aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar crass <development@efficientek.com>2018-10-17 01:02:22 -0500
committerLibravatar GitHub <noreply@github.com>2018-10-17 01:02:22 -0500
commit40927dfecc4a7a7f917222e866a7b56ff4249d1b (patch)
treea13b25eba80c7c90d31f93a88d8fa606db03d299
parentMerge pull request #2158 from crass/profile_conditional (diff)
parentRemove "/etc/firejail/" from all include paths, now that profile_read will se... (diff)
downloadfirejail-40927dfecc4a7a7f917222e866a7b56ff4249d1b.tar.gz
firejail-40927dfecc4a7a7f917222e866a7b56ff4249d1b.tar.zst
firejail-40927dfecc4a7a7f917222e866a7b56ff4249d1b.zip
Merge pull request #2156 from crass/improve-include-handling
Improve include handling
Diffstat
-rw-r--r--etc/0ad.profile16
-rw-r--r--etc/2048-qt.profile18
-rw-r--r--etc/7z.profile6
-rw-r--r--etc/7za.profile6
-rw-r--r--etc/7zr.profile6
-rw-r--r--etc/Cryptocat.profile14
-rw-r--r--etc/Cyberfox.profile2
-rw-r--r--etc/Discord.profile6
-rw-r--r--etc/DiscordCanary.profile6
-rw-r--r--etc/FossaMail.profile2
-rw-r--r--etc/Fritzing.profile18
-rw-r--r--etc/Gitter.profile2
-rw-r--r--etc/JDownloader.profile20
-rw-r--r--etc/Mathematica.profile16
-rw-r--r--etc/Natron.profile2
-rw-r--r--etc/QMediathekView.profile16
-rw-r--r--etc/Telegram.profile2
-rw-r--r--etc/Thunar.profile14
-rw-r--r--etc/Viber.profile16
-rw-r--r--etc/VirtualBox.profile2
-rw-r--r--etc/XMind.profile16
-rw-r--r--etc/Xephyr.profile6
-rw-r--r--etc/Xvfb.profile6
-rw-r--r--etc/abrowser.profile6
-rw-r--r--etc/acat.profile6
-rw-r--r--etc/adiff.profile6
-rw-r--r--etc/akonadi_control.profile16
-rw-r--r--etc/akregator.profile18
-rw-r--r--etc/als.profile6
-rw-r--r--etc/amarok.profile18
-rw-r--r--etc/amule.profile16
-rw-r--r--etc/android-studio.profile12
-rw-r--r--etc/anydesk.profile16
-rw-r--r--etc/aosp.profile14
-rw-r--r--etc/apack.profile6
-rw-r--r--etc/apktool.profile14
-rw-r--r--etc/arch-audit.profile16
-rw-r--r--etc/archaudit-report.profile18
-rw-r--r--etc/ardour4.profile2
-rw-r--r--etc/ardour5.profile16
-rw-r--r--etc/arduino.profile16
-rw-r--r--etc/arepack.profile6
-rw-r--r--etc/aria2c.profile16
-rw-r--r--etc/ark.profile16
-rw-r--r--etc/arm.profile16
-rw-r--r--etc/artha.profile14
-rw-r--r--etc/asunder.profile18
-rw-r--r--etc/atom-beta.profile4
-rw-r--r--etc/atom.profile10
-rw-r--r--etc/atool.profile14
-rw-r--r--etc/atril-previewer.profile6
-rw-r--r--etc/atril-thumbnailer.profile6
-rw-r--r--etc/atril.profile18
-rw-r--r--etc/audacious.profile18
-rw-r--r--etc/audacity.profile18
-rw-r--r--etc/aunpack.profile6
-rw-r--r--etc/authenticator.profile14
-rw-r--r--etc/aweather.profile18
-rw-r--r--etc/awesome.profile6
-rw-r--r--etc/baloo_file.profile16
-rw-r--r--etc/baloo_filemetadata_temp_extractor.profile6
-rw-r--r--etc/baobab.profile14
-rw-r--r--etc/basilisk.profile6
-rw-r--r--etc/beaker.profile12
-rw-r--r--etc/bibletime.profile16
-rw-r--r--etc/bitcoin-qt.profile18
-rw-r--r--etc/bitlbee.profile16
-rw-r--r--etc/blackbox.profile6
-rw-r--r--etc/bleachbit.profile14
-rw-r--r--etc/blender-2.8.profile2
-rw-r--r--etc/blender.profile14
-rw-r--r--etc/bless.profile16
-rw-r--r--etc/bluefish.profile16
-rw-r--r--etc/bnox.profile6
-rw-r--r--etc/brackets.profile10
-rw-r--r--etc/brasero.profile14
-rw-r--r--etc/brave.profile6
-rw-r--r--etc/bsdcat.profile2
-rw-r--r--etc/bsdcpio.profile2
-rw-r--r--etc/bsdtar.profile14
-rw-r--r--etc/bunzip2.profile6
-rw-r--r--etc/caja.profile14
-rw-r--r--etc/calibre.profile16
-rw-r--r--etc/calligra.profile14
-rw-r--r--etc/calligraauthor.profile2
-rw-r--r--etc/calligraconverter.profile2
-rw-r--r--etc/calligraflow.profile2
-rw-r--r--etc/calligraplan.profile2
-rw-r--r--etc/calligraplanwork.profile2
-rw-r--r--etc/calligrasheets.profile2
-rw-r--r--etc/calligrastage.profile2
-rw-r--r--etc/calligrawords.profile2
-rw-r--r--etc/catfish.profile16
-rw-r--r--etc/checkbashisms.profile18
-rw-r--r--etc/cherrytree.profile16
-rw-r--r--etc/chromium-browser.profile2
-rw-r--r--etc/chromium-common.profile16
-rw-r--r--etc/chromium.profile6
-rw-r--r--etc/cin.profile14
-rw-r--r--etc/cinelerra.profile2
-rw-r--r--etc/clamav.profile4
-rw-r--r--etc/clamdscan.profile2
-rw-r--r--etc/clamdtop.profile2
-rw-r--r--etc/clamscan.profile2
-rw-r--r--etc/clamtk.profile4
-rw-r--r--etc/claws-mail.profile14
-rw-r--r--etc/clementine.profile18
-rw-r--r--etc/clion.profile10
-rw-r--r--etc/clipit.profile16
-rw-r--r--etc/cliqz.profile6
-rw-r--r--etc/cmus.profile16
-rw-r--r--etc/code.profile10
-rw-r--r--etc/conkeror.profile10
-rw-r--r--etc/conky.profile16
-rw-r--r--etc/corebird.profile18
-rw-r--r--etc/cower.profile14
-rw-r--r--etc/cpio.profile10
-rw-r--r--etc/cryptocat.profile2
-rw-r--r--etc/curl.profile10
-rw-r--r--etc/cvlc.profile6
-rw-r--r--etc/cyberfox.profile6
-rw-r--r--etc/darktable.profile16
-rw-r--r--etc/deadbeef.profile16
-rw-r--r--etc/default.profile16
-rw-r--r--etc/deluge.profile18
-rw-r--r--etc/desktop.profile16
-rw-r--r--etc/devilspie.profile14
-rw-r--r--etc/devilspie2.profile14
-rw-r--r--etc/dex2jar.profile18
-rw-r--r--etc/dia.profile16
-rw-r--r--etc/dig.profile20
-rw-r--r--etc/digikam.profile18
-rw-r--r--etc/dillo.profile18
-rw-r--r--etc/dino.profile16
-rw-r--r--etc/disable-common.inc2
-rw-r--r--etc/disable-devel.inc2
-rw-r--r--etc/disable-interpreters.inc2
-rw-r--r--etc/disable-passwdmgr.inc2
-rw-r--r--etc/disable-programs.inc2
-rw-r--r--etc/disable-xdg.inc2
-rw-r--r--etc/discord-canary.profile6
-rw-r--r--etc/discord-common.profile12
-rw-r--r--etc/discord.profile6
-rw-r--r--etc/display.profile18
-rw-r--r--etc/dnox.profile6
-rw-r--r--etc/dnscrypt-proxy.profile16
-rw-r--r--etc/dnsmasq.profile16
-rw-r--r--etc/dolphin.profile14
-rw-r--r--etc/dooble-qt4.profile2
-rw-r--r--etc/dooble.profile16
-rw-r--r--etc/dosbox.profile18
-rw-r--r--etc/dragon.profile18
-rw-r--r--etc/dropbox.profile16
-rw-r--r--etc/easystroke.profile14
-rw-r--r--etc/ebook-viewer.profile2
-rw-r--r--etc/electron.profile10
-rw-r--r--etc/electrum.profile20
-rw-r--r--etc/elinks.profile16
-rw-r--r--etc/emacs.profile10
-rw-r--r--etc/empathy.profile12
-rw-r--r--etc/enchant-2.profile6
-rw-r--r--etc/enchant-lsmod-2.profile6
-rw-r--r--etc/enchant-lsmod.profile6
-rw-r--r--etc/enchant.profile16
-rw-r--r--etc/engrampa.profile16
-rw-r--r--etc/enox.profile6
-rw-r--r--etc/enpass.profile18
-rw-r--r--etc/eog.profile16
-rw-r--r--etc/eom.profile16
-rw-r--r--etc/epiphany.profile14
-rw-r--r--etc/etr.profile14
-rw-r--r--etc/evince-previewer.profile6
-rw-r--r--etc/evince-thumbnailer.profile6
-rw-r--r--etc/evince.profile18
-rw-r--r--etc/evolution.profile14
-rw-r--r--etc/exiftool.profile14
-rw-r--r--etc/falkon.profile18
-rw-r--r--etc/fbreader.profile18
-rw-r--r--etc/feh.profile14
-rw-r--r--etc/fetchmail.profile14
-rw-r--r--etc/ffmpeg.profile16
-rw-r--r--etc/file-roller.profile16
-rw-r--r--etc/file.profile10
-rw-r--r--etc/filezilla.profile14
-rw-r--r--etc/firefox-beta.profile6
-rw-r--r--etc/firefox-common-addons.inc2
-rw-r--r--etc/firefox-common.profile18
-rw-r--r--etc/firefox-developer-edition.profile6
-rw-r--r--etc/firefox-esr.profile6
-rw-r--r--etc/firefox-nightly.profile6
-rw-r--r--etc/firefox-wayland.profile6
-rw-r--r--etc/firefox.profile6
-rw-r--r--etc/flameshot.profile16
-rw-r--r--etc/flashpeak-slimjet.profile6
-rw-r--r--etc/flowblade.profile14
-rw-r--r--etc/fluxbox.profile6
-rw-r--r--etc/fontforge.profile16
-rw-r--r--etc/fossamail.profile8
-rw-r--r--etc/franz.profile14
-rw-r--r--etc/freecad.profile16
-rw-r--r--etc/freecadcmd.profile2
-rw-r--r--etc/freshclam.profile4
-rw-r--r--etc/frozen-bubble.profile18
-rw-r--r--etc/gajim.profile16
-rw-r--r--etc/galculator.profile18
-rw-r--r--etc/gcloud.profile10
-rw-r--r--etc/geany.profile10
-rw-r--r--etc/geary.profile8
-rw-r--r--etc/gedit.profile16
-rw-r--r--etc/geeqie.profile14
-rw-r--r--etc/ghb.profile2
-rw-r--r--etc/gimp-2.10.profile2
-rw-r--r--etc/gimp-2.8.profile2
-rw-r--r--etc/gimp.profile14
-rw-r--r--etc/git.profile10
-rw-r--r--etc/gitg.profile16
-rw-r--r--etc/gitter.profile16
-rw-r--r--etc/gjs.profile14
-rw-r--r--etc/globaltime.profile16
-rw-r--r--etc/gnome-2048.profile18
-rw-r--r--etc/gnome-books.profile18
-rw-r--r--etc/gnome-builder.profile10
-rw-r--r--etc/gnome-calculator.profile20
-rw-r--r--etc/gnome-chess.profile18
-rw-r--r--etc/gnome-clocks.profile18
-rw-r--r--etc/gnome-contacts.profile20
-rw-r--r--etc/gnome-documents.profile16
-rw-r--r--etc/gnome-font-viewer.profile18
-rw-r--r--etc/gnome-logs.profile18
-rw-r--r--etc/gnome-maps.profile18
-rw-r--r--etc/gnome-mplayer.profile16
-rw-r--r--etc/gnome-mpv.profile18
-rw-r--r--etc/gnome-music.profile18
-rw-r--r--etc/gnome-photos.profile16
-rw-r--r--etc/gnome-pie.profile14
-rw-r--r--etc/gnome-recipes.profile18
-rw-r--r--etc/gnome-ring.profile16
-rw-r--r--etc/gnome-twitch.profile16
-rw-r--r--etc/gnome-weather.profile18
-rw-r--r--etc/goobox.profile16
-rw-r--r--etc/google-chrome-beta.profile6
-rw-r--r--etc/google-chrome-stable.profile2
-rw-r--r--etc/google-chrome-unstable.profile6
-rw-r--r--etc/google-chrome.profile6
-rw-r--r--etc/google-earth.profile16
-rw-r--r--etc/google-play-music-desktop-player.profile16
-rw-r--r--etc/gpa.profile14
-rw-r--r--etc/gpg-agent.profile14
-rw-r--r--etc/gpg.profile14
-rw-r--r--etc/gpicview.profile16
-rw-r--r--etc/gpredict.profile16
-rw-r--r--etc/gradio.profile18
-rw-r--r--etc/gtar.profile2
-rw-r--r--etc/gthumb.profile14
-rw-r--r--etc/guayadeque.profile16
-rw-r--r--etc/gucharmap.profile16
-rw-r--r--etc/gunzip.profile6
-rw-r--r--etc/gwenview.profile16
-rw-r--r--etc/gzip.profile6
-rw-r--r--etc/handbrake-gtk.profile2
-rw-r--r--etc/handbrake.profile18
-rw-r--r--etc/hashcat.profile16
-rw-r--r--etc/hedgewars.profile16
-rw-r--r--etc/hexchat.profile18
-rw-r--r--etc/highlight.profile14
-rw-r--r--etc/hugin.profile16
-rw-r--r--etc/i3.profile6
-rw-r--r--etc/icecat.profile6
-rw-r--r--etc/icedove.profile8
-rw-r--r--etc/iceweasel.profile6
-rw-r--r--etc/idea.profile6
-rw-r--r--etc/idea.sh.profile10
-rw-r--r--etc/ideaIC.profile6
-rw-r--r--etc/imagej.profile14
-rw-r--r--etc/img2txt.profile16
-rw-r--r--etc/inkscape.profile18
-rw-r--r--etc/inox.profile6
-rw-r--r--etc/iridium-browser.profile2
-rw-r--r--etc/iridium.profile6
-rw-r--r--etc/itch.profile16
-rw-r--r--etc/jd-gui.profile18
-rw-r--r--etc/jdownloader.profile6
-rw-r--r--etc/jitsi.profile14
-rw-r--r--etc/k3b.profile18
-rw-r--r--etc/kaffeine.profile18
-rw-r--r--etc/karbon.profile2
-rw-r--r--etc/kate.profile16
-rw-r--r--etc/kcalc.profile18
-rw-r--r--etc/kdeinit4.profile16
-rw-r--r--etc/kdenlive.profile14
-rw-r--r--etc/keepass.profile16
-rw-r--r--etc/keepass2.profile2
-rw-r--r--etc/keepassx.profile18
-rw-r--r--etc/keepassx2.profile2
-rw-r--r--etc/keepassxc.profile18
-rw-r--r--etc/kget.profile16
-rw-r--r--etc/kino.profile14
-rw-r--r--etc/kmail.profile16
-rw-r--r--etc/knotes.profile6
-rw-r--r--etc/kodi.profile18
-rw-r--r--etc/konversation.profile16
-rw-r--r--etc/kopete.profile16
-rw-r--r--etc/krita.profile16
-rw-r--r--etc/krunner.profile16
-rw-r--r--etc/ktorrent.profile18
-rw-r--r--etc/kwin_x11.profile16
-rw-r--r--etc/kwrite.profile18
-rw-r--r--etc/lbunzip2.profile2
-rw-r--r--etc/lbzcat.profile2
-rw-r--r--etc/lbzip2.profile2
-rw-r--r--etc/leafpad.profile16
-rw-r--r--etc/less.profile6
-rw-r--r--etc/libreoffice.profile14
-rw-r--r--etc/liferea.profile18
-rw-r--r--etc/linphone.profile16
-rw-r--r--etc/lmms.profile16
-rw-r--r--etc/lobase.profile2
-rw-r--r--etc/localc.profile2
-rw-r--r--etc/lodraw.profile2
-rw-r--r--etc/loffice.profile2
-rw-r--r--etc/lofromtemplate.profile2
-rw-r--r--etc/loimpress.profile2
-rw-r--r--etc/lollypop.profile18
-rw-r--r--etc/lomath.profile2
-rw-r--r--etc/loweb.profile2
-rw-r--r--etc/lowriter.profile2
-rw-r--r--etc/luminance-hdr.profile16
-rw-r--r--etc/lximage-qt.profile14
-rw-r--r--etc/lxmusic.profile18
-rw-r--r--etc/lynx.profile16
-rw-r--r--etc/lzcat.profile2
-rw-r--r--etc/lzcmp.profile2
-rw-r--r--etc/lzdiff.profile2
-rw-r--r--etc/lzegrep.profile2
-rw-r--r--etc/lzfgrep.profile2
-rw-r--r--etc/lzgrep.profile2
-rw-r--r--etc/lzip.profile2
-rw-r--r--etc/lzless.profile2
-rw-r--r--etc/lzma.profile2
-rw-r--r--etc/lzmadec.profile2
-rw-r--r--etc/lzmainfo.profile2
-rw-r--r--etc/lzmore.profile2
-rw-r--r--etc/macrofusion.profile16
-rw-r--r--etc/makepkg.profile10
-rw-r--r--etc/masterpdfeditor.profile16
-rw-r--r--etc/masterpdfeditor4.profile6
-rw-r--r--etc/masterpdfeditor5.profile6
-rw-r--r--etc/mate-calc.profile14
-rw-r--r--etc/mate-calculator.profile2
-rw-r--r--etc/mate-color-select.profile14
-rw-r--r--etc/mate-dictionary.profile14
-rw-r--r--etc/mathematica.profile2
-rw-r--r--etc/mcabber.profile14
-rw-r--r--etc/mediainfo.profile14
-rw-r--r--etc/mediathekview.profile16
-rw-r--r--etc/meld.profile14
-rw-r--r--etc/mencoder.profile16
-rw-r--r--etc/midori.profile14
-rw-r--r--etc/min.profile16
-rw-r--r--etc/minetest.profile18
-rw-r--r--etc/mousepad.profile16
-rw-r--r--etc/mpd.profile16
-rw-r--r--etc/mplayer.profile18
-rw-r--r--etc/mpv.profile18
-rw-r--r--etc/ms-excel.profile6
-rw-r--r--etc/ms-office.profile14
-rw-r--r--etc/ms-onenote.profile6
-rw-r--r--etc/ms-outlook.profile6
-rw-r--r--etc/ms-powerpoint.profile6
-rw-r--r--etc/ms-skype.profile6
-rw-r--r--etc/ms-word.profile6
-rw-r--r--etc/multimc5.profile16
-rw-r--r--etc/mumble.profile18
-rw-r--r--etc/mupdf.profile18
-rw-r--r--etc/mupen64plus.profile16
-rw-r--r--etc/musescore.profile18
-rw-r--r--etc/musixmatch.profile14
-rw-r--r--etc/mutt.profile14
-rw-r--r--etc/natron.profile14
-rw-r--r--etc/nautilus.profile14
-rw-r--r--etc/ncdu.profile4
-rw-r--r--etc/nemo.profile12
-rw-r--r--etc/netsurf.profile14
-rw-r--r--etc/neverball.profile16
-rw-r--r--etc/nheko.profile16
-rw-r--r--etc/nitroshare-cli.profile2
-rw-r--r--etc/nitroshare-nmh.profile2
-rw-r--r--etc/nitroshare-send.profile2
-rw-r--r--etc/nitroshare-ui.profile2
-rw-r--r--etc/nitroshare.profile14
-rw-r--r--etc/nylas.profile16
-rw-r--r--etc/obs.profile18
-rw-r--r--etc/odt2txt.profile16
-rw-r--r--etc/okular.profile18
-rw-r--r--etc/onionshare-gui.profile16
-rw-r--r--etc/open-invaders.profile16
-rw-r--r--etc/openbox.profile6
-rw-r--r--etc/openshot-qt.profile2
-rw-r--r--etc/openshot.profile16
-rw-r--r--etc/opera-beta.profile6
-rw-r--r--etc/opera.profile6
-rw-r--r--etc/orage.profile16
-rw-r--r--etc/p7zip.profile6
-rw-r--r--etc/palemoon.profile6
-rw-r--r--etc/parole.profile16
-rw-r--r--etc/patch.profile16
-rw-r--r--etc/pcmanfm.profile14
-rw-r--r--etc/pdfchain.profile18
-rw-r--r--etc/pdfmod.profile18
-rw-r--r--etc/pdfsam.profile16
-rw-r--r--etc/pdftotext.profile18
-rw-r--r--etc/peek.profile16
-rw-r--r--etc/picard.profile18
-rw-r--r--etc/pidgin.profile14
-rw-r--r--etc/ping.profile20
-rw-r--r--etc/pingus.profile16
-rw-r--r--etc/pinta.profile16
-rw-r--r--etc/pithos.profile20
-rw-r--r--etc/pitivi.profile16
-rw-r--r--etc/pix.profile14
-rw-r--r--etc/playonlinux.profile12
-rw-r--r--etc/pluma.profile16
-rw-r--r--etc/polari.profile14
-rw-r--r--etc/ppsspp.profile18
-rw-r--r--etc/psi-plus.profile16
-rw-r--r--etc/pybitmessage.profile16
-rw-r--r--etc/pycharm-community.profile12
-rw-r--r--etc/pycharm-professional.profile2
-rw-r--r--etc/qbittorrent.profile18
-rw-r--r--etc/qemu-launcher.profile10
-rw-r--r--etc/qemu-system-x86_64.profile10
-rw-r--r--etc/qlipper.profile16
-rw-r--r--etc/qmmp.profile14
-rw-r--r--etc/qpdfview.profile18
-rw-r--r--etc/qtox.profile18
-rw-r--r--etc/quassel.profile12
-rw-r--r--etc/quiterss.profile16
-rw-r--r--etc/qupzilla.profile18
-rw-r--r--etc/qutebrowser.profile14
-rw-r--r--etc/rambox.profile14
-rw-r--r--etc/ranger.profile14
-rw-r--r--etc/redeclipse.profile18
-rw-r--r--etc/remmina.profile18
-rw-r--r--etc/rhythmbox.profile18
-rw-r--r--etc/ricochet.profile16
-rw-r--r--etc/riot-desktop.profile6
-rw-r--r--etc/riot-web.profile8
-rw-r--r--etc/ristretto.profile14
-rw-r--r--etc/rocketchat.profile8
-rw-r--r--etc/rtorrent.profile14
-rw-r--r--etc/runenpass.sh.profile2
-rw-r--r--etc/rview.profile6
-rw-r--r--etc/rvim.profile6
-rw-r--r--etc/sayonara.profile14
-rw-r--r--etc/scallion.profile16
-rw-r--r--etc/scribus.profile18
-rw-r--r--etc/sdat2img.profile18
-rw-r--r--etc/seamonkey-bin.profile2
-rw-r--r--etc/seamonkey.profile14
-rw-r--r--etc/server.profile16
-rw-r--r--etc/shellcheck.profile18
-rw-r--r--etc/shotcut.profile14
-rw-r--r--etc/signal-desktop.profile18
-rw-r--r--etc/silentarmy.profile18
-rw-r--r--etc/simple-scan.profile16
-rw-r--r--etc/simutrans.profile16
-rw-r--r--etc/skanlite.profile16
-rw-r--r--etc/skype.profile14
-rw-r--r--etc/skypeforlinux.profile14
-rw-r--r--etc/slack.profile18
-rw-r--r--etc/smplayer.profile18
-rw-r--r--etc/smtube.profile18
-rw-r--r--etc/snap.profile12
-rw-r--r--etc/snox.profile6
-rw-r--r--etc/soffice.profile2
-rw-r--r--etc/soundconverter.profile18
-rw-r--r--etc/spectre-meltdown-checker.profile18
-rw-r--r--etc/spotify.profile18
-rw-r--r--etc/sqlitebrowser.profile18
-rw-r--r--etc/ssh-agent.profile10
-rw-r--r--etc/ssh.profile10
-rw-r--r--etc/standardnotes-desktop.profile16
-rw-r--r--etc/start-tor-browser.desktop.profile2
-rw-r--r--etc/start-tor-browser.profile18
-rw-r--r--etc/steam-native.profile2
-rw-r--r--etc/steam.profile16
-rw-r--r--etc/stellarium.profile18
-rw-r--r--etc/strings.profile6
-rw-r--r--etc/studio.sh.profile2
-rw-r--r--etc/supertux2.profile18
-rw-r--r--etc/surf.profile14
-rw-r--r--etc/sylpheed.profile14
-rw-r--r--etc/synfigstudio.profile14
-rw-r--r--etc/tar.profile6
-rw-r--r--etc/teamspeak3.profile16
-rw-r--r--etc/telegram-desktop.profile2
-rw-r--r--etc/telegram.profile12
-rw-r--r--etc/terasology.profile16
-rw-r--r--etc/thunar.profile2
-rw-r--r--etc/thunderbird-beta.profile2
-rw-r--r--etc/thunderbird.profile6
-rw-r--r--etc/tilp.profile14
-rw-r--r--etc/tor-browser-ar.profile2
-rw-r--r--etc/tor-browser-en-us.profile2
-rw-r--r--etc/tor-browser-en.profile2
-rw-r--r--etc/tor-browser-es-es.profile2
-rw-r--r--etc/tor-browser-es.profile2
-rw-r--r--etc/tor-browser-fa.profile2
-rw-r--r--etc/tor-browser-fr.profile2
-rw-r--r--etc/tor-browser-it.profile2
-rw-r--r--etc/tor-browser-ja.profile2
-rw-r--r--etc/tor-browser-ko.profile2
-rw-r--r--etc/tor-browser-pl.profile2
-rw-r--r--etc/tor-browser-pt-br.profile2
-rw-r--r--etc/tor-browser-ru.profile2
-rw-r--r--etc/tor-browser-vi.profile2
-rw-r--r--etc/tor-browser-zh-cn.profile2
-rw-r--r--etc/tor.profile16
-rw-r--r--etc/torbrowser-launcher.profile20
-rw-r--r--etc/totem.profile18
-rw-r--r--etc/tracker.profile14
-rw-r--r--etc/transmission-cli.profile14
-rw-r--r--etc/transmission-gtk.profile18
-rw-r--r--etc/transmission-qt.profile18
-rw-r--r--etc/transmission-show.profile14
-rw-r--r--etc/truecraft.profile16
-rw-r--r--etc/tuxguitar.profile18
-rw-r--r--etc/uefitool.profile16
-rw-r--r--etc/uget-gtk.profile14
-rw-r--r--etc/unbound.profile16
-rw-r--r--etc/unknown-horizons.profile12
-rw-r--r--etc/unlzma.profile2
-rw-r--r--etc/unrar.profile6
-rw-r--r--etc/unxz.profile2
-rw-r--r--etc/unzip.profile6
-rw-r--r--etc/uudeview.profile6
-rw-r--r--etc/uzbl-browser.profile14
-rw-r--r--etc/viewnior.profile14
-rw-r--r--etc/viking.profile16
-rw-r--r--etc/vim.profile10
-rw-r--r--etc/vimcat.profile6
-rw-r--r--etc/vimdiff.profile6
-rw-r--r--etc/vimpager.profile6
-rw-r--r--etc/vimtutor.profile6
-rw-r--r--etc/virtualbox.profile14
-rw-r--r--etc/vivaldi-beta.profile2
-rw-r--r--etc/vivaldi-snapshot.profile6
-rw-r--r--etc/vivaldi-stable.profile2
-rw-r--r--etc/vivaldi.profile6
-rw-r--r--etc/vlc.profile18
-rw-r--r--etc/vym.profile14
-rw-r--r--etc/w3m.profile16
-rw-r--r--etc/warzone2100.profile18
-rw-r--r--etc/waterfox.profile6
-rw-r--r--etc/webstorm.profile14
-rw-r--r--etc/weechat-curses.profile2
-rw-r--r--etc/weechat.profile8
-rw-r--r--etc/wesnoth.profile16
-rw-r--r--etc/wget.profile12
-rw-r--r--etc/whitelist-common.inc2
-rw-r--r--etc/whitelist-var-common.inc2
-rw-r--r--etc/whois.profile18
-rw-r--r--etc/wine.profile12
-rw-r--r--etc/wire-desktop.profile16
-rw-r--r--etc/wireshark-gtk.profile2
-rw-r--r--etc/wireshark-qt.profile2
-rw-r--r--etc/wireshark.profile18
-rw-r--r--etc/x-terminal-emulator.profile4
-rw-r--r--etc/xcalc.profile18
-rw-r--r--etc/xchat.profile10
-rw-r--r--etc/xed.profile16
-rw-r--r--etc/xfburn.profile14
-rw-r--r--etc/xfce4-dict.profile14
-rw-r--r--etc/xfce4-notes.profile14
-rw-r--r--etc/xiphos.profile16
-rw-r--r--etc/xmms.profile16
-rw-r--r--etc/xmr-stak.profile18
-rw-r--r--etc/xonotic-glx.profile2
-rw-r--r--etc/xonotic-sdl.profile2
-rw-r--r--etc/xonotic.profile18
-rw-r--r--etc/xpdf.profile18
-rw-r--r--etc/xplayer-audio-preview.profile6
-rw-r--r--etc/xplayer-video-thumbnailer.profile6
-rw-r--r--etc/xplayer.profile18
-rw-r--r--etc/xpra.profile14
-rw-r--r--etc/xreader-previewer.profile6
-rw-r--r--etc/xreader-thumbnailer.profile6
-rw-r--r--etc/xreader.profile18
-rw-r--r--etc/xviewer.profile16
-rw-r--r--etc/xxd.profile6
-rw-r--r--etc/xz.profile2
-rw-r--r--etc/xzcat.profile2
-rw-r--r--etc/xzcmp.profile2
-rw-r--r--etc/xzdec.profile6
-rw-r--r--etc/xzdiff.profile2
-rw-r--r--etc/xzegrep.profile2
-rw-r--r--etc/xzfgrep.profile2
-rw-r--r--etc/xzgrep.profile2
-rw-r--r--etc/xzless.profile2
-rw-r--r--etc/xzmore.profile2
-rw-r--r--etc/yandex-browser.profile6
-rw-r--r--etc/youtube-dl.profile18
-rw-r--r--etc/zaproxy.profile18
-rw-r--r--etc/zart.profile16
-rw-r--r--etc/zathura.profile16
-rw-r--r--etc/zoom.profile14
-rw-r--r--src/firejail/profile.c23
-rw-r--r--src/man/firejail-profile.txt4
608 files changed, 3424 insertions, 3415 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile
index f9320f6c7..d20fdb014 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -2,19 +2,19 @@
2# Description: Real-time strategy game of ancient warfare 2# Description: Real-time strategy game of ancient warfare
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/0ad.local 5include 0ad.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/0ad 9noblacklist ${HOME}/.cache/0ad
10noblacklist ${HOME}/.config/0ad 10noblacklist ${HOME}/.config/0ad
11noblacklist ${HOME}/.local/share/0ad 11noblacklist ${HOME}/.local/share/0ad
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.cache/0ad 19mkdir ${HOME}/.cache/0ad
20mkdir ${HOME}/.config/0ad 20mkdir ${HOME}/.config/0ad
@@ -22,7 +22,7 @@ mkdir ${HOME}/.local/share/0ad
22whitelist ${HOME}/.cache/0ad 22whitelist ${HOME}/.cache/0ad
23whitelist ${HOME}/.config/0ad 23whitelist ${HOME}/.config/0ad
24whitelist ${HOME}/.local/share/0ad 24whitelist ${HOME}/.local/share/0ad
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile
index 56b38f5a2..03e71485a 100644
--- a/etc/2048-qt.profile
+++ b/etc/2048-qt.profile
@@ -2,25 +2,25 @@
2# Description: Mathematics based puzzle game 2# Description: Mathematics based puzzle game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/2048-qt.local 5include 2048-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/2048-qt 9noblacklist ${HOME}/.config/2048-qt
10noblacklist ${HOME}/.config/xiaoyong 10noblacklist ${HOME}/.config/xiaoyong
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/2048-qt 18mkdir ${HOME}/.config/2048-qt
19mkdir ${HOME}/.config/xiaoyong 19mkdir ${HOME}/.config/xiaoyong
20whitelist ${HOME}/.config/2048-qt 20whitelist ${HOME}/.config/2048-qt
21whitelist ${HOME}/.config/xiaoyong 21whitelist ${HOME}/.config/xiaoyong
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/7z.profile b/etc/7z.profile
index e3f27b93f..909f3baf8 100644
--- a/etc/7z.profile
+++ b/etc/7z.profile
@@ -2,10 +2,10 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/7z.local 5include 7z.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included default.profile 7# added by included default.profile
8#include /etc/firejail/globals.local 8#include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
@@ -22,4 +22,4 @@ tracelog
22 22
23private-dev 23private-dev
24 24
25include /etc/firejail/default.profile 25include default.profile
diff --git a/etc/7za.profile b/etc/7za.profile
index e035bf4f5..28e483a8c 100644
--- a/etc/7za.profile
+++ b/etc/7za.profile
@@ -1,10 +1,10 @@
1# Firejail profile for 7za 1# Firejail profile for 7za
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/7za.local 4include 7za.local
5# Persistent global definitions 5# Persistent global definitions
6# added by included profile 6# added by included profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9# Redirect 9# Redirect
10include /etc/firejail/7z.profile 10include 7z.profile
diff --git a/etc/7zr.profile b/etc/7zr.profile
index e48c5494e..1b85badbc 100644
--- a/etc/7zr.profile
+++ b/etc/7zr.profile
@@ -1,10 +1,10 @@
1# Firejail profile for 7zr 1# Firejail profile for 7zr
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/7zr.local 4include 7zr.local
5# Persistent global definitions 5# Persistent global definitions
6# added by included profile 6# added by included profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9# Redirect 9# Redirect
10include /etc/firejail/7z.profile 10include 7z.profile
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile
index f1336be3e..cd5229576 100644
--- a/etc/Cryptocat.profile
+++ b/etc/Cryptocat.profile
@@ -1,17 +1,17 @@
1# Firejail profile for Cryptocat 1# Firejail profile for Cryptocat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Cryptocat.local 4include Cryptocat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Cryptocat 8noblacklist ${HOME}/.config/Cryptocat
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
diff --git a/etc/Cyberfox.profile b/etc/Cyberfox.profile
index 202bc26f4..2fb21e3cf 100644
--- a/etc/Cyberfox.profile
+++ b/etc/Cyberfox.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/cyberfox.profile 6include cyberfox.profile
diff --git a/etc/Discord.profile b/etc/Discord.profile
index 951357387..9a8957265 100644
--- a/etc/Discord.profile
+++ b/etc/Discord.profile
@@ -1,9 +1,9 @@
1# Firejail profile for Discord 1# Firejail profile for Discord
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Discord.local 4include Discord.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.config/discord 9noblacklist ${HOME}/.config/discord
@@ -15,4 +15,4 @@ private-bin Discord
15private-opt Discord 15private-opt Discord
16 16
17#Redirect 17#Redirect
18include /etc/firejail/discord-common.profile 18include discord-common.profile
diff --git a/etc/DiscordCanary.profile b/etc/DiscordCanary.profile
index f7b0e2c56..0624ff949 100644
--- a/etc/DiscordCanary.profile
+++ b/etc/DiscordCanary.profile
@@ -1,9 +1,9 @@
1# Firejail profile for DiscordCanary 1# Firejail profile for DiscordCanary
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/DiscordCanary.local 4include DiscordCanary.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.config/discordcanary 9noblacklist ${HOME}/.config/discordcanary
@@ -15,4 +15,4 @@ private-bin DiscordCanary
15private-opt DiscordCanary 15private-opt DiscordCanary
16 16
17#Redirect 17#Redirect
18include /etc/firejail/discord-common.profile 18include discord-common.profile
diff --git a/etc/FossaMail.profile b/etc/FossaMail.profile
index 01e338ef2..55fd43515 100644
--- a/etc/FossaMail.profile
+++ b/etc/FossaMail.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/fossamail.profile 6include fossamail.profile
diff --git a/etc/Fritzing.profile b/etc/Fritzing.profile
index 2e4d235b6..1e8fd0ffe 100644
--- a/etc/Fritzing.profile
+++ b/etc/Fritzing.profile
@@ -2,21 +2,21 @@
2# Description: Easy-to-use electronic design software 2# Description: Easy-to-use electronic design software
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/Fritzing.local 5include Fritzing.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Fritzing 9noblacklist ${HOME}/.config/Fritzing
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
diff --git a/etc/Gitter.profile b/etc/Gitter.profile
index b12dbd450..53e66d108 100644
--- a/etc/Gitter.profile
+++ b/etc/Gitter.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/gitter.profile 6include gitter.profile
diff --git a/etc/JDownloader.profile b/etc/JDownloader.profile
index 659a41603..6eb8886bc 100644
--- a/etc/JDownloader.profile
+++ b/etc/JDownloader.profile
@@ -1,9 +1,9 @@
1# Firejail profile for JDownloader 1# Firejail profile for JDownloader
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/JDownloader.local 4include JDownloader.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.jd 9noblacklist ${HOME}/.jd
@@ -14,18 +14,18 @@ noblacklist /usr/lib/java
14noblacklist /etc/java 14noblacklist /etc/java
15noblacklist /usr/share/java 15noblacklist /usr/share/java
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.jd 24mkdir ${HOME}/.jd
25whitelist ${HOME}/.jd 25whitelist ${HOME}/.jd
26whitelist ${DOWNLOADS} 26whitelist ${DOWNLOADS}
27include /etc/firejail/whitelist-common.inc 27include whitelist-common.inc
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30caps.drop all 30caps.drop all
31ipc-namespace 31ipc-namespace
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile
index deff02028..6aba2678b 100644
--- a/etc/Mathematica.profile
+++ b/etc/Mathematica.profile
@@ -1,25 +1,25 @@
1# Firejail profile for Mathematica 1# Firejail profile for Mathematica
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Mathematica.local 4include Mathematica.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.Mathematica 8noblacklist ${HOME}/.Mathematica
9noblacklist ${HOME}/.Wolfram Research 9noblacklist ${HOME}/.Wolfram Research
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.Mathematica 17mkdir ${HOME}/.Mathematica
18mkdir ${HOME}/.Wolfram Research 18mkdir ${HOME}/.Wolfram Research
19whitelist ${HOME}/.Mathematica 19whitelist ${HOME}/.Mathematica
20whitelist ${HOME}/.Wolfram Research 20whitelist ${HOME}/.Wolfram Research
21whitelist ${HOME}/Documents/Wolfram Mathematica 21whitelist ${HOME}/Documents/Wolfram Mathematica
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25nodvd 25nodvd
diff --git a/etc/Natron.profile b/etc/Natron.profile
index b21790fe4..aadd68c5c 100644
--- a/etc/Natron.profile
+++ b/etc/Natron.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/natron.profile 6include natron.profile
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile
index 558f62f0e..f969cd855 100644
--- a/etc/QMediathekView.profile
+++ b/etc/QMediathekView.profile
@@ -2,9 +2,9 @@
2# Description: Search, download or stream files from mediathek.de 2# Description: Search, download or stream files from mediathek.de
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/QMediathekView.local 5include QMediathekView.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/QMediathekView 9noblacklist ${HOME}/.config/QMediathekView
10noblacklist ${HOME}/.local/share/QMediathekView 10noblacklist ${HOME}/.local/share/QMediathekView
@@ -18,13 +18,13 @@ noblacklist ${HOME}/.local/share/totem
18noblacklist ${HOME}/.local/share/xplayer 18noblacklist ${HOME}/.local/share/xplayer
19noblacklist ${HOME}/.mplayer 19noblacklist ${HOME}/.mplayer
20 20
21include /etc/firejail/disable-common.inc 21include disable-common.inc
22include /etc/firejail/disable-devel.inc 22include disable-devel.inc
23include /etc/firejail/disable-interpreters.inc 23include disable-interpreters.inc
24include /etc/firejail/disable-passwdmgr.inc 24include disable-passwdmgr.inc
25include /etc/firejail/disable-programs.inc 25include disable-programs.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30netfilter 30netfilter
diff --git a/etc/Telegram.profile b/etc/Telegram.profile
index df6557a90..51e4d9765 100644
--- a/etc/Telegram.profile
+++ b/etc/Telegram.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/telegram.profile 6include telegram.profile
diff --git a/etc/Thunar.profile b/etc/Thunar.profile
index 6de6cfb30..9937f3883 100644
--- a/etc/Thunar.profile
+++ b/etc/Thunar.profile
@@ -2,19 +2,19 @@
2# Description: File Manager for Xfce 2# Description: File Manager for Xfce
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/Thunar.local 5include Thunar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/Trash 9noblacklist ${HOME}/.local/share/Trash
10noblacklist ${HOME}/.config/Thunar 10noblacklist ${HOME}/.config/Thunar
11noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml 11noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17# include /etc/firejail/disable-programs.inc 17# include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/Viber.profile b/etc/Viber.profile
index cb9d01e03..01bb49a99 100644
--- a/etc/Viber.profile
+++ b/etc/Viber.profile
@@ -1,22 +1,22 @@
1# Firejail profile for Viber 1# Firejail profile for Viber
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Viber.local 4include Viber.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.ViberPC 9noblacklist ${HOME}/.ViberPC
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.ViberPC 18whitelist ${HOME}/.ViberPC
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
diff --git a/etc/VirtualBox.profile b/etc/VirtualBox.profile
