diff options
| author |  Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2018-04-02 10:56:55 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2018-04-02 10:56:55 -0500 |
| commit | 2d8ff695ad5f240f99f1b789fb8994350e6eedf6 (patch) | |
| tree | a396ba901298ca1b62d3640fc72475b5a718d8d1 | |
| parent | musixmatch: fix profile (diff) | |
| download | firejail-2d8ff695ad5f240f99f1b789fb8994350e6eedf6.tar.gz firejail-2d8ff695ad5f240f99f1b789fb8994350e6eedf6.tar.zst firejail-2d8ff695ad5f240f99f1b789fb8994350e6eedf6.zip | |
WIP: Blacklist common programming interpreters. (#1837)
* Use path variable instead of full path when blacklisting devel tools.
* Part 1: blacklist python, perl, ruby, etc in disable-interpreters.inc
* Part 2: allow access to java as needed
* Typo: missing blacklist
* Part 3: allow perl access as needed
* typo
* Add xreader thumbnailer and previewer profiles
* Add xplayer audio-preview and thumbnailer profiles
* Add atril thumbnailer and previewer profiles
* More fixups after adding disable-interpreters.inc
* Blacklist javac
* More javac noblacklisting
* Remove javac from dex2jar, libreoffice, multimc5, and pdfsam profiles
* --nodbus, first draft for #1825
* dbus.c
* rework akonadi integration
the usr.sbin.mysqld-akonadi apparmor profile, enforced by default in ubuntu and
debian testing (and probably opensuse), doesn't play well with a number of firejail options.
the reason for this is that once the no_new_privs bit is set, apparmor profile
transitions are forbidden.
enforcing our own apparmor policy instead is also no solution, because
these programs don't even start without d-bus.
relaxing the kmail profile was necessary so that kmail can fire up akonadi itself,
just in case akonadi has not been started earlier already by another program.
this is always an issue when kmail is the only installed akonadi client, but
there may be more circumstances. for reasons outlined above this doesn't help
debian and ubuntu (opensuse?) users though :-/
a brief summary of the seccomp exceptions: chroot is needed for qt webengine,
io_prioset for the akonadi indexing agent, io_getevents, io_submit, io_setup
are needed for mysqld. when akonadi has an sqlite3 backend, less exceptions
to the seccomp filter are necessary, but mysqld is the default.
in the future all kontact suite profiles (itm only kmail, knotes) should
probably be redirections to akonadi_control, but the issues with apparmor
make this somewhat impractical for now (options like 'protocol' couldn't go to
akonadi_control.local any more, if current kmail redirected to there).
* Add nodbus to some profiles - part 1
* Spotify works with nodbus on Arch
* Enable nodbus for keepassx and keepassxc profiles.
I've tested on keepassxc but should work for keepassx as well. Settings are not immutable.
* recalibrate dbus access, deploy nodbus option
see #1822 and #1825. also systematically replaces
'blacklist /run/user/*/bus' with 'nodbus'.
with contributions from @Fred-Barclay
* various blacklist additions
* Add a profile for ncdu, enable private-etc in Steam again, and fixup gnome-recipes
* comment nodbus where it interferes with dconf
pending further discussion
* Add a disabled and extensive private-bin for Steam
* Further improve private-bin in steam
* comment apparmor, net where they interfere with dconf - #1843
* gnome-calculator fixup
* spectre support for clang compiler
* spectre clang support
* enable/disable dbus handling in /etc/firejail/firejail.config
* nodbus man pages, etc.
* redirect knotes to kmail, some tweaks
* testing
* gimp fixup
* Even more fixups after adding disable-interpreters.inc
* AWS and GCP store credentials in local directories as part of project setup.
Configuration for cloud providers is sensitive information; it should be
in the default block list. I didn't see profiles for gcloud or awscli,
so haven't added any exclusions.
boto and kubectl are not provider-specific, but also store credentials for
whichever platforms they happen to be being used with.
* testing
* consolidate makefiles
* gitignore
* Use path variable instead of full path when blacklisting devel tools.
* Part 1: blacklist python, perl, ruby, etc in disable-interpreters.inc
* Part 2: allow access to java as needed
* Typo: missing blacklist
* Part 3: allow perl access as needed
* typo
* More fixups after adding disable-interpreters.inc
* Blacklist javac
* More javac noblacklisting
* Remove javac from dex2jar, libreoffice, multimc5, and pdfsam profiles
* Cleanup rebase leftovers
* imagej doesn't need javac access
* Add cc to blacklisted compilers
* Use wildcards when blacklisting some gcc paths
* Blacklist lua in disable-interpreters
* Correct blacklist for node.js
* Fred Barclay note: some of these commits (all of the ones that don't affect files inside etc/) aren't mine but were added during a rebase + squash
311 files changed, 636 insertions, 70 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index 766783997..238dbbce2 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/0ad | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index fa29925c4..2e74e74e3 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/xiaoyong | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index add122a5e..08c2860b3 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/Cryptocat | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/Fritzing.profile b/etc/Fritzing.profile index 0c4ad0647..453b9979e 100644 --- a/etc/Fritzing.profile +++ b/etc/Fritzing.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/Fritzing | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index 1ceaaf8dc..deff02028 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.Wolfram Research | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/Thunar.profile b/etc/Thunar.profile index 29cfebe13..fbd475ca6 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | # include /etc/firejail/disable-programs.inc | 16 | # include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/Viber.profile b/etc/Viber.profile index eb244efca..6a58da8c9 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.ViberPC | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile index 3a4404b28..ee73accdf 100644 --- a/etc/akonadi_control.profile +++ b/etc/akonadi_control.profile | |||
| @@ -18,6 +18,7 @@ noblacklist /usr/sbin | |||
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include /etc/firejail/disable-common.inc |
| 20 | include /etc/firejail/disable-devel.inc | 20 | include /etc/firejail/disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | ||
| 21 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
| 23 | 24 | ||
diff --git a/etc/akregator.profile b/etc/akregator.profile index 2c49ef9f0..19da62916 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/akregator | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/amarok.profile b/etc/amarok.profile index 79343fcdf..8fa919131 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/amule.profile b/etc/amule.profile index 98ec52015..0d71f8f3b 100644 --- a/etc/amule.profile +++ b/etc/amule.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.aMule | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index d8ed64811..70e02fc7b 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile | |||
| @@ -11,6 +11,7 @@ noblacklist /var/lib/pacman | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile index 3d0d1d356..f4340faf3 100644 --- a/etc/archaudit-report.profile +++ b/etc/archaudit-report.profile | |||
| @@ -11,8 +11,10 @@ noblacklist /var/lib/pacman | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 17 | |||
| 16 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
| 17 | 19 | ||
| 18 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index cf72561da..df42dfaed 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.vst | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/arduino.profile b/etc/arduino.profile index b529ec266..e7d0d68dd 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/Arduino | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/ark.profile b/etc/ark.profile index 8e156df0f..125720189 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/arkrc | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/arm.profile b/etc/arm.profile index 8b41d787e..a89ee86cc 100644 --- a/etc/arm.profile +++ b/etc/arm.profile | |||
| @@ -7,8 +7,15 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.arm | 8 | noblacklist ${HOME}/.arm |
| 9 | 9 | ||
| 10 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 11 | noblacklist ${PATH}/python2* | ||
| 12 | noblacklist ${PATH}/python3* | ||
| 13 | noblacklist /usr/lib/python2* | ||
| 14 | noblacklist /usr/lib/python3* | ||
| 15 | |||
| 10 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 14 | 21 | ||
diff --git a/etc/asunder.profile b/etc/asunder.profile index 7d643877f..1787ad0cc 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.asunder_album_artist | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/atool.profile b/etc/atool.profile index 4cc3f02de..881c7dc88 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
| @@ -9,6 +9,7 @@ blacklist /tmp/.X11-unix | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | # include /etc/firejail/disable-devel.inc | 11 | # include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/atril.profile b/etc/atril.profile index e08b70ac6..95120681c 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
| @@ -13,6 +13,7 @@ noblacklist ${HOME}/.config/atril | |||
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | ||
| 16 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
| 18 | 19 | ||
diff --git a/etc/audacious.profile b/etc/audacious.profile index 71003f156..8d3689487 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/audacious | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/audacity.profile b/etc/audacity.profile index 907dbeb55..c5e54ee24 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.audacity-data | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/aweather.profile b/etc/aweather.profile index 2a4a9b591..57b8fb61a 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/aweather | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index e265bcd82..b71f66ba5 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
| @@ -14,6 +14,7 @@ noblacklist ${HOME}/.local/share/baloo | |||
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | ||
| 17 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
| 19 | 20 | ||
diff --git a/etc/baobab.profile b/etc/baobab.profile index 5c1675611..8ff282151 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | # include /etc/firejail/disable-programs.inc | 12 | # include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/basilisk.profile b/etc/basilisk.profile index a87391942..c13be364b 100644 --- a/etc/basilisk.profile +++ b/etc/basilisk.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.moonchild productions/basilisk | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
| 15 | # These are uncommented in the Firefox profile. If you run into trouble you may | 16 | # These are uncommented in the Firefox profile. If you run into trouble you may |
diff --git a/etc/bibletime.profile b/etc/bibletime.profile index f23a29052..d5933dcf4 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.sword | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile index 0981d9f10..84c2c77de 100644 --- a/etc/bitcoin-qt.profile +++ b/etc/bitcoin-qt.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.bitcoin | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 0f57c9e69..b6baa66bc 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
| @@ -11,6 +11,7 @@ noblacklist /usr/sbin | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index ae40c3ec7..0a0d502d3 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | # include /etc/firejail/disable-programs.inc | 12 | # include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/blender.profile b/etc/blender.profile index 29df27759..fc7b996e9 100644 --- a/etc/blender.profile +++ b/etc/blender.profile | |||
| @@ -7,8 +7,15 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/blender | 8 | noblacklist ${HOME}/.config/blender |
| 9 | 9 | ||
| 10 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 11 | noblacklist ${PATH}/python2* | ||
| 12 | noblacklist ${PATH}/python3* | ||
| 13 | noblacklist /usr/lib/python2* | ||
| 14 | noblacklist /usr/lib/python3* | ||
| 15 | |||
| 10 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 14 | 21 | ||
