diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-11-30 11:25:37 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2016-11-30 11:25:37 -0500 |
| commit | 041c4e6a2f460f42bba30b9720a68a7076b6e304 (patch) | |
| tree | b4a2cab5d0d0193bb5b35ed0e8123542c42ef420 | |
| parent | Merge pull request #949 from valoq/master (diff) | |
| parent | Add 10 new profiles (diff) | |
| download | firejail-041c4e6a2f460f42bba30b9720a68a7076b6e304.tar.gz firejail-041c4e6a2f460f42bba30b9720a68a7076b6e304.tar.zst firejail-041c4e6a2f460f42bba30b9720a68a7076b6e304.zip | |
Merge pull request #946 from SpotComms/master
Added 10 new profiles
| -rw-r--r-- | etc/bless.profile | 20 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 7 | ||||
| -rw-r--r-- | etc/gnome-2048.profile | 25 | ||||
| -rw-r--r-- | etc/gnome-calculator.profile | 19 | ||||
| -rw-r--r-- | etc/gnome-contacts.profile | 19 | ||||
| -rw-r--r-- | etc/jd-gui.profile | 19 | ||||
| -rw-r--r-- | etc/lollypop.profile | 20 | ||||
| -rw-r--r-- | etc/multimc5.profile | 27 | ||||
| -rw-r--r-- | etc/pdfsam.profile | 17 | ||||
| -rw-r--r-- | etc/pithos.profile | 19 | ||||
| -rw-r--r-- | etc/xonotic-glx.profile | 5 | ||||
| -rw-r--r-- | etc/xonotic-sdl.profile | 5 | ||||
| -rw-r--r-- | etc/xonotic.profile | 25 |
13 files changed, 227 insertions, 0 deletions
diff --git a/etc/bless.profile b/etc/bless.profile new file mode 100644 index 000000000..752edadf7 --- /dev/null +++ b/etc/bless.profile | |||
| @@ -0,0 +1,20 @@ | |||
| 1 | # | ||
| 2 | #Profile for bless | ||
| 3 | # | ||
| 4 | |||
| 5 | #No Blacklist Paths | ||
| 6 | noblacklist ${HOME}/.config/bless | ||
| 7 | |||
| 8 | #Blacklist Paths | ||
| 9 | include /etc/firejail/disable-common.inc | ||
| 10 | include /etc/firejail/disable-programs.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | ||
| 12 | include /etc/firejail/disable-devel.inc | ||
| 13 | |||
| 14 | #Options | ||
| 15 | caps.drop all | ||
| 16 | netfilter | ||
| 17 | nonewprivs | ||
| 18 | noroot | ||
| 19 | protocol unix,inet,inet6 | ||
| 20 | seccomp | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 76a4c4607..f46274545 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -10,6 +10,7 @@ blacklist ${HOME}/.stellarium | |||
| 10 | blacklist ${HOME}/.sword | 10 | blacklist ${HOME}/.sword |
| 11 | blacklist ${HOME}/.xiphos | 11 | blacklist ${HOME}/.xiphos |
| 12 | blacklist ${HOME}/.config/Atom | 12 | blacklist ${HOME}/.config/Atom |
| 13 | blacklist ${HOME}/.config/bless | ||
| 13 | blacklist ${HOME}/.config/gthumb | 14 | blacklist ${HOME}/.config/gthumb |
| 14 | blacklist ${HOME}/.config/mupen64plus | 15 | blacklist ${HOME}/.config/mupen64plus |
| 15 | blacklist ${HOME}/.config/transmission | 16 | blacklist ${HOME}/.config/transmission |
| @@ -44,6 +45,7 @@ blacklist ${HOME}/.openshot_qt | |||
| 44 | blacklist ${HOME}/.flowblade | 45 | blacklist ${HOME}/.flowblade |
| 45 | blacklist ${HOME}/.config/flowblade | 46 | blacklist ${HOME}/.config/flowblade |
| 46 | blacklist ${HOME}/.config/eog | 47 | blacklist ${HOME}/.config/eog |