index c84b8a4ad..5fe8f1c57 100644
--- a/etc/VirtualBox.profile
+++ b/etc/VirtualBox.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/virtualbox.profile 7include virtualbox.profile
diff --git a/etc/XMind.profile b/etc/XMind.profile
index ff6258ca2..2f650950c 100644
--- a/etc/XMind.profile
+++ b/etc/XMind.profile
@@ -1,22 +1,22 @@
1# Firejail profile for XMind 1# Firejail profile for XMind
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/XMind.local 4include XMind.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.xmind 8noblacklist ${HOME}/.xmind
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.xmind 16mkdir ${HOME}/.xmind
17whitelist ${HOME}/.xmind 17whitelist ${HOME}/.xmind
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile
index c0c322b67..56e0cf8e7 100644
--- a/etc/Xephyr.profile
+++ b/etc/Xephyr.profile
@@ -1,9 +1,9 @@
1# Firejail profile for Xephyr 1# Firejail profile for Xephyr
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Xephyr.local 4include Xephyr.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# 8#
9# This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. 9# This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr.
@@ -18,7 +18,7 @@ include /etc/firejail/globals.local
18blacklist /media 18blacklist /media
19 19
20whitelist /var/lib/xkb 20whitelist /var/lib/xkb
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24# Xephyr needs to be allowed access to the abstract Unix socket namespace. 24# Xephyr needs to be allowed access to the abstract Unix socket namespace.
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile
index 4ae2d20d2..d71a69903 100644
--- a/etc/Xvfb.profile
+++ b/etc/Xvfb.profile
@@ -2,9 +2,9 @@
2# Description: Virtual Framebuffer 'fake' X server 2# Description: Virtual Framebuffer 'fake' X server
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/Xvfb.local 5include Xvfb.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# 9#
10# This profile will sandbox Xvfb server itself when used with firejail --x11=xvfb. 10# This profile will sandbox Xvfb server itself when used with firejail --x11=xvfb.
@@ -20,7 +20,7 @@ include /etc/firejail/globals.local
20blacklist /media 20blacklist /media
21 21
22whitelist /var/lib/xkb 22whitelist /var/lib/xkb
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
26# Xvfb needs to be allowed access to the abstract Unix socket namespace. 26# Xvfb needs to be allowed access to the abstract Unix socket namespace.
diff --git a/etc/abrowser.profile b/etc/abrowser.profile
index d757d6f49..010247c6b 100644
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@@ -1,9 +1,9 @@
1# Firejail profile for abrowser 1# Firejail profile for abrowser
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/abrowser.local 4include abrowser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
@@ -18,4 +18,4 @@ whitelist ${HOME}/.mozilla
18 18
19 19
20# Redirect 20# Redirect
21include /etc/firejail/firefox-common.profile 21include firefox-common.profile
diff --git a/etc/acat.profile b/etc/acat.profile
index 08593585c..0b4579035 100644
--- a/etc/acat.profile
+++ b/etc/acat.profile
@@ -1,9 +1,9 @@
1# Firejail profile for acat 1# Firejail profile for acat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/acat.local 4include acat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/adiff.profile b/etc/adiff.profile
index 2c114d765..9073b1477 100644
--- a/etc/adiff.profile
+++ b/etc/adiff.profile
@@ -1,9 +1,9 @@
1# Firejail profile for adiff 1# Firejail profile for adiff
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/adiff.local 4include adiff.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile
index 0cbe306e8..7ea57e235 100644
--- a/etc/akonadi_control.profile
+++ b/etc/akonadi_control.profile
@@ -1,8 +1,8 @@
1# Firejail profile for akonadi_control 1# Firejail profile for akonadi_control
2# Persistent local customizations 2# Persistent local customizations
3include /etc/firejail/akonadi_control.local 3include akonadi_control.local
4# Persistent global definitions 4# Persistent global definitions
5include /etc/firejail/globals.local 5include globals.local
6 6
7noblacklist ${HOME}/.cache/akonadi* 7noblacklist ${HOME}/.cache/akonadi*
8noblacklist ${HOME}/.config/akonadi* 8noblacklist ${HOME}/.config/akonadi*
@@ -20,13 +20,13 @@ noblacklist ${HOME}/.local/share/notes
20noblacklist /tmp/akonadi-* 20noblacklist /tmp/akonadi-*
21noblacklist /usr/sbin 21noblacklist /usr/sbin
22 22
23include /etc/firejail/disable-common.inc 23include disable-common.inc
24include /etc/firejail/disable-devel.inc 24include disable-devel.inc
25include /etc/firejail/disable-interpreters.inc 25include disable-interpreters.inc
26include /etc/firejail/disable-passwdmgr.inc 26include disable-passwdmgr.inc
27include /etc/firejail/disable-programs.inc 27include disable-programs.inc
28 28
29include /etc/firejail/whitelist-var-common.inc 29include whitelist-var-common.inc
30 30
31# disabled options below are not compatible with the apparmor profile for mysqld-akonadi. 31# disabled options below are not compatible with the apparmor profile for mysqld-akonadi.
32# this affects ubuntu and debian currently 32# this affects ubuntu and debian currently
diff --git a/etc/akregator.profile b/etc/akregator.profile
index af8dd2a3e..8147e33e5 100644
--- a/etc/akregator.profile
+++ b/etc/akregator.profile
@@ -2,26 +2,26 @@
2# Description: RSS/Atom feed aggregator 2# Description: RSS/Atom feed aggregator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/akregator.local 5include akregator.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/akregatorrc 9noblacklist ${HOME}/.config/akregatorrc
10noblacklist ${HOME}/.local/share/akregator 10noblacklist ${HOME}/.local/share/akregator
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkfile ${HOME}/.config/akregatorrc 18mkfile ${HOME}/.config/akregatorrc
19mkdir ${HOME}/.local/share/akregator 19mkdir ${HOME}/.local/share/akregator
20whitelist ${HOME}/.config/akregatorrc 20whitelist ${HOME}/.config/akregatorrc
21whitelist ${HOME}/.local/share/akregator 21whitelist ${HOME}/.local/share/akregator
22whitelist ${HOME}/.local/share/kssl 22whitelist ${HOME}/.local/share/kssl
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27netfilter 27netfilter
diff --git a/etc/als.profile b/etc/als.profile
index 8cd9a9182..24b8b976b 100644
--- a/etc/als.profile
+++ b/etc/als.profile
@@ -1,9 +1,9 @@
1# Firejail profile for als 1# Firejail profile for als
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/als.local 4include als.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/amarok.profile b/etc/amarok.profile
index 3ee50a20b..71bd87241 100644
--- a/etc/amarok.profile
+++ b/etc/amarok.profile
@@ -2,20 +2,20 @@
2# Description: Easy to use media player based on the KDE Platform 2# Description: Easy to use media player based on the KDE Platform
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/amarok.local 5include amarok.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/amule.profile b/etc/amule.profile
index f052a312f..a7b6f0770 100644
--- a/etc/amule.profile
+++ b/etc/amule.profile
@@ -2,22 +2,22 @@
2# Description: Client for the eD2k and Kad networks, like eMule 2# Description: Client for the eD2k and Kad networks, like eMule
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/amule.local 5include amule.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10noblacklist ${HOME}/.aMule 10noblacklist ${HOME}/.aMule
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.aMule 19whitelist ${HOME}/.aMule
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
diff --git a/etc/android-studio.profile b/etc/android-studio.profile
index 8f5cd56cc..180e4871b 100644
--- a/etc/android-studio.profile
+++ b/etc/android-studio.profile
@@ -1,9 +1,9 @@
1# Firejail profile for android-studio 1# Firejail profile for android-studio
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/android-studio.local 4include android-studio.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.AndroidStudio* 8noblacklist ${HOME}/.AndroidStudio*
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
@@ -16,11 +16,11 @@ noblacklist ${HOME}/.local/share/JetBrains
16noblacklist ${HOME}/.ssh 16noblacklist ${HOME}/.ssh
17noblacklist ${HOME}/.tooling 17noblacklist ${HOME}/.tooling
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/anydesk.profile b/etc/anydesk.profile
index 17e083f4e..bd66f984b 100644
--- a/etc/anydesk.profile
+++ b/etc/anydesk.profile
@@ -1,21 +1,21 @@
1# Firejail profile for AnyDesk 1# Firejail profile for AnyDesk
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/anydesk.local 4include anydesk.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.anydesk 8noblacklist ${HOME}/.anydesk
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15 15
16mkdir ${HOME}/.anydesk 16mkdir ${HOME}/.anydesk
17whitelist ${HOME}/.anydesk 17whitelist ${HOME}/.anydesk
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/aosp.profile b/etc/aosp.profile
index 8622d6acd..a4eea4bad 100644
--- a/etc/aosp.profile
+++ b/etc/aosp.profile
@@ -1,9 +1,9 @@
1# Firejail profile for aosp 1# Firejail profile for aosp
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/aosp.local 4include aosp.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
@@ -18,12 +18,12 @@ noblacklist ${HOME}/.repoconfig
18noblacklist ${HOME}/.ssh 18noblacklist ${HOME}/.ssh
19noblacklist ${HOME}/.tooling 19noblacklist ${HOME}/.tooling
20 20
21include /etc/firejail/disable-common.inc 21include disable-common.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29ipc-namespace 29ipc-namespace
diff --git a/etc/apack.profile b/etc/apack.profile
index ad44b227e..bd5e49a01 100644
--- a/etc/apack.profile
+++ b/etc/apack.profile
@@ -1,9 +1,9 @@
1# Firejail profile for apack 1# Firejail profile for apack
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/apack.local 4include apack.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/apktool.profile b/etc/apktool.profile
index d157b1478..552c35321 100644
--- a/etc/apktool.profile
+++ b/etc/apktool.profile
@@ -3,16 +3,16 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/apktool.local 6include apktool.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13include /etc/firejail/disable-xdg.inc 13include disable-xdg.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile
index 9cd200ef2..e76f86fa4 100644
--- a/etc/arch-audit.profile
+++ b/etc/arch-audit.profile
@@ -3,19 +3,19 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/arch-audit.local 6include arch-audit.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10 10
11noblacklist /var/lib/pacman 11noblacklist /var/lib/pacman
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile
index 27b15412f..1b029d1ac 100644
--- a/etc/archaudit-report.profile
+++ b/etc/archaudit-report.profile
@@ -2,21 +2,21 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/archaudit-report.local 5include archaudit-report.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10noblacklist /var/lib/pacman 10noblacklist /var/lib/pacman
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
diff --git a/etc/ardour4.profile b/etc/ardour4.profile
index 7d1163174..5c22b57d0 100644
--- a/etc/ardour4.profile
+++ b/etc/ardour4.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/ardour5.profile 6include ardour5.profile
diff --git a/etc/ardour5.profile b/etc/ardour5.profile
index 99649cc3f..9bce48b91 100644
--- a/etc/ardour5.profile
+++ b/etc/ardour5.profile
@@ -1,9 +1,9 @@
1# Firejail profile for ardour5 1# Firejail profile for ardour5
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ardour5.local 4include ardour5.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/ardour4 8noblacklist ${HOME}/.config/ardour4
9noblacklist ${HOME}/.config/ardour5 9noblacklist ${HOME}/.config/ardour5
@@ -12,12 +12,12 @@ noblacklist ${HOME}/.vst
12noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13noblacklist ${MUSIC} 13noblacklist ${MUSIC}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
diff --git a/etc/arduino.profile b/etc/arduino.profile
index 9f28cada4..6c2375fae 100644
--- a/etc/arduino.profile
+++ b/etc/arduino.profile
@@ -2,9 +2,9 @@
2# Description: AVR development board IDE and built-in libraries 2# Description: AVR development board IDE and built-in libraries
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/arduino.local 5include arduino.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.arduino15 9noblacklist ${HOME}/.arduino15
10noblacklist ${HOME}/.java 10noblacklist ${HOME}/.java
@@ -17,12 +17,12 @@ noblacklist /usr/lib/java
17noblacklist /etc/java 17noblacklist /etc/java
18noblacklist /usr/share/java 18noblacklist /usr/share/java
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/arepack.profile b/etc/arepack.profile
index f7a9f724a..f5584b2be 100644
--- a/etc/arepack.profile
+++ b/etc/arepack.profile
@@ -1,9 +1,9 @@
1# Firejail profile for arepack 1# Firejail profile for arepack
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/arepack.local 4include arepack.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/aria2c.profile b/etc/aria2c.profile
index 4231c58ff..bc341d710 100644
--- a/etc/aria2c.profile
+++ b/etc/aria2c.profile
@@ -2,18 +2,18 @@
2# Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink 2# Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/aria2c.local 5include aria2c.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.aria2 9noblacklist ${HOME}/.aria2
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
diff --git a/etc/ark.profile b/etc/ark.profile
index d5a7f45f4..75dc76c7f 100644
--- a/etc/ark.profile
+++ b/etc/ark.profile
@@ -2,19 +2,19 @@
2# Description: Archive utility 2# Description: Archive utility
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ark.local 5include ark.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/arkrc 9noblacklist ${HOME}/.config/arkrc
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19apparmor 19apparmor
20caps.drop all 20caps.drop all
diff --git a/etc/arm.profile b/etc/arm.profile
index da9b45928..667b8f06e 100644
--- a/etc/arm.profile
+++ b/etc/arm.profile
@@ -2,9 +2,9 @@
2# Description: Terminal status monitor for Tor relays 2# Description: Terminal status monitor for Tor relays
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/arm.local 5include arm.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.arm 9noblacklist ${HOME}/.arm
10 10
@@ -14,15 +14,15 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.arm 23mkdir ${HOME}/.arm
24whitelist ${HOME}/.arm 24whitelist ${HOME}/.arm
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28ipc-namespace 28ipc-namespace
diff --git a/etc/artha.profile b/etc/artha.profile
index befe9295f..7b0c6735b 100644
--- a/etc/artha.profile
+++ b/etc/artha.profile
@@ -2,18 +2,18 @@
2# Description: A free cross-platform English thesaurus based on WordNet 2# Description: A free cross-platform English thesaurus based on WordNet
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/artha.local 5include artha.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/artha.conf 9noblacklist ${HOME}/.config/artha.conf
10noblacklist ${HOME}/.config/enchant 10noblacklist ${HOME}/.config/enchant
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
diff --git a/etc/asunder.profile b/etc/asunder.profile
index 9c059ed0a..4efe62c39 100644
--- a/etc/asunder.profile
+++ b/etc/asunder.profile
@@ -2,9 +2,9 @@
2# Description: Graphical audio CD ripper and encoder 2# Description: Graphical audio CD ripper and encoder
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/asunder.local 5include asunder.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/asunder 9noblacklist ${HOME}/.config/asunder
10noblacklist ${HOME}/.asunder_album_genre 10noblacklist ${HOME}/.asunder_album_genre
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.asunder_album_title
12noblacklist ${HOME}/.asunder_album_artist 12noblacklist ${HOME}/.asunder_album_artist
13noblacklist ${MUSIC} 13noblacklist ${MUSIC}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24apparmor 24apparmor
25caps.drop all 25caps.drop all
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile
index a153d08b4..36baee5c4 100644
--- a/etc/atom-beta.profile
+++ b/etc/atom-beta.profile
@@ -1,6 +1,6 @@
1# Firejail profile for atom-beta 1# Firejail profile for atom-beta
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/atom-beta.local 4include atom-beta.local
5# Profile redirect 5# Profile redirect
6include /etc/firejail/atom.profile 6include atom.profile
diff --git a/etc/atom.profile b/etc/atom.profile
index 1ff4e162d..0d9626396 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -2,16 +2,16 @@
2# Description: A hackable text editor for the 21st Century 2# Description: A hackable text editor for the 21st Century
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/atom.local 5include atom.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.atom 9noblacklist ${HOME}/.atom
10noblacklist ${HOME}/.config/Atom 10noblacklist ${HOME}/.config/Atom
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17# net none 17# net none
diff --git a/etc/atool.profile b/etc/atool.profile
index c672ed11d..d7b02a23a 100644
--- a/etc/atool.profile
+++ b/etc/atool.profile
@@ -2,9 +2,9 @@
2# Description: Tool for managing file archives of various types 2# Description: Tool for managing file archives of various types
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/atool.local 5include atool.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
@@ -15,11 +15,11 @@ noblacklist ${PATH}/perl
15noblacklist /usr/lib/perl* 15noblacklist /usr/lib/perl*
16noblacklist /usr/share/perl* 16noblacklist /usr/share/perl*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19# include /etc/firejail/disable-devel.inc 19# include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/atril-previewer.profile b/etc/atril-previewer.profile
index 5d841bc0e..3f24acefa 100644
--- a/etc/atril-previewer.profile
+++ b/etc/atril-previewer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for atril-previewer 1# Firejail profile for atril-previewer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/atril-previewer.local 4include atril-previewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/atril.profile 10include atril.profile
diff --git a/etc/atril-thumbnailer.profile b/etc/atril-thumbnailer.profile
index 88c74735d..de4a52514 100644
--- a/etc/atril-thumbnailer.profile
+++ b/etc/atril-thumbnailer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for atril-thumbnailer 1# Firejail profile for atril-thumbnailer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/atril-thumbnailer.local 4include atril-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/atril.profile 10include atril.profile
diff --git a/etc/atril.profile b/etc/atril.profile
index 6e5286e5f..85c9c04ca 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -2,9 +2,9 @@
2# Description: MATE document viewer 2# Description: MATE document viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/atril.local 5include atril.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/atril 9noblacklist ${HOME}/.cache/atril
10noblacklist ${HOME}/.config/atril 10noblacklist ${HOME}/.config/atril
@@ -13,14 +13,14 @@ noblacklist ${DOCUMENTS}
13#noblacklist ${HOME}/.local/share 13#noblacklist ${HOME}/.local/share
14# it seems to use only ${HOME}/.local/share/webkitgtk 14# it seems to use only ${HOME}/.local/share/webkitgtk
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21include /etc/firejail/disable-xdg.inc 21include disable-xdg.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25# apparmor 25# apparmor
26caps.drop all 26caps.drop all
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 627c1a72d..9a95769ba 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -2,22 +2,22 @@
2# Description: Small and fast audio player which supports lots of formats 2# Description: Small and fast audio player which supports lots of formats
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/audacious.local 5include audacious.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Audaciousrc 9noblacklist ${HOME}/.config/Audaciousrc
10noblacklist ${HOME}/.config/audacious 10noblacklist ${HOME}/.config/audacious
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
diff --git a/etc/audacity.profile b/etc/audacity.profile
index 685319f7f..44237cdc5 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -2,22 +2,22 @@
2# Description: Fast, cross-platform audio editor 2# Description: Fast, cross-platform audio editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/audacity.local 5include audacity.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.audacity-data 9noblacklist ${HOME}/.audacity-data
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
diff --git a/etc/aunpack.profile b/etc/aunpack.profile
index 4f03ac60d..cde9473e3 100644
--- a/etc/aunpack.profile
+++ b/etc/aunpack.profile
@@ -1,9 +1,9 @@
1# Firejail profile for aunpack 1# Firejail profile for aunpack
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/aunpack.local 4include aunpack.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/authenticator.profile b/etc/authenticator.profile
index f10abdda8..46473484e 100644
--- a/etc/authenticator.profile
+++ b/etc/authenticator.profile
@@ -2,9 +2,9 @@
2# Description: 2FA code generator for GNOME 2# Description: 2FA code generator for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/authenticator.local 5include authenticator.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# blacklisted in 'disable-programs.local' 9# blacklisted in 'disable-programs.local'
10noblacklist ${HOME}/.config/Authenticator 10noblacklist ${HOME}/.config/Authenticator
@@ -13,11 +13,11 @@ noblacklist ${HOME}/.config/Authenticator
13noblacklist ${PATH}/python3* 13noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python3* 14noblacklist /usr/lib/python3*
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22# apparmor 22# apparmor
23caps.drop all 23caps.drop all
diff --git a/etc/aweather.profile b/etc/aweather.profile
index 823b07c8c..99829898b 100644
--- a/etc/aweather.profile
+++ b/etc/aweather.profile
@@ -2,22 +2,22 @@
2# Description: Advanced Weather Monitoring Program 2# Description: Advanced Weather Monitoring Program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/aweather.local 5include aweather.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/aweather 9noblacklist ${HOME}/.config/aweather
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/aweather 17mkdir ${HOME}/.config/aweather
18whitelist ${HOME}/.config/aweather 18whitelist ${HOME}/.config/aweather
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/awesome.profile b/etc/awesome.profile
index 49c1a4aad..5d1bf5071 100644
--- a/etc/awesome.profile
+++ b/etc/awesome.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/awesome.local 5include awesome.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10noblacklist ${HOME}/.config/awesome 10noblacklist ${HOME}/.config/awesome
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile
index 240573f44..d70825ecf 100644
--- a/etc/baloo_file.profile
+++ b/etc/baloo_file.profile
@@ -1,9 +1,9 @@
1# Firejail profile for baloo_file 1# Firejail profile for baloo_file
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/baloo_file.local 4include baloo_file.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/baloofilerc 8noblacklist ${HOME}/.config/baloofilerc
9noblacklist ${HOME}/.kde/share/config/baloofilerc 9noblacklist ${HOME}/.kde/share/config/baloofilerc
@@ -12,13 +12,13 @@ noblacklist ${HOME}/.kde4/share/config/baloofilerc
12noblacklist ${HOME}/.kde4/share/config/baloorc 12noblacklist ${HOME}/.kde4/share/config/baloorc
13noblacklist ${HOME}/.local/share/baloo 13noblacklist ${HOME}/.local/share/baloo
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24no3d 24no3d
diff --git a/etc/baloo_filemetadata_temp_extractor.profile b/etc/baloo_filemetadata_temp_extractor.profile
index 87f2949e6..94496ede8 100644
--- a/etc/baloo_filemetadata_temp_extractor.profile
+++ b/etc/baloo_filemetadata_temp_extractor.profile
@@ -2,12 +2,12 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/baloo_filemetadata_temp_extractor.local 5include baloo_filemetadata_temp_extractor.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9ignore read-write 9ignore read-write
10read-only ${HOME} 10read-only ${HOME}
11 11
12# Redirect 12# Redirect
13include /etc/firejail/baloo_file.profile 13include baloo_file.profile
diff --git a/etc/baobab.profile b/etc/baobab.profile
index d0c3f2712..4749601d6 100644
--- a/etc/baobab.profile
+++ b/etc/baobab.profile
@@ -2,15 +2,15 @@
2# Description: GNOME disk usage analyzer 2# Description: GNOME disk usage analyzer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/baobab.local 5include baobab.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13# include /etc/firejail/disable-programs.inc 13# include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16net none 16net none
diff --git a/etc/basilisk.profile b/etc/basilisk.profile
index 43ba5adcb..5f9fc8ef7 100644
--- a/etc/basilisk.profile
+++ b/etc/basilisk.profile
@@ -1,9 +1,9 @@
1# Firejail profile for basilisk 1# Firejail profile for basilisk
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/basilisk.local 4include basilisk.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/moonchild productions/basilisk 8noblacklist ${HOME}/.cache/moonchild productions/basilisk
9noblacklist ${HOME}/.moonchild productions/basilisk 9noblacklist ${HOME}/.moonchild productions/basilisk
@@ -24,4 +24,4 @@ seccomp
24#private-opt basilisk 24#private-opt basilisk
25 25
26# Redirect 26# Redirect
27include /etc/firejail/firefox-common.profile 27include firefox-common.profile
diff --git a/etc/beaker.profile b/etc/beaker.profile
index 9215576c7..d18429408 100644
--- a/etc/beaker.profile
+++ b/etc/beaker.profile
@@ -1,19 +1,19 @@
1# Firejail profile for beaker 1# Firejail profile for beaker
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/beaker.local 4include beaker.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Beaker Browser 8noblacklist ${HOME}/.config/Beaker Browser
9 9
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12 12
13mkdir ${HOME}/.config/Beaker Browser 13mkdir ${HOME}/.config/Beaker Browser
14whitelist ${HOME}/.config/Beaker Browser 14whitelist ${HOME}/.config/Beaker Browser
15whitelist ${DOWNLOADS} 15whitelist ${DOWNLOADS}
16include /etc/firejail/whitelist-common.inc 16include whitelist-common.inc
17 17
18# Redirect 18# Redirect
19include /etc/firejail/electron.profile 19include electron.profile
diff --git a/etc/bibletime.profile b/etc/bibletime.profile
index 57595e8e2..6c5b7bcad 100644
--- a/etc/bibletime.profile
+++ b/etc/bibletime.profile
@@ -2,24 +2,24 @@
2# Description: Bible study tool 2# Description: Bible study tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bibletime.local 5include bibletime.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist ${HOME}/.bashrc 9blacklist ${HOME}/.bashrc
10 10
11noblacklist ${HOME}/.bibletime 11noblacklist ${HOME}/.bibletime
12noblacklist ${HOME}/.sword 12noblacklist ${HOME}/.sword
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20whitelist ${HOME}/.bibletime 20whitelist ${HOME}/.bibletime
21whitelist ${HOME}/.sword 21whitelist ${HOME}/.sword
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25machine-id 25machine-id
diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile
index 9b6affe24..2cf42400d 100644
--- a/etc/bitcoin-qt.profile
+++ b/etc/bitcoin-qt.profile
@@ -2,25 +2,25 @@
2# Description: Bitcoin is a peer-to-peer network based digital currency 2# Description: Bitcoin is a peer-to-peer network based digital currency
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bitcoin-qt.local 5include bitcoin-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.bitcoin 9noblacklist ${HOME}/.bitcoin
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.bitcoin 17mkdir ${HOME}/.bitcoin
18mkdir ${HOME}/.config/Bitcoin 18mkdir ${HOME}/.config/Bitcoin
19whitelist ${HOME}/.bitcoin 19whitelist ${HOME}/.bitcoin
20whitelist ${HOME}/.config/Bitcoin 20whitelist ${HOME}/.config/Bitcoin
21 21
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26machine-id 26machine-id
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile
index e663d7799..bceffe4aa 100644
--- a/etc/bitlbee.profile
+++ b/etc/bitlbee.profile
@@ -2,20 +2,20 @@
2# Description: IRC to other chat networks gateway 2# Description: IRC to other chat networks gateway
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bitlbee.local 5include bitlbee.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist /sbin 9noblacklist /sbin
10noblacklist /usr/sbin 10noblacklist /usr/sbin
11# noblacklist /var/log 11# noblacklist /var/log
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20netfilter 20netfilter
21no3d 21no3d
diff --git a/etc/blackbox.profile b/etc/blackbox.profile
index 2672c812a..13e83493d 100644
--- a/etc/blackbox.profile
+++ b/etc/blackbox.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/blackbox.local 5include blackbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10noblacklist ${HOME}/.blackbox 10noblacklist ${HOME}/.blackbox
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
index 49d058ab4..8163ac400 100644
--- a/etc/bleachbit.profile
+++ b/etc/bleachbit.profile
@@ -2,9 +2,9 @@
2# Description: Delete unnecessary files from the system 2# Description: Delete unnecessary files from the system
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bleachbit.local 5include bleachbit.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Allow python (blacklisted by disable-interpreters.inc) 9# Allow python (blacklisted by disable-interpreters.inc)
10noblacklist ${PATH}/python2* 10noblacklist ${PATH}/python2*
@@ -12,11 +12,11 @@ noblacklist ${PATH}/python3*
12noblacklist /usr/lib/python2* 12noblacklist /usr/lib/python2*
13noblacklist /usr/lib/python3* 13noblacklist /usr/lib/python3*
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19# include /etc/firejail/disable-programs.inc 19# include disable-programs.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile
index 4b907018e..9da0cb921 100644
--- a/etc/blender-2.8.profile
+++ b/etc/blender-2.8.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/blender.profile 6include blender.profile
diff --git a/etc/blender.profile b/etc/blender.profile
index 43a8622f7..05a26220b 100644
--- a/etc/blender.profile
+++ b/etc/blender.profile
@@ -2,9 +2,9 @@
2# Description: Very fast and versatile 3D modeller/renderer 2# Description: Very fast and versatile 3D modeller/renderer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/blender.local 5include blender.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/blender 9noblacklist ${HOME}/.config/blender
10 10
@@ -14,11 +14,11 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23# Allow usage of AMD GPU by OpenCL 23# Allow usage of AMD GPU by OpenCL
24noblacklist /sys/module 24noblacklist /sys/module
diff --git a/etc/bless.profile b/etc/bless.profile
index 0da3436e8..555424126 100644
--- a/etc/bless.profile
+++ b/etc/bless.profile
@@ -2,19 +2,19 @@
2# Description: A full featured hexadecimal editor 2# Description: A full featured hexadecimal editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bless.local 5include bless.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/bless 9noblacklist ${HOME}/.config/bless
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
diff --git a/etc/bluefish.profile b/etc/bluefish.profile
index 23ba34d42..3a3072a6e 100644
--- a/etc/bluefish.profile
+++ b/etc/bluefish.profile
@@ -2,17 +2,17 @@
2# Description: Advanced Gtk+ text editor for web and software development 2# Description: Advanced Gtk+ text editor for web and software development
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bluefish.local 5include bluefish.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
diff --git a/etc/bnox.profile b/etc/bnox.profile
index 3207a2923..031f3f4bd 100644
--- a/etc/bnox.profile
+++ b/etc/bnox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for bnox 1# Firejail profile for bnox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/bnox.local 4include bnox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/bnox 8noblacklist ${HOME}/.cache/bnox