diff --git a/etc/bless.profile b/etc/bless.profile index 10b471582..3fd04cae6 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/bless | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/bluefish.profile b/etc/bluefish.profile index 6eb1d753f..3931819f1 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/brasero.profile b/etc/brasero.profile index 90a7b176e..26074af22 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/brasero | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index d4fe080d0..a49fc023a 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | # include /etc/firejail/disable-devel.inc | 10 | # include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/caja.profile b/etc/caja.profile index 26190ad48..2d292e614 100644 --- a/etc/caja.profile +++ b/etc/caja.profile | |||
| @@ -12,8 +12,15 @@ noblacklist ${HOME}/.local/share/Trash | |||
| 12 | # noblacklist ${HOME}/.config/caja - disable-programs.inc is disabled, see below | 12 | # noblacklist ${HOME}/.config/caja - disable-programs.inc is disabled, see below |
| 13 | # noblacklist ${HOME}/.local/share/caja-python | 13 | # noblacklist ${HOME}/.local/share/caja-python |
| 14 | 14 | ||
| 15 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 16 | noblacklist ${PATH}/python2* | ||
| 17 | noblacklist ${PATH}/python3* | ||
| 18 | noblacklist /usr/lib/python2* | ||
| 19 | noblacklist /usr/lib/python3* | ||
| 20 | |||
| 15 | include /etc/firejail/disable-common.inc | 21 | include /etc/firejail/disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 22 | include /etc/firejail/disable-devel.inc |
| 23 | include /etc/firejail/disable-interpreters.inc | ||
| 17 | include /etc/firejail/disable-passwdmgr.inc | 24 | include /etc/firejail/disable-passwdmgr.inc |
| 18 | # include /etc/firejail/disable-programs.inc | 25 | # include /etc/firejail/disable-programs.inc |
| 19 | 26 | ||
diff --git a/etc/calibre.profile b/etc/calibre.profile index 468d68f7b..436ac3234 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile | |||
| @@ -9,7 +9,7 @@ noblacklist ${HOME}/.cache/calibre | |||
| 9 | noblacklist ${HOME}/.config/calibre | 9 | noblacklist ${HOME}/.config/calibre |
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | # include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 15 | 15 | ||
diff --git a/etc/calligra.profile b/etc/calligra.profile index f7df8ce85..bc041a718 100644 --- a/etc/calligra.profile +++ b/etc/calligra.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/catfish.profile b/etc/catfish.profile index 6a608c673..02c5db969 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile | |||
| @@ -10,8 +10,15 @@ include /etc/firejail/globals.local | |||
| 10 | 10 | ||
| 11 | noblacklist ${HOME}/.config/catfish | 11 | noblacklist ${HOME}/.config/catfish |
| 12 | 12 | ||
| 13 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 14 | noblacklist ${PATH}/python2* | ||
| 15 | noblacklist ${PATH}/python3* | ||
| 16 | noblacklist /usr/lib/python2* | ||
| 17 | noblacklist /usr/lib/python3* | ||
| 18 | |||
| 13 | include /etc/firejail/disable-common.inc | 19 | include /etc/firejail/disable-common.inc |
| 14 | # include /etc/firejail/disable-devel.inc | 20 | # include /etc/firejail/disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
| 17 | 24 | ||
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 3db2aeb09..e33e010aa 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
| @@ -6,11 +6,16 @@ include /etc/firejail/cherrytree.local | |||
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/cherrytree | 8 | noblacklist ${HOME}/.config/cherrytree |
| 9 | #noblacklist /usr/bin/python2* | 9 | |
| 10 | #noblacklist /usr/lib/python3* | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
| 11 | noblacklist ${PATH}/python2* | ||
| 12 | noblacklist ${PATH}/python3* | ||
| 13 | noblacklist /usr/lib/python2* | ||
| 14 | noblacklist /usr/lib/python3* | ||
| 11 | 15 | ||
| 12 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 16 | 21 | ||
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index 7f07c5b26..8b25f4e60 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.pki | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
| 14 | mkdir ${HOME}/.pki | 15 | mkdir ${HOME}/.pki |
diff --git a/etc/cin.profile b/etc/cin.profile index e86a4d9b4..0a5b0c728 100644 --- a/etc/cin.profile +++ b/etc/cin.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.bcast5 | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index 319515bde..343f8bed8 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.signature | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/clementine.profile b/etc/clementine.profile index ccf6f9c97..ce4b8deb8 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/Clementine | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/clipit.profile b/etc/clipit.profile index e6ee7b636..e5660f859 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/clipit | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/cmus.profile b/etc/cmus.profile index 2d6f2454b..03f234913 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/cmus | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/conky.profile b/etc/conky.profile index 4ee25f099..fe90ac099 100644 --- a/etc/conky.profile +++ b/etc/conky.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/corebird.profile b/etc/corebird.profile index 3c9740cb7..a99a6b732 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/corebird | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/cower.profile b/etc/cower.profile index 565c417ed..dcc388f87 100644 --- a/etc/cower.profile +++ b/etc/cower.profile | |||
| @@ -19,6 +19,7 @@ noblacklist /var/lib/pacman | |||
| 19 | 19 | ||
| 20 | include /etc/firejail/disable-common.inc | 20 | include /etc/firejail/disable-common.inc |
| 21 | include /etc/firejail/disable-devel.inc | 21 | include /etc/firejail/disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | ||
| 22 | include /etc/firejail/disable-passwdmgr.inc | 23 | include /etc/firejail/disable-passwdmgr.inc |
| 23 | include /etc/firejail/disable-programs.inc | 24 | include /etc/firejail/disable-programs.inc |
| 24 | 25 | ||
diff --git a/etc/darktable.profile b/etc/darktable.profile index 176ffaca1..511e4e475 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/darktable | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 3367aa8f4..53383d88d 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/deadbeef | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/default.profile b/etc/default.profile index 1af7ceba4..9a2fcae64 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
| @@ -10,6 +10,7 @@ include /etc/firejail/globals.local | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | # include /etc/firejail/disable-devel.inc | 12 | # include /etc/firejail/disable-devel.inc |
| 13 | # include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/deluge.profile b/etc/deluge.profile index 401623ae6..da7e0dcdc 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
| @@ -7,8 +7,15 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/deluge | 8 | noblacklist ${HOME}/.config/deluge |
| 9 | 9 | ||
| 10 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 11 | noblacklist ${PATH}/python2* | ||
| 12 | noblacklist ${PATH}/python3* | ||
| 13 | noblacklist /usr/lib/python2* | ||
| 14 | noblacklist /usr/lib/python3* | ||
| 15 | |||
| 10 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 11 | # include /etc/firejail/disable-devel.inc | 17 | # include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 14 | 21 | ||
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index ed73b8b8c..f01675186 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
| @@ -6,8 +6,21 @@ include /etc/firejail/dex2jar.local | |||
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
| 8 | 8 | ||
| 9 | # Allow access to java | ||
| 10 | noblacklist ${PATH}/java | ||
| 11 | noblacklist /usr/lib/java | ||
| 12 | noblacklist /etc/java | ||
| 13 | noblacklist /usr/share/java | ||
| 14 | |||
| 15 | # Allow access to java | ||
| 16 | noblacklist ${PATH}/java | ||
| 17 | noblacklist /usr/lib/java | ||
| 18 | noblacklist /etc/java | ||
| 19 | noblacklist /usr/share/java | ||
| 20 | |||
| 9 | include /etc/firejail/disable-common.inc | 21 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 22 | include /etc/firejail/disable-devel.inc |
| 23 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 24 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 25 | include /etc/firejail/disable-programs.inc |
| 13 | 26 | ||
diff --git a/etc/dia.profile b/etc/dia.profile index fb3506955..49c6727f9 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.dia | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/digikam.profile b/etc/digikam.profile index 4df344cbc..819b8fe41 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.kde4/share/apps/digikam | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/dillo.profile b/etc/dillo.profile index 6afb999e7..05413fe56 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.dillo | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/dino.profile b/etc/dino.profile index 72f4f40b2..5c9d44140 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.local/share/dino | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 9ff58ae2a..0327e717e 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc | |||
| @@ -6,76 +6,54 @@ include /etc/firejail/disable-devel.local | |||
| 6 | 6 | ||
| 7 | # GCC | 7 | # GCC |
| 8 | #blacklist /usr/lib/gcc - seems to create problems on Gentoo | 8 | #blacklist /usr/lib/gcc - seems to create problems on Gentoo |
| 9 | blacklist /usr/bin/as | 9 | blacklist ${PATH}/as |
| 10 | blacklist /usr/bin/c++* | 10 | blacklist ${PATH}/cc |
| 11 | blacklist /usr/bin/c8* | 11 | blacklist ${PATH}/c++* |
| 12 | blacklist /usr/bin/c9* | 12 | blacklist ${PATH}/c8* |
| 13 | blacklist /usr/bin/cpp* | 13 | blacklist ${PATH}/c9* |
| 14 | blacklist /usr/bin/g++* | 14 | blacklist ${PATH}/cpp* |
| 15 | blacklist /usr/bin/gcc* | 15 | blacklist ${PATH}/g++* |
| 16 | blacklist /usr/bin/gdb | 16 | blacklist ${PATH}/gcc* |
| 17 | blacklist /usr/bin/ld | 17 | blacklist ${PATH}/gdb |
| 18 | blacklist /usr/bin/x86_64-unknown-linux-gnu-gcc* | 18 | blacklist ${PATH}/ld |
| 19 | blacklist /usr/bin/x86_64-linux-gnu-g++* | 19 | blacklist ${PATH}/*-gcc* |
| 20 | blacklist /usr/bin/x86_64-linux-gnu-gcc* | 20 | blacklist ${PATH}/*-g++* |
| 21 | blacklist /usr/bin/x86_64-unknown-linux-gnu-g++* | 21 | blacklist ${PATH}/*-gcc* |
| 22 | blacklist ${PATH}/*-g++* | ||
| 22 | blacklist /usr/include | 23 | blacklist /usr/include |
| 23 | 24 | ||
| 24 | # clang/llvm | 25 | # clang/llvm |
| 25 | blacklist /usr/bin/clang* | 26 | blacklist ${PATH}/clang* |
| 26 | blacklist /usr/bin/lldb* | 27 | blacklist ${PATH}/lldb* |
| 27 | blacklist /usr/bin/llvm* | 28 | blacklist ${PATH}/llvm* |
| 28 | blacklist /usr/lib/llvm* | 29 | blacklist /usr/lib/llvm* |
| 29 | 30 | ||
| 30 | # tcc - Tiny C Compiler | 31 | # tcc - Tiny C Compiler |
| 31 | blacklist /usr/bin/tcc | 32 | blacklist ${PATH}/tcc |
| 32 | blacklist /usr/bin/x86_64-tcc | 33 | blacklist ${PATH}/x86_64-tcc |
| 33 | blacklist /usr/lib/tcc | 34 | blacklist /usr/lib/tcc |
| 34 | 35 | ||
| 35 | # Valgrind | 36 | # Valgrind |
| 36 | blacklist /usr/bin/valgrind* | 37 | blacklist ${PATH}/valgrind* |
| 37 | blacklist /usr/lib/valgrind | 38 | blacklist /usr/lib/valgrind |
| 38 | 39 | ||
| 39 | # Perl | 40 | # Java |
| 40 | blacklist /usr/bin/cpan* | 41 | blacklist ${PATH}/java |
| 41 | blacklist /usr/bin/perl | 42 | blacklist ${PATH}/javac |
| 42 | blacklist /usr/lib/perl* | 43 | blacklist /usr/lib/java |
| 43 | blacklist /usr/share/perl* | 44 | blacklist /etc/java |
| 44 | 45 | blacklist /usr/share/java | |
| 45 | # PHP | ||
| 46 | blacklist /usr/bin/php* | ||
| 47 | blacklist /usr/lib/php* | ||
| 48 | blacklist /usr/share/php* | ||
| 49 | |||
| 50 | # Ruby | ||
| 51 | blacklist /usr/bin/ruby | ||
| 52 | blacklist /usr/lib/ruby | ||
| 53 | |||
| 54 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus | ||
| 55 | # Python 2 | ||
| 56 | #blacklist /usr/bin/python2* | ||
| 57 | #blacklist /usr/include/python2* | ||
| 58 | #blacklist /usr/lib/python2* | ||
| 59 | #blacklist /usr/local/lib/python2* | ||
| 60 | #blacklist /usr/share/python2* | ||
| 61 | # | ||
| 62 | # Python 3 | ||
| 63 | #blacklist /usr/bin/python3* | ||
| 64 | #blacklist /usr/include/python3* | ||
| 65 | #blacklist /usr/lib/python3* | ||
| 66 | #blacklist /usr/local/lib/python3* | ||
| 67 | #blacklist /usr/share/python3* | ||
| 68 | 46 | ||
| 69 | #Go | 47 | #Go |
| 70 | blacklist /usr/bin/gccgo | 48 | blacklist ${PATH}/gccgo |
| 71 | blacklist /usr/bin/go | 49 | blacklist ${PATH}/go |
| 72 | blacklist /usr/bin/gofmt | 50 | blacklist ${PATH}/gofmt |
| 73 | 51 | ||
| 74 | #Rust | 52 | #Rust |
| 75 | blacklist /usr/bin/rust-gdb | 53 | blacklist ${PATH}/rust-gdb |
| 76 | blacklist /usr/bin/rust-lldb | 54 | blacklist ${PATH}/rust-lldb |
| 77 | blacklist /usr/bin/rustc | 55 | blacklist ${PATH}/rustc |
| 78 | 56 | ||
| 79 | #OpenSSL | 57 | #OpenSSL |
| 80 | blacklist /usr/bin/openssl | 58 | blacklist ${PATH}/openssl |
| 81 | blacklist /usr/bin/openssl-1.0 | 59 | blacklist ${PATH}/openssl-1.0 |