| 48 | blacklist ${HOME}/.config/jd-gui.cfg | ||
| 47 | 49 | ||
| 48 | 50 | ||
| 49 | # Media players | 51 | # Media players |
| @@ -56,6 +58,7 @@ blacklist ${HOME}/.config/totem | |||
| 56 | blacklist ${HOME}/.config/xplayer | 58 | blacklist ${HOME}/.config/xplayer |
| 57 | blacklist ${HOME}/.audacity-data | 59 | blacklist ${HOME}/.audacity-data |
| 58 | blacklist ${HOME}/.guayadeque | 60 | blacklist ${HOME}/.guayadeque |
| 61 | blacklist ${HOME}/.local/share/lollypop | ||
| 59 | 62 | ||
| 60 | # HTTP / FTP / Mail | 63 | # HTTP / FTP / Mail |
| 61 | blacklist ${HOME}/.icedove | 64 | blacklist ${HOME}/.icedove |
| @@ -119,6 +122,10 @@ blacklist ${HOME}/.config/wesnoth | |||
| 119 | blacklist ${HOME}/.config/0ad | 122 | blacklist ${HOME}/.config/0ad |
| 120 | blacklist ${HOME}/.warzone2100-3.1 | 123 | blacklist ${HOME}/.warzone2100-3.1 |
| 121 | blacklist ${HOME}/.dosbox | 124 | blacklist ${HOME}/.dosbox |
| 125 | blacklist ${HOME}/.local/share/gnome-2048 | ||
| 126 | blacklist ${HOME}/.local/share/multimc5 | ||
| 127 | blacklist ${HOME}/.multimc5 | ||
| 128 | blacklist ${HOME}/.xonotic | ||
| 122 | 129 | ||
| 123 | # Cryptocoins | 130 | # Cryptocoins |
| 124 | blacklist ${HOME}/.*coin | 131 | blacklist ${HOME}/.*coin |
diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile new file mode 100644 index 000000000..f9982da61 --- /dev/null +++ b/etc/gnome-2048.profile | |||
| @@ -0,0 +1,25 @@ | |||
| 1 | # | ||
| 2 | #Profile for gnome-2048 | ||
| 3 | # | ||
| 4 | |||
| 5 | #No Blacklist Paths | ||
| 6 | noblacklist ${HOME}/.local/share/gnome-2048 | ||
| 7 | |||
| 8 | #Blacklist Paths | ||
| 9 | include /etc/firejail/disable-common.inc | ||
| 10 | include /etc/firejail/disable-programs.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | ||
| 12 | include /etc/firejail/disable-devel.inc | ||
| 13 | |||
| 14 | #Whitelist Paths | ||
| 15 | mkdir ${HOME}/.local/share/gnome-2048 | ||
| 16 | whitelist ${HOME}/.local/share/gnome-2048 | ||
| 17 | include /etc/firejail/whitelist-common.inc | ||
| 18 | |||
| 19 | #Options | ||
| 20 | caps.drop all | ||
| 21 | netfilter | ||
| 22 | nonewprivs | ||
| 23 | noroot | ||
| 24 | protocol unix,inet,inet6 | ||
| 25 | seccomp | ||
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile new file mode 100644 index 000000000..49e068171 --- /dev/null +++ b/etc/gnome-calculator.profile | |||
| @@ -0,0 +1,19 @@ | |||
| 1 | # | ||
| 2 | #Profile for gnome-calculator | ||
| 3 | # | ||
| 4 | |||
| 5 | #Blacklist Paths | ||
| 6 | include /etc/firejail/disable-common.inc | ||
| 7 | include /etc/firejail/disable-programs.inc | ||
| 8 | include /etc/firejail/disable-passwdmgr.inc | ||
| 9 | include /etc/firejail/disable-devel.inc | ||
| 10 | |||
| 11 | include /etc/firejail/whitelist-common.inc | ||
| 12 | |||
| 13 | #Options | ||
| 14 | caps.drop all | ||
| 15 | netfilter | ||
| 16 | nonewprivs | ||
| 17 | noroot | ||
| 18 | protocol unix,inet,inet6 | ||
| 19 | seccomp | ||
diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile new file mode 100644 index 000000000..9dc25b26c --- /dev/null +++ b/etc/gnome-contacts.profile | |||
