aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar SkewedZeppelin <8296104+SkewedZeppelin@users.noreply.github.com>2018-02-12 22:37:05 -0500
committerLibravatar GitHub <noreply@github.com>2018-02-12 22:37:05 -0500
commit22c9c5c7fd4ca6f8090ede7f4c8859a148db1cce (patch)
tree20ff230c2d28d311441c83c7d5cca910f130b287
parentupdate various application blacklists (diff)
parentFurther unify private-etc in Firefox-based browsers (diff)
downloadfirejail-22c9c5c7fd4ca6f8090ede7f4c8859a148db1cce.tar.gz
firejail-22c9c5c7fd4ca6f8090ede7f4c8859a148db1cce.tar.zst
firejail-22c9c5c7fd4ca6f8090ede7f4c8859a148db1cce.zip
Merge pull request #1774 from SkewedZeppelin/1773
Unify all Chromium and Firefox based browser profiles
Diffstat
-rw-r--r--README.md9
-rw-r--r--etc/abrowser.profile37
-rw-r--r--etc/bnox.profile23
-rw-r--r--etc/brave.profile27
-rw-r--r--etc/chromium-common.profile32
-rw-r--r--etc/chromium.profile24
-rw-r--r--etc/cliqz.profile79
-rw-r--r--etc/cyberfox.profile60
-rw-r--r--etc/dnox.profile23
-rw-r--r--etc/firefox-common-addons.inc51
-rw-r--r--etc/firefox-common.profile44
-rw-r--r--etc/firefox.profile83
-rw-r--r--etc/flashpeak-slimjet.profile26
-rw-r--r--etc/google-chrome-beta.profile23
-rw-r--r--etc/google-chrome-unstable.profile23
-rw-r--r--etc/google-chrome.profile25
-rw-r--r--etc/icecat.profile40
-rw-r--r--etc/iceweasel.profile2
-rw-r--r--etc/inox.profile23
-rw-r--r--etc/iridium.profile24
-rw-r--r--etc/opera-beta.profile17
-rw-r--r--etc/opera.profile16
-rw-r--r--etc/palemoon.profile50
-rw-r--r--etc/vivaldi.profile22
-rw-r--r--etc/waterfox.profile71
-rw-r--r--etc/yandex-browser.profile24
26 files changed, 205 insertions, 673 deletions
diff --git a/README.md b/README.md
index bc4802138..eebe91d10 100644
--- a/README.md
+++ b/README.md
@@ -98,6 +98,15 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir
98````` 98`````
99# Current development version: 0.9.53 99# Current development version: 0.9.53
100 100
101## Browser profile unification
102
103All Chromium and Firefox browsers have been unified to instead extend
104chromium-common.profile and firefox-common.profile respectively.
105This allows for reduced maintenance and ease of adding new browsers.
106NOTE: All users of Firefox-based browsers who use addons and plugins
107that read/write from ${HOME} will need to uncomment the includes for
108firefox-common-addons.inc in firefox-common.profile.
109
101## New profiles 110## New profiles
102 111
103Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary, 112Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,
diff --git a/etc/abrowser.profile b/etc/abrowser.profile
index 5c964bad1..d757d6f49 100644
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@@ -7,42 +7,15 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15 10
16mkdir ${HOME}/.cache/mozilla/abrowser 11mkdir ${HOME}/.cache/mozilla/abrowser
17mkdir ${HOME}/.mozilla 12mkdir ${HOME}/.mozilla
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/gnome-mplayer/plugin
20whitelist ${HOME}/.cache/mozilla/abrowser 13whitelist ${HOME}/.cache/mozilla/abrowser
21whitelist ${HOME}/.config/gnome-mplayer
22whitelist ${HOME}/.config/pipelight-silverlight5.1
23whitelist ${HOME}/.config/pipelight-widevine
24whitelist ${HOME}/.keysnail.js
25whitelist ${HOME}/.lastpass
26whitelist ${HOME}/.mozilla 14whitelist ${HOME}/.mozilla
27whitelist ${HOME}/.pentadactyl
28whitelist ${HOME}/.pentadactylrc
29whitelist ${HOME}/.pki
30whitelist ${HOME}/.vimperator
31whitelist ${HOME}/.vimperatorrc
32whitelist ${HOME}/.wine-pipelight
33whitelist ${HOME}/.wine-pipelight64
34whitelist ${HOME}/.zotero
35whitelist ${HOME}/dwhelper
36include /etc/firejail/whitelist-common.inc
37 15
38caps.drop all 16# private-etc must first be enabled in firefox-common.profile
39netfilter 17#private-etc abrowser
40nodvd 18
41nonewprivs
42noroot
43notv
44protocol unix,inet,inet6,netlink
45seccomp
46tracelog
47 19
48# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse 20# Redirect
21include /etc/firejail/firefox-common.profile
diff --git a/etc/bnox.profile b/etc/bnox.profile
index 4270755c8..3207a2923 100644
--- a/etc/bnox.profile
+++ b/etc/bnox.profile
@@ -7,30 +7,11 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/bnox 8noblacklist ${HOME}/.cache/bnox
9noblacklist ${HOME}/.config/bnox 9noblacklist ${HOME}/.config/bnox
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-programs.inc
14 10
15mkdir ${HOME}/.cache/bnox 11mkdir ${HOME}/.cache/bnox
16mkdir ${HOME}/.config/bnox 12mkdir ${HOME}/.config/bnox
17mkdir ${HOME}/.pki
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/bnox 13whitelist ${HOME}/.cache/bnox
20whitelist ${HOME}/.config/bnox 14whitelist ${HOME}/.config/bnox
21whitelist ${HOME}/.pki
22include /etc/firejail/whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc
24
25caps.keep sys_chroot,sys_admin
26netfilter
27nodvd
28nogroups
29notv
30shell none
31
32private-dev
33# private-tmp - problems with multiple browser sessions
34 15
35noexec ${HOME} 16# Redirect
36noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/brave.profile b/etc/brave.profile
index 668e8a244..f37ac2a05 100644
--- a/etc/brave.profile
+++ b/etc/brave.profile
@@ -8,31 +8,10 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.config/brave 8noblacklist ${HOME}/.config/brave
9# brave uses gpg for built-in password manager 9# brave uses gpg for built-in password manager
10noblacklist ${HOME}/.gnupg 10noblacklist ${HOME}/.gnupg
11noblacklist ${HOME}/.pki
12