diff --git a/etc/disable-interpreters.inc b/etc/disable-interpreters.inc new file mode 100644 index 000000000..5c68485aa --- /dev/null +++ b/etc/disable-interpreters.inc | |||
| @@ -0,0 +1,44 @@ | |||
| 1 | # This file is overwritten during software install. | ||
| 2 | # Persistent customizations should go in a .local file. | ||
| 3 | include /etc/firejail/disable-interpreters.local | ||
| 4 | |||
| 5 | # Lua | ||
| 6 | blacklist ${PATH}/lua* | ||
| 7 | blacklist /usr/lib/lua | ||
| 8 | blacklist /usr/include/lua* | ||
| 9 | blacklist /usr/share/lua | ||
| 10 | |||
| 11 | # Node.js | ||
| 12 | blacklist ${PATH}/node | ||
| 13 | blacklist /usr/include/node | ||
| 14 | |||
| 15 | # Perl | ||
| 16 | blacklist ${PATH}/cpan* | ||
| 17 | blacklist ${PATH}/core_perl | ||
| 18 | blacklist ${PATH}/perl | ||
| 19 | blacklist /usr/lib/perl* | ||
| 20 | blacklist /usr/share/perl* | ||
| 21 | |||
| 22 | # PHP | ||
| 23 | blacklist ${PATH}/php* | ||
| 24 | blacklist /usr/lib/php* | ||
| 25 | blacklist /usr/share/php* | ||
| 26 | |||
| 27 | # Ruby | ||
| 28 | blacklist ${PATH}/ruby | ||
| 29 | blacklist /usr/lib/ruby | ||
| 30 | |||
| 31 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus | ||
| 32 | # Python 2 | ||
| 33 | blacklist ${PATH}/python2* | ||
| 34 | blacklist /usr/include/python2* | ||
| 35 | blacklist /usr/lib/python2* | ||
| 36 | blacklist /usr/local/lib/python2* | ||
| 37 | blacklist /usr/share/python2* | ||
| 38 | |||
| 39 | # Python 3 | ||
| 40 | blacklist ${PATH}/python3* | ||
| 41 | blacklist /usr/include/python3* | ||
| 42 | blacklist /usr/lib/python3* | ||
| 43 | blacklist /usr/local/lib/python3* | ||
| 44 | blacklist /usr/share/python3* | ||
diff --git a/etc/display.profile b/etc/display.profile index 69183f4ca..ca776a5d1 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
| @@ -5,8 +5,21 @@ include /etc/firejail/display.local | |||
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
| 8 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 9 | noblacklist ${PATH}/python2* | ||
| 10 | noblacklist ${PATH}/python3* | ||
| 11 | noblacklist /usr/lib/python2* | ||
| 12 | noblacklist /usr/lib/python3* | ||
| 13 | |||
| 14 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 15 | noblacklist ${PATH}/python2* | ||
| 16 | noblacklist ${PATH}/python3* | ||
| 17 | noblacklist /usr/lib/python2* | ||
| 18 | noblacklist /usr/lib/python3* | ||
| 19 | |||
| 8 | include /etc/firejail/disable-common.inc | 20 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 21 | include /etc/firejail/disable-devel.inc |
| 22 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 23 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 24 | include /etc/firejail/disable-programs.inc |
| 12 | 25 | ||
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 458de81e2..4d0afc159 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
| @@ -12,6 +12,7 @@ noblacklist /usr/sbin | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index e6086d1b2..f71f5bb02 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
| @@ -12,6 +12,7 @@ noblacklist /usr/sbin | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/dolphin.profile b/etc/dolphin.profile index c694a96e5..f9fa977a9 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile | |||
| @@ -14,6 +14,7 @@ noblacklist ${HOME}/.local/share/Trash | |||
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | ||
| 17 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
| 18 | # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files | 19 | # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files |
| 19 | # include /etc/firejail/disable-programs.inc | 20 | # include /etc/firejail/disable-programs.inc |
diff --git a/etc/dooble.profile b/etc/dooble.profile index 2a57b0ef3..df68a4aef 100644 --- a/etc/dooble.profile +++ b/etc/dooble.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.dooble | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/dosbox.profile b/etc/dosbox.profile index 736c7da2f..79514c373 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.dosbox | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/dragon.profile b/etc/dragon.profile index 392b4146e..bdaa12e75 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/dragonplayerrc | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 138b3912a..24b69e118 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.dropbox-dist | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/elinks.profile b/etc/elinks.profile index aca30c933..5d28ac0c8 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.elinks | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/empathy.profile b/etc/empathy.profile index b2cfa369c..b9d682322 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
| 13 | caps.drop all | 14 | caps.drop all |
diff --git a/etc/enchant.profile b/etc/enchant.profile index 8178bb2c8..0e9ed3f22 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/enchant | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index cf32d579e..70ec7615e 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/enpass.profile b/etc/enpass.profile index 4c19d5825..2ee7a97f6 100644 --- a/etc/enpass.profile +++ b/etc/enpass.profile | |||
| @@ -6,6 +6,7 @@ include /etc/firejail/globals.local | |||
| 6 | 6 | ||
| 7 | include /etc/firejail/disable-common.inc | 7 | include /etc/firejail/disable-common.inc |
| 8 | include /etc/firejail/disable-devel.inc | 8 | include /etc/firejail/disable-devel.inc |
| 9 | include /etc/firejail/disable-interpreters.inc | ||
| 9 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
| 10 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
| 11 | 12 | ||
diff --git a/etc/eog.profile b/etc/eog.profile index 66434ae05..8a0925655 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.steam | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/eom.profile b/etc/eom.profile index 48965bcb9..86ce01d1b 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.steam | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 0f9a9cf55..e579fb4f6 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/epiphany | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
| 16 | mkdir ${HOME}/.cache/epiphany | 17 | mkdir ${HOME}/.cache/epiphany |
diff --git a/etc/evince.profile b/etc/evince.profile index 38c9ee9a9..cca564557 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/evince | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/evolution.profile b/etc/evolution.profile index d946cc9f9..0584b2744 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
| @@ -16,6 +16,7 @@ noblacklist ${HOME}/.pki | |||
| 16 | 16 | ||
| 17 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
| 18 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | ||
| 19 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
| 20 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
| 21 | 22 | ||
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 8ab6012f5..2522a32a3 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
| @@ -8,12 +8,14 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
| 10 | 10 | ||
| 11 | noblacklist /usr/bin/perl | 11 | # Allow access to perl |
| 12 | noblacklist ${PATH}/perl | ||
| 12 | noblacklist /usr/lib/perl* | 13 | noblacklist /usr/lib/perl* |
| 13 | noblacklist /usr/share/perl* | 14 | noblacklist /usr/share/perl* |
| 14 | 15 | ||
| 15 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 17 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 19 | 21 | ||
diff --git a/etc/falkon.profile b/etc/falkon.profile index a86c83329..cd98d2d65 100644 --- a/etc/falkon.profile +++ b/etc/falkon.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/falkon | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 8e2e5b169..573099429 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.FBReader | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/feh.profile b/etc/feh.profile index ba7a76c49..657f05f3c 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile index 6bda49ee1..12175295f 100644 --- a/etc/fetchmail.profile +++ b/etc/fetchmail.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.netrc | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index 538179107..4e55039cf 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index eb76d1dbb..69b9c18da 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 0f6cb22f3..1bc78e5ef 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
| @@ -8,8 +8,15 @@ include /etc/firejail/globals.local | |||
| 8 | noblacklist ${HOME}/.config/filezilla | 8 | noblacklist ${HOME}/.config/filezilla |
| 9 | noblacklist ${HOME}/.filezilla | 9 | noblacklist ${HOME}/.filezilla |
| 10 | 10 | ||
| 11 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 12 | noblacklist ${PATH}/python2* | ||
| 13 | noblacklist ${PATH}/python3* | ||
| 14 | noblacklist /usr/lib/python2* | ||
| 15 | noblacklist /usr/lib/python3* | ||
| 16 | |||
| 11 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 14 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
| 15 | 22 | ||
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 1f531c1b7..3fe83eda0 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.pki | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
| 17 | mkdir ${HOME}/.pki | 18 | mkdir ${HOME}/.pki |
diff --git a/etc/flowblade.profile b/etc/flowblade.profile index 79dab0751..bad8538cf 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.flowblade | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/fontforge.profile b/etc/fontforge.profile index 29295f8a0..be5f0d4e2 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.FontForge | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/franz.profile b/etc/franz.profile index 42b14fa2f..fbe1c0f65 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.pki | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
| 16 | mkdir ${HOME}/.cache/Franz | 17 | mkdir ${HOME}/.cache/Franz |
diff --git a/etc/freecad.profile b/etc/freecad.profile index c51d88f7a..dc5738e01 100644 --- a/etc/freecad.profile +++ b/etc/freecad.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/FreeCAD | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 8acd32bdd..63b4d3330 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.frozen-bubble | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/gajim.profile b/etc/gajim.profile index 9171b93af..02c818443 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
| @@ -9,8 +9,13 @@ noblacklist ${HOME}/.cache/gajim | |||
| 9 | noblacklist ${HOME}/.config/gajim | 9 | noblacklist ${HOME}/.config/gajim |
| 10 | noblacklist ${HOME}/.local/share/gajim | 10 | noblacklist ${HOME}/.local/share/gajim |
| 11 | 11 | ||
| 12 | # Allow python2.7 (blacklisted by disable-interpreters.inc) | ||
| 13 | noblacklist ${PATH}/python2* | ||
| 14 | noblacklist /usr/lib/python2* | ||
| 15 | |||
| 12 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 16 | 21 | ||
diff --git a/etc/galculator.profile b/etc/galculator.profile index 8229f8250..1a5112ef5 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/galculator | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/gedit.profile b/etc/gedit.profile index e78b8a708..33d03f62e 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.gitconfig | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | # include /etc/firejail/disable-devel.inc | 13 | # include /etc/firejail/disable-devel.inc |
| 14 | # include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/geeqie.profile b/etc/geeqie.profile index 27ee343af..7512cbcd9 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/geeqie | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/gitg.profile b/etc/gitg.profile index 0c8495866..39cbdc53d 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.ssh | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/gitter.profile b/etc/gitter.profile index a3bbabd10..2edbf8a4e 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/Gitter | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/gjs.profile b/etc/gjs.profile index 32faeb8df..9d439782c 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
| @@ -14,6 +14,7 @@ noblacklist ${HOME}/.local/share/gnome-photos | |||
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | ||
| 17 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
| 19 | 20 | ||
diff --git a/etc/globaltime.profile b/etc/globaltime.profile index 6961a56e9..19820ce85 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/globaltime | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index a292633c3..5ecb279e5 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.local/share/gnome-2048 | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index bd21cd39f..4274981b5 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.cache/org.gnome.Books | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index dfb93c3b0..0aed6f52a 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