| @@ -0,0 +1,19 @@ | |||
| 1 | # | ||
| 2 | #Profile for gnome-contacts | ||
| 3 | # | ||
| 4 | |||
| 5 | #Blacklist Paths | ||
| 6 | include /etc/firejail/disable-common.inc | ||
| 7 | include /etc/firejail/disable-programs.inc | ||
| 8 | include /etc/firejail/disable-passwdmgr.inc | ||
| 9 | include /etc/firejail/disable-devel.inc | ||
| 10 | |||
| 11 | include /etc/firejail/whitelist-common.inc | ||
| 12 | |||
| 13 | #Options | ||
| 14 | caps.drop all | ||
| 15 | netfilter | ||
| 16 | nonewprivs | ||
| 17 | noroot | ||
| 18 | protocol unix,inet,inet6 | ||
| 19 | seccomp | ||
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile new file mode 100644 index 000000000..1d6eb41f8 --- /dev/null +++ b/etc/jd-gui.profile | |||
| @@ -0,0 +1,19 @@ | |||
| 1 | # | ||
| 2 | #Profile for jd-gui | ||
| 3 | # | ||
| 4 | |||
| 5 | noblacklist ${HOME}/.config/jd-gui.cfg | ||
| 6 | |||
| 7 | #Blacklist Paths | ||
| 8 | include /etc/firejail/disable-common.inc | ||
| 9 | include /etc/firejail/disable-programs.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | ||
| 11 | include /etc/firejail/disable-devel.inc | ||
| 12 | |||
| 13 | #Options | ||
| 14 | caps.drop all | ||
| 15 | netfilter | ||
| 16 | nonewprivs | ||
| 17 | noroot | ||
| 18 | protocol unix,inet,inet6 | ||
| 19 | seccomp | ||
diff --git a/etc/lollypop.profile b/etc/lollypop.profile new file mode 100644 index 000000000..41a662bca --- /dev/null +++ b/etc/lollypop.profile | |||
| @@ -0,0 +1,20 @@ | |||
| 1 | # | ||
| 2 | #Profile for lollypop | ||
| 3 | # | ||
| 4 | |||
| 5 | #No Blacklist Paths | ||
| 6 | noblacklist ${HOME}/.local/share/lollypop | ||
| 7 | |||
| 8 | #Blacklist Paths | ||
| 9 | include /etc/firejail/disable-common.inc | ||
| 10 | include /etc/firejail/disable-programs.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | ||
| 12 | include /etc/firejail/disable-devel.inc | ||
| 13 | |||
| 14 | #Options | ||
| 15 | caps.drop all | ||
| 16 | netfilter | ||
| 17 | nonewprivs | ||
| 18 | noroot | ||
| 19 | protocol unix,inet,inet6 | ||
| 20 | seccomp | ||
diff --git a/etc/multimc5.profile b/etc/multimc5.profile new file mode 100644 index 000000000..cc310f294 --- /dev/null +++ b/etc/multimc5.profile | |||
| @@ -0,0 +1,27 @@ | |||
| 1 | # | ||
| 2 | #Profile for multimc5 | ||
| 3 | # | ||
| 4 | |||
| 5 | #No Blacklist Paths | ||
| 6 | noblacklist ${HOME}/.local/share/multimc5 | ||
| 7 | noblacklist ${HOME}/.multimc5 | ||
| 8 | |||
| 9 | #Blacklist Paths | ||
| 10 | include /etc/firejail/disable-common.inc | ||
| 11 | include /etc/firejail/disable-programs.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | ||
| 13 | include /etc/firejail/disable-devel.inc | ||
| 14 | |||
| 15 | #Whitelist Paths | ||
| 16 | mkdir ${HOME}/.local/share/multimc5 | ||
| 17 | whitelist ${HOME}/.local/share/multimc5 | ||
| 18 | mkdir ${HOME}/.multimc5 | ||
| 19 | whitelist ${HOME}/.multimc5 | ||
| 20 | include /etc/firejail/whitelist-common.inc | ||
| 21 | |||
| 22 | #Options | ||