13include /etc/firejail/disable-common.inc
14include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-programs.inc
16 11
17mkdir ${HOME}/.config/brave 12mkdir ${HOME}/.config/brave
18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.config/KeePass
21whitelist ${HOME}/.config/brave 13whitelist ${HOME}/.config/brave
22whitelist ${HOME}/.config/keepass 14whitelist ${HOME}/.gnupg
23whitelist ${HOME}/.config/lastpass
24whitelist ${HOME}/.keepass
25whitelist ${HOME}/.lastpass
26whitelist ${HOME}/.pki
27include /etc/firejail/whitelist-common.inc
28
29# caps.drop all
30netfilter
31# nonewprivs
32# noroot
33nodvd
34notv
35# protocol unix,inet,inet6,netlink
36# seccomp
37 15
38disable-mnt 16# Redirect
17include /etc/firejail/chromium-common.profile
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile
new file mode 100644
index 000000000..5c5215309
--- /dev/null
+++ b/etc/chromium-common.profile
@@ -0,0 +1,32 @@
1# Firejail profile for chromium-common
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/chromium-common.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.pki
9
10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-programs.inc
13
14mkdir ${HOME}/.pki
15whitelist ${DOWNLOADS}
16whitelist ${HOME}/.pki
17include /etc/firejail/whitelist-common.inc
18include /etc/firejail/whitelist-var-common.inc
19
20caps.keep sys_chroot,sys_admin
21netfilter
22nodvd
23nogroups
24notv
25shell none
26
27disable-mnt
28private-dev
29# private-tmp - problems with multiple browser sessions
30
31noexec ${HOME}
32noexec /tmp
diff --git a/etc/chromium.profile b/etc/chromium.profile
index 64d790121..ad9f9af33 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -8,34 +8,14 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.cache/chromium 8noblacklist ${HOME}/.cache/chromium
9noblacklist ${HOME}/.config/chromium 9noblacklist ${HOME}/.config/chromium
10noblacklist ${HOME}/.config/chromium-flags.conf 10noblacklist ${HOME}/.config/chromium-flags.conf
11noblacklist ${HOME}/.pki
12
13include /etc/firejail/disable-common.inc
14include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-programs.inc
16 11
17mkdir ${HOME}/.cache/chromium 12mkdir ${HOME}/.cache/chromium
18mkdir ${HOME}/.config/chromium 13mkdir ${HOME}/.config/chromium
19mkdir ${HOME}/.pki
20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/chromium 14whitelist ${HOME}/.cache/chromium
22whitelist ${HOME}/.config/chromium 15whitelist ${HOME}/.config/chromium
23whitelist ${HOME}/.config/chromium-flags.conf 16whitelist ${HOME}/.config/chromium-flags.conf
24whitelist ${HOME}/.pki
25include /etc/firejail/whitelist-common.inc
26include /etc/firejail/whitelist-var-common.inc
27
28caps.keep sys_chroot,sys_admin
29netfilter
30nodvd
31nogroups
32notv
33shell none
34 17
35disable-mnt
36# private-bin chromium,chromium-browser,chromedriver 18# private-bin chromium,chromium-browser,chromedriver
37private-dev
38# private-tmp - problems with multiple browser sessions
39 19
40noexec ${HOME} 20# Redirect
41noexec /tmp 21include /etc/firejail/chromium-common.profile
diff --git a/etc/cliqz.profile b/etc/cliqz.profile
index 086dfa233..4ff96311d 100644
--- a/etc/cliqz.profile
+++ b/etc/cliqz.profile
@@ -7,77 +7,14 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/cliqz 8noblacklist ${HOME}/.cache/cliqz
9noblacklist ${HOME}/.config/cliqz 9noblacklist ${HOME}/.config/cliqz
10noblacklist ${HOME}/.config/okularpartrc
11noblacklist ${HOME}/.config/okularrc
12noblacklist ${HOME}/.config/qpdfview
13noblacklist ${HOME}/.kde/share/apps/okular
14noblacklist ${HOME}/.kde/share/config/okularpartrc
15noblacklist ${HOME}/.kde/share/config/okularrc
16noblacklist ${HOME}/.kde4/share/apps/okular
17noblacklist ${HOME}/.kde4/share/config/okularpartrc
18noblacklist ${HOME}/.kde4/share/config/okularrc
19# noblacklist ${HOME}/.local/share/gnome-shell/extensions
20noblacklist ${HOME}/.local/share/okular
21noblacklist ${HOME}/.local/share/qpdfview
22 10
23noblacklist ${HOME}/.pki 11mkdir ${HOME}/.cache/cliqz
12mkdir ${HOME}/.config/cliqz
13whitelist ${HOME}/.cache/cliqz
14whitelist ${HOME}/.config/cliqz
24 15
25include /etc/firejail/disable-common.inc 16# private-etc must first be enabled in firefox-common.profile
26include /etc/firejail/disable-devel.inc 17#private-etc cliqz
27include /etc/firejail/disable-programs.inc
28 18
29mkdir ${HOME}/.cache/mozilla/firefox 19# Redirect
30mkdir ${HOME}/.mozilla 20include /etc/firejail/firefox-common.profile
31mkdir ${HOME}/.pki
32whitelist ${DOWNLOADS}
33whitelist ${HOME}/.cache/gnome-mplayer/plugin
34whitelist ${HOME}/.cache/mozilla/firefox
35whitelist ${HOME}/.config/gnome-mplayer
36whitelist ${HOME}/.config/okularpartrc
37whitelist ${HOME}/.config/okularrc
38whitelist ${HOME}/.config/pipelight-silverlight5.1
39whitelist ${HOME}/.config/pipelight-widevine
40whitelist ${HOME}/.config/qpdfview
41whitelist ${HOME}/.kde/share/apps/okular
42whitelist ${HOME}/.kde/share/config/okularpartrc
43whitelist ${HOME}/.kde/share/config/okularrc
44whitelist ${HOME}/.kde4/share/apps/okular
45whitelist ${HOME}/.kde4/share/config/okularpartrc
46whitelist ${HOME}/.kde4/share/config/okularrc
47whitelist ${HOME}/.keysnail.js
48whitelist ${HOME}/.lastpass
49whitelist ${HOME}/.local/share/gnome-shell/extensions
50whitelist ${HOME}/.local/share/okular
51whitelist ${HOME}/.local/share/qpdfview
52whitelist ${HOME}/.mozilla
53whitelist ${HOME}/.pentadactyl
54whitelist ${HOME}/.pentadactylrc
55whitelist ${HOME}/.pki
56whitelist ${HOME}/.vimperator