9noblacklist ${HOME}/.config/bnox 9noblacklist ${HOME}/.config/bnox
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/bnox
14whitelist ${HOME}/.config/bnox 14whitelist ${HOME}/.config/bnox
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/brackets.profile b/etc/brackets.profile
index 8f1068506..a89f87859 100644
--- a/etc/brackets.profile
+++ b/etc/brackets.profile
@@ -1,17 +1,17 @@
1# Firejail profile for brackets 1# Firejail profile for brackets
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/brackets.local 4include brackets.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Brackets 8noblacklist ${HOME}/.config/Brackets
9#noblacklist /opt/brackets/ 9#noblacklist /opt/brackets/
10#noblacklist /opt/google/ 10#noblacklist /opt/google/
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
diff --git a/etc/brasero.profile b/etc/brasero.profile
index 1c0b5f843..8ab9472ac 100644
--- a/etc/brasero.profile
+++ b/etc/brasero.profile
@@ -2,17 +2,17 @@
2# Description: CD/DVD burning application for GNOME 2# Description: CD/DVD burning application for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/brasero.local 5include brasero.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/brasero 9noblacklist ${HOME}/.config/brasero
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
diff --git a/etc/brave.profile b/etc/brave.profile
index 08bcea561..315564b05 100644
--- a/etc/brave.profile
+++ b/etc/brave.profile
@@ -1,9 +1,9 @@
1# Firejail profile for brave 1# Firejail profile for brave
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/brave.local 4include brave.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/brave 8noblacklist ${HOME}/.config/brave
9# brave uses gpg for built-in password manager 9# brave uses gpg for built-in password manager
@@ -17,4 +17,4 @@ whitelist ${HOME}/.gnupg
17ignore noexec /tmp 17ignore noexec /tmp
18 18
19# Redirect 19# Redirect
20include /etc/firejail/chromium-common.profile 20include chromium-common.profile
diff --git a/etc/bsdcat.profile b/etc/bsdcat.profile
index b900eb4bf..e95dfdf2d 100644
--- a/etc/bsdcat.profile
+++ b/etc/bsdcat.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/bsdtar.profile 6include bsdtar.profile
diff --git a/etc/bsdcpio.profile b/etc/bsdcpio.profile
index b900eb4bf..e95dfdf2d 100644
--- a/etc/bsdcpio.profile
+++ b/etc/bsdcpio.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/bsdtar.profile 6include bsdtar.profile
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile
index 57220ef4a..da36d9ced 100644
--- a/etc/bsdtar.profile
+++ b/etc/bsdtar.profile
@@ -2,15 +2,15 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bsdtar.local 5include bsdtar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10# include /etc/firejail/disable-devel.inc 10# include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15blacklist /tmp/.X11-unix 15blacklist /tmp/.X11-unix
16 16
diff --git a/etc/bunzip2.profile b/etc/bunzip2.profile
index f483a1d3d..891476cb1 100644
--- a/etc/bunzip2.profile
+++ b/etc/bunzip2.profile
@@ -1,9 +1,9 @@
1# Firejail profile for bunzip2 1# Firejail profile for bunzip2
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/bunzip2.local 4include bunzip2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/gzip.profile 9include gzip.profile
diff --git a/etc/caja.profile b/etc/caja.profile
index 20e690a14..f938792cd 100644
--- a/etc/caja.profile
+++ b/etc/caja.profile
@@ -2,9 +2,9 @@
2# Description: File manager for the MATE desktop 2# Description: File manager for the MATE desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/caja.local 5include caja.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there 9# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
10# is already a caja process running on MATE desktops firejail will have no effect. 10# is already a caja process running on MATE desktops firejail will have no effect.
@@ -19,11 +19,11 @@ noblacklist ${PATH}/python3*
19noblacklist /usr/lib/python2* 19noblacklist /usr/lib/python2*
20noblacklist /usr/lib/python3* 20noblacklist /usr/lib/python3*
21 21
22include /etc/firejail/disable-common.inc 22include disable-common.inc
23include /etc/firejail/disable-devel.inc 23include disable-devel.inc
24include /etc/firejail/disable-interpreters.inc 24include disable-interpreters.inc
25include /etc/firejail/disable-passwdmgr.inc 25include disable-passwdmgr.inc
26# include /etc/firejail/disable-programs.inc 26# include disable-programs.inc
27 27
28caps.drop all 28caps.drop all
29netfilter 29netfilter
diff --git a/etc/calibre.profile b/etc/calibre.profile
index 7a5d798c5..122259ac8 100644
--- a/etc/calibre.profile
+++ b/etc/calibre.profile
@@ -2,21 +2,21 @@
2# Description: Powerful and easy to use e-book manager 2# Description: Powerful and easy to use e-book manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/calibre.local 5include calibre.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/calibre 9noblacklist ${HOME}/.cache/calibre
10noblacklist ${HOME}/.config/calibre 10noblacklist ${HOME}/.config/calibre
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/calligra.profile b/etc/calligra.profile
index ab2845db4..b300ef240 100644
--- a/etc/calligra.profile
+++ b/etc/calligra.profile
@@ -2,15 +2,15 @@
2# Description: Extensive productivity and creative suite 2# Description: Extensive productivity and creative suite
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/calligra.local 5include calligra.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16ipc-namespace 16ipc-namespace
diff --git a/etc/calligraauthor.profile b/etc/calligraauthor.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraauthor.profile
+++ b/etc/calligraauthor.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligraconverter.profile b/etc/calligraconverter.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraconverter.profile
+++ b/etc/calligraconverter.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligraflow.profile b/etc/calligraflow.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraflow.profile
+++ b/etc/calligraflow.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligraplan.profile b/etc/calligraplan.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraplan.profile
+++ b/etc/calligraplan.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligraplanwork.profile b/etc/calligraplanwork.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraplanwork.profile
+++ b/etc/calligraplanwork.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligrasheets.profile b/etc/calligrasheets.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligrasheets.profile
+++ b/etc/calligrasheets.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligrastage.profile b/etc/calligrastage.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligrastage.profile
+++ b/etc/calligrastage.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligrawords.profile b/etc/calligrawords.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligrawords.profile
+++ b/etc/calligrawords.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/catfish.profile b/etc/catfish.profile
index 422dc93e5..1afcd0365 100644
--- a/etc/catfish.profile
+++ b/etc/catfish.profile
@@ -2,9 +2,9 @@
2# Description: File searching tool 2# Description: File searching tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/catfish.local 5include catfish.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# We can't blacklist much since catfish 9# We can't blacklist much since catfish
10# is for finding files/content 10# is for finding files/content
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21# include /etc/firejail/disable-devel.inc 21# include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25 25
26whitelist /var/lib/mlocate 26whitelist /var/lib/mlocate
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30net none 30net none
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile
index c8b8be04e..4d572f580 100644
--- a/etc/checkbashisms.profile
+++ b/etc/checkbashisms.profile
@@ -3,9 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/checkbashisms.local 6include checkbashisms.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
@@ -16,14 +16,14 @@ noblacklist ${PATH}/perl
16noblacklist /usr/lib/perl* 16noblacklist /usr/lib/perl*
17noblacklist /usr/share/perl* 17noblacklist /usr/share/perl*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29ipc-namespace 29ipc-namespace
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile
index 0159bddae..1cb7c50df 100644
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@@ -2,9 +2,9 @@
2# Description: Hierarchical note taking application 2# Description: Hierarchical note taking application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/cherrytree.local 5include cherrytree.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/cherrytree 9noblacklist ${HOME}/.config/cherrytree
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
@@ -15,12 +15,12 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/chromium-browser.profile b/etc/chromium-browser.profile
index 472841e92..f83052d9a 100644
--- a/etc/chromium-browser.profile
+++ b/etc/chromium-browser.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4# Redirect 4# Redirect
5include /etc/firejail/chromium.profile 5include chromium.profile
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile
index fc3df86db..732a7865f 100644
--- a/etc/chromium-common.profile
+++ b/etc/chromium-common.profile
@@ -1,23 +1,23 @@
1# Firejail profile for chromium-common 1# Firejail profile for chromium-common
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/chromium-common.local 4include chromium-common.local
5# Persistent global definitions 5# Persistent global definitions
6# already included by caller profile 6# already included by caller profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9noblacklist ${HOME}/.pki 9noblacklist ${HOME}/.pki
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.pki 16mkdir ${HOME}/.pki
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.pki 18whitelist ${HOME}/.pki
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.keep sys_chroot,sys_admin 23caps.keep sys_chroot,sys_admin
diff --git a/etc/chromium.profile b/etc/chromium.profile
index a1488e3e9..dab9ce449 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -2,9 +2,9 @@
2# Description: A web browser built for speed, simplicity, and security 2# Description: A web browser built for speed, simplicity, and security
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/chromium.local 5include chromium.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/chromium 9noblacklist ${HOME}/.cache/chromium
10noblacklist ${HOME}/.config/chromium 10noblacklist ${HOME}/.config/chromium
@@ -19,4 +19,4 @@ whitelist ${HOME}/.config/chromium-flags.conf
19# private-bin chromium,chromium-browser,chromedriver 19# private-bin chromium,chromium-browser,chromedriver
20 20
21# Redirect 21# Redirect
22include /etc/firejail/chromium-common.profile 22include chromium-common.profile
diff --git a/etc/cin.profile b/etc/cin.profile
index 92baef33a..7a6f7035c 100644
--- a/etc/cin.profile
+++ b/etc/cin.profile
@@ -1,17 +1,17 @@
1# Firejail profile for cin 1# Firejail profile for cin
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/cin.local 4include cin.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.bcast5 8noblacklist ${HOME}/.bcast5
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17ipc-namespace 17ipc-namespace
diff --git a/etc/cinelerra.profile b/etc/cinelerra.profile
index e6a1941b5..26f782384 100644
--- a/etc/cinelerra.profile
+++ b/etc/cinelerra.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/cin.profile 6include cin.profile
diff --git a/etc/clamav.profile b/etc/clamav.profile
index cf46b8582..e5b198dab 100644
--- a/etc/clamav.profile
+++ b/etc/clamav.profile
@@ -3,9 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/clamav.local 6include clamav.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10caps.drop all 10caps.drop all
11ipc-namespace 11ipc-namespace
diff --git a/etc/clamdscan.profile b/etc/clamdscan.profile
index f6861dfa1..f146d05ec 100644
--- a/etc/clamdscan.profile
+++ b/etc/clamdscan.profile
@@ -4,4 +4,4 @@ quiet
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/clamav.profile 7include clamav.profile
diff --git a/etc/clamdtop.profile b/etc/clamdtop.profile
index f6861dfa1..f146d05ec 100644
--- a/etc/clamdtop.profile
+++ b/etc/clamdtop.profile
@@ -4,4 +4,4 @@ quiet
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/clamav.profile 7include clamav.profile
diff --git a/etc/clamscan.profile b/etc/clamscan.profile
index f6861dfa1..f146d05ec 100644
--- a/etc/clamscan.profile
+++ b/etc/clamscan.profile
@@ -4,4 +4,4 @@ quiet
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/clamav.profile 7include clamav.profile
diff --git a/etc/clamtk.profile b/etc/clamtk.profile
index d916381b2..6b64af7d8 100644
--- a/etc/clamtk.profile
+++ b/etc/clamtk.profile
@@ -1,9 +1,9 @@
1# Firejail profile for clamtk 1# Firejail profile for clamtk
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/clamtk.local 4include clamtk.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8caps.drop all 8caps.drop all
9ipc-namespace 9ipc-namespace
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile
index f7f0fccca..f0656385f 100644
--- a/etc/claws-mail.profile
+++ b/etc/claws-mail.profile
@@ -2,19 +2,19 @@
2# Description: Fast, lightweight and user-friendly GTK+2 based email client 2# Description: Fast, lightweight and user-friendly GTK+2 based email client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/claws-mail.local 5include claws-mail.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.claws-mail 9noblacklist ${HOME}/.claws-mail
10noblacklist ${HOME}/.gnupg 10noblacklist ${HOME}/.gnupg
11noblacklist ${HOME}/.signature 11noblacklist ${HOME}/.signature
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/clementine.profile b/etc/clementine.profile
index a72bc39cf..224488325 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -2,22 +2,22 @@
2# Description: Modern music player and library organizer 2# Description: Modern music player and library organizer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/clementine.local 5include clementine.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/Clementine 9noblacklist ${HOME}/.cache/Clementine
10noblacklist ${HOME}/.config/Clementine 10noblacklist ${HOME}/.config/Clementine
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23nonewprivs 23nonewprivs
diff --git a/etc/clion.profile b/etc/clion.profile
index bcb18114e..fba610d29 100644
--- a/etc/clion.profile
+++ b/etc/clion.profile
@@ -1,9 +1,9 @@
1# Firejail profile for CLion 1# Firejail profile for CLion
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/clion.local 4include clion.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.CLion* 8noblacklist ${HOME}/.CLion*
9noblacklist ${HOME}/.gitconfig 9noblacklist ${HOME}/.gitconfig
@@ -12,9 +12,9 @@ noblacklist ${HOME}/.local/share/JetBrains
12noblacklist ${HOME}/.ssh 12noblacklist ${HOME}/.ssh
13noblacklist ${HOME}/.tooling 13noblacklist ${HOME}/.tooling
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/clipit.profile b/etc/clipit.profile
index fd6fbd61b..0caa1faf2 100644
--- a/etc/clipit.profile
+++ b/etc/clipit.profile
@@ -2,19 +2,19 @@
2# Description: Lightweight GTK+ clipboard manager 2# Description: Lightweight GTK+ clipboard manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/clipit.local 5include clipit.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/clipit 9noblacklist ${HOME}/.config/clipit
10noblacklist ${HOME}/.local/share/clipit 10noblacklist ${HOME}/.local/share/clipit
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/cliqz.profile b/etc/cliqz.profile
index 4ff96311d..70277f1ce 100644
--- a/etc/cliqz.profile
+++ b/etc/cliqz.profile
@@ -1,9 +1,9 @@
1# Firejail profile for cliqz 1# Firejail profile for cliqz
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/cliqz.local 4include cliqz.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/cliqz 8noblacklist ${HOME}/.cache/cliqz
9noblacklist ${HOME}/.config/cliqz 9noblacklist ${HOME}/.config/cliqz
@@ -17,4 +17,4 @@ whitelist ${HOME}/.config/cliqz
17#private-etc cliqz 17#private-etc cliqz
18 18
19# Redirect 19# Redirect
20include /etc/firejail/firefox-common.profile 20include firefox-common.profile
diff --git a/etc/cmus.profile b/etc/cmus.profile
index 5744d462b..ee6600b76 100644
--- a/etc/cmus.profile
+++ b/etc/cmus.profile
@@ -2,19 +2,19 @@
2# Description: Lightweight ncurses audio player 2# Description: Lightweight ncurses audio player
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/cmus.local 5include cmus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/cmus 9noblacklist ${HOME}/.config/cmus
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/code.profile b/etc/code.profile
index ab69008f1..da710bba1 100644
--- a/etc/code.profile
+++ b/etc/code.profile
@@ -1,16 +1,16 @@
1# Firejail profile for Visual Studio Code 1# Firejail profile for Visual Studio Code
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/code.local 4include code.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.vscode 8noblacklist ${HOME}/.vscode
9noblacklist ${HOME}/.config/Code 9noblacklist ${HOME}/.config/Code
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16net none 16net none
diff --git a/etc/conkeror.profile b/etc/conkeror.profile
index 2489e2df4..ca38600d1 100644
--- a/etc/conkeror.profile
+++ b/etc/conkeror.profile
@@ -1,14 +1,14 @@
1# Firejail profile for conkeror 1# Firejail profile for conkeror
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/conkeror.local 4include conkeror.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.conkeror.mozdev.org 8noblacklist ${HOME}/.conkeror.mozdev.org
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-programs.inc 11include disable-programs.inc
12 12
13whitelist ${HOME}/.conkeror.mozdev.org 13whitelist ${HOME}/.conkeror.mozdev.org
14whitelist ${HOME}/.conkerorrc 14whitelist ${HOME}/.conkerorrc
@@ -21,7 +21,7 @@ whitelist ${HOME}/.vimperatorrc
21whitelist ${HOME}/.zotero 21whitelist ${HOME}/.zotero
22whitelist ${HOME}/Downloads 22whitelist ${HOME}/Downloads
23whitelist ${HOME}/dwhelper 23whitelist ${HOME}/dwhelper
24include /etc/firejail/whitelist-common.inc 24include whitelist-common.inc
25 25
26caps.drop all 26caps.drop all
27netfilter 27netfilter
diff --git a/etc/conky.profile b/etc/conky.profile
index f6d07d6de..bbac5e751 100644
--- a/etc/conky.profile
+++ b/etc/conky.profile
@@ -2,18 +2,18 @@
2# Description: Highly configurable system monitor 2# Description: Highly configurable system monitor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/conky.local 5include conky.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
diff --git a/etc/corebird.profile b/etc/corebird.profile
index c7f8a8874..e382c1361 100644
--- a/etc/corebird.profile
+++ b/etc/corebird.profile
@@ -2,20 +2,20 @@
2# Description: Native Gtk+ Twitter client for the Linux desktop 2# Description: Native Gtk+ Twitter client for the Linux desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/corebird.local 5include corebird.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/corebird 9noblacklist ${HOME}/.config/corebird
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/cower.profile b/etc/cower.profile
index dcc388f87..cb2d9b332 100644
--- a/etc/cower.profile
+++ b/etc/cower.profile
@@ -8,20 +8,20 @@
8quiet 8quiet
9 9
10# Persistent local customizations 10# Persistent local customizations
11include /etc/firejail/cower.local 11include cower.local
12# Persistent global definitions 12# Persistent global definitions
13include /etc/firejail/globals.local 13include globals.local
14 14
15noblacklist ${HOME}/.config/cower/config 15noblacklist ${HOME}/.config/cower/config
16read-only ${HOME}/.config/cower/config 16read-only ${HOME}/.config/cower/config
17 17
18noblacklist /var/lib/pacman 18noblacklist /var/lib/pacman
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25 25
26caps.drop all 26caps.drop all
27ipc-namespace 27ipc-namespace
diff --git a/etc/cpio.profile b/etc/cpio.profile
index 3c7d0748c..ab9e37d73 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -3,18 +3,18 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/cpio.local 6include cpio.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12noblacklist /sbin 12noblacklist /sbin
13noblacklist /usr/sbin 13noblacklist /usr/sbin
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
diff --git a/etc/cryptocat.profile b/etc/cryptocat.profile
index 3d3de7268..7a9039ea4 100644
--- a/etc/cryptocat.profile
+++ b/etc/cryptocat.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/Cryptocat.profile 6include Cryptocat.profile
diff --git a/etc/curl.profile b/etc/curl.profile
index e77b8bf4f..ab9c1e5bd 100644
--- a/etc/curl.profile
+++ b/etc/curl.profile
@@ -3,17 +3,17 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/curl.local 6include curl.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12noblacklist ${HOME}/.curlrc 12noblacklist ${HOME}/.curlrc
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/cvlc.profile b/etc/cvlc.profile
index 81ccbc530..1070b602c 100644
--- a/etc/cvlc.profile
+++ b/etc/cvlc.profile
@@ -1,12 +1,12 @@
1# Firejail profile for cvlc 1# Firejail profile for cvlc
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/cvlc.local 4include cvlc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# cvlc doesn't like private-bin 8# cvlc doesn't like private-bin
9ignore private-bin 9ignore private-bin
10 10
11# Redirect 11# Redirect
12include /etc/firejail/vlc.profile 12include vlc.profile
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile
index ce51906ba..fcb448b30 100644
--- a/etc/cyberfox.profile
+++ b/etc/cyberfox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for cyberfox 1# Firejail profile for cyberfox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/cyberfox.local 4include cyberfox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.8pecxstudios 8noblacklist ${HOME}/.8pecxstudios
9noblacklist ${HOME}/.cache/8pecxstudios 9noblacklist ${HOME}/.cache/8pecxstudios
@@ -18,4 +18,4 @@ whitelist ${HOME}/.cache/8pecxstudios
18#private-etc cyberfox 18#private-etc cyberfox
19 19
20# Redirect 20# Redirect
21include /etc/firejail/firefox-common.profile 21include firefox-common.profile
diff --git a/etc/darktable.profile b/etc/darktable.profile
index 74144e68e..a4898fd35 100644
--- a/etc/darktable.profile
+++ b/etc/darktable.profile
@@ -2,20 +2,20 @@
2# Description: Virtual lighttable and darkroom for photographers 2# Description: Virtual lighttable and darkroom for photographers
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/darktable.local 5include darktable.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/darktable 9noblacklist ${HOME}/.cache/darktable
10noblacklist ${HOME}/.config/darktable 10noblacklist ${HOME}/.config/darktable
11noblacklist ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile
index 8f5961647..3f818fd69 100644
--- a/etc/deadbeef.profile
+++ b/etc/deadbeef.profile
@@ -2,19 +2,19 @@
2# Description: A GTK+ audio player for GNU/Linux 2# Description: A GTK+ audio player for GNU/Linux
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/deadbeef.local 5include deadbeef.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/deadbeef 9noblacklist ${HOME}/.config/deadbeef
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/default.profile b/etc/default.profile
index f8e54c8d3..27feb7dd1 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -1,19 +1,19 @@
1# Firejail profile for default 1# Firejail profile for default
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/default.local 4include default.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# generic gui profile 8# generic gui profile
9# depending on your usage, you can enable some of the commands below: 9# depending on your usage, you can enable some of the commands below:
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12# include /etc/firejail/disable-devel.inc 12# include disable-devel.inc
13# include /etc/firejail/disable-interpreters.inc 13# include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16#include /etc/firejail/disable-xdg.inc 16#include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19# ipc-namespace 19# ipc-namespace
diff --git a/etc/deluge.profile b/etc/deluge.profile
index 27ca036ca..b2cb9bf22 100644
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@@ -2,9 +2,9 @@
2# Description: BitTorrent client written in Python/PyGTK 2# Description: BitTorrent client written in Python/PyGTK
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/deluge.local 5include deluge.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/deluge 9noblacklist ${HOME}/.config/deluge
10 10
@@ -14,17 +14,17 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18# include /etc/firejail/disable-devel.inc 18# include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.config/deluge 23mkdir ${HOME}/.config/deluge
24whitelist ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25whitelist ${HOME}/.config/deluge 25whitelist ${HOME}/.config/deluge
26include /etc/firejail/whitelist-common.inc 26include whitelist-common.inc
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30machine-id 30machine-id
diff --git a/etc/desktop.profile b/etc/desktop.profile
index 8bfa885a3..bfb1618b2 100644
--- a/etc/desktop.profile
+++ b/etc/desktop.profile
@@ -2,20 +2,20 @@
2# Description: Extend your GitHub workflow beyond your browser with GitHub Desktop 2# Description: Extend your GitHub workflow beyond your browser with GitHub Desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/github-desktop.local 5include github-desktop.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9whitelist ${HOME}/.gitconfig 9whitelist ${HOME}/.gitconfig
10whitelist ${HOME}/.config/GitHub Desktop 10whitelist ${HOME}/.config/GitHub Desktop
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17 17
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/devilspie.profile b/etc/devilspie.profile
index dbfb05798..b3558a038 100644
--- a/etc/devilspie.profile
+++ b/etc/devilspie.profile
@@ -2,17 +2,17 @@
2# Description: Window matching daemon 2# Description: Window matching daemon
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/devilspie.local 5include devilspie.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.devilspie 9noblacklist ${HOME}/.devilspie
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile
index 3a9a9659a..4ab2634e8 100644
--- a/etc/devilspie2.profile
+++ b/etc/devilspie2.profile
@@ -2,17 +2,17 @@
2# Description: Window matching daemon (Lua) 2# Description: Window matching daemon (Lua)
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/devilspie2.local 5include devilspie2.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/devilspie2 9noblacklist ${HOME}/.config/devilspie2
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile
index da59fc71a..e8dbd00ec 100644
--- a/etc/dex2jar.profile
+++ b/etc/dex2jar.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dex2jar.local 5include dex2jar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Allow access to java 9# Allow access to java
10noblacklist ${PATH}/java 10noblacklist ${PATH}/java
@@ -12,14 +12,14 @@ noblacklist /usr/lib/java
12noblacklist /etc/java 12noblacklist /etc/java
13noblacklist /usr/share/java 13noblacklist /usr/share/java
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25net none 25net none
diff --git a/etc/dia.profile b/etc/dia.profile
index fdc40980f..c6adc5a4c 100644
--- a/etc/dia.profile
+++ b/etc/dia.profile
@@ -2,19 +2,19 @@
2# Description: Diagram editor 2# Description: Diagram editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dia.local 5include dia.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.dia 9noblacklist ${HOME}/.dia
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
diff --git a/etc/dig.profile b/etc/dig.profile
index 4b6ab0975..4d4ce7a26 100644
--- a/etc/dig.profile
+++ b/etc/dig.profile
@@ -2,20 +2,20 @@ quiet
2# Firejail profile for dig 2# Firejail profile for dig
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dig.local 5include dig.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10# include /etc/firejail/disable-devel.inc 10# include disable-devel.inc
11# include /etc/firejail/disable-interpreters.inc 11# include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14#include /etc/firejail/disable-xdg.inc 14#include disable-xdg.inc
15 15
16whitelist ~/.digrc 16whitelist ~/.digrc
17include /etc/firejail/whitelist-common.inc 17include whitelist-common.inc
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21# ipc-namespace 21# ipc-namespace
diff --git a/etc/digikam.profile b/etc/digikam.profile
index 470f60779..ccc0a6544 100644
--- a/etc/digikam.profile
+++ b/etc/digikam.profile
@@ -2,9 +2,9 @@
2# Description: Digital photo management application for KDE 2# Description: Digital photo management application for KDE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/digikam.local 5include digikam.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/digikam 9noblacklist ${HOME}/.config/digikam
10noblacklist ${HOME}/.config/digikamrc 10noblacklist ${HOME}/.config/digikamrc
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.kde/share/apps/digikam
12noblacklist ${HOME}/.kde4/share/apps/digikam 12noblacklist ${HOME}/.kde4/share/apps/digikam
13noblacklist ${PICTURES} 13noblacklist ${PICTURES}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24apparmor 24apparmor
25caps.drop all 25caps.drop all
diff --git a/etc/dillo.profile b/etc/dillo.profile
index 8c3da1b3e..ac68f48a3 100644
--- a/etc/dillo.profile
+++ b/etc/dillo.profile
@@ -2,25 +2,25 @@
2# Description: Small and fast web browser 2# Description: Small and fast web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dillo.local 5include dillo.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.dillo 9noblacklist ${HOME}/.dillo
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.dillo 17mkdir ${HOME}/.dillo
18mkdir ${HOME}/.fltk 18mkdir ${HOME}/.fltk
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.dillo 20whitelist ${HOME}/.dillo
21whitelist ${HOME}/.fltk 21whitelist ${HOME}/.fltk
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/dino.profile b/etc/dino.profile
index a39ec8931..84731a96f 100644
--- a/etc/dino.profile
+++ b/etc/dino.profile
@@ -1,22 +1,22 @@
1# Firejail profile for dino 1# Firejail profile for dino
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dino.local 4include dino.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.local/share/dino 8noblacklist ${HOME}/.local/share/dino
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.local/share/dino 16mkdir ${HOME}/.local/share/dino
17whitelist ${HOME}/.local/share/dino 17whitelist ${HOME}/.local/share/dino
18whitelist ${HOME}/Downloads 18whitelist ${HOME}/Downloads
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index ceca17826..e6ba99874 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-common.local 3include disable-common.local
4 4
5# History files in $HOME and clipboard managers 5# History files in $HOME and clipboard managers
6blacklist-nolog ${HOME}/.*_history 6blacklist-nolog ${HOME}/.*_history
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc
index 627856803..5c41692da 100644
--- a/etc/disable-devel.inc
+++ b/etc/disable-devel.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-devel.local 3include disable-devel.local
4 4
5# development tools 5# development tools
6 6
diff --git a/etc/disable-interpreters.inc b/etc/disable-interpreters.inc
index 0e0caade1..0d5f5737e 100644
--- a/etc/disable-interpreters.inc
+++ b/etc/disable-interpreters.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-interpreters.local 3include disable-interpreters.local
4 4
5# Lua 5# Lua
6blacklist ${PATH}/lua* 6blacklist ${PATH}/lua*
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc
index 19fd871d3..72e1a66ee 100644
--- a/etc/disable-passwdmgr.inc
+++ b/etc/disable-passwdmgr.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-passwdmgr.local 3include disable-passwdmgr.local
4 4
5blacklist ${HOME}/.config/Bitwarden 5blacklist ${HOME}/.config/Bitwarden