| 23 | caps.drop all | ||
| 24 | netfilter | ||
| 25 | nonewprivs | ||
| 26 | noroot | ||
| 27 | protocol unix,inet,inet6 | ||
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile new file mode 100644 index 000000000..6e50f37cf --- /dev/null +++ b/etc/pdfsam.profile | |||
| @@ -0,0 +1,17 @@ | |||
| 1 | # | ||
| 2 | #Profile for pdfsam | ||
| 3 | # | ||
| 4 | |||
| 5 | #Blacklist Paths | ||
| 6 | include /etc/firejail/disable-common.inc | ||
| 7 | include /etc/firejail/disable-programs.inc | ||
| 8 | include /etc/firejail/disable-passwdmgr.inc | ||
| 9 | include /etc/firejail/disable-devel.inc | ||
| 10 | |||
| 11 | #Options | ||
| 12 | caps.drop all | ||
| 13 | netfilter | ||
| 14 | nonewprivs | ||
| 15 | noroot | ||
| 16 | protocol unix,inet,inet6 | ||
| 17 | seccomp | ||
diff --git a/etc/pithos.profile b/etc/pithos.profile new file mode 100644 index 000000000..8270b8bee --- /dev/null +++ b/etc/pithos.profile | |||
| @@ -0,0 +1,19 @@ | |||
| 1 | # | ||
| 2 | #Profile for pithos | ||
| 3 | # | ||
| 4 | |||
| 5 | #Blacklist Paths | ||
| 6 | include /etc/firejail/disable-common.inc | ||
| 7 | include /etc/firejail/disable-programs.inc | ||
| 8 | include /etc/firejail/disable-passwdmgr.inc | ||
| 9 | include /etc/firejail/disable-devel.inc | ||
| 10 | |||
| 11 | include /etc/firejail/whitelist-common.inc | ||
| 12 | |||
| 13 | #Options | ||
| 14 | caps.drop all | ||
| 15 | netfilter | ||
| 16 | nonewprivs | ||
| 17 | noroot | ||
| 18 | protocol unix,inet,inet6 | ||
| 19 | seccomp | ||
diff --git a/etc/xonotic-glx.profile b/etc/xonotic-glx.profile new file mode 100644 index 000000000..b255ffdbb --- /dev/null +++ b/etc/xonotic-glx.profile | |||
| @@ -0,0 +1,5 @@ | |||
| 1 | # | ||
| 2 | #Profile for xonotic:xonotic-glx | ||
| 3 | # | ||
| 4 | |||
| 5 | include /etc/firejail/xonotic.profile | ||
diff --git a/etc/xonotic-sdl.profile b/etc/xonotic-sdl.profile new file mode 100644 index 000000000..783667304 --- /dev/null +++ b/etc/xonotic-sdl.profile | |||
| @@ -0,0 +1,5 @@ | |||
| 1 | # | ||
| 2 | #Profile for xonotic:xonotic-sdl | ||
| 3 | # | ||
| 4 | |||
| 5 | include /etc/firejail/xonotic.profile | ||
diff --git a/etc/xonotic.profile b/etc/xonotic.profile new file mode 100644 index 000000000..75d649619 --- /dev/null +++ b/etc/xonotic.profile | |||
| @@ -0,0 +1,25 @@ | |||
| 1 | # | ||
| 2 | #Profile for xonotic | ||
| 3 | # | ||
| 4 | |||
| 5 | #No Blacklist Paths | ||
| 6 | noblacklist ${HOME}/.xonotic | ||
| 7 | |||
| 8 | #Blacklist Paths | ||
| 9 | include /etc/firejail/disable-common.inc | ||
| 10 | include /etc/firejail/disable-programs.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | ||
| 12 | include /etc/firejail/disable-devel.inc | ||
| 13 | |||
| 14 | #Whitelist Paths | ||
| 15 | mkdir ${HOME}/.xonotic | ||
| 16 | whitelist ${HOME}/.xonotic | ||
| 17 | include /etc/firejail/whitelist-common.inc | ||
| 18 | |||
| 19 | #Options | ||
| 20 | caps.drop all | ||
| 21 | netfilter | ||
| 22 | nonewprivs | ||
| 23 | noroot | ||
| 24 | protocol unix,inet,inet6 | ||
| 25 | seccomp | ||