57whitelist ${HOME}/.vimperatorrc
58whitelist ${HOME}/.wine-pipelight
59whitelist ${HOME}/.wine-pipelight64
60whitelist ${HOME}/.zotero
61whitelist ${HOME}/dwhelper
62include /etc/firejail/whitelist-common.inc
63include /etc/firejail/whitelist-var-common.inc
64
65caps.drop all
66netfilter
67nodvd
68nogroups
69nonewprivs
70noroot
71notv
72protocol unix,inet,inet6,netlink
73seccomp
74shell none
75tracelog
76
77# private-bin firefox,which,sh,dbus-launch,dbus-send,env
78private-dev
79# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
80private-tmp
81
82noexec ${HOME}
83noexec /tmp
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile
index 66cd27461..ce51906ba 100644
--- a/etc/cyberfox.profile
+++ b/etc/cyberfox.profile
@@ -7,67 +7,15 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.8pecxstudios 8noblacklist ${HOME}/.8pecxstudios
9noblacklist ${HOME}/.cache/8pecxstudios 9noblacklist ${HOME}/.cache/8pecxstudios
10noblacklist ${HOME}/.config/okularpartrc
11noblacklist ${HOME}/.config/okularrc
12noblacklist ${HOME}/.config/qpdfview
13noblacklist ${HOME}/.kde/share/apps/okular
14noblacklist ${HOME}/.kde4/share/apps/okular
15noblacklist ${HOME}/.local/share/okular
16noblacklist ${HOME}/.local/share/qpdfview
17noblacklist ${HOME}/.pki
18
19include /etc/firejail/disable-common.inc
20include /etc/firejail/disable-devel.inc
21include /etc/firejail/disable-programs.inc
22 10
23mkdir ${HOME}/.8pecxstudios 11mkdir ${HOME}/.8pecxstudios
24mkdir ${HOME}/.cache/8pecxstudios 12mkdir ${HOME}/.cache/8pecxstudios
25mkdir ${HOME}/.pki
26whitelist ${DOWNLOADS}
27whitelist ${HOME}/.8pecxstudios 13whitelist ${HOME}/.8pecxstudios
28whitelist ${HOME}/.cache/8pecxstudios 14whitelist ${HOME}/.cache/8pecxstudios
29whitelist ${HOME}/.cache/gnome-mplayer/plugin
30whitelist ${HOME}/.config/gnome-mplayer
31whitelist ${HOME}/.config/okularpartrc
32whitelist ${HOME}/.config/okularrc
33whitelist ${HOME}/.config/pipelight-silverlight5.1
34whitelist ${HOME}/.config/pipelight-widevine
35whitelist ${HOME}/.config/qpdfview
36whitelist ${HOME}/.kde/share/apps/okular
37whitelist ${HOME}/.kde4/share/apps/okular
38whitelist ${HOME}/.keysnail.js
39whitelist ${HOME}/.lastpass
40whitelist ${HOME}/.local/share/okular
41whitelist ${HOME}/.local/share/qpdfview
42whitelist ${HOME}/.pentadactyl
43whitelist ${HOME}/.pentadactylrc
44whitelist ${HOME}/.pki
45whitelist ${HOME}/.vimperator
46whitelist ${HOME}/.vimperatorrc
47whitelist ${HOME}/.wine-pipelight
48whitelist ${HOME}/.wine-pipelight64
49whitelist ${HOME}/.zotero
50whitelist ${HOME}/dwhelper
51include /etc/firejail/whitelist-common.inc
52
53caps.drop all
54netfilter
55nodvd
56nogroups
57nonewprivs
58noroot
59notv
60protocol unix,inet,inet6,netlink
61seccomp
62shell none
63tracelog
64 15
65disable-mnt
66# private-bin cyberfox,which,sh,dbus-launch,dbus-send,env 16# private-bin cyberfox,which,sh,dbus-launch,dbus-send,env
67private-dev 17# private-etc must first be enabled in firefox-common.profile
68private-dev 18#private-etc cyberfox
69# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,cyberfox,mime.types,mailcap,asound.conf,pulse
70private-tmp
71 19
72noexec ${HOME} 20# Redirect
73noexec /tmp 21include /etc/firejail/firefox-common.profile
diff --git a/etc/dnox.profile b/etc/dnox.profile
index d6626c048..505884ca6 100644
--- a/etc/dnox.profile
+++ b/etc/dnox.profile
@@ -7,30 +7,11 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/dnox 8noblacklist ${HOME}/.cache/dnox
9noblacklist ${HOME}/.config/dnox 9noblacklist ${HOME}/.config/dnox
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-programs.inc
14 10
15mkdir ${HOME}/.cache/dnox 11mkdir ${HOME}/.cache/dnox
16mkdir ${HOME}/.config/dnox 12mkdir ${HOME}/.config/dnox
17mkdir ${HOME}/.pki
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/dnox 13whitelist ${HOME}/.cache/dnox
20whitelist ${HOME}/.config/dnox 14whitelist ${HOME}/.config/dnox
21whitelist ${HOME}/.pki
22include /etc/firejail/whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc
24
25caps.keep sys_chroot,sys_admin
26netfilter
27nodvd
28nogroups
29notv
30shell none
31
32private-dev
33# private-tmp - problems with multiple browser sessions
34 15
35noexec ${HOME} 16# Redirect
36noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc
new file mode 100644
index 000000000..b480aae18
--- /dev/null
+++ b/etc/firefox-common-addons.inc
@@ -0,0 +1,51 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include /etc/firejail/firefox-common-addons.local
4
5noblacklist ${HOME}/.config/okularpartrc
6noblacklist ${HOME}/.config/okularrc
7noblacklist ${HOME}/.config/qpdfview
8noblacklist ${HOME}/.kde/share/apps/kget
9noblacklist ${HOME}/.kde/share/apps/okular
10noblacklist ${HOME}/.kde/share/config/kgetrc
11noblacklist ${HOME}/.kde/share/config/okularpartrc
12noblacklist ${HOME}/.kde/share/config/okularrc
13noblacklist ${HOME}/.kde4/share/apps/kget
14noblacklist ${HOME}/.kde4/share/apps/okular
15noblacklist ${HOME}/.kde4/share/config/kgetrc
16noblacklist ${HOME}/.kde4/share/config/okularpartrc
17noblacklist ${HOME}/.kde4/share/config/okularrc
18# noblacklist ${HOME}/.local/share/gnome-shell/extensions
19noblacklist ${HOME}/.local/share/okular
20noblacklist ${HOME}/.local/share/qpdfview
21
22whitelist ${HOME}/.cache/gnome-mplayer/plugin
23whitelist ${HOME}/.config/gnome-mplayer
24whitelist ${HOME}/.config/okularpartrc
25whitelist ${HOME}/.config/okularrc
26whitelist ${HOME}/.config/pipelight-silverlight5.1
27whitelist ${HOME}/.config/pipelight-widevine