6blacklist ${HOME}/.config/KeePass 6blacklist ${HOME}/.config/KeePass
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 0f48a320b..46e60b9f4 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-programs.local 3include disable-programs.local
4 4
5blacklist ${HOME}/Monero/wallets 5blacklist ${HOME}/Monero/wallets
6blacklist ${HOME}/Standard Notes Backups 6blacklist ${HOME}/Standard Notes Backups
diff --git a/etc/disable-xdg.inc b/etc/disable-xdg.inc
index 519f00afb..22acf272d 100644
--- a/etc/disable-xdg.inc
+++ b/etc/disable-xdg.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-xdg.local 3include disable-xdg.local
4 4
5blacklist ${DOCUMENTS} 5blacklist ${DOCUMENTS}
6blacklist ${MUSIC} 6blacklist ${MUSIC}
diff --git a/etc/discord-canary.profile b/etc/discord-canary.profile
index b6958cbd3..12b5433b2 100644
--- a/etc/discord-canary.profile
+++ b/etc/discord-canary.profile
@@ -1,9 +1,9 @@
1# Firejail profile for discord-canary 1# Firejail profile for discord-canary
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/discord-canary.local 4include discord-canary.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.config/discordcanary 9noblacklist ${HOME}/.config/discordcanary
@@ -15,4 +15,4 @@ private-bin discord-canary
15private-opt discord-canary 15private-opt discord-canary
16 16
17#Redirect 17#Redirect
18include /etc/firejail/discord-common.profile 18include discord-common.profile
diff --git a/etc/discord-common.profile b/etc/discord-common.profile
index babef37b1..765ad21e5 100644
--- a/etc/discord-common.profile
+++ b/etc/discord-common.profile
@@ -1,15 +1,15 @@
1# Firejail profile for discord 1# Firejail profile for discord
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/discord-common.local 4include discord-common.local
5# Persistent global definitions 5# Persistent global definitions
6# already included by caller profile 6# already included by caller profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14whitelist ${DOWNLOADS} 14whitelist ${DOWNLOADS}
15 15
diff --git a/etc/discord.profile b/etc/discord.profile
index 63aed5eca..62c4a5658 100644
--- a/etc/discord.profile
+++ b/etc/discord.profile
@@ -1,9 +1,9 @@
1# Firejail profile for discord 1# Firejail profile for discord
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/discord.local 4include discord.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.config/discord 9noblacklist ${HOME}/.config/discord
@@ -15,4 +15,4 @@ private-bin discord
15private-opt discord 15private-opt discord
16 16
17#Redirect 17#Redirect
18include /etc/firejail/discord-common.profile 18include discord-common.profile
diff --git a/etc/display.profile b/etc/display.profile
index 41a426375..7e553398f 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -1,9 +1,9 @@
1# Firejail profile for display 1# Firejail profile for display
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/display.local 4include display.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${PICTURES} 8noblacklist ${PICTURES}
9 9
@@ -13,14 +13,14 @@ noblacklist ${PATH}/python3*
13noblacklist /usr/lib/python2* 13noblacklist /usr/lib/python2*
14noblacklist /usr/lib/python3* 14noblacklist /usr/lib/python3*
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21include /etc/firejail/disable-xdg.inc 21include disable-xdg.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26net none 26net none
diff --git a/etc/dnox.profile b/etc/dnox.profile
index 505884ca6..e02395771 100644
--- a/etc/dnox.profile
+++ b/etc/dnox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for dnox 1# Firejail profile for dnox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dnox.local 4include dnox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/dnox 8noblacklist ${HOME}/.cache/dnox
9noblacklist ${HOME}/.config/dnox 9noblacklist ${HOME}/.config/dnox
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/dnox
14whitelist ${HOME}/.config/dnox 14whitelist ${HOME}/.config/dnox
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index ce73d7e72..a14e502e5 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -2,21 +2,21 @@
2# Description: Tool for securing communications between a client and a DNS resolver 2# Description: Tool for securing communications between a client and a DNS resolver
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dnscrypt-proxy.local 5include dnscrypt-proxy.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist /sbin 11noblacklist /sbin
12noblacklist /usr/sbin 12noblacklist /usr/sbin
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot 21caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
22no3d 22no3d
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile
index d68806945..c1ee03bca 100644
--- a/etc/dnsmasq.profile
+++ b/etc/dnsmasq.profile
@@ -2,21 +2,21 @@
2# Description: Small caching DNS proxy and DHCP/TFTP server 2# Description: Small caching DNS proxy and DHCP/TFTP server
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dnsmasq.local 5include dnsmasq.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist /sbin 11noblacklist /sbin
12noblacklist /usr/sbin 12noblacklist /usr/sbin
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.keep net_admin,net_bind_service,net_raw,setgid,setuid 21caps.keep net_admin,net_bind_service,net_raw,setgid,setuid
22no3d 22no3d
diff --git a/etc/dolphin.profile b/etc/dolphin.profile
index 819998edf..936876ddf 100644
--- a/etc/dolphin.profile
+++ b/etc/dolphin.profile
@@ -2,9 +2,9 @@
2# Description: File manager 2# Description: File manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dolphin.local 5include dolphin.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5 9# warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5
10 10
@@ -13,12 +13,12 @@ noblacklist ${HOME}/.local/share/Trash
13# noblacklist ${HOME}/.config/dolphinrc 13# noblacklist ${HOME}/.config/dolphinrc
14# noblacklist ${HOME}/.local/share/dolphin 14# noblacklist ${HOME}/.local/share/dolphin
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files 20# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files
21# include /etc/firejail/disable-programs.inc 21# include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile
index 4e1227a0f..075a24c92 100644
--- a/etc/dooble-qt4.profile
+++ b/etc/dooble-qt4.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/dooble.profile 6include dooble.profile
diff --git a/etc/dooble.profile b/etc/dooble.profile
index df68a4aef..69765f119 100644
--- a/etc/dooble.profile
+++ b/etc/dooble.profile
@@ -1,23 +1,23 @@
1# Firejail profile for dooble 1# Firejail profile for dooble
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dooble-qt4.local 4include dooble-qt4.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.dooble 9noblacklist ${HOME}/.dooble
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.dooble 17mkdir ${HOME}/.dooble
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.dooble 19whitelist ${HOME}/.dooble
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/dosbox.profile b/etc/dosbox.profile
index 319daf407..68a67380c 100644
--- a/etc/dosbox.profile
+++ b/etc/dosbox.profile
@@ -2,21 +2,21 @@
2# Description: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS 2# Description: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dosbox.local 5include dosbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.dosbox 9noblacklist ${HOME}/.dosbox
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/dragon.profile b/etc/dragon.profile
index 9f41bf87a..32cf0c09d 100644
--- a/etc/dragon.profile
+++ b/etc/dragon.profile
@@ -2,22 +2,22 @@
2# Description: A multimedia player where the focus is on simplicity, instead of features 2# Description: A multimedia player where the focus is on simplicity, instead of features
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dragon.local 5include dragon.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/dragonplayerrc 9noblacklist ${HOME}/.config/dragonplayerrc
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/dropbox.profile b/etc/dropbox.profile
index 24b69e118..8571479c1 100644
--- a/etc/dropbox.profile
+++ b/etc/dropbox.profile
@@ -1,19 +1,19 @@
1# Firejail profile for dropbox 1# Firejail profile for dropbox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dropbox.local 4include dropbox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/autostart 8noblacklist ${HOME}/.config/autostart
9noblacklist ${HOME}/.dropbox 9noblacklist ${HOME}/.dropbox
10noblacklist ${HOME}/.dropbox-dist 10noblacklist ${HOME}/.dropbox-dist
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.dropbox 18mkdir ${HOME}/.dropbox
19mkdir ${HOME}/.dropbox-dist 19mkdir ${HOME}/.dropbox-dist
@@ -23,7 +23,7 @@ whitelist ${HOME}/.config/autostart/dropbox.desktop
23whitelist ${HOME}/.dropbox 23whitelist ${HOME}/.dropbox
24whitelist ${HOME}/.dropbox-dist 24whitelist ${HOME}/.dropbox-dist
25whitelist ${HOME}/Dropbox 25whitelist ${HOME}/Dropbox
26include /etc/firejail/whitelist-common.inc 26include whitelist-common.inc
27 27
28caps.drop all 28caps.drop all
29netfilter 29netfilter
diff --git a/etc/easystroke.profile b/etc/easystroke.profile
index 6fac08a5d..ddf967e55 100644
--- a/etc/easystroke.profile
+++ b/etc/easystroke.profile
@@ -2,17 +2,17 @@
2# Description: Control your desktop using mouse gestures 2# Description: Control your desktop using mouse gestures
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/easystroke.local 5include easystroke.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.easystroke 9noblacklist ${HOME}/.easystroke
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile
index 1e28b854a..b2fd635b1 100644
--- a/etc/ebook-viewer.profile
+++ b/etc/ebook-viewer.profile
@@ -5,4 +5,4 @@ net none
5nodbus 5nodbus
6 6
7# Redirect 7# Redirect
8include /etc/firejail/calibre.profile 8include calibre.profile
diff --git a/etc/electron.profile b/etc/electron.profile
index ccfde78bb..c24100f17 100644
--- a/etc/electron.profile
+++ b/etc/electron.profile
@@ -2,13 +2,13 @@
2# Description: Build cross platform desktop apps with web technologies 2# Description: Build cross platform desktop apps with web technologies
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/electron.local 5include electron.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-passwdmgr.inc 10include disable-passwdmgr.inc
11include /etc/firejail/disable-programs.inc 11include disable-programs.inc
12 12
13whitelist ${DOWNLOADS} 13whitelist ${DOWNLOADS}
14 14
diff --git a/etc/electrum.profile b/etc/electrum.profile
index b3e1ab36f..d14a88d0a 100644
--- a/etc/electrum.profile
+++ b/etc/electrum.profile
@@ -2,9 +2,9 @@
2# Description: Lightweight Bitcoin wallet 2# Description: Lightweight Bitcoin wallet
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/electrum.local 5include electrum.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.electrum 9noblacklist ${HOME}/.electrum
10 10
@@ -14,17 +14,17 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.electrum 24mkdir ${HOME}/.electrum
25whitelist ${HOME}/.electrum 25whitelist ${HOME}/.electrum
26include /etc/firejail/whitelist-common.inc 26include whitelist-common.inc
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30ipc-namespace 30ipc-namespace
diff --git a/etc/elinks.profile b/etc/elinks.profile
index bafc19e1a..92d5a13fa 100644
--- a/etc/elinks.profile
+++ b/etc/elinks.profile
@@ -2,20 +2,20 @@
2# Description: Advanced text-mode WWW browser 2# Description: Advanced text-mode WWW browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/elinks.local 5include elinks.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.elinks 11noblacklist ${HOME}/.elinks
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/emacs.profile b/etc/emacs.profile
index 90b25bfcf..c2057f6fb 100644
--- a/etc/emacs.profile
+++ b/etc/emacs.profile
@@ -2,16 +2,16 @@
2# Description: GNU Emacs editor 2# Description: GNU Emacs editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/emacs.local 5include emacs.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.emacs 9noblacklist ${HOME}/.emacs
10noblacklist ${HOME}/.emacs.d 10noblacklist ${HOME}/.emacs.d
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
diff --git a/etc/empathy.profile b/etc/empathy.profile
index 007b51c35..5ca640d30 100644
--- a/etc/empathy.profile
+++ b/etc/empathy.profile
@@ -2,15 +2,15 @@
2# Description: GNOME multi-protocol chat and call client 2# Description: GNOME multi-protocol chat and call client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/empathy.local 5include empathy.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16netfilter 16netfilter
diff --git a/etc/enchant-2.profile b/etc/enchant-2.profile
index ba7573289..295d74a38 100644
--- a/etc/enchant-2.profile
+++ b/etc/enchant-2.profile
@@ -1,9 +1,9 @@
1# Firejail profile for enchant-2 1# Firejail profile for enchant-2
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/enchant-2.local 4include enchant-2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/enchant.profile 9include enchant.profile
diff --git a/etc/enchant-lsmod-2.profile b/etc/enchant-lsmod-2.profile
index 1b646eef6..991ea63ef 100644
--- a/etc/enchant-lsmod-2.profile
+++ b/etc/enchant-lsmod-2.profile
@@ -1,9 +1,9 @@
1# Firejail profile for enchant-lsmod-2 1# Firejail profile for enchant-lsmod-2
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/enchant-lsmod-2.local 4include enchant-lsmod-2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/enchant.profile 9include enchant.profile
diff --git a/etc/enchant-lsmod.profile b/etc/enchant-lsmod.profile
index 3452b0421..d7bcae6a0 100644
--- a/etc/enchant-lsmod.profile
+++ b/etc/enchant-lsmod.profile
@@ -1,9 +1,9 @@
1# Firejail profile for enchant-lsmod 1# Firejail profile for enchant-lsmod
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/enchant-lsmod.local 4include enchant-lsmod.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/enchant.profile 9include enchant.profile
diff --git a/etc/enchant.profile b/etc/enchant.profile
index cf7d76b4c..7ca7fdcea 100644
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@@ -2,18 +2,18 @@
2# Description: Wrapper for various spell checker engines 2# Description: Wrapper for various spell checker engines
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/enchant.local 5include enchant.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/enchant 9noblacklist ${HOME}/.config/enchant
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/engrampa.profile b/etc/engrampa.profile
index eaf246d3c..02919f271 100644
--- a/etc/engrampa.profile
+++ b/etc/engrampa.profile
@@ -2,17 +2,17 @@
2# Description: Archive manager for MATE 2# Description: Archive manager for MATE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/engrampa.local 5include engrampa.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17apparmor 17apparmor
18caps.drop all 18caps.drop all
diff --git a/etc/enox.profile b/etc/enox.profile
index 46f409346..d8ac8b24a 100644
--- a/etc/enox.profile
+++ b/etc/enox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for enox 1# Firejail profile for enox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/enox.local 4include enox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/Enox 8noblacklist ${HOME}/.cache/Enox
9noblacklist ${HOME}/.config/Enox 9noblacklist ${HOME}/.config/Enox
@@ -16,4 +16,4 @@ whitelist ${HOME}/.cache/Enox
16whitelist ${HOME}/.config/Enox 16whitelist ${HOME}/.config/Enox
17 17
18# Redirect 18# Redirect
19include /etc/firejail/chromium-common.profile 19include chromium-common.profile
diff --git a/etc/enpass.profile b/etc/enpass.profile
index 3a30f8b04..e3e146d5d 100644
--- a/etc/enpass.profile
+++ b/etc/enpass.profile
@@ -1,20 +1,20 @@
1# This file is overwritten after every install/update. 1# This file is overwritten after every install/update.
2# Persistent local customisations 2# Persistent local customisations
3include /etc/firejail/enpass.local 3include enpass.local
4# Persistent global definitions 4# Persistent global definitions
5include /etc/firejail/globals.local 5include globals.local
6 6
7noblacklist ${HOME}/.config/Sinew Software Systems 7noblacklist ${HOME}/.config/Sinew Software Systems
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20machine-id 20machine-id
diff --git a/etc/eog.profile b/etc/eog.profile
index 017fe5c75..fada8213f 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -2,22 +2,22 @@
2# Description: Eye of GNOME graphics viewer program 2# Description: Eye of GNOME graphics viewer program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/eog.local 5include eog.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10noblacklist ${HOME}/.config/eog 10noblacklist ${HOME}/.config/eog
11noblacklist ${HOME}/.local/share/Trash 11noblacklist ${HOME}/.local/share/Trash
12noblacklist ${HOME}/.steam 12noblacklist ${HOME}/.steam
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22# apparmor - makes settings immutable 22# apparmor - makes settings immutable
23caps.drop all 23caps.drop all
diff --git a/etc/eom.profile b/etc/eom.profile
index a0ce712c8..1a248f4e8 100644
--- a/etc/eom.profile
+++ b/etc/eom.profile
@@ -2,22 +2,22 @@
2# Description: Eye of MATE graphics viewer program 2# Description: Eye of MATE graphics viewer program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/eom.local 5include eom.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10noblacklist ${HOME}/.config/mate/eom 10noblacklist ${HOME}/.config/mate/eom
11noblacklist ${HOME}/.local/share/Trash 11noblacklist ${HOME}/.local/share/Trash
12noblacklist ${HOME}/.steam 12noblacklist ${HOME}/.steam
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22# apparmor - makes settings immutable 22# apparmor - makes settings immutable
23caps.drop all 23caps.drop all
diff --git a/etc/epiphany.profile b/etc/epiphany.profile
index b04cf72b4..6868ca391 100644
--- a/etc/epiphany.profile
+++ b/etc/epiphany.profile
@@ -2,18 +2,18 @@
2# Description: Clone of Boulder Dash game 2# Description: Clone of Boulder Dash game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/epiphany.local 5include epiphany.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/epiphany 9noblacklist ${HOME}/.cache/epiphany
10noblacklist ${HOME}/.config/epiphany 10noblacklist ${HOME}/.config/epiphany
11noblacklist ${HOME}/.local/share/epiphany 11noblacklist ${HOME}/.local/share/epiphany
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/epiphany 18mkdir ${HOME}/.cache/epiphany
19mkdir ${HOME}/.config/epiphany 19mkdir ${HOME}/.config/epiphany
@@ -22,7 +22,7 @@ whitelist ${DOWNLOADS}
22whitelist ${HOME}/.cache/epiphany 22whitelist ${HOME}/.cache/epiphany
23whitelist ${HOME}/.config/epiphany 23whitelist ${HOME}/.config/epiphany
24whitelist ${HOME}/.local/share/epiphany 24whitelist ${HOME}/.local/share/epiphany
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/etr.profile b/etc/etr.profile
index 5c01636cc..5fc989de3 100644
--- a/etc/etr.profile
+++ b/etc/etr.profile
@@ -1,20 +1,20 @@
1# Firejail profile for etr 1# Firejail profile for etr
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/etr.local 4include etr.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.etr 8noblacklist ${HOME}/.etr
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14mkdir ${HOME}/.etr 14mkdir ${HOME}/.etr
15whitelist ${HOME}/.etr 15whitelist ${HOME}/.etr
16include /etc/firejail/whitelist-common.inc 16include whitelist-common.inc
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
diff --git a/etc/evince-previewer.profile b/etc/evince-previewer.profile
index d5bc6db33..e43bb2da8 100644
--- a/etc/evince-previewer.profile
+++ b/etc/evince-previewer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for evince-previewer 1# Firejail profile for evince-previewer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/evince-previewer.local 4include evince-previewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/evince.profile 10include evince.profile
diff --git a/etc/evince-thumbnailer.profile b/etc/evince-thumbnailer.profile
index abc21632d..4036e1ecb 100644
--- a/etc/evince-thumbnailer.profile
+++ b/etc/evince-thumbnailer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for evince-thumbnailer 1# Firejail profile for evince-thumbnailer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/evince-thumbnailer.local 4include evince-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/evince.profile 10include evince.profile
diff --git a/etc/evince.profile b/etc/evince.profile
index ea46ccc40..5b5d40077 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -2,21 +2,21 @@
2# Description: Document (PostScript, PDF) viewer 2# Description: Document (PostScript, PDF) viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/evince.local 5include evince.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/evince 9noblacklist ${HOME}/.config/evince
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22machine-id 22machine-id
diff --git a/etc/evolution.profile b/etc/evolution.profile
index f691b3c3d..1c5347e04 100644
--- a/etc/evolution.profile
+++ b/etc/evolution.profile
@@ -2,9 +2,9 @@
2# Description: Groupware suite with mail client and organizer 2# Description: Groupware suite with mail client and organizer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/evolution.local 5include evolution.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist /var/mail 9noblacklist /var/mail
10noblacklist /var/spool/mail 10noblacklist /var/spool/mail
@@ -15,11 +15,11 @@ noblacklist ${HOME}/.gnupg
15noblacklist ${HOME}/.local/share/evolution 15noblacklist ${HOME}/.local/share/evolution
16noblacklist ${HOME}/.pki 16noblacklist ${HOME}/.pki
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 2666397f4..8fc99037f 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/exiftool.local 5include exiftool.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
@@ -13,11 +13,11 @@ noblacklist ${PATH}/perl
13noblacklist /usr/lib/perl* 13noblacklist /usr/lib/perl*
14noblacklist /usr/share/perl* 14noblacklist /usr/share/perl*
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22caps.drop all 22caps.drop all
23net none 23net none
diff --git a/etc/falkon.profile b/etc/falkon.profile
index 41e1386dd..140d40a00 100644
--- a/etc/falkon.profile
+++ b/etc/falkon.profile
@@ -2,24 +2,24 @@
2# Description: Lightweight web browser based on Qt WebEngine 2# Description: Lightweight web browser based on Qt WebEngine
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/falkon.local 5include falkon.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/falkon 9noblacklist ${HOME}/.cache/falkon
10noblacklist ${HOME}/.config/falkon 10noblacklist ${HOME}/.config/falkon
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/falkon 19whitelist ${HOME}/.cache/falkon
20whitelist ${HOME}/.config/falkon 20whitelist ${HOME}/.config/falkon
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
index c5afde9ec..c31ed5009 100644
--- a/etc/fbreader.profile
+++ b/etc/fbreader.profile
@@ -2,21 +2,21 @@
2# Description: E-book reader 2# Description: E-book reader
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/fbreader.local 5include fbreader.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.FBReader 9noblacklist ${HOME}/.FBReader
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/feh.profile b/etc/feh.profile
index 197581ae7..8e6ae49de 100644
--- a/etc/feh.profile
+++ b/etc/feh.profile
@@ -2,15 +2,15 @@
2# Description: imlib2 based image viewer 2# Description: imlib2 based image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/feh.local 5include feh.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16net none 16net none
diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile
index d9b347d70..43c6894a3 100644
--- a/etc/fetchmail.profile
+++ b/etc/fetchmail.profile
@@ -2,18 +2,18 @@
2# Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder 2# Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/fetchmail.local 5include fetchmail.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.fetchmailrc 9noblacklist ${HOME}/.fetchmailrc
10noblacklist ${HOME}/.netrc 10noblacklist ${HOME}/.netrc
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile
index 09574ffb7..5314eb04c 100644
--- a/etc/ffmpeg.profile
+++ b/etc/ffmpeg.profile
@@ -3,17 +3,17 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/ffmpeg.local 6include ffmpeg.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19net none 19net none
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index 11883f03e..9ef26d08f 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -2,17 +2,17 @@
2# Description: Archive manager for GNOME 2# Description: Archive manager for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/file-roller.local 5include file-roller.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17apparmor 17apparmor
18caps.drop all 18caps.drop all
diff --git a/etc/file.profile b/etc/file.profile
index fbeea83a8..2dc21dde4 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -3,15 +3,15 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/file.local 6include file.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17hostname file 17hostname file
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index 7a5ad4301..f4c25ed05 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -2,9 +2,9 @@
2# Description: Full-featured graphical FTP/FTPS/SFTP client 2# Description: Full-featured graphical FTP/FTPS/SFTP client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/filezilla.local 5include filezilla.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/filezilla 9noblacklist ${HOME}/.config/filezilla
10noblacklist ${HOME}/.filezilla 10noblacklist ${HOME}/.filezilla
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/firefox-beta.profile b/etc/firefox-beta.profile
index f9924fee5..ee158703d 100644
--- a/etc/firefox-beta.profile
+++ b/etc/firefox-beta.profile
@@ -1,10 +1,10 @@
1# Firejail profile for firefox-beta 1# Firejail profile for firefox-beta
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-beta.local 4include firefox-beta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/firefox.profile 10include firefox.profile
diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc
index f5fd4aa5b..7a0c3e99f 100644
--- a/etc/firefox-common-addons.inc
+++ b/etc/firefox-common-addons.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/firefox-common-addons.local 3include firefox-common-addons.local
4 4
5noblacklist ${HOME}/.config/kgetrc 5noblacklist ${HOME}/.config/kgetrc
6noblacklist ${HOME}/.config/okularpartrc 6noblacklist ${HOME}/.config/okularpartrc
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile
index 8ed26e22f..e02d3afd0 100644
--- a/etc/firefox-common.profile
+++ b/etc/firefox-common.profile
@@ -1,26 +1,26 @@
1# Firejail profile for firefox-common 1# Firejail profile for firefox-common
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-common.local 4include firefox-common.local
5# Persistent global definitions 5# Persistent global definitions
6# already included by caller profile 6# already included by caller profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9# uncomment the following line to allow access to common programs/addons/plugins 9# uncomment the following line to allow access to common programs/addons/plugins
10#include /etc/firejail/firefox-common-addons.inc 10#include firefox-common-addons.inc
11 11
12noblacklist ${HOME}/.pki 12noblacklist ${HOME}/.pki
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.pki 19mkdir ${HOME}/.pki
20whitelist ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.pki 21whitelist ${HOME}/.pki
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25apparmor 25apparmor
26caps.drop all 26caps.drop all
diff --git a/etc/firefox-developer-edition.profile b/etc/firefox-developer-edition.profile
index 7458d9e10..56a0485cb 100644
--- a/etc/firefox-developer-edition.profile
+++ b/etc/firefox-developer-edition.profile
@@ -2,10 +2,10 @@
2# Description: Developer Edition of the popular Firefox web browser 2# Description: Developer Edition of the popular Firefox web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/firefox-developer-edition.local 5include firefox-developer-edition.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10# Redirect 10# Redirect
11include /etc/firejail/firefox.profile 11include firefox.profile
diff --git a/etc/firefox-esr.profile b/etc/firefox-esr.profile
index 9821c7150..0ba04d9c1 100644
--- a/etc/firefox-esr.profile
+++ b/etc/firefox-esr.profile
@@ -1,10 +1,10 @@
1# Firejail profile for firefox-esr 1# Firejail profile for firefox-esr
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-esr.local 4include firefox-esr.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/firefox.profile 10include firefox.profile
diff --git a/etc/firefox-nightly.profile b/etc/firefox-nightly.profile
index 302f6eb24..6f3838e33 100644
--- a/etc/firefox-nightly.profile
+++ b/etc/firefox-nightly.profile
@@ -1,10 +1,10 @@
1# Firejail profile for firefox-nightly 1# Firejail profile for firefox-nightly
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-nightly.local 4include firefox-nightly.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/firefox.profile 10include firefox.profile
diff --git a/etc/firefox-wayland.profile b/etc/firefox-wayland.profile
index 806d50e31..e47ca32f9 100644
--- a/etc/firefox-wayland.profile
+++ b/etc/firefox-wayland.profile
@@ -1,10 +1,10 @@
1# Firejail profile for firefox-wayland 1# Firejail profile for firefox-wayland
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-wayland.local 4include firefox-wayland.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/firefox.profile 10include firefox.profile
diff --git a/etc/firefox.profile b/etc/firefox.profile
index c968e964e..830bbc6a7 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -2,9 +2,9 @@
2# Description: Safe and easy web browser from Mozilla 2# Description: Safe and easy web browser from Mozilla
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/firefox.local 5include firefox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/mozilla 9noblacklist ${HOME}/.cache/mozilla
10noblacklist ${HOME}/.mozilla 10noblacklist ${HOME}/.mozilla
@@ -20,4 +20,4 @@ whitelist ${HOME}/.mozilla
20#private-etc firefox 20#private-etc firefox
21 21
22# Redirect 22# Redirect
23include /etc/firejail/firefox-common.profile 23include firefox-common.profile
diff --git a/etc/flameshot.profile b/etc/flameshot.profile
index e4987280a..7f626dce3 100644
--- a/etc/flameshot.profile
+++ b/etc/flameshot.profile
@@ -2,18 +2,18 @@
2# Description: Powerful yet simple-to-use screenshot software 2# Description: Powerful yet simple-to-use screenshot software
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/flameshot.local 5include flameshot.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile
index 63f9d19a9..b841bce75 100644
--- a/etc/flashpeak-slimjet.profile
+++ b/etc/flashpeak-slimjet.profile
@@ -1,9 +1,9 @@
1# Firejail profile for flashpeak-slimjet 1# Firejail profile for flashpeak-slimjet
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/flashpeak-slimjet.local 4include flashpeak-slimjet.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/slimjet 8noblacklist ${HOME}/.cache/slimjet
9noblacklist ${HOME}/.config/slimjet 9noblacklist ${HOME}/.config/slimjet
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/slimjet
14whitelist ${HOME}/.config/slimjet 14whitelist ${HOME}/.config/slimjet
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/flowblade.profile b/etc/flowblade.profile
index bc95a2b51..ecd50bcea 100644
--- a/etc/flowblade.profile
+++ b/etc/flowblade.profile
@@ -2,9 +2,9 @@
2# Description: Non-linear video editor 2# Description: Non-linear video editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/flowblade.local 5include flowblade.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/flowblade 9noblacklist ${HOME}/.config/flowblade
10noblacklist ${HOME}/.flowblade 10noblacklist ${HOME}/.flowblade
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/fluxbox.profile b/etc/fluxbox.profile
index 5fafef95a..c296c0491 100644
--- a/etc/fluxbox.profile
+++ b/etc/fluxbox.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/fluxbox.local 5include fluxbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10noblacklist ${HOME}/.fluxbox 10noblacklist ${HOME}/.fluxbox