| @@ -9,7 +9,9 @@ include /etc/firejail/globals.local | |||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 14 | |||
| 13 | include /etc/firejail/whitelist-common.inc | 15 | include /etc/firejail/whitelist-common.inc |
| 14 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
| 15 | 17 | ||
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index f1f04d889..59a3d59af 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.local/share/gnome-chess | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index be294ae9a..103a5ff73 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile index 3a3808e56..d4d670998 100644 --- a/etc/gnome-contacts.profile +++ b/etc/gnome-contacts.profile | |||
| @@ -8,8 +8,10 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 14 | |||
| 13 | include /etc/firejail/whitelist-common.inc | 15 | include /etc/firejail/whitelist-common.inc |
| 14 | 16 | ||
| 15 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index 40bb63538..9089d7ee8 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/libreoffice | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile index cca0313cc..ebd937f9b 100644 --- a/etc/gnome-font-viewer.profile +++ b/etc/gnome-font-viewer.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index b1030597c..b5364e48d 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.cache/champlain | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index c9626950e..7cf97a79f 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/gnome-mplayer | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index f052563be..eec61b8db 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile | |||
| @@ -7,8 +7,15 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.local/share/gnome-music | 8 | noblacklist ${HOME}/.local/share/gnome-music |
| 9 | 9 | ||
| 10 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 11 | noblacklist ${PATH}/python2* | ||
| 12 | noblacklist ${PATH}/python3* | ||
| 13 | noblacklist /usr/lib/python2* | ||
| 14 | noblacklist /usr/lib/python3* | ||
| 15 | |||
| 10 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 14 | 21 | ||
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index f3b00a868..132f3b6bd 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/gnome-photos | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index 2f7657c0c..f1e062fd5 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/gnome-recipes | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/gnome-ring.profile b/etc/gnome-ring.profile index 5ae7f427a..cbc79320e 100644 --- a/etc/gnome-ring.profile +++ b/etc/gnome-ring.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.local/share/gnome-ring | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile index 9e8f2a241..c7fc04be3 100644 --- a/etc/gnome-twitch.profile +++ b/etc/gnome-twitch.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/gnome-twitch | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 0423b06dd..64482b246 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.cache/libgweather | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/goobox.profile b/etc/goobox.profile index 98514ce8d..ed7b4e761 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/google-earth.profile b/etc/google-earth.profile index 2e0d11897..bafa716d1 100644 --- a/etc/google-earth.profile +++ b/etc/google-earth.profile | |||
| @@ -13,6 +13,7 @@ noblacklist ${HOME}/.googleearth/myplaces.kml | |||
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | ||
| 16 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
| 18 | 19 | ||
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index 58473d5c8..7a19cc676 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/Google Play Music Desktop Player | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/gpa.profile b/etc/gpa.profile index 725c744ed..17791bb82 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.gnupg | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index c59c624fc..7f50e1e8d 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.gnupg | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/gpg.profile b/etc/gpg.profile index cd2b30e9e..7eb8a3ac8 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.gnupg | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index c6453e972..9644ac59d 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/gpicview | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 029c37290..51f384751 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/Gpredict | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 5d066c141..eb0c38ec2 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.steam | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile index 14662443c..e7e3f828c 100644 --- a/etc/guayadeque.profile +++ b/etc/guayadeque.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.guayadeque | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index b6be37439..16ea2047d 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index d17be41cc..068a6d19b 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
| @@ -17,6 +17,7 @@ noblacklist ${HOME}/.local/share/org.kde.gwenview | |||
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include /etc/firejail/disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include /etc/firejail/disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | ||
| 20 | include /etc/firejail/disable-passwdmgr.inc | 21 | include /etc/firejail/disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 22 | include /etc/firejail/disable-programs.inc |
| 22 | 23 | ||
diff --git a/etc/handbrake.profile b/etc/handbrake.profile index ff9dd248f..6f2f3bf7f 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/ghb | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index c8ab268c8..d61165a91 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
| @@ -11,6 +11,7 @@ noblacklist /usr/include | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 6f9117fae..d6b686be7 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.hedgewars | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 02f8e9eeb..9b2eafcea 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
| @@ -7,11 +7,17 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/hexchat | 8 | noblacklist ${HOME}/.config/hexchat |
| 9 | noblacklist /usr/share/perl* | 9 | noblacklist /usr/share/perl* |
| 10 | # noblacklist /usr/lib/python2* | 10 | |
| 11 | # noblacklist /usr/lib/python3* | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
| 12 | noblacklist ${PATH}/python2* | ||
| 13 | noblacklist ${PATH}/python3* | ||
| 14 | noblacklist /usr/lib/python2* | ||
| 15 | noblacklist /usr/lib/python3* | ||
| 12 | 16 | ||
| 13 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | ||
| 20 | include /etc/firejail/disable-passwdmgr.inc | ||
| 15 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
| 16 | 22 | ||
| 17 | mkdir ${HOME}/.config/hexchat | 23 | mkdir ${HOME}/.config/hexchat |
diff --git a/etc/highlight.profile b/etc/highlight.profile index 781866f3b..a93019696 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
| @@ -9,6 +9,7 @@ blacklist /tmp/.X11-unix | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/hugin.profile b/etc/hugin.profile index 3847a7daf..761c4e039 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.hugin | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/imagej.profile b/etc/imagej.profile index 7396160af..bfd3444f0 100644 --- a/etc/imagej.profile +++ b/etc/imagej.profile | |||
| @@ -7,8 +7,15 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.imagej | 8 | noblacklist ${HOME}/.imagej |
| 9 | 9 | ||
| 10 | # Allow access to java | ||
| 11 | noblacklist ${PATH}/java | ||
| 12 | noblacklist /usr/lib/java | ||
| 13 | noblacklist /etc/java | ||
| 14 | noblacklist /usr/share/java | ||
| 15 | |||
| 10 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 14 | 21 | ||
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 8c157bf2a..1cc8d2953 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index af24bc3e9..0f5ca9d39 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.inkscape | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/itch.profile b/etc/itch.profile index 7e8f0518d..2ad669952 100644 --- a/etc/itch.profile +++ b/etc/itch.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.config/itch | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index f70eff3e4..f435b4ed7 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.java | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/jitsi.profile b/etc/jitsi.profile index bfccdf281..cb2f2092a 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile | |||
| @@ -7,8 +7,15 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.jitsi | 8 | noblacklist ${HOME}/.jitsi |
| 9 | 9 | ||
| 10 | # Allow access to java | ||
| 11 | noblacklist ${PATH}/java | ||
| 12 | noblacklist /usr/lib/java | ||
| 13 | noblacklist /etc/java | ||
| 14 | noblacklist /usr/share/java | ||
| 15 | |||
| 10 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 14 | 21 | ||
diff --git a/etc/k3b.profile b/etc/k3b.profile index 275304fb2..38ad97354 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.kde4/share/config/k3brc | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/kaffeine.profile b/etc/kaffeine.profile index 07280ab6d..93e27b7c3 100644 --- a/etc/kaffeine.profile +++ b/etc/kaffeine.profile | |||
| @@ -14,6 +14,7 @@ noblacklist ${HOME}/.local/share/kaffeine | |||
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | ||
| 17 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
| 19 | 20 | ||
diff --git a/etc/kate.profile b/etc/kate.profile index b3c1e81d8..7408ee0ef 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
| @@ -15,6 +15,7 @@ noblacklist ${HOME}/.local/share/kate | |||
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 17 | # include /etc/firejail/disable-devel.inc | 17 | # include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 18 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 20 | 21 | ||
diff --git a/etc/kcalc.profile b/etc/kcalc.profile index 86a3b1462..5afea9c1c 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/kdeinit4.profile b/etc/kdeinit4.profile index e6a2653e1..76de15ccf 100644 --- a/etc/kdeinit4.profile +++ b/etc/kdeinit4.profile | |||
| @@ -9,6 +9,7 @@ include /etc/firejail/globals.local | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index 819279b10..0fa9da497 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/kdenlive | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/keepass.profile b/etc/keepass.profile index c133ce0fb..9ae6abfb2 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile | |||
| @@ -15,6 +15,7 @@ noblacklist ${HOME}/.local/share/keepass | |||
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 18 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 20 | 21 | ||
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 14af2682c..7a5e57d72 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.keepassx | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 0e464cbe4..0edb375b3 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
| @@ -14,6 +14,7 @@ noblacklist ${HOME}/.mozilla | |||
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | ||
| 17 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
| 19 | 20 | ||
diff --git a/etc/kget.profile b/etc/kget.profile index c4e073c2b..c45d8daba 100644 --- a/etc/kget.profile +++ b/etc/kget.profile | |||
| @@ -14,6 +14,7 @@ noblacklist ${HOME}/.local/share/kget | |||
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | ||
| 17 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
| 19 | 20 | ||
diff --git a/etc/kino.profile b/etc/kino.profile index be51786f5..054b185dd 100644 --- a/etc/kino.profile +++ b/etc/kino.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.kinorc | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/kmail.profile b/etc/kmail.profile index 3e425b62e..f7b180f87 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
| @@ -25,6 +25,7 @@ noblacklist /tmp/akonadi-* | |||
| 25 | 25 | ||
| 26 | include /etc/firejail/disable-common.inc | 26 | include /etc/firejail/disable-common.inc |
| 27 | include /etc/firejail/disable-devel.inc | 27 | include /etc/firejail/disable-devel.inc |
| 28 | include /etc/firejail/disable-interpreters.inc | ||
| 28 | include /etc/firejail/disable-passwdmgr.inc | 29 | include /etc/firejail/disable-passwdmgr.inc |
| 29 | include /etc/firejail/disable-programs.inc | 30 | include /etc/firejail/disable-programs.inc |
| 30 | 31 | ||
diff --git a/etc/knotes.profile b/etc/knotes.profile index 4bbbd332d..35e2699bd 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile | |||
| @@ -5,8 +5,15 @@ include /etc/firejail/knotes.local | |||
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
| 8 | # knotes has problems launching akonadi in debian and ubuntu. | 8 | noblacklist ${HOME}/.config/akonadi* |