28whitelist ${HOME}/.config/qpdfview
29whitelist ${HOME}/.kde/share/apps/kget
30whitelist ${HOME}/.kde/share/apps/okular
31whitelist ${HOME}/.kde/share/config/kgetrc
32whitelist ${HOME}/.kde/share/config/okularpartrc
33whitelist ${HOME}/.kde/share/config/okularrc
34whitelist ${HOME}/.kde4/share/apps/kget
35whitelist ${HOME}/.kde4/share/apps/okular
36whitelist ${HOME}/.kde4/share/config/kgetrc
37whitelist ${HOME}/.kde4/share/config/okularpartrc
38whitelist ${HOME}/.kde4/share/config/okularrc
39whitelist ${HOME}/.keysnail.js
40whitelist ${HOME}/.lastpass
41whitelist ${HOME}/.local/share/gnome-shell/extensions
42whitelist ${HOME}/.local/share/okular
43whitelist ${HOME}/.local/share/qpdfview
44whitelist ${HOME}/.pentadactyl
45whitelist ${HOME}/.pentadactylrc
46whitelist ${HOME}/.vimperator
47whitelist ${HOME}/.vimperatorrc
48whitelist ${HOME}/.wine-pipelight
49whitelist ${HOME}/.wine-pipelight64
50whitelist ${HOME}/.zotero
51whitelist ${HOME}/dwhelper
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile
new file mode 100644
index 000000000..0c4271edc
--- /dev/null
+++ b/etc/firefox-common.profile
@@ -0,0 +1,44 @@
1# Firejail profile for firefox-common
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/firefox-common.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8# uncomment the following line to allow access to common programs/addons/plugins
9#include /etc/firejail/firefox-common-addons.inc
10
11noblacklist ${HOME}/.pki
12
13include /etc/firejail/disable-common.inc
14include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-programs.inc
16
17mkdir ${HOME}/.pki
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.pki
20include /etc/firejail/whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc
22
23caps.drop all
24# machine-id breaks pulse audio; it should work fine in setups where sound is not required
25#machine-id
26netfilter
27nodvd
28nogroups
29nonewprivs
30noroot
31notv
32protocol unix,inet,inet6,netlink
33seccomp
34shell none
35tracelog
36
37disable-mnt
38private-dev
39# private-etc below works fine on most distributions. There are some problems on CentOS.
40#private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
41private-tmp
42
43noexec ${HOME}
44noexec /tmp
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 079cb1536..0ab6a6141 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -6,90 +6,17 @@ include /etc/firejail/firefox.local
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.config/okularpartrc
10noblacklist ${HOME}/.config/okularrc
11noblacklist ${HOME}/.config/qpdfview
12noblacklist ${HOME}/.kde/share/apps/kget
13noblacklist ${HOME}/.kde/share/apps/okular
14noblacklist ${HOME}/.kde/share/config/kgetrc
15noblacklist ${HOME}/.kde/share/config/okularpartrc
16noblacklist ${HOME}/.kde/share/config/okularrc
17noblacklist ${HOME}/.kde4/share/apps/kget
18noblacklist ${HOME}/.kde4/share/apps/okular
19noblacklist ${HOME}/.kde4/share/config/kgetrc
20noblacklist ${HOME}/.kde4/share/config/okularpartrc
21noblacklist ${HOME}/.kde4/share/config/okularrc
22# noblacklist ${HOME}/.local/share/gnome-shell/extensions
23noblacklist ${HOME}/.local/share/okular
24noblacklist ${HOME}/.local/share/qpdfview
25noblacklist ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
26noblacklist ${HOME}/.pki
27
28include /etc/firejail/disable-common.inc
29include /etc/firejail/disable-devel.inc
30include /etc/firejail/disable-programs.inc
31 10
32mkdir ${HOME}/.cache/mozilla/firefox 11mkdir ${HOME}/.cache/mozilla/firefox
33mkdir ${HOME}/.mozilla 12mkdir ${HOME}/.mozilla
34mkdir ${HOME}/.pki
35whitelist ${DOWNLOADS}
36whitelist ${HOME}/.cache/gnome-mplayer/plugin
37whitelist ${HOME}/.cache/mozilla/firefox 13whitelist ${HOME}/.cache/mozilla/firefox
38whitelist ${HOME}/.config/gnome-mplayer
39whitelist ${HOME}/.config/okularpartrc
40whitelist ${HOME}/.config/okularrc
41whitelist ${HOME}/.config/pipelight-silverlight5.1
42whitelist ${HOME}/.config/pipelight-widevine
43whitelist ${HOME}/.config/qpdfview
44whitelist ${HOME}/.kde/share/apps/kget
45whitelist ${HOME}/.kde/share/apps/okular
46whitelist ${HOME}/.kde/share/config/kgetrc
47whitelist ${HOME}/.kde/share/config/okularpartrc
48whitelist ${HOME}/.kde/share/config/okularrc
49whitelist ${HOME}/.kde4/share/apps/kget
50whitelist ${HOME}/.kde4/share/apps/okular
51whitelist ${HOME}/.kde4/share/config/kgetrc
52whitelist ${HOME}/.kde4/share/config/okularpartrc
53whitelist ${HOME}/.kde4/share/config/okularrc
54whitelist ${HOME}/.keysnail.js
55whitelist ${HOME}/.lastpass
56whitelist ${HOME}/.local/share/gnome-shell/extensions
57whitelist ${HOME}/.local/share/okular
58whitelist ${HOME}/.local/share/qpdfview
59whitelist ${HOME}/.mozilla 14whitelist ${HOME}/.mozilla
60whitelist ${HOME}/.pentadactyl
61whitelist ${HOME}/.pentadactylrc
62whitelist ${HOME}/.pki
63whitelist ${HOME}/.vimperator
64whitelist ${HOME}/.vimperatorrc
65whitelist ${HOME}/.wine-pipelight
66whitelist ${HOME}/.wine-pipelight64
67whitelist ${HOME}/.zotero
68whitelist ${HOME}/dwhelper
69include /etc/firejail/whitelist-common.inc
70include /etc/firejail/whitelist-var-common.inc
71
72caps.drop all
73# machine-id breaks pulse audio; it should work fine in setups where sound is not required
74#machine-id
75netfilter
76nodvd
77nogroups
78nonewprivs
79noroot
80notv
81protocol unix,inet,inet6,netlink
82seccomp
83shell none
84tracelog
85 15
86disable-mnt
87# firefox requires a shell to launch on Arch. 16# firefox requires a shell to launch on Arch.
