare 233blacklist ${HOME}/.retroshare
232blacklist ${HOME}/.scribus 234blacklist ${HOME}/.scribus
235blacklist ${HOME}/.scribusrc
233blacklist ${HOME}/.steam 236blacklist ${HOME}/.steam
234blacklist ${HOME}/.steampath 237blacklist ${HOME}/.steampath
235blacklist ${HOME}/.steampid 238blacklist ${HOME}/.steampid
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index f636792f0..b8067866c 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -5,6 +5,8 @@ include /etc/firejail/gwenview.local
5# KDE gwenview profile 5# KDE gwenview profile
6noblacklist ~/.kde/share/apps/gwenview 6noblacklist ~/.kde/share/apps/gwenview
7noblacklist ~/.kde/share/config/gwenviewrc 7noblacklist ~/.kde/share/config/gwenviewrc
8noblacklist ~/.config/gwenviewrc
9noblacklist ~/.config/org.kde.gwenviewrc
8include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
9include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-programs.inc
10include /etc/firejail/disable-devel.inc 12include /etc/firejail/disable-devel.inc
@@ -16,11 +18,11 @@ nonewprivs
16noroot 18noroot
17protocol unix 19protocol unix
18seccomp 20seccomp
19nosound 21tracelog
20 22
21private-dev 23private-dev
22 24
23#Experimental: 25# Experimental:
24#shell none 26#shell none
25#private-bin gwenview 27#private-bin gwenview
26#private-etc X11 28#private-etc X11
diff --git a/etc/scribus.profile b/etc/scribus.profile
index da2076286..5d0dc5af9 100644
--- a/etc/scribus.profile
+++ b/etc/scribus.profile
@@ -5,9 +5,15 @@ include /etc/firejail/scribus.local
5# Firejail profile for Scribus 5# Firejail profile for Scribus
6noblacklist ~/.scribus 6noblacklist ~/.scribus
7noblacklist ~/.config/scribus 7noblacklist ~/.config/scribus
8noblacklist ~/.config/scribusrc
8noblacklist ~/.local/share/scribus 9noblacklist ~/.local/share/scribus
9noblacklist ~/.gimp* 10noblacklist ~/.gimp*
10 11
12# Support for PDF readers (Scribus 1.5 and higher)
13noblacklist ~/.kde/share/apps/okular
14noblacklist ~/.kde/share/config/okularrc
15noblacklist ~/.kde/share/config/okularpartrc
16
11include /etc/firejail/disable-common.inc 17include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-programs.inc 18include /etc/firejail/disable-programs.inc
13include /etc/firejail/disable-devel.inc 19include /etc/firejail/disable-devel.inc
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-14 19:33:38 +0000