| 9 | # one solution is to have akonadi already running when knotes is started | 9 | noblacklist ${HOME}/.config/knotesrc |
| 10 | noblacklist ${HOME}/.local/share/akonadi/* | ||
| 11 | |||
| 12 | include /etc/firejail/disable-common.inc | ||
| 13 | include /etc/firejail/disable-devel.inc | ||
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | ||
| 16 | include /etc/firejail/disable-programs.inc | ||
| 10 | 17 | ||
| 11 | noblacklist ${HOME}/.config/knotesrc | 18 | noblacklist ${HOME}/.config/knotesrc |
| 12 | noblacklist ${HOME}/.local/share/knotes | 19 | noblacklist ${HOME}/.local/share/knotes |
diff --git a/etc/kodi.profile b/etc/kodi.profile index dfe019641..54d548291 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile | |||
| @@ -7,8 +7,15 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.kodi | 8 | noblacklist ${HOME}/.kodi |
| 9 | 9 | ||
| 10 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 11 | noblacklist ${PATH}/python2* | ||
| 12 | noblacklist ${PATH}/python3* | ||
| 13 | noblacklist /usr/lib/python2* | ||
| 14 | noblacklist /usr/lib/python3* | ||
| 15 | |||
| 10 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 14 | 21 | ||
diff --git a/etc/konversation.profile b/etc/konversation.profile index 356d2f314..0acad236a 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.kde4/share/config/konversationrc | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/kopete.profile b/etc/kopete.profile index 7f332d48e..0954b7dff 100644 --- a/etc/kopete.profile +++ b/etc/kopete.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.kde4/share/config/kopeterc | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/krita.profile b/etc/krita.profile index 24948c584..e52adaaec 100644 --- a/etc/krita.profile +++ b/etc/krita.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/krita | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/krunner.profile b/etc/krunner.profile index 17526c4ea..288327f9c 100644 --- a/etc/krunner.profile +++ b/etc/krunner.profile | |||
| @@ -20,6 +20,7 @@ noblacklist ${HOME}/.kde4/share/config/krunnerrc | |||
| 20 | 20 | ||
| 21 | include /etc/firejail/disable-common.inc | 21 | include /etc/firejail/disable-common.inc |
| 22 | # include /etc/firejail/disable-devel.inc | 22 | # include /etc/firejail/disable-devel.inc |
| 23 | # include /etc/firejail/disable-interpreters.inc | ||
| 23 | # include /etc/firejail/disable-passwdmgr.inc | 24 | # include /etc/firejail/disable-passwdmgr.inc |
| 24 | # include /etc/firejail/disable-programs.inc | 25 | # include /etc/firejail/disable-programs.inc |
| 25 | 26 | ||
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index d1b67a3f1..44fb5ae3e 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile | |||
| @@ -14,6 +14,7 @@ noblacklist ${HOME}/.local/share/ktorrent | |||
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | ||
| 17 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
| 19 | 20 | ||
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile index 534e7cd51..ca7c5042d 100644 --- a/etc/kwin_x11.profile +++ b/etc/kwin_x11.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.local/share/kwin | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index ac51259c0..e416a5591 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
| @@ -15,6 +15,7 @@ noblacklist ${HOME}/.local/share/kwrite | |||
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 18 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 19 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 20 | 21 | ||
diff --git a/etc/leafpad.profile b/etc/leafpad.profile index bca6e9c22..0374d2e4a 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/leafpad | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 15961321e..4b3eb1ac7 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
| @@ -9,9 +9,15 @@ noblacklist ${HOME}/.java | |||
| 9 | noblacklist /usr/local/sbin | 9 | noblacklist /usr/local/sbin |
| 10 | noblacklist ${HOME}/.config/libreoffice | 10 | noblacklist ${HOME}/.config/libreoffice |
| 11 | 11 | ||
| 12 | # libreoffice uses java; if you don't care about java functionality, | ||
| 13 | # comment the next four lines | ||
| 14 | noblacklist ${PATH}/java | ||
| 15 | noblacklist /usr/lib/java | ||
| 16 | noblacklist /etc/java | ||
| 17 | noblacklist /usr/share/java | ||
| 18 | |||
| 12 | include /etc/firejail/disable-common.inc | 19 | include /etc/firejail/disable-common.inc |
| 13 | # libreoffice uses java; if you don't care about java functionality, uncomment this line; | 20 | include /etc/firejail/disable-devel.inc |
| 14 | #include /etc/firejail/disable-devel.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 21 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 22 | include /etc/firejail/disable-programs.inc |
| 17 | 23 | ||
diff --git a/etc/liferea.profile b/etc/liferea.profile index 552a45bbb..4b7905cb7 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile | |||
| @@ -9,8 +9,15 @@ noblacklist ${HOME}/.cache/liferea | |||
| 9 | noblacklist ${HOME}/.config/liferea | 9 | noblacklist ${HOME}/.config/liferea |
| 10 | noblacklist ${HOME}/.local/share/liferea | 10 | noblacklist ${HOME}/.local/share/liferea |
| 11 | 11 | ||
| 12 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 13 | noblacklist ${PATH}/python2* | ||
| 14 | noblacklist ${PATH}/python3* | ||
| 15 | noblacklist /usr/lib/python2* | ||
| 16 | noblacklist /usr/lib/python3* | ||
| 17 | |||
| 12 | include /etc/firejail/disable-common.inc | 18 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 19 | include /etc/firejail/disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 21 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 22 | include /etc/firejail/disable-programs.inc |
| 16 | 23 | ||
diff --git a/etc/linphone.profile b/etc/linphone.profile index 41f9245a2..9e54db3ca 100644 --- a/etc/linphone.profile +++ b/etc/linphone.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.linphonerc | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/lmms.profile b/etc/lmms.profile index a9fecf5be..58f82726d 100644 --- a/etc/lmms.profile +++ b/etc/lmms.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.lmmsrc.xml | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/lollypop.profile b/etc/lollypop.profile index f42489cd3..596da5925 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.local/share/lollypop | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index ec2a65290..8d55f5de2 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/Luminance | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index d4bb1b0e8..971d969ad 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/lximage-qt | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index 71d7a056f..5962c7dc7 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/xmms2 | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/lynx.profile b/etc/lynx.profile index d54bed564..fec9661c6 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
| @@ -9,6 +9,7 @@ blacklist /tmp/.X11-unix | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index 948c7226d..bbef46567 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile | |||
| @@ -7,8 +7,15 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/mfusion | 8 | noblacklist ${HOME}/.config/mfusion |
| 9 | 9 | ||
| 10 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 11 | noblacklist ${PATH}/python2* | ||
| 12 | noblacklist ${PATH}/python3* | ||
| 13 | noblacklist /usr/lib/python2* | ||
| 14 | noblacklist /usr/lib/python3* | ||
| 15 | |||
| 10 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
| 14 | 21 | ||
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index f452b751a..6185b013f 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/mate-calc | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index 24f59e1d5..c3a3ee446 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index 3f85addaf..6c9ed4499 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/mate/mate-dictionary | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/mcabber.profile b/etc/mcabber.profile index 2e31e09ec..860de3f0a 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.mcabberrc | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index c3c84ed39..d79a0e886 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
| @@ -9,6 +9,7 @@ blacklist /tmp/.X11-unix | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index 9eae27765..12956bab6 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile | |||
| @@ -16,8 +16,15 @@ noblacklist ${HOME}/.local/share/xplayer | |||
| 16 | noblacklist ${HOME}/.mediathek3 | 16 | noblacklist ${HOME}/.mediathek3 |
| 17 | noblacklist ${HOME}/.mplayer | 17 | noblacklist ${HOME}/.mplayer |
| 18 | 18 | ||
| 19 | # Allow access to java | ||
| 20 | noblacklist ${PATH}/java | ||
| 21 | noblacklist /usr/lib/java | ||
| 22 | noblacklist /etc/java | ||
| 23 | noblacklist /usr/share/java | ||
| 24 | |||
| 19 | include /etc/firejail/disable-common.inc | 25 | include /etc/firejail/disable-common.inc |
| 20 | include /etc/firejail/disable-devel.inc | 26 | include /etc/firejail/disable-devel.inc |
| 27 | include /etc/firejail/disable-interpreters.inc | ||
| 21 | include /etc/firejail/disable-passwdmgr.inc | 28 | include /etc/firejail/disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 29 | include /etc/firejail/disable-programs.inc |
| 23 | 30 | ||
diff --git a/etc/midori.profile b/etc/midori.profile index 831f68864..2f7e238cb 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
| @@ -13,6 +13,7 @@ noblacklist ${HOME}/.pki | |||
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | ||
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
| 18 | mkdir ${HOME}/.cache/midori | 19 | mkdir ${HOME}/.cache/midori |
diff --git a/etc/minetest.profile b/etc/minetest.profile index c560ac47c..cdbf21935 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.minetest | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 0f0051c0a..a4a1ad599 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/Mousepad | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/mpd.profile b/etc/mpd.profile index 7bfa47d77..a624ea091 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.mpdconf | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/mplayer.profile b/etc/mplayer.profile index 58b94c171..8e8d224a9 100644 --- a/etc/mplayer.profile +++ b/etc/mplayer.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.mplayer | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/mpv.profile b/etc/mpv.profile index dcd8b05e1..18233c31b 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile | |||
| @@ -8,8 +8,15 @@ include /etc/firejail/globals.local | |||
| 8 | noblacklist ${HOME}/.config/mpv | 8 | noblacklist ${HOME}/.config/mpv |
| 9 | noblacklist ${HOME}/.netrc | 9 | noblacklist ${HOME}/.netrc |
| 10 | 10 | ||
| 11 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 12 | noblacklist ${PATH}/python2* | ||
| 13 | noblacklist ${PATH}/python3* | ||
| 14 | noblacklist /usr/lib/python2* | ||
| 15 | noblacklist /usr/lib/python3* | ||
| 16 | |||
| 11 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
| 15 | 22 | ||
diff --git a/etc/multimc5.profile b/etc/multimc5.profile index 8a70d9d36..2b63c2032 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile | |||
| @@ -10,8 +10,15 @@ noblacklist ${HOME}/.local/share/multimc | |||
| 10 | noblacklist ${HOME}/.local/share/multimc5 | 10 | noblacklist ${HOME}/.local/share/multimc5 |
| 11 | noblacklist ${HOME}/.multimc5 | 11 | noblacklist ${HOME}/.multimc5 |
| 12 | 12 | ||
| 13 | # Allow access to java | ||
| 14 | noblacklist ${PATH}/java | ||
| 15 | noblacklist /usr/lib/java | ||
| 16 | noblacklist /etc/java | ||
| 17 | noblacklist /usr/share/java | ||
| 18 | |||
| 13 | include /etc/firejail/disable-common.inc | 19 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 20 | include /etc/firejail/disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
| 17 | 24 | ||
diff --git a/etc/mumble.profile b/etc/mumble.profile index e58dc93f4..f8a49eb13 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/data/Mumble | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index af5859dbc..9ccdf60a8 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index 2e3d7cfb8..a91b6753c 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/mupen64plus | |||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-passwdmgr.inc | ||
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
| 16 | # you'll need to manually whitelist ROM files | 17 | # you'll need to manually whitelist ROM files |
diff --git a/etc/musescore.profile b/etc/musescore.profile index 75f86c842..5b07a59da 100644 --- a/etc/musescore.profile +++ b/etc/musescore.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.local/share/data/MuseScore | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/mutt.profile b/etc/mutt.profile index 92567f10a..bc257f156 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