88# private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash 17#private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash
89private-dev 18# private-etc must first be enabled in firefox-common.profile
90# private-etc below works fine on most distributions. There are some problems on CentOS. 19#private-etc firefox
91# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
92private-tmp
93 20
94noexec ${HOME} 21# Redirect
95noexec /tmp 22include /etc/firejail/firefox-common.profile
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile
index d9be8b9c5..63f9d19a9 100644
--- a/etc/flashpeak-slimjet.profile
+++ b/etc/flashpeak-slimjet.profile
@@ -5,35 +5,13 @@ include /etc/firejail/flashpeak-slimjet.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# This is a whitelisted profile, the internal browser sandbox
9# is disabled because it requires sudo password. The command
10# to run it is as follows:
11# firejail flashpeak-slimjet --no-sandbox
12
13noblacklist ${HOME}/.cache/slimjet 8noblacklist ${HOME}/.cache/slimjet
14noblacklist ${HOME}/.config/slimjet 9noblacklist ${HOME}/.config/slimjet
15noblacklist ${HOME}/.pki
16
17include /etc/firejail/disable-common.inc
18include /etc/firejail/disable-devel.inc
19include /etc/firejail/disable-programs.inc
20 10
21mkdir ${HOME}/.cache/slimjet 11mkdir ${HOME}/.cache/slimjet
22mkdir ${HOME}/.config/slimjet 12mkdir ${HOME}/.config/slimjet
23mkdir ${HOME}/.pki
24whitelist ${DOWNLOADS}
25whitelist ${HOME}/.cache/slimjet 13whitelist ${HOME}/.cache/slimjet
26whitelist ${HOME}/.config/slimjet 14whitelist ${HOME}/.config/slimjet
27whitelist ${HOME}/.pki
28include /etc/firejail/whitelist-common.inc
29
30caps.drop all
31netfilter
32nodvd
33nonewprivs
34noroot
35notv
36protocol unix,inet,inet6,netlink
37seccomp
38 15
39disable-mnt 16# Redirect
17include /etc/firejail/chromium-common.profile
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile
index 9c7306b85..ab16558ea 100644
--- a/etc/google-chrome-beta.profile
+++ b/etc/google-chrome-beta.profile
@@ -7,30 +7,11 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome-beta 8noblacklist ${HOME}/.cache/google-chrome-beta
9noblacklist ${HOME}/.config/google-chrome-beta 9noblacklist ${HOME}/.config/google-chrome-beta
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15 10
16mkdir ${HOME}/.cache/google-chrome-beta 11mkdir ${HOME}/.cache/google-chrome-beta
17mkdir ${HOME}/.config/google-chrome-beta 12mkdir ${HOME}/.config/google-chrome-beta
18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.cache/google-chrome-beta 13whitelist ${HOME}/.cache/google-chrome-beta
21whitelist ${HOME}/.config/google-chrome-beta 14whitelist ${HOME}/.config/google-chrome-beta
22whitelist ${HOME}/.pki
23include /etc/firejail/whitelist-common.inc
24
25caps.keep sys_chroot,sys_admin
26netfilter
27nodvd
28nogroups
29notv
30shell none
31
32private-dev
33# private-tmp - problems with multiple browser sessions
34 15
35noexec ${HOME} 16# Redirect
36noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile
index bb05b3e99..b7d0eccf3 100644
--- a/etc/google-chrome-unstable.profile
+++ b/etc/google-chrome-unstable.profile
@@ -7,30 +7,11 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome-unstable 8noblacklist ${HOME}/.cache/google-chrome-unstable
9noblacklist ${HOME}/.config/google-chrome-unstable 9noblacklist ${HOME}/.config/google-chrome-unstable
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15 10
16mkdir ${HOME}/.cache/google-chrome-unstable 11mkdir ${HOME}/.cache/google-chrome-unstable
17mkdir ${HOME}/.config/google-chrome-unstable 12mkdir ${HOME}/.config/google-chrome-unstable
18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.cache/google-chrome-unstable 13whitelist ${HOME}/.cache/google-chrome-unstable
21whitelist ${HOME}/.config/google-chrome-unstable 14whitelist ${HOME}/.config/google-chrome-unstable
22whitelist ${HOME}/.pki
23include /etc/firejail/whitelist-common.inc
24
25caps.keep sys_chroot,sys_admin
26netfilter
27nodvd
28nogroups
29notv
30shell none
31
32private-dev
33# private-tmp - problems with multiple browser sessions
34 15
35noexec ${HOME} 16# Redirect
36noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile
index 19ebfa974..6e44190ae 100644
--- a/etc/google-chrome.profile
+++ b/etc/google-chrome.profile
@@ -7,32 +7,11 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome 8noblacklist ${HOME}/.cache/google-chrome
9noblacklist ${HOME}/.config/google-chrome 9noblacklist ${HOME}/.config/google-chrome
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15 10
16mkdir ${HOME}/.cache/google-chrome 11mkdir ${HOME}/.cache/google-chrome
17mkdir ${HOME}/.config/google-chrome 12mkdir ${HOME}/.config/google-chrome
18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.cache/google-chrome 13whitelist ${HOME}/.cache/google-chrome
21whitelist ${HOME}/.config/google-chrome 14whitelist ${HOME}/.config/google-chrome
22whitelist ${HOME}/.pki
23include /etc/firejail/whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc
25
26caps.keep sys_chroot,sys_admin