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/fontforge.profile b/etc/fontforge.profile
index 2ae80964d..7fac6f01b 100644
--- a/etc/fontforge.profile
+++ b/etc/fontforge.profile
@@ -2,9 +2,9 @@
2# Description: Font editor 2# Description: Font editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/fontforge.local 5include fontforge.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.FontForge 9noblacklist ${HOME}/.FontForge
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
@@ -15,12 +15,12 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/fossamail.profile b/etc/fossamail.profile
index 4316c0988..e821f6f65 100644
--- a/etc/fossamail.profile
+++ b/etc/fossamail.profile
@@ -1,9 +1,9 @@
1# Firejail profile for fossamail 1# Firejail profile for fossamail
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/fossamail.local 4include fossamail.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/fossamail 8noblacklist ${HOME}/.cache/fossamail
9noblacklist ${HOME}/.fossamail 9noblacklist ${HOME}/.fossamail
@@ -15,8 +15,8 @@ mkdir ${HOME}/.gnupg
15whitelist ${HOME}/.cache/fossamail 15whitelist ${HOME}/.cache/fossamail
16whitelist ${HOME}/.fossamail 16whitelist ${HOME}/.fossamail
17whitelist ${HOME}/.gnupg 17whitelist ${HOME}/.gnupg
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20# allow browsers 20# allow browsers
21# Redirect 21# Redirect
22include /etc/firejail/firefox.profile 22include firefox.profile
diff --git a/etc/franz.profile b/etc/franz.profile
index fbe1c0f65..751784bea 100644
--- a/etc/franz.profile
+++ b/etc/franz.profile
@@ -1,18 +1,18 @@
1# Firejail profile for franz 1# Firejail profile for franz
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/franz.local 4include franz.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/Franz 8noblacklist ${HOME}/.cache/Franz
9noblacklist ${HOME}/.config/Franz 9noblacklist ${HOME}/.config/Franz
10noblacklist ${HOME}/.pki 10noblacklist ${HOME}/.pki
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.cache/Franz 17mkdir ${HOME}/.cache/Franz
18mkdir ${HOME}/.config/Franz 18mkdir ${HOME}/.config/Franz
@@ -21,7 +21,7 @@ whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/Franz 21whitelist ${HOME}/.cache/Franz
22whitelist ${HOME}/.config/Franz 22whitelist ${HOME}/.config/Franz
23whitelist ${HOME}/.pki 23whitelist ${HOME}/.pki
24include /etc/firejail/whitelist-common.inc 24include whitelist-common.inc
25 25
26caps.drop all 26caps.drop all
27netfilter 27netfilter
diff --git a/etc/freecad.profile b/etc/freecad.profile
index 934f1d0fb..7585b9786 100644
--- a/etc/freecad.profile
+++ b/etc/freecad.profile
@@ -2,19 +2,19 @@
2# Description: Extensible Open Source CAx program 2# Description: Extensible Open Source CAx program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/freecad.local 5include freecad.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/FreeCAD 9noblacklist ${HOME}/.config/FreeCAD
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20ipc-namespace 20ipc-namespace
diff --git a/etc/freecadcmd.profile b/etc/freecadcmd.profile
index f8bbff593..d98b05e65 100644
--- a/etc/freecadcmd.profile
+++ b/etc/freecadcmd.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/freecad.profile 6include freecad.profile
diff --git a/etc/freshclam.profile b/etc/freshclam.profile
index 4e224dd3e..f688ba47b 100644
--- a/etc/freshclam.profile
+++ b/etc/freshclam.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/clamav.local 5include clamav.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10caps.keep setgid,setuid 10caps.keep setgid,setuid
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile
index 279e5d403..493d11da6 100644
--- a/etc/frozen-bubble.profile
+++ b/etc/frozen-bubble.profile
@@ -2,22 +2,22 @@
2# Description: Cool game where you pop out the bubbles 2# Description: Cool game where you pop out the bubbles
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/frozen-bubble.local 5include frozen-bubble.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.frozen-bubble 9noblacklist ${HOME}/.frozen-bubble
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.frozen-bubble 17mkdir ${HOME}/.frozen-bubble
18whitelist ${HOME}/.frozen-bubble 18whitelist ${HOME}/.frozen-bubble
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23net none 23net none
diff --git a/etc/gajim.profile b/etc/gajim.profile
index 90ba59954..82ae53545 100644
--- a/etc/gajim.profile
+++ b/etc/gajim.profile
@@ -2,9 +2,9 @@
2# Description: GTK+-based Jabber client 2# Description: GTK+-based Jabber client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gajim.local 5include gajim.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/gajim 9noblacklist ${HOME}/.cache/gajim
10noblacklist ${HOME}/.config/gajim 10noblacklist ${HOME}/.config/gajim
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16noblacklist /usr/lib64/python3* 16noblacklist /usr/lib64/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24mkdir ${HOME}/.cache/gajim 24mkdir ${HOME}/.cache/gajim
25mkdir ${HOME}/.config/gajim 25mkdir ${HOME}/.config/gajim
@@ -29,7 +29,7 @@ whitelist ${HOME}/.cache/gajim
29whitelist ${HOME}/.config/gajim 29whitelist ${HOME}/.config/gajim
30whitelist ${HOME}/.local/share/gajim 30whitelist ${HOME}/.local/share/gajim
31whitelist ${HOME}/Downloads 31whitelist ${HOME}/Downloads
32include /etc/firejail/whitelist-common.inc 32include whitelist-common.inc
33 33
34caps.drop all 34caps.drop all
35netfilter 35netfilter
diff --git a/etc/galculator.profile b/etc/galculator.profile
index 699fb7d78..d000015b3 100644
--- a/etc/galculator.profile
+++ b/etc/galculator.profile
@@ -2,22 +2,22 @@
2# Description: Scientific calculator 2# Description: Scientific calculator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/galculator.local 5include galculator.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/galculator 9noblacklist ${HOME}/.config/galculator
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/galculator 17mkdir ${HOME}/.config/galculator
18whitelist ${HOME}/.config/galculator 18whitelist ${HOME}/.config/galculator
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
diff --git a/etc/gcloud.profile b/etc/gcloud.profile
index 195dc9302..d800932bb 100644
--- a/etc/gcloud.profile
+++ b/etc/gcloud.profile
@@ -1,17 +1,17 @@
1# Firejail profile for gcloud 1# Firejail profile for gcloud
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gcloud.local 4include gcloud.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.boto 8noblacklist ${HOME}/.boto
9noblacklist ${HOME}/.config/gcloud 9noblacklist ${HOME}/.config/gcloud
10noblacklist /var/run/docker.sock 10noblacklist /var/run/docker.sock
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16apparmor 16apparmor
17caps.drop all 17caps.drop all
diff --git a/etc/geany.profile b/etc/geany.profile
index d69bca1ad..7389f8e6c 100644
--- a/etc/geany.profile
+++ b/etc/geany.profile
@@ -2,15 +2,15 @@
2# Description: Fast and lightweight IDE 2# Description: Fast and lightweight IDE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/geany.local 5include geany.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/geany 9noblacklist ${HOME}/.config/geany
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16netfilter 16netfilter
diff --git a/etc/geary.profile b/etc/geary.profile
index 735206da2..a21eed9f1 100644
--- a/etc/geary.profile
+++ b/etc/geary.profile
@@ -2,9 +2,9 @@
2# Description: Lightweight email client designed for the GNOME desktop 2# Description: Lightweight email client designed for the GNOME desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/geary.local 5include geary.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Users have Geary set to open a browser by clicking a link in an email 9# Users have Geary set to open a browser by clicking a link in an email
10# We are not allowed to blacklist browser-specific directories 10# We are not allowed to blacklist browser-specific directories
@@ -20,7 +20,7 @@ whitelist ${HOME}/.gnupg
20whitelist ${HOME}/.config/geary 20whitelist ${HOME}/.config/geary
21whitelist ${HOME}/.local/share/geary 21whitelist ${HOME}/.local/share/geary
22 22
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24 24
25ignore nodbus 25ignore nodbus
26ignore private-tmp 26ignore private-tmp
@@ -29,4 +29,4 @@ read-only ${HOME}/.config/mimeapps.list
29 29
30# allow browsers 30# allow browsers
31# Redirect 31# Redirect
32include /etc/firejail/firefox.profile 32include firefox.profile
diff --git a/etc/gedit.profile b/etc/gedit.profile
index 1a4d9634a..3d3ecfab2 100644
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@@ -2,21 +2,21 @@
2# Description: Official text editor of the GNOME desktop environment 2# Description: Official text editor of the GNOME desktop environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gedit.local 5include gedit.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/enchant 9noblacklist ${HOME}/.config/enchant
10noblacklist ${HOME}/.config/gedit 10noblacklist ${HOME}/.config/gedit
11noblacklist ${HOME}/.gitconfig 11noblacklist ${HOME}/.gitconfig
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14# include /etc/firejail/disable-devel.inc 14# include disable-devel.inc
15# include /etc/firejail/disable-interpreters.inc 15# include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21# apparmor - makes settings immutable 21# apparmor - makes settings immutable
22caps.drop all 22caps.drop all
diff --git a/etc/geeqie.profile b/etc/geeqie.profile
index 3fbe245d6..a54ed16a2 100644
--- a/etc/geeqie.profile
+++ b/etc/geeqie.profile
@@ -2,19 +2,19 @@
2# Description: Image viewer using GTK+ 2# Description: Image viewer using GTK+
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/geeqie.local 5include geeqie.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/geeqie 9noblacklist ${HOME}/.cache/geeqie
10noblacklist ${HOME}/.config/geeqie 10noblacklist ${HOME}/.config/geeqie
11noblacklist ${HOME}/.local/share/geeqie 11noblacklist ${HOME}/.local/share/geeqie
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20nodvd 20nodvd
diff --git a/etc/ghb.profile b/etc/ghb.profile
index de6244a32..1cb09ddde 100644
--- a/etc/ghb.profile
+++ b/etc/ghb.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/handbrake.profile 6include handbrake.profile
diff --git a/etc/gimp-2.10.profile b/etc/gimp-2.10.profile
index a4e04af20..d42307710 100644
--- a/etc/gimp-2.10.profile
+++ b/etc/gimp-2.10.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/gimp.profile 6include gimp.profile
diff --git a/etc/gimp-2.8.profile b/etc/gimp-2.8.profile
index a4e04af20..d42307710 100644
--- a/etc/gimp-2.8.profile
+++ b/etc/gimp-2.8.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/gimp.profile 6include gimp.profile
diff --git a/etc/gimp.profile b/etc/gimp.profile
index fa27d2cea..0e52f54eb 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -2,21 +2,21 @@
2# Description: GNU Image Manipulation Program 2# Description: GNU Image Manipulation Program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gimp.local 5include gimp.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/GIMP 9noblacklist ${HOME}/.config/GIMP
10noblacklist ${HOME}/.gimp* 10noblacklist ${HOME}/.gimp*
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12noblacklist ${PICTURES} 12noblacklist ${PICTURES}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21apparmor 21apparmor
22caps.drop all 22caps.drop all
diff --git a/etc/git.profile b/etc/git.profile
index 9c8d22fd3..c3fd6fe94 100644
--- a/etc/git.profile
+++ b/etc/git.profile
@@ -3,9 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/git.local 6include git.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
@@ -17,9 +17,9 @@ noblacklist ${HOME}/.ssh
17noblacklist ${HOME}/.vim 17noblacklist ${HOME}/.vim
18noblacklist ${HOME}/.viminfo 18noblacklist ${HOME}/.viminfo
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/gitg.profile b/etc/gitg.profile
index 87d8c0a1f..c0634c231 100644
--- a/etc/gitg.profile
+++ b/etc/gitg.profile
@@ -2,21 +2,21 @@
2# Description: Git repository viewer 2# Description: Git repository viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gitg.local 5include gitg.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.gitconfig 9noblacklist ${HOME}/.gitconfig
10noblacklist ${HOME}/.local/share/gitg 10noblacklist ${HOME}/.local/share/gitg
11noblacklist ${HOME}/.ssh 11noblacklist ${HOME}/.ssh
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22no3d 22no3d
diff --git a/etc/gitter.profile b/etc/gitter.profile
index b5bedb66d..5278f7a71 100644
--- a/etc/gitter.profile
+++ b/etc/gitter.profile
@@ -1,23 +1,23 @@
1# Firejail profile for gitter 1# Firejail profile for gitter
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gitter.local 4include gitter.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/autostart 8noblacklist ${HOME}/.config/autostart
9noblacklist ${HOME}/.config/Gitter 9noblacklist ${HOME}/.config/Gitter
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.config/autostart 18whitelist ${HOME}/.config/autostart
19whitelist ${HOME}/.config/Gitter 19whitelist ${HOME}/.config/Gitter
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23machine-id 23machine-id
diff --git a/etc/gjs.profile b/etc/gjs.profile
index a603ad695..5e3370066 100644
--- a/etc/gjs.profile
+++ b/etc/gjs.profile
@@ -2,9 +2,9 @@
2# Description: Mozilla-based javascript bindings for the GNOME platform 2# Description: Mozilla-based javascript bindings for the GNOME platform
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gjs.local 5include gjs.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
@@ -13,11 +13,11 @@ noblacklist ${HOME}/.cache/org.gnome.Books
13noblacklist ${HOME}/.config/libreoffice 13noblacklist ${HOME}/.config/libreoffice
14noblacklist ${HOME}/.local/share/gnome-photos 14noblacklist ${HOME}/.local/share/gnome-photos
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/globaltime.profile b/etc/globaltime.profile
index e414abf8c..44b17eace 100644
--- a/etc/globaltime.profile
+++ b/etc/globaltime.profile
@@ -1,18 +1,18 @@
1# Firejail profile for globaltime 1# Firejail profile for globaltime
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/globaltime.local 4include globaltime.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/globaltime 8noblacklist ${HOME}/.config/globaltime
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile
index 62b67b942..166669a19 100644
--- a/etc/gnome-2048.profile
+++ b/etc/gnome-2048.profile
@@ -2,23 +2,23 @@
2# Description: Sliding tile puzzle game 2# Description: Sliding tile puzzle game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-2048.local 5include gnome-2048.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/gnome-2048 9noblacklist ${HOME}/.local/share/gnome-2048
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19mkdir ${HOME}/.local/share/gnome-2048 19mkdir ${HOME}/.local/share/gnome-2048
20whitelist ${HOME}/.local/share/gnome-2048 20whitelist ${HOME}/.local/share/gnome-2048
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile
index 6fc2671d8..a55b3f574 100644
--- a/etc/gnome-books.profile
+++ b/etc/gnome-books.profile
@@ -1,23 +1,23 @@
1# Firejail profile for gnome-books 1# Firejail profile for gnome-books
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gnome-books.local 4include gnome-books.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 8# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
9 9
10noblacklist ${HOME}/.cache/org.gnome.Books 10noblacklist ${HOME}/.cache/org.gnome.Books
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile
index 3b7e3d53a..70bbd53bd 100644
--- a/etc/gnome-builder.profile
+++ b/etc/gnome-builder.profile
@@ -2,14 +2,14 @@
2# Description: IDE for GNOME 2# Description: IDE for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-builder.local 5include gnome-builder.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14caps.drop all 14caps.drop all
15ipc-namespace 15ipc-namespace
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index 315564ee5..3a2aa5c1d 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -3,19 +3,19 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/gnome-calculator.local 6include gnome-calculator.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-common.inc 17include whitelist-common.inc
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20# apparmor - makes settings immutable 20# apparmor - makes settings immutable
21caps.drop all 21caps.drop all
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile
index 74194cb33..4dfbbba0c 100644
--- a/etc/gnome-chess.profile
+++ b/etc/gnome-chess.profile
@@ -2,20 +2,20 @@
2# Description: Simple chess game 2# Description: Simple chess game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-chess.local 5include gnome-chess.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/gnome-chess 9noblacklist ${HOME}/.local/share/gnome-chess
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21no3d 21no3d
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile
index a914c302f..a6514f44f 100644
--- a/etc/gnome-clocks.profile
+++ b/etc/gnome-clocks.profile
@@ -2,19 +2,19 @@
2# Description: Simple GNOME app with stopwatch, timer, and world clock support 2# Description: Simple GNOME app with stopwatch, timer, and world clock support
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-clocks.local 5include gnome-clocks.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile
index 91593c89b..22121fda8 100644
--- a/etc/gnome-contacts.profile
+++ b/etc/gnome-contacts.profile
@@ -2,21 +2,21 @@
2# Description: Contacts manager for GNOME 2# Description: Contacts manager for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-contacts.local 5include gnome-contacts.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile
index 44886d562..abb9c7304 100644
--- a/etc/gnome-documents.profile
+++ b/etc/gnome-documents.profile
@@ -2,21 +2,21 @@
2# Description: Document manager for GNOME 2# Description: Document manager for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-documents.local 5include gnome-documents.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11noblacklist ${HOME}/.config/libreoffice 11noblacklist ${HOME}/.config/libreoffice
12noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile
index e11d6eb5d..a9793b7b3 100644
--- a/etc/gnome-font-viewer.profile
+++ b/etc/gnome-font-viewer.profile
@@ -2,19 +2,19 @@
2# Description: Font viewer for GNOME 2# Description: Font viewer for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-font-viewer.local 5include gnome-font-viewer.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile
index edb895794..613a56350 100644
--- a/etc/gnome-logs.profile
+++ b/etc/gnome-logs.profile
@@ -2,19 +2,19 @@
2# Description: Viewer for the systemd journal 2# Description: Viewer for the systemd journal
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-logs.local 5include gnome-logs.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15 15
16whitelist /var/log/journal 16whitelist /var/log/journal
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile
index f8ff61d84..62a1241cc 100644
--- a/etc/gnome-maps.profile
+++ b/etc/gnome-maps.profile
@@ -2,22 +2,22 @@
2# Description: Map application for GNOME 2# Description: Map application for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-maps.local 5include gnome-maps.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11noblacklist ${HOME}/.cache/champlain 11noblacklist ${HOME}/.cache/champlain
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile
index 9ba4969e5..96adf7a5c 100644
--- a/etc/gnome-mplayer.profile
+++ b/etc/gnome-mplayer.profile
@@ -2,20 +2,20 @@
2# Description: GTK/Gnome interface around MPlayer 2# Description: GTK/Gnome interface around MPlayer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-mplayer.local 5include gnome-mplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gnome-mplayer 9noblacklist ${HOME}/.config/gnome-mplayer
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21nogroups 21nogroups
diff --git a/etc/gnome-mpv.profile b/etc/gnome-mpv.profile
index 84a70c4c5..3d04470b7 100644
--- a/etc/gnome-mpv.profile
+++ b/etc/gnome-mpv.profile
@@ -2,22 +2,22 @@
2# Description: Simple GTK+ frontend for mpv 2# Description: Simple GTK+ frontend for mpv
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-mpv.local 5include gnome-mpv.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gnome-mpv 9noblacklist ${HOME}/.config/gnome-mpv
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23nodbus 23nodbus
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
index 819c40c98..b902f51bc 100644
--- a/etc/gnome-music.profile
+++ b/etc/gnome-music.profile
@@ -2,9 +2,9 @@
2# Description: GNOME music player 2# Description: GNOME music player
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-music.local 5include gnome-music.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/gnome-music 9noblacklist ${HOME}/.local/share/gnome-music
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
@@ -15,14 +15,14 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile
index 5a3ac53d8..8b982156b 100644
--- a/etc/gnome-photos.profile
+++ b/etc/gnome-photos.profile
@@ -2,21 +2,21 @@
2# Description: Access, organize and share your photos with GNOME 2# Description: Access, organize and share your photos with GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-photos.local 5include gnome-photos.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11noblacklist ${HOME}/.local/share/gnome-photos 11noblacklist ${HOME}/.local/share/gnome-photos
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile
index 41f6de346..cef741eb3 100644
--- a/etc/gnome-pie.profile
+++ b/etc/gnome-pie.profile
@@ -2,17 +2,17 @@
2# Description: Alternative AppMenu 2# Description: Alternative AppMenu
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-pie.local 5include gnome-pie.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gnome-pie 9noblacklist ${HOME}/.config/gnome-pie
10 10
11#include /etc/firejail/disable-common.inc 11#include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13#include /etc/firejail/disable-interpreters.inc 13#include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15#include /etc/firejail/disable-programs.inc 15#include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile
index ed6d341eb..867ea8561 100644
--- a/etc/gnome-recipes.profile
+++ b/etc/gnome-recipes.profile
@@ -2,23 +2,23 @@
2# Description: Recipe application for GNOME 2# Description: Recipe application for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-recipes.local 5include gnome-recipes.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10noblacklist ${HOME}/.local/share/gnome-recipes 10noblacklist ${HOME}/.local/share/gnome-recipes
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/gnome-recipes 18mkdir ${HOME}/.cache/gnome-recipes
19whitelist ${HOME}/.cache/gnome-recipes 19whitelist ${HOME}/.cache/gnome-recipes
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
diff --git a/etc/gnome-ring.profile b/etc/gnome-ring.profile
index cbc79320e..f660df690 100644
--- a/etc/gnome-ring.profile
+++ b/etc/gnome-ring.profile
@@ -1,19 +1,19 @@
1# Firejail profile for gnome-ring 1# Firejail profile for gnome-ring
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gnome-ring.local 4include gnome-ring.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.local/share/gnome-ring 8noblacklist ${HOME}/.local/share/gnome-ring
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile
index e670ba22f..2016f6c6e 100644
--- a/etc/gnome-twitch.profile
+++ b/etc/gnome-twitch.profile
@@ -2,24 +2,24 @@
2# Description: GNOME Twitch app for watching Twitch.tv streams without a browser or flash 2# Description: GNOME Twitch app for watching Twitch.tv streams without a browser or flash
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-twitch.local 5include gnome-twitch.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/gnome-twitch 9noblacklist ${HOME}/.cache/gnome-twitch
10noblacklist ${HOME}/.local/share/gnome-twitch 10noblacklist ${HOME}/.local/share/gnome-twitch
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/gnome-twitch 18mkdir ${HOME}/.cache/gnome-twitch
19mkdir ${HOME}/.local/share/gnome-twitch 19mkdir ${HOME}/.local/share/gnome-twitch
20whitelist ${HOME}/.cache/gnome-twitch 20whitelist ${HOME}/.cache/gnome-twitch
21whitelist ${HOME}/.local/share/gnome-twitch 21whitelist ${HOME}/.local/share/gnome-twitch
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25nodvd 25nodvd
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile
index 4d28278b1..f1035ce7e 100644
--- a/etc/gnome-weather.profile
+++ b/etc/gnome-weather.profile
@@ -2,22 +2,22 @@
2# Description: Access current conditions and forecasts 2# Description: Access current conditions and forecasts
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-weather.local 5include gnome-weather.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11noblacklist ${HOME}/.cache/libgweather 11noblacklist ${HOME}/.cache/libgweather
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/goobox.profile b/etc/goobox.profile
index ba949f1c9..32cfc2f58 100644
--- a/etc/goobox.profile
+++ b/etc/goobox.profile
@@ -2,18 +2,18 @@
2# Description: CD player and ripper with GNOME 3 integration 2# Description: CD player and ripper with GNOME 3 integration
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/goobox.local 5include goobox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile
index ab16558ea..73101f509 100644
--- a/etc/google-chrome-beta.profile
+++ b/etc/google-chrome-beta.profile
@@ -1,9 +1,9 @@
1# Firejail profile for google-chrome-beta 1# Firejail profile for google-chrome-beta
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-chrome-beta.local 4include google-chrome-beta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome-beta 8noblacklist ${HOME}/.cache/google-chrome-beta
9noblacklist ${HOME}/.config/google-chrome-beta 9noblacklist ${HOME}/.config/google-chrome-beta
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome-beta
14whitelist ${HOME}/.config/google-chrome-beta 14whitelist ${HOME}/.config/google-chrome-beta
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/google-chrome-stable.profile b/etc/google-chrome-stable.profile
index 6ade19021..55868e0b7 100644
--- a/etc/google-chrome-stable.profile
+++ b/etc/google-chrome-stable.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/google-chrome.profile 6include google-chrome.profile
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile
index b7d0eccf3..50e9923aa 100644
--- a/etc/google-chrome-unstable.profile
+++ b/etc/google-chrome-unstable.profile
@@ -1,9 +1,9 @@
1# Firejail profile for google-chrome-unstable 1# Firejail profile for google-chrome-unstable
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-chrome-unstable.local 4include google-chrome-unstable.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome-unstable 8noblacklist ${HOME}/.cache/google-chrome-unstable
9noblacklist ${HOME}/.config/google-chrome-unstable 9noblacklist ${HOME}/.config/google-chrome-unstable
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome-unstable
14whitelist ${HOME}/.config/google-chrome-unstable 14whitelist ${HOME}/.config/google-chrome-unstable
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile
index 6e44190ae..c69e98271 100644
--- a/etc/google-chrome.profile
+++ b/etc/google-chrome.profile
@@ -1,9 +1,9 @@
1# Firejail profile for google-chrome 1# Firejail profile for google-chrome
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-chrome.local 4include google-chrome.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome 8noblacklist ${HOME}/.cache/google-chrome
9noblacklist ${HOME}/.config/google-chrome 9noblacklist ${HOME}/.config/google-chrome
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome
14whitelist ${HOME}/.config/google-chrome 14whitelist ${HOME}/.config/google-chrome
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/google-earth.profile b/etc/google-earth.profile
index bafa716d1..7e261ecc7 100644
--- a/etc/google-earth.profile
+++ b/etc/google-earth.profile
@@ -1,9 +1,9 @@
1# Firejail profile for google-earth 1# Firejail profile for google-earth
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-earth.local 4include google-earth.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Google 8noblacklist ${HOME}/.config/Google
9noblacklist ${HOME}/.googleearth/Cache/ 9noblacklist ${HOME}/.googleearth/Cache/
@@ -11,11 +11,11 @@ noblacklist ${HOME}/.googleearth/Temp/
11noblacklist ${HOME}/.googleearth/myplaces.backup.kml 11noblacklist ${HOME}/.googleearth/myplaces.backup.kml
12noblacklist ${HOME}/.googleearth/myplaces.kml 12noblacklist ${HOME}/.googleearth/myplaces.kml
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20mkdir ${HOME}/.config/Google 20mkdir ${HOME}/.config/Google
21mkdir ${HOME}/.googleearth/Cache/ 21mkdir ${HOME}/.googleearth/Cache/
@@ -27,7 +27,7 @@ whitelist ${HOME}/.googleearth/Cache/
27whitelist ${HOME}/.googleearth/Temp/ 27whitelist ${HOME}/.googleearth/Temp/
28whitelist ${HOME}/.googleearth/myplaces.backup.kml 28whitelist ${HOME}/.googleearth/myplaces.backup.kml
29whitelist ${HOME}/.googleearth/myplaces.kml 29whitelist ${HOME}/.googleearth/myplaces.kml
30include /etc/firejail/whitelist-common.inc 30include whitelist-common.inc
31 31
32caps.drop all 32caps.drop all
33ipc-namespace 33ipc-namespace
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile
index 7a19cc676..73041bada 100644
--- a/etc/google-play-music-desktop-player.profile
+++ b/etc/google-play-music-desktop-player.profile
@@ -1,22 +1,22 @@
1# Firejail profile for google-play-music-desktop-player 1# Firejail profile for google-play-music-desktop-player
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-play-music-desktop-player.local 4include google-play-music-desktop-player.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Google Play Music Desktop Player 8noblacklist ${HOME}/.config/Google Play Music Desktop Player
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16# whitelist ${HOME}/.config/pulse 16# whitelist ${HOME}/.config/pulse
17# whitelist ${HOME}/.pulse 17# whitelist ${HOME}/.pulse
18whitelist ${HOME}/.config/Google Play Music Desktop Player 18whitelist ${HOME}/.config/Google Play Music Desktop Player
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/gpa.profile b/etc/gpa.profile
index c890beb2e..d8083fc96 100644
--- a/etc/gpa.profile
+++ b/etc/gpa.profile
@@ -2,17 +2,17 @@
2# Description: GNU Privacy Assistant (GPA) 2# Description: GNU Privacy Assistant (GPA)
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpa.local 5include gpa.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.gnupg 9noblacklist ${HOME}/.gnupg
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile
index 0cc17b366..73a587136 100644
--- a/etc/gpg-agent.profile
+++ b/etc/gpg-agent.profile
@@ -2,19 +2,19 @@
2# Description: GNU privacy guard - cryptographic agent 2# Description: GNU privacy guard - cryptographic agent
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpg-agent.local 5include gpg-agent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.gnupg 11noblacklist ${HOME}/.gnupg
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/gpg.profile b/etc/gpg.profile
index 259a95807..a801d7d09 100644
--- a/etc/gpg.profile
+++ b/etc/gpg.profile
@@ -2,19 +2,19 @@
2# Description: GNU Privacy Guard -- minimalist public key operations 2# Description: GNU Privacy Guard -- minimalist public key operations
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpg.local 5include gpg.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.gnupg 11noblacklist ${HOME}/.gnupg
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/gpicview.profile b/etc/gpicview.profile
index 04aecc782..8f4b64cfc 100644
--- a/etc/gpicview.profile
+++ b/etc/gpicview.profile
@@ -2,19 +2,19 @@
2# Description: Lightweight image viewer 2# Description: Lightweight image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpicview.local 5include gpicview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gpicview 9noblacklist ${HOME}/.config/gpicview
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
index ea60e7287..760a647ba 100644
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@@ -2,20 +2,20 @@