| @@ -33,6 +33,7 @@ noblacklist ${HOME}/sent | |||
| 33 | 33 | ||
| 34 | include /etc/firejail/disable-common.inc | 34 | include /etc/firejail/disable-common.inc |
| 35 | include /etc/firejail/disable-devel.inc | 35 | include /etc/firejail/disable-devel.inc |
| 36 | include /etc/firejail/disable-interpreters.inc | ||
| 36 | include /etc/firejail/disable-passwdmgr.inc | 37 | include /etc/firejail/disable-passwdmgr.inc |
| 37 | include /etc/firejail/disable-programs.inc | 38 | include /etc/firejail/disable-programs.inc |
| 38 | 39 | ||
diff --git a/etc/natron.profile b/etc/natron.profile index cf01c862c..f6ebf2b65 100644 --- a/etc/natron.profile +++ b/etc/natron.profile | |||
| @@ -12,6 +12,7 @@ noblacklist /opt/natron | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 5ba0850fc..f1f565515 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile | |||
| @@ -13,8 +13,15 @@ noblacklist ${HOME}/.local/share/Trash | |||
| 13 | noblacklist ${HOME}/.local/share/nautilus | 13 | noblacklist ${HOME}/.local/share/nautilus |
| 14 | noblacklist ${HOME}/.local/share/nautilus-python | 14 | noblacklist ${HOME}/.local/share/nautilus-python |
| 15 | 15 | ||
| 16 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 17 | noblacklist ${PATH}/python2* | ||
| 18 | noblacklist ${PATH}/python3* | ||
| 19 | noblacklist /usr/lib/python2* | ||
| 20 | noblacklist /usr/lib/python3* | ||
| 21 | |||
| 16 | include /etc/firejail/disable-common.inc | 22 | include /etc/firejail/disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 23 | include /etc/firejail/disable-devel.inc |
| 24 | include /etc/firejail/disable-interpreters.inc | ||
| 18 | include /etc/firejail/disable-passwdmgr.inc | 25 | include /etc/firejail/disable-passwdmgr.inc |
| 19 | # include /etc/firejail/disable-programs.inc | 26 | # include /etc/firejail/disable-programs.inc |
| 20 | 27 | ||
diff --git a/etc/nemo.profile b/etc/nemo.profile index b11ad645a..962549a04 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile | |||
| @@ -10,8 +10,15 @@ noblacklist ${HOME}/.local/share/Trash | |||
| 10 | noblacklist ${HOME}/.local/share/nemo | 10 | noblacklist ${HOME}/.local/share/nemo |
| 11 | noblacklist ${HOME}/.local/share/nemo-python | 11 | noblacklist ${HOME}/.local/share/nemo-python |
| 12 | 12 | ||
| 13 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 14 | noblacklist ${PATH}/python2* | ||
| 15 | noblacklist ${PATH}/python3* | ||
| 16 | noblacklist /usr/lib/python2* | ||
| 17 | noblacklist /usr/lib/python3* | ||
| 18 | |||
| 13 | include /etc/firejail/disable-common.inc | 19 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 20 | include /etc/firejail/disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | 23 | ||
| 17 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/netsurf.profile b/etc/netsurf.profile index 6e8f02328..847e81999 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/netsurf | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
| 15 | mkdir ${HOME}/.cache/netsurf | 16 | mkdir ${HOME}/.cache/netsurf |
diff --git a/etc/neverball.profile b/etc/neverball.profile index 6a9a3a577..de8bb5d9d 100644 --- a/etc/neverball.profile +++ b/etc/neverball.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.neverball | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/nheko.profile b/etc/nheko.profile index d0d3ae612..fa9ce2e8b 100644 --- a/etc/nheko.profile +++ b/etc/nheko.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.cache/nheko/nheko | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/nylas.profile b/etc/nylas.profile index c2e1e1fdb..28305a203 100644 --- a/etc/nylas.profile +++ b/etc/nylas.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.nylas-mail | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/obs.profile b/etc/obs.profile index 187862752..9a0fab3f8 100644 --- a/etc/obs.profile +++ b/etc/obs.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/obs-studio | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index c807a5399..32d51f478 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
| @@ -9,6 +9,7 @@ blacklist /tmp/.X11-unix | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/okular.profile b/etc/okular.profile index f1f0b2c7e..50b69ceaf 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
| @@ -18,6 +18,7 @@ noblacklist ${HOME}/.local/share/okular | |||
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include /etc/firejail/disable-common.inc |
| 20 | include /etc/firejail/disable-devel.inc | 20 | include /etc/firejail/disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | ||
| 21 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
| 23 | 24 | ||
diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile index 8cbe5be7f..1c93ef9b9 100644 --- a/etc/onionshare-gui.profile +++ b/etc/onionshare-gui.profile | |||
| @@ -7,8 +7,13 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | noblacklist ${HOME}/.config/onionshare | 8 | noblacklist ${HOME}/.config/onionshare |
| 9 | 9 | ||
| 10 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 11 | noblacklist ${PATH}/python3* | ||
| 12 | noblacklist /usr/lib/python3* | ||
| 13 | |||
| 10 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
| 14 | 19 | ||
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 3c3609dae..5d331423e 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.openinvaders | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/openshot.profile b/etc/openshot.profile index b9eb29590..114580f1e 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.openshot_qt | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/orage.profile b/etc/orage.profile index 209c7e9db..8e218eb2d 100644 --- a/etc/orage.profile +++ b/etc/orage.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/orage | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/parole.profile b/etc/parole.profile index a8ce63e73..c659614e3 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 0dcd21549..83c1864e9 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/Trash | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | # include /etc/firejail/disable-programs.inc | 16 | # include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile index b4ccb6003..8da5869e3 100755..100644 --- a/etc/pdfchain.profile +++ b/etc/pdfchain.profile | |||
| @@ -6,9 +6,10 @@ include /etc/firejail/pdfchain.local | |||
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-programs.inc | ||
| 10 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | ||
| 12 | 13 | ||
| 13 | include /etc/firejail/whitelist-var-common.inc | 14 | include /etc/firejail/whitelist-var-common.inc |
| 14 | 15 | ||
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile index 9b08dfd84..aa674419d 100644 --- a/etc/pdfmod.profile +++ b/etc/pdfmod.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/pdfmod | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 465f68fd6..a5d9c2d65 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
| @@ -5,10 +5,18 @@ include /etc/firejail/pdfsam.local | |||
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
| 8 | # Allow access to java | ||
| 8 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
| 9 | 10 | ||
| 11 | # Allow access to java | ||
| 12 | noblacklist ${PATH}/java | ||
| 13 | noblacklist /usr/lib/java | ||
| 14 | noblacklist /etc/java | ||
| 15 | noblacklist /usr/share/java | ||
| 16 | |||
| 10 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
| 14 | 22 | ||
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index a97063754..9e672d199 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
| @@ -9,6 +9,7 @@ blacklist /tmp/.X11-unix | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/peek.profile b/etc/peek.profile index 7b7ab9470..5d5a32b8a 100644 --- a/etc/peek.profile +++ b/etc/peek.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.cache/peek | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/picard.profile b/etc/picard.profile index 8dc79b4ad..9e0d4ab55 100644 --- a/etc/picard.profile +++ b/etc/picard.profile | |||
| @@ -8,8 +8,13 @@ include /etc/firejail/globals.local | |||
| 8 | noblacklist ${HOME}/.cache/MusicBrainz | 8 | noblacklist ${HOME}/.cache/MusicBrainz |
| 9 | noblacklist ${HOME}/.config/MusicBrainz | 9 | noblacklist ${HOME}/.config/MusicBrainz |
| 10 | 10 | ||
| 11 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 12 | noblacklist ${PATH}/python3* | ||
| 13 | noblacklist /usr/lib/python3* | ||
| 14 | |||
| 11 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
| 15 | 20 | ||
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index d195cf586..ac2597a68 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.purple | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/ping.profile b/etc/ping.profile index f1c6d32d8..d014fb82c 100644 --- a/etc/ping.profile +++ b/etc/ping.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | include /etc/firejail/whitelist-common.inc | 14 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/pingus.profile b/etc/pingus.profile index b287e7ee8..89247f847 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.pingus | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/pinta.profile b/etc/pinta.profile index b51521ef7..73fabb95f 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/Pinta | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/pithos.profile b/etc/pithos.profile index f3949d3f1..c7eac0d53 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
| @@ -5,11 +5,18 @@ include /etc/firejail/pithos.local | |||
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
| 8 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 9 | noblacklist ${PATH}/python2* | ||
| 10 | noblacklist ${PATH}/python3* | ||
| 11 | noblacklist /usr/lib/python2* | ||
| 12 | noblacklist /usr/lib/python3* | ||
| 8 | 13 | ||
| 9 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
| 19 | |||
| 13 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
| 14 | 21 | ||
| 15 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/pitivi.profile b/etc/pitivi.profile index 6df03e042..1d7c4f721 100644 --- a/etc/pitivi.profile +++ b/etc/pitivi.profile | |||
| @@ -8,8 +8,15 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.config/pitivi | 9 | noblacklist ${HOME}/.config/pitivi |
| 10 | 10 | ||
| 11 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 12 | noblacklist ${PATH}/python2* | ||
| 13 | noblacklist ${PATH}/python3* | ||
| 14 | noblacklist /usr/lib/python2* | ||
| 15 | noblacklist /usr/lib/python3* | ||
| 16 | |||
| 11 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
| 15 | 22 | ||
diff --git a/etc/pix.profile b/etc/pix.profile index 9eca6f87e..ec495269d 100644 --- a/etc/pix.profile +++ b/etc/pix.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.steam | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/playonlinux.profile b/etc/playonlinux.profile index 54dd4d5fd..1179a7a01 100644 --- a/etc/playonlinux.profile +++ b/etc/playonlinux.profile | |||
| @@ -14,9 +14,17 @@ noblacklist ${HOME}/.PlayOnLinux | |||
| 14 | # nc is needed to run playonlinux | 14 | # nc is needed to run playonlinux |
| 15 | noblacklist ${PATH}/nc | 15 | noblacklist ${PATH}/nc |
| 16 | 16 | ||
| 17 | # Allow access to perl | ||
| 18 | noblacklist ${PATH}/cpan* | ||
| 19 | noblacklist ${PATH}/core_perl | ||
| 20 | noblacklist ${PATH}/perl | ||
| 21 | noblacklist /usr/lib/perl* | ||
| 22 | noblacklist /usr/share/perl* | ||
| 23 | |||
| 17 | include /etc/firejail/disable-common.inc | 24 | include /etc/firejail/disable-common.inc |
| 18 | # playonlinux uses perl | 25 | # playonlinux uses perl |
| 19 | # include /etc/firejail/disable-devel.inc | 26 | include /etc/firejail/disable-devel.inc |
| 27 | include /etc/firejail/disable-interpreters.inc | ||
| 20 | include /etc/firejail/disable-programs.inc | 28 | include /etc/firejail/disable-programs.inc |
| 21 | 29 | ||
| 22 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/pluma.profile b/etc/pluma.profile index d0acfeb1a..7a70c88ab 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/pluma | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/polari.profile b/etc/polari.profile index a990194c9..aba5ea57e 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
| 13 | mkdir ${HOME}/.cache/telepathy | 14 | mkdir ${HOME}/.cache/telepathy |
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 8d2ace96a..6d7050b7a 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/psi+ | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 14a9e8adc..2017beee4 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
| @@ -10,8 +10,15 @@ noblacklist ${HOME}/.config/qBittorrent | |||
| 10 | noblacklist ${HOME}/.config/qBittorrentrc | 10 | noblacklist ${HOME}/.config/qBittorrentrc |
| 11 | noblacklist ${HOME}/.local/share/data/qBittorrent | 11 | noblacklist ${HOME}/.local/share/data/qBittorrent |
| 12 | 12 | ||
| 13 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 14 | noblacklist ${PATH}/python2* | ||