27netfilter
28nodvd
29nogroups
30notv
31shell none
32
33disable-mnt
34private-dev
35# private-tmp - problems with multiple browser sessions
36 15
37noexec ${HOME} 16# Redirect
38noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/icecat.profile b/etc/icecat.profile
index 9e5526c95..42e762c21 100644
--- a/etc/icecat.profile
+++ b/etc/icecat.profile
@@ -7,46 +7,14 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15 10
16mkdir ${HOME}/.cache/mozilla/icecat 11mkdir ${HOME}/.cache/mozilla/icecat
17mkdir ${HOME}/.mozilla 12mkdir ${HOME}/.mozilla
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/gnome-mplayer/plugin
20whitelist ${HOME}/.cache/mozilla/icecat 13whitelist ${HOME}/.cache/mozilla/icecat
21whitelist ${HOME}/.config/gnome-mplayer
22whitelist ${HOME}/.config/pipelight-silverlight5.1
23whitelist ${HOME}/.config/pipelight-widevine
24whitelist ${HOME}/.keysnail.js
25whitelist ${HOME}/.lastpass
26whitelist ${HOME}/.mozilla 14whitelist ${HOME}/.mozilla
27whitelist ${HOME}/.pentadactyl
28whitelist ${HOME}/.pentadactylrc
29whitelist ${HOME}/.pki
30whitelist ${HOME}/.vimperator
31whitelist ${HOME}/.vimperatorrc
32whitelist ${HOME}/.wine-pipelight
33whitelist ${HOME}/.wine-pipelight64
34whitelist ${HOME}/.zotero
35whitelist ${HOME}/dwhelper
36include /etc/firejail/whitelist-common.inc
37
38caps.drop all
39netfilter
40nodvd
41nonewprivs
42noroot
43notv
44protocol unix,inet,inet6,netlink
45seccomp
46tracelog
47 15
48disable-mnt 16# private-etc must first be enabled in firefox-common.profile
49# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse 17#private-etc icecat
50 18
51noexec ${HOME} 19# Redirect
52noexec /tmp 20include /etc/firejail/firefox-common.profile
diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile
index f6b57dde0..51f15aa1b 100644
--- a/etc/iceweasel.profile
+++ b/etc/iceweasel.profile
@@ -5,6 +5,8 @@ include /etc/firejail/iceweasel.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# private-etc must first be enabled in firefox-common.profile
9#private-etc iceweasel
8 10
9# Redirect 11# Redirect
10include /etc/firejail/firefox.profile 12include /etc/firejail/firefox.profile
diff --git a/etc/inox.profile b/etc/inox.profile
index fbc654434..652761c54 100644
--- a/etc/inox.profile
+++ b/etc/inox.profile
@@ -7,30 +7,11 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/inox 8noblacklist ${HOME}/.cache/inox
9noblacklist ${HOME}/.config/inox 9noblacklist ${HOME}/.config/inox
10noblacklist ${HOME}/.pki
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-programs.inc
14 10
15mkdir ${HOME}/.cache/inox 11mkdir ${HOME}/.cache/inox
16mkdir ${HOME}/.config/inox 12mkdir ${HOME}/.config/inox
17mkdir ${HOME}/.pki
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/inox 13whitelist ${HOME}/.cache/inox
20whitelist ${HOME}/.config/inox 14whitelist ${HOME}/.config/inox
21whitelist ${HOME}/.pki
22include /etc/firejail/whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc
24
25caps.keep sys_chroot,sys_admin
26netfilter
27nodvd
28nogroups
29notv
30shell none
31
32private-dev
33# private-tmp - problems with multiple browser sessions
34 15
35noexec ${HOME} 16# Redirect
36noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/iridium.profile b/etc/iridium.profile
index 76026722f..2869c3070 100644
--- a/etc/iridium.profile
+++ b/etc/iridium.profile
@@ -8,30 +8,10 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.cache/iridium 8noblacklist ${HOME}/.cache/iridium
9noblacklist ${HOME}/.config/iridium 9noblacklist ${HOME}/.config/iridium
10 10
11include /etc/firejail/disable-common.inc
12# chromium/iridium is distributed with a perl script on Arch
13# include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15
16mkdir ${HOME}/.cache/iridium 11mkdir ${HOME}/.cache/iridium
17mkdir ${HOME}/.config/iridium 12mkdir ${HOME}/.config/iridium
18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.cache/iridium 13whitelist ${HOME}/.cache/iridium
21whitelist ${HOME}/.config/iridium 14whitelist ${HOME}/.config/iridium
22whitelist ${HOME}/.pki
23include /etc/firejail/whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc
25
26caps.keep sys_chroot,sys_admin
27netfilter
28nodvd
29nogroups
30notv
31shell none
32
33private-dev
34# private-tmp - problems with multiple browser sessions
35 15
36noexec ${HOME} 16# Redirect
37noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile
index 3fe86d26c..38a3152d2 100644
--- a/etc/opera-beta.profile
+++ b/etc/opera-beta.profile
@@ -5,24 +5,13 @@ include /etc/firejail/opera-beta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/opera
8noblacklist ${HOME}/.config/opera-beta 9noblacklist ${HOME}/.config/opera-beta
9noblacklist ${HOME}/.pki
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-programs.inc
14 10
15mkdir ${HOME}/.cache/opera 11mkdir ${HOME}/.cache/opera
16mkdir ${HOME}/.config/opera-beta 12mkdir ${HOME}/.config/opera-beta
17mkdir ${HOME}/.pki
18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/opera 13whitelist ${HOME}/.cache/opera
20whitelist ${HOME}/.config/opera-beta 14whitelist ${HOME}/.config/opera-beta