2# Description: Satellite tracking program 2# Description: Satellite tracking program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpredict.local 5include gpredict.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Gpredict 9noblacklist ${HOME}/.config/Gpredict
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${HOME}/.config/Gpredict 17whitelist ${HOME}/.config/Gpredict
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/gradio.profile b/etc/gradio.profile
index bba92a0bc..e7f415090 100644
--- a/etc/gradio.profile
+++ b/etc/gradio.profile
@@ -1,25 +1,25 @@
1# Firejail profile for gradio 1# Firejail profile for gradio
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gradio.local 4include gradio.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/gradio 8noblacklist ${HOME}/.cache/gradio
9noblacklist ${HOME}/.local/share/gradio 9noblacklist ${HOME}/.local/share/gradio
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.cache/gradio 17mkdir ${HOME}/.cache/gradio
18mkdir ${HOME}/.local/share/gradio 18mkdir ${HOME}/.local/share/gradio
19whitelist ${HOME}/.cache/gradio 19whitelist ${HOME}/.cache/gradio
20whitelist ${HOME}/.local/share/gradio 20whitelist ${HOME}/.local/share/gradio
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/gtar.profile b/etc/gtar.profile
index d4bf18f95..12acb8356 100644
--- a/etc/gtar.profile
+++ b/etc/gtar.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/tar.profile 6include tar.profile
diff --git a/etc/gthumb.profile b/etc/gthumb.profile
index 6c4de8bf0..e08ebcdcd 100644
--- a/etc/gthumb.profile
+++ b/etc/gthumb.profile
@@ -2,19 +2,19 @@
2# Description: Image viewer and browser 2# Description: Image viewer and browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gthumb.local 5include gthumb.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gthumb 9noblacklist ${HOME}/.config/gthumb
10noblacklist ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20nodvd 20nodvd
diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile
index 775c79521..0b83ea250 100644
--- a/etc/guayadeque.profile
+++ b/etc/guayadeque.profile
@@ -1,19 +1,19 @@
1# Firejail profile for guayadeque 1# Firejail profile for guayadeque
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/guayadeque.local 4include guayadeque.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.guayadeque 8noblacklist ${HOME}/.guayadeque
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile
index 88e441b14..978757612 100644
--- a/etc/gucharmap.profile
+++ b/etc/gucharmap.profile
@@ -2,17 +2,17 @@
2# Description: Unicode character picker and font browser 2# Description: Unicode character picker and font browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gucharmap.local 5include gucharmap.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/gunzip.profile b/etc/gunzip.profile
index 8ea523df7..fe35f8fe7 100644
--- a/etc/gunzip.profile
+++ b/etc/gunzip.profile
@@ -1,9 +1,9 @@
1# Firejail profile for gunzip 1# Firejail profile for gunzip
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gunzip.local 4include gunzip.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/gzip.profile 9include gzip.profile
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index cf9b27e0f..f2bf94209 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -2,9 +2,9 @@
2# Description: Image viewer 2# Description: Image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gwenview.local 5include gwenview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/GIMP 9noblacklist ${HOME}/.config/GIMP
10noblacklist ${HOME}/.config/gwenviewrc 10noblacklist ${HOME}/.config/gwenviewrc
@@ -17,13 +17,13 @@ noblacklist ${HOME}/.kde4/share/config/gwenviewrc
17noblacklist ${HOME}/.local/share/gwenview 17noblacklist ${HOME}/.local/share/gwenview
18noblacklist ${HOME}/.local/share/org.kde.gwenview 18noblacklist ${HOME}/.local/share/org.kde.gwenview
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28apparmor 28apparmor
29caps.drop all 29caps.drop all
diff --git a/etc/gzip.profile b/etc/gzip.profile
index 9157d398a..4a24736a7 100644
--- a/etc/gzip.profile
+++ b/etc/gzip.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/gzip.local 6include gzip.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -23,4 +23,4 @@ tracelog
23 23
24private-dev 24private-dev
25 25
26include /etc/firejail/default.profile 26include default.profile
diff --git a/etc/handbrake-gtk.profile b/etc/handbrake-gtk.profile
index de6244a32..1cb09ddde 100644
--- a/etc/handbrake-gtk.profile
+++ b/etc/handbrake-gtk.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/handbrake.profile 6include handbrake.profile
diff --git a/etc/handbrake.profile b/etc/handbrake.profile
index 32da097ce..57f706d72 100644
--- a/etc/handbrake.profile
+++ b/etc/handbrake.profile
@@ -2,22 +2,22 @@
2# Description: Versatile DVD ripper and video transcoder (GTK+ GUI) 2# Description: Versatile DVD ripper and video transcoder (GTK+ GUI)
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/handbrake.local 5include handbrake.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ghb 9noblacklist ${HOME}/.config/ghb
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
diff --git a/etc/hashcat.profile b/etc/hashcat.profile
index 8bc861dde..353f9e638 100644
--- a/etc/hashcat.profile
+++ b/etc/hashcat.profile
@@ -3,20 +3,20 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/hashcat.local 6include hashcat.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${HOME}/.hashcat 10noblacklist ${HOME}/.hashcat
11noblacklist /usr/include 11noblacklist /usr/include
12noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile
index 542771639..39309f482 100644
--- a/etc/hedgewars.profile
+++ b/etc/hedgewars.profile
@@ -2,21 +2,21 @@
2# Description: Funny turn-based artillery game, featuring fighting hedgehogs 2# Description: Funny turn-based artillery game, featuring fighting hedgehogs
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/hedgewars.local 5include hedgewars.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.hedgewars 9noblacklist ${HOME}/.hedgewars
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.hedgewars 17mkdir ${HOME}/.hedgewars
18whitelist ${HOME}/.hedgewars 18whitelist ${HOME}/.hedgewars
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index a2c163e6a..ffe7909c2 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -2,9 +2,9 @@
2# Description: IRC client for X based on X-Chat 2 2# Description: IRC client for X based on X-Chat 2
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/hexchat.local 5include hexchat.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/hexchat 9noblacklist ${HOME}/.config/hexchat
10noblacklist /usr/share/perl* 10noblacklist /usr/share/perl*
@@ -15,16 +15,16 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24mkdir ${HOME}/.config/hexchat 24mkdir ${HOME}/.config/hexchat
25whitelist ${HOME}/.config/hexchat 25whitelist ${HOME}/.config/hexchat
26include /etc/firejail/whitelist-common.inc 26include whitelist-common.inc
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30machine-id 30machine-id
diff --git a/etc/highlight.profile b/etc/highlight.profile
index d313f2769..2dc8ac470 100644
--- a/etc/highlight.profile
+++ b/etc/highlight.profile
@@ -2,17 +2,17 @@
2# Description: Universal source code to formatted text converter 2# Description: Universal source code to formatted text converter
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/highlight.local 5include highlight.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
diff --git a/etc/hugin.profile b/etc/hugin.profile
index 35505c698..1b345fdc2 100644
--- a/etc/hugin.profile
+++ b/etc/hugin.profile
@@ -2,20 +2,20 @@
2# Description: Panorama photo stitcher 2# Description: Panorama photo stitcher
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/hugin.local 5include hugin.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.hugin 9noblacklist ${HOME}/.hugin
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11noblacklist ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21net none 21net none
diff --git a/etc/i3.profile b/etc/i3.profile
index efbc1f6e7..c1ca0e413 100644
--- a/etc/i3.profile
+++ b/etc/i3.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/i3.local 5include i3.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10noblacklist ${HOME}/.config/i3 10noblacklist ${HOME}/.config/i3
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/icecat.profile b/etc/icecat.profile
index 42e762c21..660343a29 100644
--- a/etc/icecat.profile
+++ b/etc/icecat.profile
@@ -1,9 +1,9 @@
1# Firejail profile for icecat 1# Firejail profile for icecat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/icecat.local 4include icecat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
@@ -17,4 +17,4 @@ whitelist ${HOME}/.mozilla
17#private-etc icecat 17#private-etc icecat
18 18
19# Redirect 19# Redirect
20include /etc/firejail/firefox-common.profile 20include firefox-common.profile
diff --git a/etc/icedove.profile b/etc/icedove.profile
index 80cff3878..a66309bf1 100644
--- a/etc/icedove.profile
+++ b/etc/icedove.profile
@@ -1,9 +1,9 @@
1# Firejail profile for icedove 1# Firejail profile for icedove
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/icedove.local 4include icedove.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Users have icedove set to open a browser by clicking a link in an email 8# Users have icedove set to open a browser by clicking a link in an email
9# We are not allowed to blacklist browser-specific directories 9# We are not allowed to blacklist browser-specific directories
@@ -18,10 +18,10 @@ mkdir ${HOME}/.icedove
18whitelist ${HOME}/.cache/icedove 18whitelist ${HOME}/.cache/icedove
19whitelist ${HOME}/.gnupg 19whitelist ${HOME}/.gnupg
20whitelist ${HOME}/.icedove 20whitelist ${HOME}/.icedove
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23ignore private-tmp 23ignore private-tmp
24 24
25# allow browsers 25# allow browsers
26# Redirect 26# Redirect
27include /etc/firejail/firefox.profile 27include firefox.profile
diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile
index 51f15aa1b..24a2f4cc3 100644
--- a/etc/iceweasel.profile
+++ b/etc/iceweasel.profile
@@ -1,12 +1,12 @@
1# Firejail profile for iceweasel 1# Firejail profile for iceweasel
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/iceweasel.local 4include iceweasel.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# private-etc must first be enabled in firefox-common.profile 8# private-etc must first be enabled in firefox-common.profile
9#private-etc iceweasel 9#private-etc iceweasel
10 10
11# Redirect 11# Redirect
12include /etc/firejail/firefox.profile 12include firefox.profile
diff --git a/etc/idea.profile b/etc/idea.profile
index 623d71734..d56dceb71 100644
--- a/etc/idea.profile
+++ b/etc/idea.profile
@@ -1,10 +1,10 @@
1# Firejail profile for idea 1# Firejail profile for idea
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/idea.local 4include idea.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/idea.sh.profile 10include idea.sh.profile
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile
index 06328ccbf..1c1158707 100644
--- a/etc/idea.sh.profile
+++ b/etc/idea.sh.profile
@@ -1,9 +1,9 @@
1# Firejail profile for idea.sh 1# Firejail profile for idea.sh
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/idea.sh.local 4include idea.sh.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.IdeaIC* 8noblacklist ${HOME}/.IdeaIC*
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
@@ -16,9 +16,9 @@ noblacklist ${HOME}/.local/share/JetBrains
16noblacklist ${HOME}/.ssh 16noblacklist ${HOME}/.ssh
17noblacklist ${HOME}/.tooling 17noblacklist ${HOME}/.tooling
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile
index f7a69fa94..b960b08e5 100644
--- a/etc/ideaIC.profile
+++ b/etc/ideaIC.profile
@@ -1,10 +1,10 @@
1# Firejail profile for ideaIC 1# Firejail profile for ideaIC
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ideaIC.local 4include ideaIC.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/idea.sh.profile 10include idea.sh.profile
diff --git a/etc/imagej.profile b/etc/imagej.profile
index 4de064390..9fff11d31 100644
--- a/etc/imagej.profile
+++ b/etc/imagej.profile
@@ -2,9 +2,9 @@
2# Description: Image processing program with a focus on microscopy images 2# Description: Image processing program with a focus on microscopy images
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/imagej.local 5include imagej.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.imagej 9noblacklist ${HOME}/.imagej
10 10
@@ -14,11 +14,11 @@ noblacklist /usr/lib/java
14noblacklist /etc/java 14noblacklist /etc/java
15noblacklist /usr/share/java 15noblacklist /usr/share/java
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
index c9ee18f80..63ce645a5 100644
--- a/etc/img2txt.profile
+++ b/etc/img2txt.profile
@@ -1,19 +1,19 @@
1# Firejail profile for img2txt 1# Firejail profile for img2txt
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/img2txt.local 4include img2txt.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19net none 19net none
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index 56fdfd081..afd979327 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -2,9 +2,9 @@
2# Description: Vector-based drawing program 2# Description: Vector-based drawing program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/inkscape.local 5include inkscape.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/inkscape 9noblacklist ${HOME}/.cache/inkscape
10noblacklist ${HOME}/.config/inkscape 10noblacklist ${HOME}/.config/inkscape
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.inkscape
12noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13noblacklist ${PICTURES} 13noblacklist ${PICTURES}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24apparmor 24apparmor
25caps.drop all 25caps.drop all
diff --git a/etc/inox.profile b/etc/inox.profile
index 652761c54..1b3db73b4 100644
--- a/etc/inox.profile
+++ b/etc/inox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for inox 1# Firejail profile for inox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/inox.local 4include inox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/inox 8noblacklist ${HOME}/.cache/inox
9noblacklist ${HOME}/.config/inox 9noblacklist ${HOME}/.config/inox
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/inox
14whitelist ${HOME}/.config/inox 14whitelist ${HOME}/.config/inox
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/iridium-browser.profile b/etc/iridium-browser.profile
index 1baa07cb7..0a6418d5c 100644
--- a/etc/iridium-browser.profile
+++ b/etc/iridium-browser.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/iridium.profile 6include iridium.profile
diff --git a/etc/iridium.profile b/etc/iridium.profile
index 2869c3070..ebb39b0a3 100644
--- a/etc/iridium.profile
+++ b/etc/iridium.profile
@@ -1,9 +1,9 @@
1# Firejail profile for iridium 1# Firejail profile for iridium
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/iridium.local 4include iridium.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/iridium 8noblacklist ${HOME}/.cache/iridium
9noblacklist ${HOME}/.config/iridium 9noblacklist ${HOME}/.config/iridium
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/iridium
14whitelist ${HOME}/.config/iridium 14whitelist ${HOME}/.config/iridium
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/itch.profile b/etc/itch.profile
index 2ad669952..83ee20f23 100644
--- a/etc/itch.profile
+++ b/etc/itch.profile
@@ -1,24 +1,24 @@
1# Firejail profile for itch 1# Firejail profile for itch
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/itch.local 4include itch.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# itch.io has native firejail/sandboxing support bundled in 8# itch.io has native firejail/sandboxing support bundled in
9# See https://itch.io/docs/itch/using/sandbox/linux.html 9# See https://itch.io/docs/itch/using/sandbox/linux.html
10 10
11noblacklist ${HOME}/.config/itch 11noblacklist ${HOME}/.config/itch
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.config/itch 19mkdir ${HOME}/.config/itch
20whitelist ${HOME}/.config/itch 20whitelist ${HOME}/.config/itch
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index 3a280dab7..65b6e3c5b 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -1,9 +1,9 @@
1# Firejail profile for jd-gui 1# Firejail profile for jd-gui
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/jd-gui.local 4include jd-gui.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/jd-gui.cfg 8noblacklist ${HOME}/.config/jd-gui.cfg
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
@@ -14,14 +14,14 @@ noblacklist /usr/lib/java
14noblacklist /etc/java 14noblacklist /etc/java
15noblacklist /usr/share/java 15noblacklist /usr/share/java
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27net none 27net none
diff --git a/etc/jdownloader.profile b/etc/jdownloader.profile
index dbcc85e8d..037d92338 100644
--- a/etc/jdownloader.profile
+++ b/etc/jdownloader.profile
@@ -1,10 +1,10 @@
1# Firejail profile for jdownloader 1# Firejail profile for jdownloader
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/jdownloader.local 4include jdownloader.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/JDownloader.profile 10include JDownloader.profile
diff --git a/etc/jitsi.profile b/etc/jitsi.profile
index b3b09f4b1..5a575bb71 100644
--- a/etc/jitsi.profile
+++ b/etc/jitsi.profile
@@ -1,9 +1,9 @@
1# Firejail profile for jitsi 1# Firejail profile for jitsi
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/jitsi.local 4include jitsi.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.jitsi 8noblacklist ${HOME}/.jitsi
9 9
@@ -13,11 +13,11 @@ noblacklist /usr/lib/java
13noblacklist /etc/java 13noblacklist /etc/java
14noblacklist /usr/share/java 14noblacklist /usr/share/java
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22caps.drop all 22caps.drop all
23nodvd 23nodvd
diff --git a/etc/k3b.profile b/etc/k3b.profile
index 6b4c15560..8c599d0ca 100644
--- a/etc/k3b.profile
+++ b/etc/k3b.profile
@@ -2,23 +2,23 @@
2# Description: Sophisticated CD/DVD burning application 2# Description: Sophisticated CD/DVD burning application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/k3b.local 5include k3b.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/k3brc 9noblacklist ${HOME}/.config/k3brc
10noblacklist ${HOME}/.kde/share/config/k3brc 10noblacklist ${HOME}/.kde/share/config/k3brc
11noblacklist ${HOME}/.kde4/share/config/k3brc 11noblacklist ${HOME}/.kde4/share/config/k3brc
12noblacklist ${MUSIC} 12noblacklist ${MUSIC}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24no3d 24no3d
diff --git a/etc/kaffeine.profile b/etc/kaffeine.profile
index 204c20501..3e9456ba0 100644
--- a/etc/kaffeine.profile
+++ b/etc/kaffeine.profile
@@ -2,9 +2,9 @@
2# Description: Versatile media player for KDE 2# Description: Versatile media player for KDE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kaffeine.local 5include kaffeine.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/kaffeinerc 9noblacklist ${HOME}/.config/kaffeinerc
10noblacklist ${HOME}/.kde/share/apps/kaffeine 10noblacklist ${HOME}/.kde/share/apps/kaffeine
@@ -15,14 +15,14 @@ noblacklist ${HOME}/.local/share/kaffeine
15noblacklist ${MUSIC} 15noblacklist ${MUSIC}
16noblacklist ${VIDEOS} 16noblacklist ${VIDEOS}
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/karbon.profile b/etc/karbon.profile
index 3525a3e06..e9e3c2a69 100644
--- a/etc/karbon.profile
+++ b/etc/karbon.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/krita.profile 6include krita.profile
diff --git a/etc/kate.profile b/etc/kate.profile
index 8a53a56a8..e0aa78b26 100644
--- a/etc/kate.profile
+++ b/etc/kate.profile
@@ -2,9 +2,9 @@
2# Description: Powerful text editor 2# Description: Powerful text editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kate.local 5include kate.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/katemetainfos 9noblacklist ${HOME}/.config/katemetainfos
10noblacklist ${HOME}/.config/katepartrc 10noblacklist ${HOME}/.config/katepartrc
@@ -14,13 +14,13 @@ noblacklist ${HOME}/.config/katesyntaxhighlightingrc
14noblacklist ${HOME}/.config/katevirc 14noblacklist ${HOME}/.config/katevirc
15noblacklist ${HOME}/.local/share/kate 15noblacklist ${HOME}/.local/share/kate
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18# include /etc/firejail/disable-devel.inc 18# include disable-devel.inc
19# include /etc/firejail/disable-interpreters.inc 19# include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25# apparmor 25# apparmor
26caps.drop all 26caps.drop all
diff --git a/etc/kcalc.profile b/etc/kcalc.profile
index 20ad8f23a..03df23ec1 100644
--- a/etc/kcalc.profile
+++ b/etc/kcalc.profile
@@ -2,16 +2,16 @@
2# Description: Simple and scientific calculator 2# Description: Simple and scientific calculator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kcalc.local 5include kcalc.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkfile ${HOME}/.config/kcalcrc 16mkfile ${HOME}/.config/kcalcrc
17mkfile ${HOME}/.kde/share/config/kcalcrc 17mkfile ${HOME}/.kde/share/config/kcalcrc
@@ -19,8 +19,8 @@ mkfile ${HOME}/.kde4/share/config/kcalcrc
19whitelist ${HOME}/.config/kcalcrc 19whitelist ${HOME}/.config/kcalcrc
20whitelist ${HOME}/.kde/share/config/kcalcrc 20whitelist ${HOME}/.kde/share/config/kcalcrc
21whitelist ${HOME}/.kde4/share/config/kcalcrc 21whitelist ${HOME}/.kde4/share/config/kcalcrc
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25apparmor 25apparmor
26caps.drop all 26caps.drop all
diff --git a/etc/kdeinit4.profile b/etc/kdeinit4.profile
index 76de15ccf..f853b1812 100644
--- a/etc/kdeinit4.profile
+++ b/etc/kdeinit4.profile
@@ -1,19 +1,19 @@
1# Firejail profile for kdeinit4 1# Firejail profile for kdeinit4
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/kdeinit4.local 4include kdeinit4.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# use outside KDE Plasma 4 8# use outside KDE Plasma 4
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile
index 4aca10995..1d7b2ff53 100644
--- a/etc/kdenlive.profile
+++ b/etc/kdenlive.profile
@@ -2,19 +2,19 @@
2# Description: Non-linear video editor 2# Description: Non-linear video editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kdenlive.local 5include kdenlive.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/kdenlive 9noblacklist ${HOME}/.cache/kdenlive
10noblacklist ${HOME}/.config/kdenliverc 10noblacklist ${HOME}/.config/kdenliverc
11noblacklist ${HOME}/.local/share/kdenlive 11noblacklist ${HOME}/.local/share/kdenlive
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19apparmor 19apparmor
20caps.drop all 20caps.drop all
diff --git a/etc/keepass.profile b/etc/keepass.profile
index e27248357..96b522f17 100644
--- a/etc/keepass.profile
+++ b/etc/keepass.profile
@@ -2,9 +2,9 @@
2# Description: An easy-to-use password manager 2# Description: An easy-to-use password manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/keepass.local 5include keepass.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/*.kdb 9noblacklist ${HOME}/*.kdb
10noblacklist ${HOME}/*.kdbx 10noblacklist ${HOME}/*.kdbx
@@ -15,12 +15,12 @@ noblacklist ${HOME}/.local/share/KeePass
15noblacklist ${HOME}/.local/share/keepass 15noblacklist ${HOME}/.local/share/keepass
16noblacklist ${DOCUMENTS} 16noblacklist ${DOCUMENTS}
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/keepass2.profile b/etc/keepass2.profile
index d29fc6abc..9e33e08db 100644
--- a/etc/keepass2.profile
+++ b/etc/keepass2.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/keepass.profile 6include keepass.profile
diff --git a/etc/keepassx.profile b/etc/keepassx.profile
index 94aaa5597..eb8d2e235 100644
--- a/etc/keepassx.profile
+++ b/etc/keepassx.profile
@@ -2,9 +2,9 @@
2# Description: Cross Platform Password Manager 2# Description: Cross Platform Password Manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/keepassx.local 5include keepassx.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/*.kdb 9noblacklist ${HOME}/*.kdb
10noblacklist ${HOME}/*.kdbx 10noblacklist ${HOME}/*.kdbx
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.config/keepassx
12noblacklist ${HOME}/.keepassx 12noblacklist ${HOME}/.keepassx
13noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25machine-id 25machine-id
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile
index 4e74c2cea..fdd27e9f9 100644
--- a/etc/keepassx2.profile
+++ b/etc/keepassx2.profile
@@ -3,4 +3,4 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5# Redirects 5# Redirects
6include /etc/firejail/keepassx.profile 6include keepassx.profile
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index a00d17878..bb0ec602f 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -2,9 +2,9 @@
2# Description: Cross Platform Password Manager 2# Description: Cross Platform Password Manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/keepassxc.local 5include keepassxc.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/*.kdb 9noblacklist ${HOME}/*.kdb
10noblacklist ${HOME}/*.kdbx 10noblacklist ${HOME}/*.kdbx
@@ -14,14 +14,14 @@ noblacklist ${HOME}/.keepassxc
14noblacklist ${HOME}/.mozilla 14noblacklist ${HOME}/.mozilla
15noblacklist ${DOCUMENTS} 15noblacklist ${DOCUMENTS}
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27machine-id 27machine-id
diff --git a/etc/kget.profile b/etc/kget.profile
index a32b51626..582b297f9 100644
--- a/etc/kget.profile
+++ b/etc/kget.profile
@@ -2,9 +2,9 @@
2# Description: Download manager 2# Description: Download manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kget.local 5include kget.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/kgetrc 9noblacklist ${HOME}/.config/kgetrc
10noblacklist ${HOME}/.kde/share/apps/kget 10noblacklist ${HOME}/.kde/share/apps/kget
@@ -13,13 +13,13 @@ noblacklist ${HOME}/.kde4/share/apps/kget
13noblacklist ${HOME}/.kde4/share/config/kgetrc 13noblacklist ${HOME}/.kde4/share/config/kgetrc
14noblacklist ${HOME}/.local/share/kget 14noblacklist ${HOME}/.local/share/kget
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/kino.profile b/etc/kino.profile
index cda86ddc6..31613259c 100644
--- a/etc/kino.profile
+++ b/etc/kino.profile
@@ -2,18 +2,18 @@
2# Description: Non-linear editor for Digital Video data 2# Description: Non-linear editor for Digital Video data
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kino.local 5include kino.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.kino-history 9noblacklist ${HOME}/.kino-history
10noblacklist ${HOME}/.kinorc 10noblacklist ${HOME}/.kinorc
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/kmail.profile b/etc/kmail.profile
index 308a981f7..89c591280 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -2,9 +2,9 @@
2# Description: Full featured graphical email client 2# Description: Full featured graphical email client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kmail.local 5include kmail.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# kmail has problems launching akonadi in debian and ubuntu. 9# kmail has problems launching akonadi in debian and ubuntu.
10# one solution is to have akonadi already running when kmail is started 10# one solution is to have akonadi already running when kmail is started
@@ -29,13 +29,13 @@ noblacklist ${HOME}/.local/share/local-mail
29noblacklist ${HOME}/.local/share/notes 29noblacklist ${HOME}/.local/share/notes
30noblacklist /tmp/akonadi-* 30noblacklist /tmp/akonadi-*
31 31
32include /etc/firejail/disable-common.inc 32include disable-common.inc
33include /etc/firejail/disable-devel.inc 33include disable-devel.inc
34include /etc/firejail/disable-interpreters.inc 34include disable-interpreters.inc
35include /etc/firejail/disable-passwdmgr.inc 35include disable-passwdmgr.inc
36include /etc/firejail/disable-programs.inc 36include disable-programs.inc
37 37
38include /etc/firejail/whitelist-var-common.inc 38include whitelist-var-common.inc
39 39
40# apparmor 40# apparmor
41caps.drop all 41caps.drop all
diff --git a/etc/knotes.profile b/etc/knotes.profile
index 147d2d831..e7ea04873 100644
--- a/etc/knotes.profile
+++ b/etc/knotes.profile
@@ -2,9 +2,9 @@
2# Description: Sticky notes application 2# Description: Sticky notes application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/knotes.local 5include knotes.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# knotes has problems launching akonadi in debian and ubuntu. 9# knotes has problems launching akonadi in debian and ubuntu.
10# one solution is to have akonadi already running when knotes is started 10# one solution is to have akonadi already running when knotes is started
@@ -14,4 +14,4 @@ noblacklist ${HOME}/.local/share/knotes
14 14
15 15
16# Redirect 16# Redirect
17include /etc/firejail/kmail.profile 17include kmail.profile
diff --git a/etc/kodi.profile b/etc/kodi.profile
index 9dd7770ad..f02dec787 100644
--- a/etc/kodi.profile
+++ b/etc/kodi.profile
@@ -2,9 +2,9 @@
2# Description: Open Source Home Theatre 2# Description: Open Source Home Theatre
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kodi.local 5include kodi.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.kodi 9noblacklist ${HOME}/.kodi
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29apparmor 29apparmor
30caps.drop all 30caps.drop all
diff --git a/etc/konversation.profile b/etc/konversation.profile
index b66f40600..dff8bbab4 100644
--- a/etc/konversation.profile
+++ b/etc/konversation.profile
@@ -2,21 +2,21 @@
2# Description: User friendly Internet Relay Chat (IRC) client for KDE 2# Description: User friendly Internet Relay Chat (IRC) client for KDE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/konversation.local 5include konversation.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/konversationrc 9noblacklist ${HOME}/.config/konversationrc
10noblacklist ${HOME}/.kde/share/config/konversationrc 10noblacklist ${HOME}/.kde/share/config/konversationrc
11noblacklist ${HOME}/.kde4/share/config/konversationrc 11noblacklist ${HOME}/.kde4/share/config/konversationrc
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/kopete.profile b/etc/kopete.profile
index d7829113d..0ac7c7e97 100644
--- a/etc/kopete.profile
+++ b/etc/kopete.profile
@@ -2,23 +2,23 @@
2# Description: Instant messaging and chat application 2# Description: Instant messaging and chat application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kopete.local 5include kopete.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.kde/share/apps/kopete 9noblacklist ${HOME}/.kde/share/apps/kopete
10noblacklist ${HOME}/.kde/share/config/kopeterc 10noblacklist ${HOME}/.kde/share/config/kopeterc
11noblacklist ${HOME}/.kde4/share/apps/kopete 11noblacklist ${HOME}/.kde4/share/apps/kopete
12noblacklist ${HOME}/.kde4/share/config/kopeterc 12noblacklist ${HOME}/.kde4/share/config/kopeterc
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20whitelist /var/lib/winpopup 20whitelist /var/lib/winpopup
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
diff --git a/etc/krita.profile b/etc/krita.profile
index 5a1f3d031..ba3bb820f 100644
--- a/etc/krita.profile
+++ b/etc/krita.profile
@@ -2,9 +2,9 @@
2# Description: Pixel-based image manipulation program 2# Description: Pixel-based image manipulation program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/krita.local 5include krita.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/kritarc 9noblacklist ${HOME}/.config/kritarc
10noblacklist ${HOME}/.local/share/krita 10noblacklist ${HOME}/.local/share/krita
@@ -17,12 +17,12 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27apparmor 27apparmor
28caps.drop all 28caps.drop all
diff --git a/etc/krunner.profile b/etc/krunner.profile
index 0b1b9e5de..c64113c15 100644
--- a/etc/krunner.profile
+++ b/etc/krunner.profile
@@ -2,9 +2,9 @@
2# Description: Framework for providing different actions given a string query 2# Description: Framework for providing different actions given a string query
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/krunner.local 5include krunner.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# - programs started in krunner run with this generic profile. 9# - programs started in krunner run with this generic profile.