| 15 | noblacklist ${PATH}/python3* | ||
| 16 | noblacklist /usr/lib/python2* | ||
| 17 | noblacklist /usr/lib/python3* | ||
| 18 | |||
| 13 | include /etc/firejail/disable-common.inc | 19 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 20 | include /etc/firejail/disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
| 17 | 24 | ||
diff --git a/etc/qlipper.profile b/etc/qlipper.profile index 796015654..237cd240b 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/Qlipper | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 36ce0cda6..e422d2196 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/qpdfview | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/qtox.profile b/etc/qtox.profile index 648282db4..26697eeaa 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/tox | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/quassel.profile b/etc/quassel.profile index af0f723f1..6783d5a43 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
| 13 | caps.drop all | 14 | caps.drop all |
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 94c64f2dd..c9e7f9089 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.local/share/QuiteRss | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index e59a94bf8..947689d96 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/qupzilla | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 43c2bf5c7..8849cc7b8 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
| @@ -9,8 +9,15 @@ noblacklist ${HOME}/.cache/qutebrowser | |||
| 9 | noblacklist ${HOME}/.config/qutebrowser | 9 | noblacklist ${HOME}/.config/qutebrowser |
| 10 | noblacklist ${HOME}/.local/share/qutebrowser | 10 | noblacklist ${HOME}/.local/share/qutebrowser |
| 11 | 11 | ||
| 12 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 13 | noblacklist ${PATH}/python2* | ||
| 14 | noblacklist ${PATH}/python3* | ||
| 15 | noblacklist /usr/lib/python2* | ||
| 16 | noblacklist /usr/lib/python3* | ||
| 17 | |||
| 12 | include /etc/firejail/disable-common.inc | 18 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 19 | include /etc/firejail/disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
| 15 | 22 | ||
| 16 | mkdir ${HOME}/.cache/qutebrowser | 23 | mkdir ${HOME}/.cache/qutebrowser |
diff --git a/etc/rambox.profile b/etc/rambox.profile index f17f1d202..afe9b41e7 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.pki | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
| 15 | mkdir ${HOME}/.config/Rambox | 16 | mkdir ${HOME}/.config/Rambox |
diff --git a/etc/ranger.profile b/etc/ranger.profile index fd5bbf89c..94b282669 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile | |||
| @@ -5,14 +5,15 @@ include /etc/firejail/ranger.local | |||
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
| 8 | # noblacklist /usr/bin/cpan* | 8 | # noblacklist ${PATH}/cpan* |
| 9 | noblacklist /usr/bin/perl | 9 | noblacklist ${PATH}/perl |
| 10 | noblacklist /usr/lib/perl* | 10 | noblacklist /usr/lib/perl* |
| 11 | noblacklist /usr/share/perl* | 11 | noblacklist /usr/share/perl* |
| 12 | noblacklist ${HOME}/.config/ranger | 12 | noblacklist ${HOME}/.config/ranger |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | ||
| 16 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
| 18 | 19 | ||
diff --git a/etc/redeclipse.profile b/etc/redeclipse.profile index f0a993c54..536c7073c 100644 --- a/etc/redeclipse.profile +++ b/etc/redeclipse.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.redeclipse | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/remmina.profile b/etc/remmina.profile index cc209b84a..4cd93b567 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.ssh | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 6322f8217..38ccb886f 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/ricochet.profile b/etc/ricochet.profile index 6da0e21d5..e23e7c756 100644 --- a/etc/ricochet.profile +++ b/etc/ricochet.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/Ricochet | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/ristretto.profile b/etc/ristretto.profile index 114bb30f4..7628d386f 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.steam | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 413ea1ac9..57e933467 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/scribus.profile b/etc/scribus.profile index f9f585a20..f3759ffc9 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
| @@ -22,8 +22,15 @@ noblacklist ${HOME}/.local/share/okular | |||
| 22 | noblacklist ${HOME}/.local/share/scribus | 22 | noblacklist ${HOME}/.local/share/scribus |
| 23 | noblacklist ${HOME}/.scribus | 23 | noblacklist ${HOME}/.scribus |
| 24 | 24 | ||
| 25 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 26 | noblacklist ${PATH}/python2* | ||
| 27 | noblacklist ${PATH}/python3* | ||
| 28 | noblacklist /usr/lib/python2* | ||
| 29 | noblacklist /usr/lib/python3* | ||
| 30 | |||
| 25 | include /etc/firejail/disable-common.inc | 31 | include /etc/firejail/disable-common.inc |
| 26 | include /etc/firejail/disable-devel.inc | 32 | include /etc/firejail/disable-devel.inc |
| 33 | include /etc/firejail/disable-interpreters.inc | ||
| 27 | include /etc/firejail/disable-passwdmgr.inc | 34 | include /etc/firejail/disable-passwdmgr.inc |
| 28 | include /etc/firejail/disable-programs.inc | 35 | include /etc/firejail/disable-programs.inc |
| 29 | 36 | ||
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index 2f3d94f01..a0674acbc 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
| @@ -6,8 +6,15 @@ include /etc/firejail/sdat2img.local | |||
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
| 8 | 8 | ||
| 9 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 10 | noblacklist ${PATH}/python2* | ||
| 11 | noblacklist ${PATH}/python3* | ||
| 12 | noblacklist /usr/lib/python2* | ||
| 13 | noblacklist /usr/lib/python3* | ||
| 14 | |||
| 9 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
| 13 | 20 | ||
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 23072fc0f..423863cc2 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.pki | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
| 16 | mkdir ${HOME}/.cache/mozilla | 17 | mkdir ${HOME}/.cache/mozilla |
diff --git a/etc/server.profile b/etc/server.profile index 860e0056d..9cc906e55 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
| @@ -17,6 +17,7 @@ noblacklist /usr/sbin | |||
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include /etc/firejail/disable-common.inc |
| 19 | # include /etc/firejail/disable-devel.inc | 19 | # include /etc/firejail/disable-devel.inc |
| 20 | # include /etc/firejail/disable-interpreters.inc | ||
| 20 | include /etc/firejail/disable-passwdmgr.inc | 21 | include /etc/firejail/disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 22 | include /etc/firejail/disable-programs.inc |
| 22 | 23 | ||
diff --git a/etc/shotcut.profile b/etc/shotcut.profile index 293a89ba3..d76c486ea 100644 --- a/etc/shotcut.profile +++ b/etc/shotcut.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/Meltytech | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile index 2cb2f644e..c52f45f31 100644 --- a/etc/signal-desktop.profile +++ b/etc/signal-desktop.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/Signal | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | 15 | ||
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index 88bf23158..c83c56798 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | # include /etc/firejail/disable-devel.inc | 10 | # include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index a205024cc..02c7cc6ed 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.cache/simple-scan | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/simutrans.profile b/etc/simutrans.profile index adde3f8ce..41832011e 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.simutrans | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 4fa649654..0eb70e698 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/skype.profile b/etc/skype.profile index b12f9879e..f08542079 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.Skype | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile index ebfab3681..015709247 100644 --- a/etc/skypeforlinux.profile +++ b/etc/skypeforlinux.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/skypeforlinux | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/slack.profile b/etc/slack.profile index da1f86638..c198ddfdd 100644 --- a/etc/slack.profile +++ b/etc/slack.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/Downloads | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 187b0674a..63c13ff37 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.mplayer | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/smtube.profile b/etc/smtube.profile index a8f57f07e..040a7c754 100644 --- a/etc/smtube.profile +++ b/etc/smtube.profile | |||
| @@ -14,6 +14,7 @@ noblacklist ${HOME}/.local/share/vlc | |||
| 14 | 14 | ||
| 15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
| 16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
| 17 | include /etc/firejail/disable-interpreters.inc | ||
| 17 | include /etc/firejail/disable-passwdmgr.inc | 18 | include /etc/firejail/disable-passwdmgr.inc |
| 18 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
| 19 | 20 | ||
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index 1f64567ef..944417083 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/spotify.profile b/etc/spotify.profile index dfd3bae7f..0d395fe9e 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
| @@ -17,6 +17,7 @@ noblacklist ${HOME}/.local/share/spotify | |||
| 17 | 17 | ||
| 18 | include /etc/firejail/disable-common.inc | 18 | include /etc/firejail/disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 19 | include /etc/firejail/disable-devel.inc |
| 20 | include /etc/firejail/disable-interpreters.inc | ||
| 20 | include /etc/firejail/disable-passwdmgr.inc | 21 | include /etc/firejail/disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 22 | include /etc/firejail/disable-programs.inc |
| 22 | 23 | ||
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 22c37645d..4c473a9ad 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/sqlitebrowser | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index e3e323616..e7eb01eb5 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile | |||
| @@ -8,6 +8,7 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
| 11 | include /etc/firejail/disable-interpreters.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
diff --git a/etc/steam.profile b/etc/steam.profile index bcdea9bc7..e1e6fd0e1 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
| @@ -26,6 +26,7 @@ noblacklist /sbin | |||
| 26 | 26 | ||
| 27 | include /etc/firejail/disable-common.inc | 27 | include /etc/firejail/disable-common.inc |
| 28 | include /etc/firejail/disable-devel.inc | 28 | include /etc/firejail/disable-devel.inc |
| 29 | include /etc/firejail/disable-interpreters.inc | ||
| 29 | include /etc/firejail/disable-passwdmgr.inc | 30 | include /etc/firejail/disable-passwdmgr.inc |
| 30 | include /etc/firejail/disable-programs.inc | 31 | include /etc/firejail/disable-programs.inc |
| 31 | 32 | ||
diff --git a/etc/stellarium.profile b/etc/stellarium.profile index 889a21a60..a174dcd42 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.stellarium | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index 24f42c276..84083e9aa 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.local/share/supertux2 | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/surf.profile b/etc/surf.profile index b91c09885..46c4a363c 100644 --- a/etc/surf.profile +++ b/etc/surf.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.surf | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | ||
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
| 14 | mkdir ${HOME}/.surf | 15 | mkdir ${HOME}/.surf |
diff --git a/etc/sylpheed.profile b/etc/sylpheed.profile index c4d93a0e3..54edbd20d 100644 --- a/etc/sylpheed.profile +++ b/etc/sylpheed.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.sylpheed-2.0 | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index be9c2aa64..677920266 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.synfig | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/teamspeak3.profile b/etc/teamspeak3.profile index 3e2c71a24..ad7564bb6 100644 --- a/etc/teamspeak3.profile +++ b/etc/teamspeak3.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${PATH}/openssl | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/telegram.profile b/etc/telegram.profile index ba5512ed3..db055a898 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/TelegramDesktop | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
| 15 | caps.drop all | 16 | caps.drop all |