21whitelist ${HOME}/.pki
22include /etc/firejail/whitelist-common.inc
23
24netfilter
25nodvd
26notv
27 15
28disable-mnt 16# Redirect
17include /etc/firejail/chromium-common.profile
diff --git a/etc/opera.profile b/etc/opera.profile
index fed7564b2..c0138c555 100644
--- a/etc/opera.profile
+++ b/etc/opera.profile
@@ -8,25 +8,13 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.cache/opera 8noblacklist ${HOME}/.cache/opera
9noblacklist ${HOME}/.config/opera 9noblacklist ${HOME}/.config/opera
10noblacklist ${HOME}/.opera 10noblacklist ${HOME}/.opera
11noblacklist ${HOME}/.pki
12
13include /etc/firejail/disable-common.inc
14include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-programs.inc
16 11
17mkdir ${HOME}/.cache/opera 12mkdir ${HOME}/.cache/opera
18mkdir ${HOME}/.config/opera 13mkdir ${HOME}/.config/opera
19mkdir ${HOME}/.opera 14mkdir ${HOME}/.opera
20mkdir ${HOME}/.pki
21whitelist ${DOWNLOADS}
22whitelist ${HOME}/.cache/opera 15whitelist ${HOME}/.cache/opera
23whitelist ${HOME}/.config/opera 16whitelist ${HOME}/.config/opera
24whitelist ${HOME}/.opera 17whitelist ${HOME}/.opera
25whitelist ${HOME}/.pki
26include /etc/firejail/whitelist-common.inc
27
28netfilter
29nodvd
30notv
31 18
32disable-mnt 19# Redirect
20include /etc/firejail/chromium-common.profile
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index 1112a9bb7..ff7087e55 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -8,53 +8,15 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.cache/moonchild productions/pale moon 8noblacklist ${HOME}/.cache/moonchild productions/pale moon
9noblacklist ${HOME}/.moonchild productions/pale moon 9noblacklist ${HOME}/.moonchild productions/pale moon
10 10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-programs.inc
14
15# These are uncommented in the Firefox profile. If you run into trouble you may
16# want to uncomment (some of) them.
17#whitelist ${HOME}/dwhelper
18#whitelist ${HOME}/.zotero
19#whitelist ${HOME}/.vimperatorrc
20#whitelist ${HOME}/.vimperator
21#whitelist ${HOME}/.pentadactylrc
22#whitelist ${HOME}/.pentadactyl
23#whitelist ${HOME}/.keysnail.js
24#whitelist ${HOME}/.config/gnome-mplayer
25#whitelist ${HOME}/.cache/gnome-mplayer/plugin
26#whitelist ${HOME}/.pki
27#whitelist ${HOME}/.lastpass
28
29# For silverlight
30#whitelist ${HOME}/.wine-pipelight
31#whitelist ${HOME}/.wine-pipelight64
32#whitelist ${HOME}/.config/pipelight-widevine
33#whitelist ${HOME}/.config/pipelight-silverlight5.1
34
35mkdir ${HOME}/.cache/moonchild productions/pale moon 11mkdir ${HOME}/.cache/moonchild productions/pale moon
36mkdir ${HOME}/.moonchild productions 12mkdir ${HOME}/.moonchild productions
37whitelist ${DOWNLOADS}
38whitelist ${HOME}/.cache/moonchild productions/pale moon 13whitelist ${HOME}/.cache/moonchild productions/pale moon
39whitelist ${HOME}/.moonchild productions 14whitelist ${HOME}/.moonchild productions
40include /etc/firejail/whitelist-common.inc
41
42caps.drop all
43netfilter
44nodvd
45nogroups
46nonewprivs
47noroot
48notv
49protocol unix,inet,inet6,netlink
50seccomp
51shell none
52tracelog
53 15
54# private-bin palemoon 16#private-bin palemoon
55# private-dev (disabled for now as it will interfere with webcam use in palemoon) 17# private-etc must first be enabled in firefox-common.profile
56# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse 18#private-etc palemoon
57# private-opt palemoon 19#private-opt palemoon
58private-tmp
59 20
60disable-mnt 21# Redirect
22include /etc/firejail/firefox-common.profile
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile
index 3a1f72f23..aeef58292 100644
--- a/etc/vivaldi.profile
+++ b/etc/vivaldi.profile
@@ -8,28 +8,10 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.cache/vivaldi 8noblacklist ${HOME}/.cache/vivaldi
9noblacklist ${HOME}/.config/vivaldi 9noblacklist ${HOME}/.config/vivaldi
10 10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-programs.inc
14
15mkdir ${HOME}/.cache/vivaldi 11mkdir ${HOME}/.cache/vivaldi
16mkdir ${HOME}/.config/vivaldi 12mkdir ${HOME}/.config/vivaldi
17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.cache/vivaldi 13whitelist ${HOME}/.cache/vivaldi
19whitelist ${HOME}/.config/vivaldi 14whitelist ${HOME}/.config/vivaldi
20include /etc/firejail/whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc
22
23caps.keep sys_chroot,sys_admin
24netfilter
25nodvd
26nogroups
27notv
28shell none
29
30disable-mnt
31private-dev
32# private-tmp - problems with multiple browser sessions
33 15
34noexec ${HOME} 16# Redirect
35noexec /tmp 17include /etc/firejail/chromium-common.profile
diff --git a/etc/waterfox.profile b/etc/waterfox.profile
index b2abb3a5f..fdd299bbf 100644
--- a/etc/waterfox.profile
+++ b/etc/waterfox.profile
@@ -7,83 +7,22 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.cache/waterfox 9noblacklist ${HOME}/.cache/waterfox
10noblacklist ${HOME}/.config/okularpartrc
11noblacklist ${HOME}/.config/okularrc
12noblacklist ${HOME}/.config/qpdfview
13noblacklist ${HOME}/.kde/share/apps/okular