10# - when a file is opened in krunner, the file viewer runs in its own sandbox 10# - when a file is opened in krunner, the file viewer runs in its own sandbox
@@ -19,13 +19,13 @@ noblacklist ${HOME}/.kde4/share/config/krunnerrc
19# noblacklist ${HOME}/.local/share/baloo 19# noblacklist ${HOME}/.local/share/baloo
20# noblacklist ${HOME}/.mozilla 20# noblacklist ${HOME}/.mozilla
21 21
22include /etc/firejail/disable-common.inc 22include disable-common.inc
23# include /etc/firejail/disable-devel.inc 23# include disable-devel.inc
24# include /etc/firejail/disable-interpreters.inc 24# include disable-interpreters.inc
25# include /etc/firejail/disable-passwdmgr.inc 25# include disable-passwdmgr.inc
26# include /etc/firejail/disable-programs.inc 26# include disable-programs.inc
27 27
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30caps.drop all 30caps.drop all
31netfilter 31netfilter
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile
index 14ee3322c..344d1f932 100644
--- a/etc/ktorrent.profile
+++ b/etc/ktorrent.profile
@@ -2,9 +2,9 @@
2# Description: BitTorrent client based on the KDE platform 2# Description: BitTorrent client based on the KDE platform
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ktorrent.local 5include ktorrent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ktorrentrc 9noblacklist ${HOME}/.config/ktorrentrc
10noblacklist ${HOME}/.kde/share/apps/ktorrent 10noblacklist ${HOME}/.kde/share/apps/ktorrent
@@ -13,11 +13,11 @@ noblacklist ${HOME}/.kde4/share/apps/ktorrent
13noblacklist ${HOME}/.kde4/share/config/ktorrentrc 13noblacklist ${HOME}/.kde4/share/config/ktorrentrc
14noblacklist ${HOME}/.local/share/ktorrent 14noblacklist ${HOME}/.local/share/ktorrent
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22mkdir ${HOME}/.kde/share/apps/ktorrent 22mkdir ${HOME}/.kde/share/apps/ktorrent
23mkdir ${HOME}/.kde4/share/apps/ktorrent 23mkdir ${HOME}/.kde4/share/apps/ktorrent
@@ -32,8 +32,8 @@ whitelist ${HOME}/.kde/share/config/ktorrentrc
32whitelist ${HOME}/.kde4/share/apps/ktorrent 32whitelist ${HOME}/.kde4/share/apps/ktorrent
33whitelist ${HOME}/.kde4/share/config/ktorrentrc 33whitelist ${HOME}/.kde4/share/config/ktorrentrc
34whitelist ${HOME}/.local/share/ktorrent 34whitelist ${HOME}/.local/share/ktorrent
35include /etc/firejail/whitelist-common.inc 35include whitelist-common.inc
36include /etc/firejail/whitelist-var-common.inc 36include whitelist-var-common.inc
37 37
38caps.drop all 38caps.drop all
39machine-id 39machine-id
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile
index ca7c5042d..a7a42d5ad 100644
--- a/etc/kwin_x11.profile
+++ b/etc/kwin_x11.profile
@@ -1,22 +1,22 @@
1# Firejail profile for kwin_x11 1# Firejail profile for kwin_x11
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/kwin_x11.local 4include kwin_x11.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/kwin 8noblacklist ${HOME}/.cache/kwin
9noblacklist ${HOME}/.config/kwinrc 9noblacklist ${HOME}/.config/kwinrc
10noblacklist ${HOME}/.config/kwinrulesrc 10noblacklist ${HOME}/.config/kwinrulesrc
11noblacklist ${HOME}/.local/share/kwin 11noblacklist ${HOME}/.local/share/kwin
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/kwrite.profile b/etc/kwrite.profile
index f080b3ffc..bde981737 100644
--- a/etc/kwrite.profile
+++ b/etc/kwrite.profile
@@ -2,9 +2,9 @@
2# Description: Simple text editor 2# Description: Simple text editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kwrite.local 5include kwrite.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/katepartrc 9noblacklist ${HOME}/.config/katepartrc
10noblacklist ${HOME}/.config/katerc 10noblacklist ${HOME}/.config/katerc
@@ -15,14 +15,14 @@ noblacklist ${HOME}/.config/kwriterc
15noblacklist ${HOME}/.local/share/kwrite 15noblacklist ${HOME}/.local/share/kwrite
16noblacklist ${DOCUMENTS} 16noblacklist ${DOCUMENTS}
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27apparmor 27apparmor
28caps.drop all 28caps.drop all
diff --git a/etc/lbunzip2.profile b/etc/lbunzip2.profile
index 180eea2c8..ec9a8f546 100644
--- a/etc/lbunzip2.profile
+++ b/etc/lbunzip2.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/gzip.profile 7include gzip.profile
diff --git a/etc/lbzcat.profile b/etc/lbzcat.profile
index 180eea2c8..ec9a8f546 100644
--- a/etc/lbzcat.profile
+++ b/etc/lbzcat.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/gzip.profile 7include gzip.profile
diff --git a/etc/lbzip2.profile b/etc/lbzip2.profile
index 180eea2c8..ec9a8f546 100644
--- a/etc/lbzip2.profile
+++ b/etc/lbzip2.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/gzip.profile 7include gzip.profile
diff --git a/etc/leafpad.profile b/etc/leafpad.profile
index d3335893f..f4e04bf0c 100644
--- a/etc/leafpad.profile
+++ b/etc/leafpad.profile
@@ -2,19 +2,19 @@
2# Description: GTK+ based simple text editor 2# Description: GTK+ based simple text editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/leafpad.local 5include leafpad.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/leafpad 9noblacklist ${HOME}/.config/leafpad
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/less.profile b/etc/less.profile
index a08d2c547..b083c3809 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/less.local 6include less.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -33,4 +33,4 @@ memory-deny-write-execute
33noexec ${HOME} 33noexec ${HOME}
34noexec /tmp 34noexec /tmp
35 35
36include /etc/firejail/default.profile 36include default.profile
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 905dd22b9..fb582508e 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -2,9 +2,9 @@
2# Description: Office productivity suite 2# Description: Office productivity suite
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/libreoffice.local 5include libreoffice.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist /usr/local/sbin 10noblacklist /usr/local/sbin
@@ -17,12 +17,12 @@ noblacklist /usr/lib/java
17noblacklist /etc/java 17noblacklist /etc/java
18noblacklist /usr/share/java 18noblacklist /usr/share/java
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27# Ubuntu 18.04 uses its own apparmor profile 27# Ubuntu 18.04 uses its own apparmor profile
28# uncomment the next line if you are not on Ubuntu 28# uncomment the next line if you are not on Ubuntu
diff --git a/etc/liferea.profile b/etc/liferea.profile
index 04c649121..3d83ffd22 100644
--- a/etc/liferea.profile
+++ b/etc/liferea.profile
@@ -2,9 +2,9 @@
2# Description: Feed/news/podcast client with plugin support 2# Description: Feed/news/podcast client with plugin support
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/liferea.local 5include liferea.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/liferea 9noblacklist ${HOME}/.cache/liferea
10noblacklist ${HOME}/.config/liferea 10noblacklist ${HOME}/.config/liferea
@@ -16,11 +16,11 @@ noblacklist ${PATH}/python3*
16noblacklist /usr/lib/python2* 16noblacklist /usr/lib/python2*
17noblacklist /usr/lib/python3* 17noblacklist /usr/lib/python3*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24 24
25mkdir ${HOME}/.cache/liferea 25mkdir ${HOME}/.cache/liferea
26mkdir ${HOME}/.config/liferea 26mkdir ${HOME}/.config/liferea
@@ -28,8 +28,8 @@ mkdir ${HOME}/.local/share/liferea
28whitelist ${HOME}/.cache/liferea 28whitelist ${HOME}/.cache/liferea
29whitelist ${HOME}/.config/liferea 29whitelist ${HOME}/.config/liferea
30whitelist ${HOME}/.local/share/liferea 30whitelist ${HOME}/.local/share/liferea
31include /etc/firejail/whitelist-common.inc 31include whitelist-common.inc
32include /etc/firejail/whitelist-var-common.inc 32include whitelist-var-common.inc
33 33
34caps.drop all 34caps.drop all
35netfilter 35netfilter
diff --git a/etc/linphone.profile b/etc/linphone.profile
index b469b9711..a3e072509 100644
--- a/etc/linphone.profile
+++ b/etc/linphone.profile
@@ -2,25 +2,25 @@
2# Description: SIP softphone - graphical client 2# Description: SIP softphone - graphical client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/linphone.local 5include linphone.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.linphone-history.db 9noblacklist ${HOME}/.linphone-history.db
10noblacklist ${HOME}/.linphonerc 10noblacklist ${HOME}/.linphonerc
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkfile ${HOME}/.linphone-history.db 18mkfile ${HOME}/.linphone-history.db
19mkfile ${HOME}/.linphonerc 19mkfile ${HOME}/.linphonerc
20whitelist ${HOME}/.linphone-history.db 20whitelist ${HOME}/.linphone-history.db
21whitelist ${HOME}/.linphonerc 21whitelist ${HOME}/.linphonerc
22whitelist ${HOME}/Downloads 22whitelist ${HOME}/Downloads
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/lmms.profile b/etc/lmms.profile
index d3ef1b40e..1534b57a0 100644
--- a/etc/lmms.profile
+++ b/etc/lmms.profile
@@ -2,20 +2,20 @@
2# Description: Linux Multimedia Studio 2# Description: Linux Multimedia Studio
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lmms.local 5include lmms.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.lmmsrc.xml 9noblacklist ${HOME}/.lmmsrc.xml
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
diff --git a/etc/lobase.profile b/etc/lobase.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lobase.profile
+++ b/etc/lobase.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/localc.profile b/etc/localc.profile
index c702a4ece..ea0f84631 100644
--- a/etc/localc.profile
+++ b/etc/localc.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/lodraw.profile b/etc/lodraw.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lodraw.profile
+++ b/etc/lodraw.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/loffice.profile b/etc/loffice.profile
index c702a4ece..ea0f84631 100644
--- a/etc/loffice.profile
+++ b/etc/loffice.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/lofromtemplate.profile b/etc/lofromtemplate.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lofromtemplate.profile
+++ b/etc/lofromtemplate.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/loimpress.profile b/etc/loimpress.profile
index c702a4ece..ea0f84631 100644
--- a/etc/loimpress.profile
+++ b/etc/loimpress.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/lollypop.profile b/etc/lollypop.profile
index efd40e899..b279602ef 100644
--- a/etc/lollypop.profile
+++ b/etc/lollypop.profile
@@ -2,9 +2,9 @@
2# Description: Music player for GNOME 2# Description: Music player for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lollypop.local 5include lollypop.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/lollypop 9noblacklist ${HOME}/.local/share/lollypop
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
@@ -15,14 +15,14 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/lomath.profile b/etc/lomath.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lomath.profile
+++ b/etc/lomath.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/loweb.profile b/etc/loweb.profile
index c702a4ece..ea0f84631 100644
--- a/etc/loweb.profile
+++ b/etc/loweb.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/lowriter.profile b/etc/lowriter.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lowriter.profile
+++ b/etc/lowriter.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile
index a4ccefb6d..0b43a0b71 100644
--- a/etc/luminance-hdr.profile
+++ b/etc/luminance-hdr.profile
@@ -2,19 +2,19 @@
2# Description: Graphical user interface providing a workflow for HDR imaging 2# Description: Graphical user interface providing a workflow for HDR imaging
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/luminance-hdr.local 5include luminance-hdr.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Luminance 9noblacklist ${HOME}/.config/Luminance
10noblacklist ${PICTURES} 10noblacklist ${PICTURES}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile
index 4b3c457f6..6e310c509 100644
--- a/etc/lximage-qt.profile
+++ b/etc/lximage-qt.profile
@@ -2,17 +2,17 @@
2# Description: Image viewer for LXQt 2# Description: Image viewer for LXQt
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lximage-qt.local 5include lximage-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/lximage-qt 9noblacklist ${HOME}/.config/lximage-qt
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile
index 7c3334075..219f312e5 100644
--- a/etc/lxmusic.profile
+++ b/etc/lxmusic.profile
@@ -2,22 +2,22 @@
2# Description: LXDE music player 2# Description: LXDE music player
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lxmusic.local 5include lxmusic.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/xmms2 9noblacklist ${HOME}/.cache/xmms2
10noblacklist ${HOME}/.config/xmms2 10noblacklist ${HOME}/.config/xmms2
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/lynx.profile b/etc/lynx.profile
index f5ec44fda..6fcd026dc 100644
--- a/etc/lynx.profile
+++ b/etc/lynx.profile
@@ -2,18 +2,18 @@
2# Description: Classic non-graphical (text-mode) web browser 2# Description: Classic non-graphical (text-mode) web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lynx.local 5include lynx.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/lzcat.profile b/etc/lzcat.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/lzcat.profile
+++ b/etc/lzcat.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/lzcmp.profile b/etc/lzcmp.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/lzcmp.profile
+++ b/etc/lzcmp.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/lzdiff.profile b/etc/lzdiff.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/lzdiff.profile
+++ b/etc/lzdiff.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/lzegrep.profile b/etc/lzegrep.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/lzegrep.profile
+++ b/etc/lzegrep.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/lzfgrep.profile b/etc/lzfgrep.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/lzfgrep.profile
+++ b/etc/lzfgrep.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/lzgrep.profile b/etc/lzgrep.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/lzgrep.profile
+++ b/etc/lzgrep.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/lzip.profile b/etc/lzip.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/lzip.profile
+++ b/etc/lzip.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/lzless.profile b/etc/lzless.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/lzless.profile
+++ b/etc/lzless.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/lzma.profile b/etc/lzma.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/lzma.profile
+++ b/etc/lzma.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/lzmadec.profile b/etc/lzmadec.profile
index 7c26620dd..9ba22601b 100644
--- a/etc/lzmadec.profile
+++ b/etc/lzmadec.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/xzdec.profile 7include xzdec.profile
diff --git a/etc/lzmainfo.profile b/etc/lzmainfo.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/lzmainfo.profile
+++ b/etc/lzmainfo.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/lzmore.profile b/etc/lzmore.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/lzmore.profile
+++ b/etc/lzmore.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile
index 4107d91ad..e1d940425 100644
--- a/etc/macrofusion.profile
+++ b/etc/macrofusion.profile
@@ -1,9 +1,9 @@
1# Firejail profile for macrofusion 1# Firejail profile for macrofusion
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/macrofusion.local 4include macrofusion.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/mfusion 8noblacklist ${HOME}/.config/mfusion
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
@@ -14,12 +14,12 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24caps.drop all 24caps.drop all
25ipc-namespace 25ipc-namespace
diff --git a/etc/makepkg.profile b/etc/makepkg.profile
index ac337b9a1..317a3dd78 100644
--- a/etc/makepkg.profile
+++ b/etc/makepkg.profile
@@ -10,9 +10,9 @@
10 10
11quiet 11quiet
12# Persistent local customizations 12# Persistent local customizations
13include /etc/firejail/makepkg.local 13include makepkg.local
14# Persistent global definitions 14# Persistent global definitions
15include /etc/firejail/globals.local 15include globals.local
16 16
17 17
18# Enable severely restricted access to ${HOME}/.gnupg 18# Enable severely restricted access to ${HOME}/.gnupg
@@ -30,9 +30,9 @@ blacklist ${HOME}/.gnupg/openpgp-revocs.d
30# Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} 30# Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only}
31noblacklist /var/lib/pacman 31noblacklist /var/lib/pacman
32 32
33include /etc/firejail/disable-common.inc 33include disable-common.inc
34include /etc/firejail/disable-passwdmgr.inc 34include disable-passwdmgr.inc
35include /etc/firejail/disable-programs.inc 35include disable-programs.inc
36 36
37caps.drop all 37caps.drop all
38ipc-namespace 38ipc-namespace
diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile
index cc80679fc..e35ddd2a7 100644
--- a/etc/masterpdfeditor.profile
+++ b/etc/masterpdfeditor.profile
@@ -2,20 +2,20 @@
2# Description: A complete solution for creating and editing PDF files 2# Description: A complete solution for creating and editing PDF files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/masterpdfeditor.local 5include masterpdfeditor.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Code Industry 9noblacklist ${HOME}/.config/Code Industry
10noblacklist ${HOME}/.masterpdfeditor 10noblacklist ${HOME}/.masterpdfeditor
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
diff --git a/etc/masterpdfeditor4.profile b/etc/masterpdfeditor4.profile
index 7ab9c9421..5612fdaa4 100644
--- a/etc/masterpdfeditor4.profile
+++ b/etc/masterpdfeditor4.profile
@@ -2,11 +2,11 @@
2# Description: A complete solution for creating and editing PDF files 2# Description: A complete solution for creating and editing PDF files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/masterpdfeditor4.local 5include masterpdfeditor4.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included profile 7# added by included profile
8#include /etc/firejail/globals.local 8#include globals.local
9 9
10 10
11# Redirect 11# Redirect
12include /etc/firejail/masterpdfeditor.profile 12include masterpdfeditor.profile
diff --git a/etc/masterpdfeditor5.profile b/etc/masterpdfeditor5.profile
index 86faf5da0..8669ceb11 100644
--- a/etc/masterpdfeditor5.profile
+++ b/etc/masterpdfeditor5.profile
@@ -2,11 +2,11 @@
2# Description: A complete solution for creating and editing PDF files 2# Description: A complete solution for creating and editing PDF files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/masterpdfeditor5.local 5include masterpdfeditor5.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included profile 7# added by included profile
8#include /etc/firejail/globals.local 8#include globals.local
9 9
10 10
11# Redirect 11# Redirect
12include /etc/firejail/masterpdfeditor.profile 12include masterpdfeditor.profile
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile
index 874fcf8cb..46bd7aa2e 100644
--- a/etc/mate-calc.profile
+++ b/etc/mate-calc.profile
@@ -2,17 +2,17 @@
2# Description: MATE desktop calculator 2# Description: MATE desktop calculator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mate-calc.local 5include mate-calc.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mate-calc 9noblacklist ${HOME}/.config/mate-calc
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${HOME}/.cache/mate-calc 17whitelist ${HOME}/.cache/mate-calc
18whitelist ${HOME}/.config/caja 18whitelist ${HOME}/.config/caja
diff --git a/etc/mate-calculator.profile b/etc/mate-calculator.profile
index 43bb3ebb4..442acf8ff 100644
--- a/etc/mate-calculator.profile
+++ b/etc/mate-calculator.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/mate-calc.profile 6include mate-calc.profile
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile
index c3a3ee446..b4cf0b38a 100644
--- a/etc/mate-color-select.profile
+++ b/etc/mate-color-select.profile
@@ -1,16 +1,16 @@
1# Firejail profile for mate-color-select 1# Firejail profile for mate-color-select
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/mate-color-select.local 4include mate-color-select.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15whitelist ${HOME}/.config/gtk-3.0 15whitelist ${HOME}/.config/gtk-3.0
16whitelist ${HOME}/.fonts 16whitelist ${HOME}/.fonts
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile
index b0bd99519..10978df20 100644
--- a/etc/mate-dictionary.profile
+++ b/etc/mate-dictionary.profile
@@ -1,17 +1,17 @@
1# Firejail profile for mate-dictionary 1# Firejail profile for mate-dictionary
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/mate-dictionary.local 4include mate-dictionary.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/mate/mate-dictionary 8noblacklist ${HOME}/.config/mate/mate-dictionary
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16whitelist ${HOME}/.config/mate/mate-dictionary 16whitelist ${HOME}/.config/mate/mate-dictionary
17whitelist ${HOME}/.config/gtk-3.0 17whitelist ${HOME}/.config/gtk-3.0
diff --git a/etc/mathematica.profile b/etc/mathematica.profile
index 984ea9e97..5f29181cd 100644
--- a/etc/mathematica.profile
+++ b/etc/mathematica.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/Mathematica.profile 6include Mathematica.profile
diff --git a/etc/mcabber.profile b/etc/mcabber.profile
index 0ed8952e5..1a1c255e7 100644
--- a/etc/mcabber.profile
+++ b/etc/mcabber.profile
@@ -2,18 +2,18 @@
2# Description: Small Jabber (XMPP) console client 2# Description: Small Jabber (XMPP) console client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mcabber.local 5include mcabber.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.mcabber 9noblacklist ${HOME}/.mcabber
10noblacklist ${HOME}/.mcabberrc 10noblacklist ${HOME}/.mcabberrc
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
index 7556098a7..5e636c107 100644
--- a/etc/mediainfo.profile
+++ b/etc/mediainfo.profile
@@ -2,17 +2,17 @@
2# Description: Command-line utility for reading information from audio/video files 2# Description: Command-line utility for reading information from audio/video files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mediainfo.local 5include mediainfo.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile
index e53ced860..b9a6416bb 100644
--- a/etc/mediathekview.profile
+++ b/etc/mediathekview.profile
@@ -2,9 +2,9 @@
2# Description: View streams from German public television stations 2# Description: View streams from German public television stations
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mediathekview.local 5include mediathekview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mpv 9noblacklist ${HOME}/.config/mpv
10noblacklist ${HOME}/.config/smplayer 10noblacklist ${HOME}/.config/smplayer
@@ -23,13 +23,13 @@ noblacklist /usr/lib/java
23noblacklist /etc/java 23noblacklist /etc/java
24noblacklist /usr/share/java 24noblacklist /usr/share/java
25 25
26include /etc/firejail/disable-common.inc 26include disable-common.inc
27include /etc/firejail/disable-devel.inc 27include disable-devel.inc
28include /etc/firejail/disable-interpreters.inc 28include disable-interpreters.inc
29include /etc/firejail/disable-passwdmgr.inc 29include disable-passwdmgr.inc
30include /etc/firejail/disable-programs.inc 30include disable-programs.inc
31 31
32include /etc/firejail/whitelist-var-common.inc 32include whitelist-var-common.inc
33 33
34caps.drop all 34caps.drop all
35netfilter 35netfilter
diff --git a/etc/meld.profile b/etc/meld.profile
index 1a7935800..3c028e064 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -2,18 +2,18 @@
2# Description: Graphical tool to diff and merge files 2# Description: Graphical tool to diff and merge files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/meld.local 5include meld.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/meld 9noblacklist ${HOME}/.local/share/meld
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19net none 19net none
diff --git a/etc/mencoder.profile b/etc/mencoder.profile
index 9306d268e..136412d11 100644
--- a/etc/mencoder.profile
+++ b/etc/mencoder.profile
@@ -2,16 +2,16 @@
2# Description: Free command line video decoding, encoding and filtering tool 2# Description: Free command line video decoding, encoding and filtering tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mencoder.local 5include mencoder.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included profile 7# added by included profile
8#include /etc/firejail/globals.local 8#include globals.local
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16net none 16net none
17no3d 17no3d
@@ -25,4 +25,4 @@ shell none
25 25
26private-bin mencoder 26private-bin mencoder
27 27
28include /etc/firejail/mplayer.profile 28include mplayer.profile
diff --git a/etc/midori.profile b/etc/midori.profile
index 7c56910a7..6a69f2282 100644
--- a/etc/midori.profile
+++ b/etc/midori.profile
@@ -2,9 +2,9 @@
2# Description: Lightweight web browser 2# Description: Lightweight web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/midori.local 5include midori.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/midori 9noblacklist ${HOME}/.config/midori
10noblacklist ${HOME}/.local/share/midori 10noblacklist ${HOME}/.local/share/midori
@@ -12,10 +12,10 @@ noblacklist ${HOME}/.local/share/midori
12# noblacklist ${HOME}/.local/share/webkitgtk 12# noblacklist ${HOME}/.local/share/webkitgtk
13noblacklist ${HOME}/.pki 13noblacklist ${HOME}/.pki
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20mkdir ${HOME}/.cache/midori 20mkdir ${HOME}/.cache/midori
21mkdir ${HOME}/.config/midori 21mkdir ${HOME}/.config/midori
@@ -33,7 +33,7 @@ whitelist ${HOME}/.local/share/midori
33whitelist ${HOME}/.local/share/webkit 33whitelist ${HOME}/.local/share/webkit
34whitelist ${HOME}/.local/share/webkitgtk 34whitelist ${HOME}/.local/share/webkitgtk
35whitelist ${HOME}/.pki 35whitelist ${HOME}/.pki
36include /etc/firejail/whitelist-common.inc 36include whitelist-common.inc
37 37
38caps.drop all 38caps.drop all
39netfilter 39netfilter
diff --git a/etc/min.profile b/etc/min.profile
index 91c6fce3c..9cef737a8 100644
--- a/etc/min.profile
+++ b/etc/min.profile
@@ -2,24 +2,24 @@
2# Description: A faster, smarter web browser. 2# Description: A faster, smarter web browser.