diff --git a/etc/terasology.profile b/etc/terasology.profile index e671c4dc3..0a4067341 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/terasology | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/tilp.profile b/etc/tilp.profile index a6165fbfe..a9cccbd7b 100644 --- a/etc/tilp.profile +++ b/etc/tilp.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.tilp | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/tor.profile b/etc/tor.profile index bd129ae29..5029cf9b1 100644 --- a/etc/tor.profile +++ b/etc/tor.profile | |||
| @@ -18,6 +18,7 @@ include /etc/firejail/globals.local | |||
| 18 | 18 | ||
| 19 | include /etc/firejail/disable-common.inc | 19 | include /etc/firejail/disable-common.inc |
| 20 | include /etc/firejail/disable-devel.inc | 20 | include /etc/firejail/disable-devel.inc |
| 21 | include /etc/firejail/disable-interpreters.inc | ||
| 21 | include /etc/firejail/disable-passwdmgr.inc | 22 | include /etc/firejail/disable-passwdmgr.inc |
| 22 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
| 23 | 24 | ||
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index c1f15fcbf..a63798731 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
| @@ -8,8 +8,15 @@ include /etc/firejail/globals.local | |||
| 8 | noblacklist ${HOME}/.config/torbrowser | 8 | noblacklist ${HOME}/.config/torbrowser |
| 9 | noblacklist ${HOME}/.local/share/torbrowser | 9 | noblacklist ${HOME}/.local/share/torbrowser |
| 10 | 10 | ||
| 11 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 12 | noblacklist ${PATH}/python2* | ||
| 13 | noblacklist ${PATH}/python3* | ||
| 14 | noblacklist /usr/lib/python2* | ||
| 15 | noblacklist /usr/lib/python3* | ||
| 16 | |||
| 11 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
| 15 | 22 | ||
diff --git a/etc/totem.profile b/etc/totem.profile index ad3845d90..fecf12a4c 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/totem | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/tracker.profile b/etc/tracker.profile index f3dfb2d4e..fc58fc479 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile | |||
| @@ -11,6 +11,7 @@ blacklist /tmp/.X11-unix | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 867716ab3..8b50859fc 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/transmission | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index bedc8d370..6366aa89d 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/transmission | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index a8fb80fd8..added7067 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/transmission | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 575bf77dc..06b79effd 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/transmission | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/truecraft.profile b/etc/truecraft.profile index 4e48f6c6b..1eb7b65ba 100644 --- a/etc/truecraft.profile +++ b/etc/truecraft.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/truecraft | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index 1a426cbf6..b07c7c359 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile | |||
| @@ -8,8 +8,15 @@ include /etc/firejail/globals.local | |||
| 8 | noblacklist ${HOME}/.java | 8 | noblacklist ${HOME}/.java |
| 9 | noblacklist ${HOME}/.tuxguitar* | 9 | noblacklist ${HOME}/.tuxguitar* |
| 10 | 10 | ||
| 11 | # Allow access to java | ||
| 12 | noblacklist ${PATH}/java | ||
| 13 | noblacklist /usr/lib/java | ||
| 14 | noblacklist /etc/java | ||
| 15 | noblacklist /usr/share/java | ||
| 16 | |||
| 11 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
| 15 | 22 | ||
diff --git a/etc/uefitool.profile b/etc/uefitool.profile index a10b44fb1..2ab2d2652 100644 --- a/etc/uefitool.profile +++ b/etc/uefitool.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 8fbc3b7e6..3c3c685e0 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/uGet | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
| 14 | mkdir ${HOME}/.config/uGet | 15 | mkdir ${HOME}/.config/uGet |
diff --git a/etc/unbound.profile b/etc/unbound.profile index 3735d1d3f..35bda2edc 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
| @@ -12,6 +12,7 @@ noblacklist /usr/sbin | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index 1070a6c2c..0a3549c97 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.gnupg | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
| 15 | mkdir ${HOME}/.config/uzbl | 16 | mkdir ${HOME}/.config/uzbl |
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 135147266..d867e0e05 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
| @@ -13,6 +13,7 @@ noblacklist ${HOME}/.steam | |||
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | ||
| 16 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
| 18 | 19 | ||
diff --git a/etc/viking.profile b/etc/viking.profile index 30e89b511..fa87b915c 100644 --- a/etc/viking.profile +++ b/etc/viking.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.viking-maps | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/vlc.profile b/etc/vlc.profile index c8c84b992..6b0bee7bd 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/vlc | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/vym.profile b/etc/vym.profile index b73916b0f..f926bf1f4 100644 --- a/etc/vym.profile +++ b/etc/vym.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/InSilmaril | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/w3m.profile b/etc/w3m.profile index d35ed9ae0..59544f5b5 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.w3m | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index d8d68da64..e339b4100 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.warzone2100-3.* | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index d6318c81b..732b37df0 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/wesnoth | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/wine.profile b/etc/wine.profile index 266d05d0f..914a2225f 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
| @@ -15,6 +15,7 @@ noblacklist /usr/lib/llvm* | |||
| 15 | 15 | ||
| 16 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
| 17 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
| 18 | include /etc/firejail/disable-interpreters.inc | ||
| 18 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
| 19 | 20 | ||
| 20 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/wire.profile b/etc/wire.profile index fc25cbc1e..e43ba792e 100644 --- a/etc/wire.profile +++ b/etc/wire.profile | |||
| @@ -13,6 +13,7 @@ noblacklist ${HOME}/.config/wire | |||
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
| 16 | include /etc/firejail/disable-interpreters.inc | ||
| 16 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
| 17 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
| 18 | 19 | ||
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index ba717cfe5..5130a4e64 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.wireshark | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/xcalc.profile b/etc/xcalc.profile index 8493fe658..9e68ab17d 100644 --- a/etc/xcalc.profile +++ b/etc/xcalc.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/xed.profile b/etc/xed.profile index 5d46560b7..ded4f846d 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/xed | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/xfburn.profile b/etc/xfburn.profile index fc90f67e2..b63e430f6 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/xfburn | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile index ab52d17e9..0be0b56a5 100644 --- a/etc/xfce4-dict.profile +++ b/etc/xfce4-dict.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/xfce4-dict | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index 868b4796b..484b66722 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/notes | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/xiphos.profile b/etc/xiphos.profile index d9b1a01b0..9358fe192 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.xiphos | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/xmms.profile b/etc/xmms.profile index 717c81fd0..b3e567443 100644 --- a/etc/xmms.profile +++ b/etc/xmms.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.xmms | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile index 151a4c694..ec98d8557 100644 --- a/etc/xmr-stak.profile +++ b/etc/xmr-stak.profile | |||
| @@ -10,6 +10,7 @@ noblacklist /usr/lib/llvm* | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 7a466db9b..1d2493f36 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.xonotic | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/xpdf.profile b/etc/xpdf.profile index 9eeda4d29..e61e9f5a8 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.xpdfrc | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 14 | 15 | ||
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 7e475bd58..5e37519f2 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/xplayer | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/xpra.profile b/etc/xpra.profile index 849bb9868..0535d85a5 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile | |||
| @@ -15,8 +15,15 @@ include /etc/firejail/globals.local | |||
| 15 | 15 | ||
| 16 | blacklist /media | 16 | blacklist /media |
| 17 | 17 | ||
| 18 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 19 | noblacklist ${PATH}/python2* | ||
| 20 | noblacklist ${PATH}/python3* | ||
| 21 | noblacklist /usr/lib/python2* | ||
| 22 | noblacklist /usr/lib/python3* | ||
| 23 | |||
| 18 | include /etc/firejail/disable-common.inc | 24 | include /etc/firejail/disable-common.inc |
| 19 | include /etc/firejail/disable-devel.inc | 25 | include /etc/firejail/disable-devel.inc |
| 26 | include /etc/firejail/disable-interpreters.inc | ||
| 20 | include /etc/firejail/disable-passwdmgr.inc | 27 | include /etc/firejail/disable-passwdmgr.inc |
| 21 | include /etc/firejail/disable-programs.inc | 28 | include /etc/firejail/disable-programs.inc |
| 22 | 29 | ||
diff --git a/etc/xreader.profile b/etc/xreader.profile index 1ddfad26f..c7bcb56a2 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/xreader | |||
| 11 | 11 | ||
| 12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
| 14 | include /etc/firejail/disable-interpreters.inc | ||
| 14 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 16 | 17 | ||
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 26f9f0238..aa582a56a 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
| @@ -12,6 +12,7 @@ noblacklist ${HOME}/.steam | |||
| 12 | 12 | ||
| 13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-interpreters.inc | ||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
| 17 | 18 | ||
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index d41591fd6..965517293 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
| @@ -8,8 +8,15 @@ include /etc/firejail/globals.local | |||
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.netrc | 9 | noblacklist ${HOME}/.netrc |
| 10 | 10 | ||
| 11 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 12 | noblacklist ${PATH}/python2* | ||
| 13 | noblacklist ${PATH}/python3* | ||
| 14 | noblacklist /usr/lib/python2* | ||
| 15 | noblacklist /usr/lib/python3* | ||
| 16 | |||
| 11 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
| 19 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
| 15 | 22 | ||
diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile index 3cce79a2e..8e63014ce 100644 --- a/etc/zaproxy.profile +++ b/etc/zaproxy.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.ZAP | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/zart.profile b/etc/zart.profile index 60eb09c71..e7fb83b29 100644 --- a/etc/zart.profile +++ b/etc/zart.profile | |||
| @@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
| 7 | 7 | ||
| 8 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
| 9 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
| 10 | include /etc/firejail/disable-interpreters.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
| 11 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
| 12 | 13 | ||
diff --git a/etc/zathura.profile b/etc/zathura.profile index 3edece779..b47aeb0da 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
| @@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/zathura | |||
| 10 | 10 | ||
| 11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
| 12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
| 13 | include /etc/firejail/disable-interpreters.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
| 14 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| 15 | 16 | ||
diff --git a/etc/zoom.profile b/etc/zoom.profile index 061efb44d..419c25f18 100644 --- a/etc/zoom.profile +++ b/etc/zoom.profile | |||
| @@ -9,6 +9,7 @@ noblacklist ${HOME}/.config/zoomus.conf | |||
| 9 | 9 | ||
| 10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-interpreters.inc | ||
| 12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 13 | 14 | ||
| 14 | mkdir ${HOME}/.zoom | 15 | mkdir ${HOME}/.zoom |