14noblacklist ${HOME}/.kde/share/config/okularpartrc
15noblacklist ${HOME}/.kde/share/config/okularrc
16noblacklist ${HOME}/.kde4/share/apps/okular
17noblacklist ${HOME}/.kde4/share/config/okularpartrc
18noblacklist ${HOME}/.kde4/share/config/okularrc
19# noblacklist ${HOME}/.local/share/gnome-shell/extensions
20noblacklist ${HOME}/.local/share/okular
21noblacklist ${HOME}/.local/share/qpdfview
22noblacklist ${HOME}/.mozilla 10noblacklist ${HOME}/.mozilla
23noblacklist ${HOME}/.waterfox 11noblacklist ${HOME}/.waterfox
24noblacklist ${HOME}/.pki
25
26include /etc/firejail/disable-common.inc
27include /etc/firejail/disable-devel.inc
28include /etc/firejail/disable-programs.inc
29 12
30mkdir ${HOME}/.cache/mozilla/firefox 13mkdir ${HOME}/.cache/mozilla/firefox
31mkdir ${HOME}/.mozilla 14mkdir ${HOME}/.mozilla
32mkdir ${HOME}/.cache/waterfox 15mkdir ${HOME}/.cache/waterfox
33mkdir ${HOME}/.waterfox 16mkdir ${HOME}/.waterfox
34mkdir ${HOME}/.pki
35whitelist ${DOWNLOADS}
36whitelist ${HOME}/.cache/gnome-mplayer/plugin
37whitelist ${HOME}/.cache/mozilla/firefox 17whitelist ${HOME}/.cache/mozilla/firefox
38whitelist ${HOME}/.cache/waterfox 18whitelist ${HOME}/.cache/waterfox
39whitelist ${HOME}/.config/gnome-mplayer
40whitelist ${HOME}/.config/okularpartrc
41whitelist ${HOME}/.config/okularrc
42whitelist ${HOME}/.config/pipelight-silverlight5.1
43whitelist ${HOME}/.config/pipelight-widevine
44whitelist ${HOME}/.config/qpdfview
45whitelist ${HOME}/.kde/share/apps/okular
46whitelist ${HOME}/.kde/share/config/okularpartrc
47whitelist ${HOME}/.kde/share/config/okularrc
48whitelist ${HOME}/.kde4/share/apps/okular
49whitelist ${HOME}/.kde4/share/config/okularpartrc
50whitelist ${HOME}/.kde4/share/config/okularrc
51whitelist ${HOME}/.keysnail.js
52whitelist ${HOME}/.lastpass
53whitelist ${HOME}/.local/share/gnome-shell/extensions
54whitelist ${HOME}/.local/share/okular
55whitelist ${HOME}/.local/share/qpdfview
56whitelist ${HOME}/.mozilla 19whitelist ${HOME}/.mozilla
57whitelist ${HOME}/.waterfox 20whitelist ${HOME}/.waterfox
58whitelist ${HOME}/.pentadactyl
59whitelist ${HOME}/.pentadactylrc
60whitelist ${HOME}/.pki
61whitelist ${HOME}/.vimperator
62whitelist ${HOME}/.vimperatorrc
63whitelist ${HOME}/.wine-pipelight
64whitelist ${HOME}/.wine-pipelight64
65whitelist ${HOME}/.zotero
66whitelist ${HOME}/dwhelper
67include /etc/firejail/whitelist-common.inc
68include /etc/firejail/whitelist-var-common.inc
69
70caps.drop all
71netfilter
72nodvd
73nogroups
74nonewprivs
75noroot
76notv
77protocol unix,inet,inet6,netlink
78seccomp
79shell none
80tracelog
81 21
82# waterfox requires a shell to launch on Arch. We can possibly remove sh though. 22# waterfox requires a shell to launch on Arch. We can possibly remove sh though.
83# private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash 23#private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash
84private-dev 24# private-etc must first be enabled in firefox-common.profile
85# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,waterfox,mime.types,mailcap,asound.conf,pulse 25#private-etc waterfox
86private-tmp
87 26
88noexec ${HOME} 27# Redirect
89noexec /tmp 28include /etc/firejail/firefox-common.profile
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile
index 1c7769727..fdb7694a5 100644
--- a/etc/yandex-browser.profile
+++ b/etc/yandex-browser.profile
@@ -9,35 +9,15 @@ noblacklist ${HOME}/.cache/yandex-browser
9noblacklist ${HOME}/.cache/yandex-browser-beta 9noblacklist ${HOME}/.cache/yandex-browser-beta
10noblacklist ${HOME}/.config/yandex-browser 10noblacklist ${HOME}/.config/yandex-browser
11noblacklist ${HOME}/.config/yandex-browser-beta 11noblacklist ${HOME}/.config/yandex-browser-beta
12noblacklist ${HOME}/.pki
13
14include /etc/firejail/disable-common.inc
15include /etc/firejail/disable-devel.inc
16include /etc/firejail/disable-programs.inc
17 12
18mkdir ${HOME}/.cache/yandex-browser 13mkdir ${HOME}/.cache/yandex-browser
19mkdir ${HOME}/.cache/yandex-browser-beta 14mkdir ${HOME}/.cache/yandex-browser-beta
20mkdir ${HOME}/.config/yandex-browser 15mkdir ${HOME}/.config/yandex-browser
21mkdir ${HOME}/.config/yandex-browser-beta 16mkdir ${HOME}/.config/yandex-browser-beta
22mkdir ${HOME}/.pki
23whitelist ${DOWNLOADS}
24whitelist ${HOME}/.cache/yandex-browser 17whitelist ${HOME}/.cache/yandex-browser
25whitelist ${HOME}/.cache/yandex-browser-beta 18whitelist ${HOME}/.cache/yandex-browser-beta
26whitelist ${HOME}/.config/yandex-browser 19whitelist ${HOME}/.config/yandex-browser
27whitelist ${HOME}/.config/yandex-browser-beta 20whitelist ${HOME}/.config/yandex-browser-beta
28whitelist ${HOME}/.pki
29include /etc/firejail/whitelist-common.inc
30
31caps.keep sys_chroot,sys_admin
32netfilter
33nodvd
34nogroups
35notv
36shell none
37
38disable-mnt
39private-dev
40# private-tmp - problems with multiple browser sessions
41 21
42noexec ${HOME} 22# Redirect
43noexec /tmp 23include /etc/firejail/chromium-common.profile
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 09:47:44 +0000