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/min.local 5include min.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Min 9noblacklist ${HOME}/.config/Min
10 10
11noblacklist ${HOME}/.pki 11noblacklist ${HOME}/.pki
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.pki 18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.pki 20whitelist ${HOME}/.pki
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25# ipc-namespace 25# ipc-namespace
diff --git a/etc/minetest.profile b/etc/minetest.profile
index 3e06b6d30..c1aef8aa6 100644
--- a/etc/minetest.profile
+++ b/etc/minetest.profile
@@ -2,22 +2,22 @@
2# Description: Multiplayer infinite-world block sandbox 2# Description: Multiplayer infinite-world block sandbox
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/minetest.local 5include minetest.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.minetest 9noblacklist ${HOME}/.minetest
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.minetest 17mkdir ${HOME}/.minetest
18whitelist ${HOME}/.minetest 18whitelist ${HOME}/.minetest
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
diff --git a/etc/mousepad.profile b/etc/mousepad.profile
index 421637509..8e789f112 100644
--- a/etc/mousepad.profile
+++ b/etc/mousepad.profile
@@ -2,19 +2,19 @@
2# Description: Simple Xfce oriented text editor 2# Description: Simple Xfce oriented text editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mousepad.local 5include mousepad.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Mousepad 9noblacklist ${HOME}/.config/Mousepad
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/mpd.profile b/etc/mpd.profile
index 709f2ef89..70a438fb7 100644
--- a/etc/mpd.profile
+++ b/etc/mpd.profile
@@ -2,21 +2,21 @@
2# Description: Music Player Daemon 2# Description: Music Player Daemon
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mpd.local 5include mpd.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mpd 9noblacklist ${HOME}/.config/mpd
10noblacklist ${HOME}/.mpd 10noblacklist ${HOME}/.mpd
11noblacklist ${HOME}/.mpdconf 11noblacklist ${HOME}/.mpdconf
12noblacklist ${MUSIC} 12noblacklist ${MUSIC}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/mplayer.profile b/etc/mplayer.profile
index 29ef21b9d..fbe6200fa 100644
--- a/etc/mplayer.profile
+++ b/etc/mplayer.profile
@@ -2,22 +2,22 @@
2# Description: Movie player for Unix-like systems 2# Description: Movie player for Unix-like systems
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mplayer.local 5include mplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.mplayer 9noblacklist ${HOME}/.mplayer
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/mpv.profile b/etc/mpv.profile
index 5747cd3fa..b521e58b9 100644
--- a/etc/mpv.profile
+++ b/etc/mpv.profile
@@ -2,9 +2,9 @@
2# Description: Video player based on MPlayer/mplayer2 2# Description: Video player based on MPlayer/mplayer2
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mpv.local 5include mpv.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mpv 9noblacklist ${HOME}/.config/mpv
10noblacklist ${HOME}/.netrc 10noblacklist ${HOME}/.netrc
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29apparmor 29apparmor
30caps.drop all 30caps.drop all
diff --git a/etc/ms-excel.profile b/etc/ms-excel.profile
index 4fb8c6fc1..e103baf19 100644
--- a/etc/ms-excel.profile
+++ b/etc/ms-excel.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Excel 1# Firejail profile for Microsoft Office Online - Excel
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-excel.local 4include ms-excel.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-excel-online 8noblacklist ${HOME}/.cache/ms-excel-online
9private-bin ms-excel 9private-bin ms-excel
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/ms-office.profile b/etc/ms-office.profile
index cedc5eff4..61478fd07 100644
--- a/etc/ms-office.profile
+++ b/etc/ms-office.profile
@@ -1,9 +1,9 @@
1# Firejail profile for Microsoft Office Online 1# Firejail profile for Microsoft Office Online
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-office.local 4include ms-office.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-office-online 8noblacklist ${HOME}/.cache/ms-office-online
9noblacklist ${HOME}/.jak 9noblacklist ${HOME}/.jak
@@ -14,11 +14,11 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
diff --git a/etc/ms-onenote.profile b/etc/ms-onenote.profile
index 520544ab4..1259d55c8 100644
--- a/etc/ms-onenote.profile
+++ b/etc/ms-onenote.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Onenote 1# Firejail profile for Microsoft Office Online - Onenote
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-onenote.local 4include ms-onenote.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-onenote-online 8noblacklist ${HOME}/.cache/ms-onenote-online
9private-bin ms-onenote 9private-bin ms-onenote
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/ms-outlook.profile b/etc/ms-outlook.profile
index e438bbdfc..a9fadc2c1 100644
--- a/etc/ms-outlook.profile
+++ b/etc/ms-outlook.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Outlook 1# Firejail profile for Microsoft Office Online - Outlook
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-outlook.local 4include ms-outlook.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-outlook-online 8noblacklist ${HOME}/.cache/ms-outlook-online
9private-bin ms-outlook 9private-bin ms-outlook
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/ms-powerpoint.profile b/etc/ms-powerpoint.profile
index 82be095d0..4c096de4e 100644
--- a/etc/ms-powerpoint.profile
+++ b/etc/ms-powerpoint.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Powerpoint 1# Firejail profile for Microsoft Office Online - Powerpoint
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-powerpoint.local 4include ms-powerpoint.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-powerpoint-online 8noblacklist ${HOME}/.cache/ms-powerpoint-online
9private-bin ms-powerpoint 9private-bin ms-powerpoint
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/ms-skype.profile b/etc/ms-skype.profile
index fa3c4a314..02084d923 100644
--- a/etc/ms-skype.profile
+++ b/etc/ms-skype.profile
@@ -1,13 +1,13 @@
1# Firejail profile for Microsoft Office Online - Skype 1# Firejail profile for Microsoft Office Online - Skype
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-skype.local 4include ms-skype.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-skype-online 8noblacklist ${HOME}/.cache/ms-skype-online
9ignore novideo 9ignore novideo
10private-bin ms-skype 10private-bin ms-skype
11 11
12# Redirect 12# Redirect
13include /etc/firejail/ms-office.profile 13include ms-office.profile
diff --git a/etc/ms-word.profile b/etc/ms-word.profile
index fdcab27a7..f21e987d4 100644
--- a/etc/ms-word.profile
+++ b/etc/ms-word.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Word 1# Firejail profile for Microsoft Office Online - Word
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-word.local 4include ms-word.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-word-online 8noblacklist ${HOME}/.cache/ms-word-online
9private-bin ms-word 9private-bin ms-word
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/multimc5.profile b/etc/multimc5.profile
index 2b63c2032..b73857826 100644
--- a/etc/multimc5.profile
+++ b/etc/multimc5.profile
@@ -1,9 +1,9 @@
1# Firejail profile for multimc5 1# Firejail profile for multimc5
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/multimc5.local 4include multimc5.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.java 8noblacklist ${HOME}/.java
9noblacklist ${HOME}/.local/share/multimc 9noblacklist ${HOME}/.local/share/multimc
@@ -16,17 +16,17 @@ noblacklist /usr/lib/java
16noblacklist /etc/java 16noblacklist /etc/java
17noblacklist /usr/share/java 17noblacklist /usr/share/java
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24 24
25mkdir ${HOME}/.local/share/multimc 25mkdir ${HOME}/.local/share/multimc
26whitelist ${HOME}/.local/share/multimc 26whitelist ${HOME}/.local/share/multimc
27whitelist ${HOME}/.local/share/multimc5 27whitelist ${HOME}/.local/share/multimc5
28whitelist ${HOME}/.multimc5 28whitelist ${HOME}/.multimc5
29include /etc/firejail/whitelist-common.inc 29include whitelist-common.inc
30 30
31caps.drop all 31caps.drop all
32netfilter 32netfilter
diff --git a/etc/mumble.profile b/etc/mumble.profile
index c5af9aa42..276e77c68 100644
--- a/etc/mumble.profile
+++ b/etc/mumble.profile
@@ -2,25 +2,25 @@
2# Description: Low latency encrypted VoIP client 2# Description: Low latency encrypted VoIP client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mumble.local 5include mumble.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Mumble 9noblacklist ${HOME}/.config/Mumble
10noblacklist ${HOME}/.local/share/data/Mumble 10noblacklist ${HOME}/.local/share/data/Mumble
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/Mumble 18mkdir ${HOME}/.config/Mumble
19mkdir ${HOME}/.local/share/data/Mumble 19mkdir ${HOME}/.local/share/data/Mumble
20whitelist ${HOME}/.config/Mumble 20whitelist ${HOME}/.config/Mumble
21whitelist ${HOME}/.local/share/data/Mumble 21whitelist ${HOME}/.local/share/data/Mumble
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index b49597e00..17658e2ef 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -2,20 +2,20 @@
2# Description: Lightweight PDF viewer 2# Description: Lightweight PDF viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mupdf.local 5include mupdf.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21machine-id 21machine-id
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile
index a235c44c8..3798609d2 100644
--- a/etc/mupen64plus.profile
+++ b/etc/mupen64plus.profile
@@ -2,25 +2,25 @@
2# Description: Nintendo64 Emulator 2# Description: Nintendo64 Emulator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mupen64plus.local 5include mupen64plus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mupen64plus 9noblacklist ${HOME}/.config/mupen64plus
10noblacklist ${HOME}/.local/share/mupen64plus 10noblacklist ${HOME}/.local/share/mupen64plus
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18# you'll need to manually whitelist ROM files 18# you'll need to manually whitelist ROM files
19mkdir ${HOME}/.config/mupen64plus 19mkdir ${HOME}/.config/mupen64plus
20mkdir ${HOME}/.local/share/mupen64plus 20mkdir ${HOME}/.local/share/mupen64plus
21whitelist ${HOME}/.config/mupen64plus/ 21whitelist ${HOME}/.config/mupen64plus/
22whitelist ${HOME}/.local/share/mupen64plus/ 22whitelist ${HOME}/.local/share/mupen64plus/
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
26net none 26net none
diff --git a/etc/musescore.profile b/etc/musescore.profile
index 3eb929bd1..5f009c681 100644
--- a/etc/musescore.profile
+++ b/etc/musescore.profile
@@ -2,9 +2,9 @@
2# Description: Free music composition and notation software 2# Description: Free music composition and notation software
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/musescore.local 5include musescore.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/MusE 9noblacklist ${HOME}/.config/MusE
10noblacklist ${HOME}/.config/MuseScore 10noblacklist ${HOME}/.config/MuseScore
@@ -13,14 +13,14 @@ noblacklist ${HOME}/.local/share/data/MuseScore
13noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14noblacklist ${MUSIC} 14noblacklist ${MUSIC}
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21include /etc/firejail/disable-xdg.inc 21include disable-xdg.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile
index ba010d6a3..2b8e5b256 100644
--- a/etc/musixmatch.profile
+++ b/etc/musixmatch.profile
@@ -1,17 +1,17 @@
1# Firejail profile for Musixmatch 1# Firejail profile for Musixmatch
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/musixmatch.local 4include musixmatch.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${MUSIC} 8noblacklist ${MUSIC}
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15 15
16caps.drop all 16caps.drop all
17ipc-namespace 17ipc-namespace
diff --git a/etc/mutt.profile b/etc/mutt.profile
index 6cb09ec78..a05227125 100644
--- a/etc/mutt.profile
+++ b/etc/mutt.profile
@@ -2,9 +2,9 @@
2# Description: Text-based mailreader supporting MIME, GPG, PGP and threading 2# Description: Text-based mailreader supporting MIME, GPG, PGP and threading
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mutt.local 5include mutt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
@@ -32,11 +32,11 @@ noblacklist ${HOME}/mail
32noblacklist ${HOME}/postponed 32noblacklist ${HOME}/postponed
33noblacklist ${HOME}/sent 33noblacklist ${HOME}/sent
34 34
35include /etc/firejail/disable-common.inc 35include disable-common.inc
36include /etc/firejail/disable-devel.inc 36include disable-devel.inc
37include /etc/firejail/disable-interpreters.inc 37include disable-interpreters.inc
38include /etc/firejail/disable-passwdmgr.inc 38include disable-passwdmgr.inc
39include /etc/firejail/disable-programs.inc 39include disable-programs.inc
40 40
41caps.drop all 41caps.drop all
42netfilter 42netfilter
diff --git a/etc/natron.profile b/etc/natron.profile
index 76e909f83..790fe437d 100644
--- a/etc/natron.profile
+++ b/etc/natron.profile
@@ -1,9 +1,9 @@
1# Firejail profile for natron 1# Firejail profile for natron
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/natron.local 4include natron.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Allow access to python 8# Allow access to python
9noblacklist ${PATH}/python2* 9noblacklist ${PATH}/python2*
@@ -16,11 +16,11 @@ noblacklist ${HOME}/.cache/INRIA/Natron
16noblacklist ${HOME}/.config/INRIA 16noblacklist ${HOME}/.config/INRIA
17noblacklist /opt/natron 17noblacklist /opt/natron
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24 24
25caps.drop all 25caps.drop all
26net none 26net none
diff --git a/etc/nautilus.profile b/etc/nautilus.profile
index 1809a6b3c..13fe9a9e1 100644
--- a/etc/nautilus.profile
+++ b/etc/nautilus.profile
@@ -2,9 +2,9 @@
2# Description: File manager and graphical shell for GNOME 2# Description: File manager and graphical shell for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/nautilus.local 5include nautilus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there 9# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there
10# is already a nautilus process running on gnome desktops firejail will have no effect. 10# is already a nautilus process running on gnome desktops firejail will have no effect.
@@ -20,11 +20,11 @@ noblacklist ${PATH}/python3*
20noblacklist /usr/lib/python2* 20noblacklist /usr/lib/python2*
21noblacklist /usr/lib/python3* 21noblacklist /usr/lib/python3*
22 22
23include /etc/firejail/disable-common.inc 23include disable-common.inc
24include /etc/firejail/disable-devel.inc 24include disable-devel.inc
25include /etc/firejail/disable-interpreters.inc 25include disable-interpreters.inc
26include /etc/firejail/disable-passwdmgr.inc 26include disable-passwdmgr.inc
27# include /etc/firejail/disable-programs.inc 27# include disable-programs.inc
28 28
29caps.drop all 29caps.drop all
30netfilter 30netfilter
diff --git a/etc/ncdu.profile b/etc/ncdu.profile
index fa566b9fd..d8f9f62ff 100644
--- a/etc/ncdu.profile
+++ b/etc/ncdu.profile
@@ -2,9 +2,9 @@
2# Description: Ncurses disk usage viewer 2# Description: Ncurses disk usage viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ncdu.local 5include ncdu.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9caps.drop all 9caps.drop all
10ipc-namespace 10ipc-namespace
diff --git a/etc/nemo.profile b/etc/nemo.profile
index 98e4ba1bd..8da094015 100644
--- a/etc/nemo.profile
+++ b/etc/nemo.profile
@@ -2,9 +2,9 @@
2# Description: File manager and graphical shell for Cinnamon 2# Description: File manager and graphical shell for Cinnamon
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/nemo.local 5include nemo.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/nemo 9noblacklist ${HOME}/.config/nemo
10noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
@@ -17,10 +17,10 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/netsurf.profile b/etc/netsurf.profile
index cb38d9de0..0ddb7bbbe 100644
--- a/etc/netsurf.profile
+++ b/etc/netsurf.profile
@@ -2,24 +2,24 @@
2# Description: Lightweight and fast web browser 2# Description: Lightweight and fast web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/netsurf.local 5include netsurf.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/netsurf 9noblacklist ${HOME}/.cache/netsurf
10noblacklist ${HOME}/.config/netsurf 10noblacklist ${HOME}/.config/netsurf
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.cache/netsurf 17mkdir ${HOME}/.cache/netsurf
18mkdir ${HOME}/.config/netsurf 18mkdir ${HOME}/.config/netsurf
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.cache/netsurf 20whitelist ${HOME}/.cache/netsurf
21whitelist ${HOME}/.config/netsurf 21whitelist ${HOME}/.config/netsurf
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/neverball.profile b/etc/neverball.profile
index 5e6032ae5..207774ed0 100644
--- a/etc/neverball.profile
+++ b/etc/neverball.profile
@@ -2,21 +2,21 @@
2# Description: 3D floor-tilting game 2# Description: 3D floor-tilting game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/neverball.local 5include neverball.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.neverball 9noblacklist ${HOME}/.neverball
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.neverball 17mkdir ${HOME}/.neverball
18whitelist ${HOME}/.neverball 18whitelist ${HOME}/.neverball
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
diff --git a/etc/nheko.profile b/etc/nheko.profile
index f216a9fa5..ea99b2f5a 100644
--- a/etc/nheko.profile
+++ b/etc/nheko.profile
@@ -2,18 +2,18 @@
2# Description: Desktop IM client for the Matrix protocol 2# Description: Desktop IM client for the Matrix protocol
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/nheko.local 5include nheko.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/nheko 9noblacklist ${HOME}/.config/nheko
10noblacklist ${HOME}/.cache/nheko/nheko 10noblacklist ${HOME}/.cache/nheko/nheko
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/nheko 18mkdir ${HOME}/.config/nheko
19mkdir ${HOME}/.cache/nheko/nheko 19mkdir ${HOME}/.cache/nheko/nheko
@@ -22,7 +22,7 @@ whitelist ${HOME}/.config/nheko
22whitelist ${HOME}/.cache/nheko/nheko 22whitelist ${HOME}/.cache/nheko/nheko
23whitelist ${DOWNLOADS} 23whitelist ${DOWNLOADS}
24 24
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/nitroshare-cli.profile b/etc/nitroshare-cli.profile
index a9ad197e9..5ee683711 100644
--- a/etc/nitroshare-cli.profile
+++ b/etc/nitroshare-cli.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/nitroshare.profile 7include nitroshare.profile
diff --git a/etc/nitroshare-nmh.profile b/etc/nitroshare-nmh.profile
index a9ad197e9..5ee683711 100644
--- a/etc/nitroshare-nmh.profile
+++ b/etc/nitroshare-nmh.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/nitroshare.profile 7include nitroshare.profile
diff --git a/etc/nitroshare-send.profile b/etc/nitroshare-send.profile
index a9ad197e9..5ee683711 100644
--- a/etc/nitroshare-send.profile
+++ b/etc/nitroshare-send.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/nitroshare.profile 7include nitroshare.profile
diff --git a/etc/nitroshare-ui.profile b/etc/nitroshare-ui.profile
index a9ad197e9..5ee683711 100644
--- a/etc/nitroshare-ui.profile
+++ b/etc/nitroshare-ui.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/nitroshare.profile 7include nitroshare.profile
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile
index f02599ac6..67c651429 100644
--- a/etc/nitroshare.profile
+++ b/etc/nitroshare.profile
@@ -2,9 +2,9 @@
2# Description: Network File Transfer Application 2# Description: Network File Transfer Application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/nitroshare.local 5include nitroshare.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Nathan Osman 9noblacklist ${HOME}/.config/Nathan Osman
10noblacklist ${HOME}/.config/NitroShare 10noblacklist ${HOME}/.config/NitroShare
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/nylas.profile b/etc/nylas.profile
index 28305a203..935ab8f8a 100644
--- a/etc/nylas.profile
+++ b/etc/nylas.profile
@@ -1,23 +1,23 @@
1# Firejail profile for nylas 1# Firejail profile for nylas
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/nylas.local 4include nylas.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Nylas Mail 8noblacklist ${HOME}/.config/Nylas Mail
9noblacklist ${HOME}/.nylas-mail 9noblacklist ${HOME}/.nylas-mail
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.config/Nylas Mail 18whitelist ${HOME}/.config/Nylas Mail
19whitelist ${HOME}/.nylas-mail 19whitelist ${HOME}/.nylas-mail
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/obs.profile b/etc/obs.profile
index 611ecdd67..3e228365d 100644
--- a/etc/obs.profile
+++ b/etc/obs.profile
@@ -1,9 +1,9 @@
1# Firejail profile for obs 1# Firejail profile for obs
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/obs.local 4include obs.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/obs-studio 8noblacklist ${HOME}/.config/obs-studio
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
@@ -16,14 +16,14 @@ noblacklist ${PATH}/python3*
16noblacklist /usr/lib/python2* 16noblacklist /usr/lib/python2*
17noblacklist /usr/lib/python3* 17noblacklist /usr/lib/python3*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29nodvd 29nodvd
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile
index 59470f3bb..b9c525f0c 100644
--- a/etc/odt2txt.profile
+++ b/etc/odt2txt.profile
@@ -2,20 +2,20 @@
2# Description: Simple converter from OpenDocument Text to plain text 2# Description: Simple converter from OpenDocument Text to plain text
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/odt2txt.local 5include odt2txt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21net none 21net none
diff --git a/etc/okular.profile b/etc/okular.profile
index 0f15500af..80407ac3a 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -2,9 +2,9 @@
2# Description: Universal document viewer 2# Description: Universal document viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/okular.local 5include okular.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/okular 9noblacklist ${HOME}/.cache/okular
10noblacklist ${HOME}/.config/okularpartrc 10noblacklist ${HOME}/.config/okularpartrc
@@ -18,14 +18,14 @@ noblacklist ${HOME}/.kde4/share/config/okularrc
18noblacklist ${HOME}/.local/share/okular 18noblacklist ${HOME}/.local/share/okular
19noblacklist ${DOCUMENTS} 19noblacklist ${DOCUMENTS}
20 20
21include /etc/firejail/disable-common.inc 21include disable-common.inc
22include /etc/firejail/disable-devel.inc 22include disable-devel.inc
23include /etc/firejail/disable-interpreters.inc 23include disable-interpreters.inc
24include /etc/firejail/disable-passwdmgr.inc 24include disable-passwdmgr.inc
25include /etc/firejail/disable-programs.inc 25include disable-programs.inc
26include /etc/firejail/disable-xdg.inc 26include disable-xdg.inc
27 27
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30apparmor 30apparmor
31caps.drop all 31caps.drop all
diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile
index 1c93ef9b9..6db776f6a 100644
--- a/etc/onionshare-gui.profile
+++ b/etc/onionshare-gui.profile
@@ -1,9 +1,9 @@
1# Firejail profile for onionshare-gui 1# Firejail profile for onionshare-gui
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/onionshare-gui.local 4include onionshare-gui.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/onionshare 8noblacklist ${HOME}/.config/onionshare
9 9
@@ -11,13 +11,13 @@ noblacklist ${HOME}/.config/onionshare
11noblacklist ${PATH}/python3* 11noblacklist ${PATH}/python3*
12noblacklist /usr/lib/python3* 12noblacklist /usr/lib/python3*
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile
index 1cd9e9537..dc00e47a1 100644
--- a/etc/open-invaders.profile
+++ b/etc/open-invaders.profile
@@ -2,21 +2,21 @@
2# Description: Space Invaders clone 2# Description: Space Invaders clone
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/open-invaders.local 5include open-invaders.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.openinvaders 9noblacklist ${HOME}/.openinvaders
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.openinvaders 17mkdir ${HOME}/.openinvaders
18whitelist ${HOME}/.openinvaders 18whitelist ${HOME}/.openinvaders
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
diff --git a/etc/openbox.profile b/etc/openbox.profile
index 1540b71bd..1fb93c79c 100644
--- a/etc/openbox.profile
+++ b/etc/openbox.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/openbox.local 5include openbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in OpenBox will run in this profile 9# all applications started in OpenBox will run in this profile
10noblacklist ${HOME}/.config/openbox 10noblacklist ${HOME}/.config/openbox
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/openshot-qt.profile b/etc/openshot-qt.profile
index cbd1f8fe8..b86073b41 100644
--- a/etc/openshot-qt.profile
+++ b/etc/openshot-qt.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/openshot.profile 6include openshot.profile
diff --git a/etc/openshot.profile b/etc/openshot.profile
index 242511243..fd69b8dbf 100644
--- a/etc/openshot.profile
+++ b/etc/openshot.profile
@@ -2,9 +2,9 @@
2# Description: Create and edit videos and movies 2# Description: Create and edit videos and movies
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/openshot.local 5include openshot.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.openshot 9noblacklist ${HOME}/.openshot
10noblacklist ${HOME}/.openshot_qt 10noblacklist ${HOME}/.openshot_qt
@@ -15,13 +15,13 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26apparmor 26apparmor
27caps.drop all 27caps.drop all
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile
index 38a3152d2..8658d30c6 100644
--- a/etc/opera-beta.profile
+++ b/etc/opera-beta.profile
@@ -1,9 +1,9 @@
1# Firejail profile for opera-beta 1# Firejail profile for opera-beta
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/opera-beta.local 4include opera-beta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/opera 8noblacklist ${HOME}/.cache/opera
9noblacklist ${HOME}/.config/opera-beta 9noblacklist ${HOME}/.config/opera-beta
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/opera
14whitelist ${HOME}/.config/opera-beta 14whitelist ${HOME}/.config/opera-beta
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/opera.profile b/etc/opera.profile
index 294041c24..b342b3961 100644
--- a/etc/opera.profile
+++ b/etc/opera.profile
@@ -2,9 +2,9 @@
2# Description: A fast and secure web browser 2# Description: A fast and secure web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/opera.local 5include opera.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/opera 9noblacklist ${HOME}/.cache/opera
10noblacklist ${HOME}/.config/opera 10noblacklist ${HOME}/.config/opera
@@ -18,4 +18,4 @@ whitelist ${HOME}/.config/opera
18whitelist ${HOME}/.opera 18whitelist ${HOME}/.opera
19 19
20# Redirect 20# Redirect
21include /etc/firejail/chromium-common.profile 21include chromium-common.profile
diff --git a/etc/orage.profile b/etc/orage.profile
index 8fc6330d9..17a40a173 100644
--- a/etc/orage.profile
+++ b/etc/orage.profile
@@ -2,19 +2,19 @@
2# Description: Calendar for Xfce Desktop Environment 2# Description: Calendar for Xfce Desktop Environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/orage.local 5include orage.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/orage 9noblacklist ${HOME}/.config/orage
10noblacklist ${HOME}/.local/share/orage 10noblacklist ${HOME}/.local/share/orage
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/p7zip.profile b/etc/p7zip.profile
index f8b2d6f1a..644292f2b 100644
--- a/etc/p7zip.profile
+++ b/etc/p7zip.profile
@@ -2,10 +2,10 @@
2# Description: 7zr file archiver with high compression ratio 2# Description: 7zr file archiver with high compression ratio
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/p7zip.local 5include p7zip.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included profile 7# added by included profile
8#include /etc/firejail/globals.local 8#include globals.local
9 9
10# Redirect 10# Redirect
11include /etc/firejail/7z.profile 11include 7z.profile
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index 1104acff4..11464e6cf 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -1,9 +1,9 @@
1# Firejail profile for palemoon 1# Firejail profile for palemoon
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/palemoon.local 4include palemoon.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/moonchild productions/pale moon 8noblacklist ${HOME}/.cache/moonchild productions/pale moon
9noblacklist ${HOME}/.moonchild productions/pale moon 9noblacklist ${HOME}/.moonchild productions/pale moon
@@ -23,4 +23,4 @@ seccomp
23#private-opt palemoon 23#private-opt palemoon
24 24
25# Redirect 25# Redirect
26include /etc/firejail/firefox-common.profile 26include firefox-common.profile
diff --git a/etc/parole.profile b/etc/parole.profile
index 00e1466b4..9ad59d2e6 100644
--- a/etc/parole.profile
+++ b/etc/parole.profile
@@ -2,19 +2,19 @@
2# Description: Media player based on GStreamer framework 2# Description: Media player based on GStreamer framework
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/parole.local 5include parole.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10noblacklist ${VIDEOS} 10noblacklist ${VIDEOS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/patch.profile b/etc/patch.profile
index 8fa6ac966..44b3cd677 100644
--- a/etc/patch.profile
+++ b/etc/patch.profile
@@ -3,19 +3,19 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/patch.local 6include patch.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile
index c7e449166..0c1e95e63 100644
--- a/etc/pcmanfm.profile
+++ b/etc/pcmanfm.profile
@@ -2,19 +2,19 @@
2# Description: Extremely fast and lightweight file manager 2# Description: Extremely fast and lightweight file manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pcmanfm.local 5include pcmanfm.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/Trash 9noblacklist ${HOME}/.local/share/Trash
10# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below 10# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below
11# noblacklist ${HOME}/.config/pcmanfm 11# noblacklist ${HOME}/.config/pcmanfm
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17# include /etc/firejail/disable-programs.inc 17# include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20# net none - see issue #1467, computer:/// location broken 20# net none - see issue #1467, computer:/// location broken
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile
index f6a615632..6fe76360b 100644
--- a/etc/pdfchain.profile
+++ b/etc/pdfchain.profile
@@ -1,20 +1,20 @@
1# Firejail profile for pdfchain 1# Firejail profile for pdfchain
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pdfchain.local 4include pdfchain.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20ipc-namespace 20ipc-namespace
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile
index 34cf5e44f..6853efd24 100644
--- a/etc/pdfmod.profile
+++ b/etc/pdfmod.profile
@@ -2,22 +2,22 @@
2# Description: Simple tool for modifying PDF documents 2# Description: Simple tool for modifying PDF documents
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pdfmod.local 5include pdfmod.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/pdfmod 9noblacklist ${HOME}/.cache/pdfmod
10noblacklist ${HOME}/.config/pdfmod 10noblacklist ${HOME}/.config/pdfmod
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index a09ab0a8a..8ba0e6a10 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -2,9 +2,9 @@
2# Description: PDF Split and Merge 2# Description: PDF Split and Merge
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pdfsam.local 5include pdfsam.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
@@ -15,12 +15,12 @@ noblacklist /usr/lib/java
15noblacklist /etc/java 15noblacklist /etc/java
16noblacklist /usr/share/java 16noblacklist /usr/share/java
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25caps.drop all 25caps.drop all
26machine-id 26machine-id
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index d162f45b5..8e7951e81 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -1,22 +1,22 @@
1# Firejail profile for pdftotext 1# Firejail profile for pdftotext
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pdftotext.local 4include pdftotext.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22machine-id 22machine-id
diff --git a/etc/peek.profile b/etc/peek.profile
index edc43d006..a3c64e1b4 100644
--- a/etc/peek.profile
+++ b/etc/peek.profile
@@ -1,20 +1,20 @@
1# Firejail profile for peek 1# Firejail profile for peek
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/peek.local 4include peek.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/peek 8noblacklist ${HOME}/.cache/peek
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10noblacklist ${VIDEOS} 10noblacklist ${VIDEOS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
diff --git a/etc/picard.profile b/etc/picard.profile
index 8474eeda6..b4d4fd597 100644
--- a/etc/picard.profile
+++ b/etc/picard.profile
@@ -2,9 +2,9 @@
2# Description: Next-Generation MusicBrainz audio files tagger 2# Description: Next-Generation MusicBrainz audio files tagger
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/picard.local 5include picard.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/MusicBrainz 9noblacklist ${HOME}/.cache/MusicBrainz
10noblacklist ${HOME}/.config/MusicBrainz 10noblacklist ${HOME}/.config/MusicBrainz
@@ -16,14 +16,14 @@ noblacklist ${PATH}/python3*
16noblacklist /usr/lib/python2* 16noblacklist /usr/lib/python2*
17noblacklist /usr/lib/python3* 17noblacklist /usr/lib/python3*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29no3d 29no3d
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index e891f5fd8..0d4aebc50 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -2,17 +2,17 @@
2# Description: Graphical multi-protocol instant messaging client 2# Description: Graphical multi-protocol instant messaging client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pidgin.local 5include pidgin.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.purple 9noblacklist ${HOME}/.purple
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/ping.profile b/etc/ping.profile
index 2b20bf8c9..259b86a26 100644
--- a/etc/ping.profile
+++ b/etc/ping.profile
@@ -2,17 +2,17 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ping.local 5include ping.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15include /etc/firejail/whitelist-common.inc 15include whitelist-common.inc
16 16
17caps.keep net_raw 17caps.keep net_raw
18ipc-namespace 18ipc-namespace
diff --git a/etc/pingus.profile b/etc/pingus.profile
index 4ce584d1e..56b6036d9 100644
--- a/etc/pingus.profile
+++ b/etc/pingus.profile
@@ -2,21 +2,21 @@
2# Description: Free Lemmings(TM) clone 2# Description: Free Lemmings(TM) clone
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pingus.local 5include pingus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.pingus 9noblacklist ${HOME}/.pingus
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.pingus 17mkdir ${HOME}/.pingus
18whitelist ${HOME}/.pingus 18whitelist ${HOME}/.pingus
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
diff --git a/etc/pinta.profile b/etc/pinta.profile
index 506918b92..1e0611516 100644
--- a/etc/pinta.profile
+++ b/etc/pinta.profile
@@ -2,20 +2,20 @@
2# Description: Simple drawing/painting program 2# Description: Simple drawing/painting program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pinta.local 5include pinta.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Pinta 9noblacklist ${HOME}/.config/Pinta
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11noblacklist ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
diff --git a/etc/pithos.profile b/etc/pithos.profile
index cbe7ac9c6..9309ffdcc 100644
--- a/etc/pithos.profile
+++ b/etc/pithos.profile
@@ -2,9 +2,9 @@
2# Description: Pandora Radio client for the GNOME desktop 2# Description: Pandora Radio client for the GNOME desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pithos.local 5include pithos.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Allow python (blacklisted by disable-interpreters.inc) 9# Allow python (blacklisted by disable-interpreters.inc)
10noblacklist ${PATH}/python2* 10noblacklist ${PATH}/python2*
@@ -12,15 +12,15 @@ noblacklist ${PATH}/python3*
12noblacklist /usr/lib/python2* 12noblacklist /usr/lib/python2*
13noblacklist /usr/lib/python3* 13noblacklist /usr/lib/python3*
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/pitivi.profile b/etc/pitivi.profile
index 6f6aed117..bce2f795f 100644
--- a/etc/pitivi.profile
+++ b/etc/pitivi.profile
@@ -2,9 +2,9 @@
2# Description: Non-linear audio/video editor using GStreamer 2# Description: Non-linear audio/video editor using GStreamer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pitivi.local 5include pitivi.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10noblacklist ${HOME}/.config/pitivi 10noblacklist ${HOME}/.config/pitivi
@@ -15,13 +15,13 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27ipc-namespace 27ipc-namespace
diff --git a/etc/pix.profile b/etc/pix.profile
index dfc6d780e..5734effde 100644
--- a/etc/pix.profile
+++ b/etc/pix.profile
@@ -1,20 +1,20 @@
1# Firejail profile for pix 1# Firejail profile for pix
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pix.local 4include pix.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/pix 8noblacklist ${HOME}/.config/pix
9noblacklist ${HOME}/.local/share/pix 9noblacklist ${HOME}/.local/share/pix
10noblacklist ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20nodvd 20nodvd
diff --git a/etc/playonlinux.profile b/etc/playonlinux.profile
index 119baf6b5..707c75cec 100644
--- a/etc/playonlinux.profile
+++ b/etc/playonlinux.profile
@@ -2,9 +2,9 @@
2# Description: Front-end for Wine 2# Description: Front-end for Wine
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/playonlinux.local 5include playonlinux.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10noblacklist ${HOME}/.local/share/Steam 10noblacklist ${HOME}/.local/share/Steam
@@ -22,11 +22,11 @@ noblacklist ${PATH}/perl
22noblacklist /usr/lib/perl* 22noblacklist /usr/lib/perl*
23noblacklist /usr/share/perl* 23noblacklist /usr/share/perl*
24 24
25include /etc/firejail/disable-common.inc 25include disable-common.inc
26# playonlinux uses perl 26# playonlinux uses perl
27include /etc/firejail/disable-devel.inc 27include disable-devel.inc
28include /etc/firejail/disable-interpreters.inc 28include disable-interpreters.inc
29include /etc/firejail/disable-programs.inc 29include disable-programs.inc
30 30
31caps.drop all 31caps.drop all
32netfilter 32netfilter
diff --git a/etc/pluma.profile b/etc/pluma.profile
index 832e7a3f4..4e0dc3505 100644
--- a/etc/pluma.profile
+++ b/etc/pluma.profile
@@ -2,19 +2,19 @@
2# Description: Official text editor of the MATE desktop environment 2# Description: Official text editor of the MATE desktop environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pluma.local 5include pluma.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/pluma 9noblacklist ${HOME}/.config/pluma
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19# apparmor - makes settings immutable 19# apparmor - makes settings immutable
20caps.drop all 20caps.drop all
diff --git a/etc/polari.profile b/etc/polari.profile
index cb6b0f73c..5aa1f6a46 100644
--- a/etc/polari.profile
+++ b/etc/polari.profile
@@ -2,15 +2,15 @@
2# Description: Internet Relay Chat (IRC) client 2# Description: Internet Relay Chat (IRC) client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/polari.local 5include polari.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15mkdir ${HOME}/.cache/telepathy 15mkdir ${HOME}/.cache/telepathy
16mkdir ${HOME}/.config/telepathy-account-widgets 16mkdir ${HOME}/.config/telepathy-account-widgets
@@ -24,7 +24,7 @@ whitelist ${HOME}/.local/share/Empathy
24whitelist ${HOME}/.local/share/TpLogger 24whitelist ${HOME}/.local/share/TpLogger
25whitelist ${HOME}/.local/share/telepathy 25whitelist ${HOME}/.local/share/telepathy
26whitelist ${HOME}/.purple 26whitelist ${HOME}/.purple
27include /etc/firejail/whitelist-common.inc 27include whitelist-common.inc
28 28
29caps.drop all 29caps.drop all
30netfilter 30netfilter
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile
index 8fcc19e65..fc37e6fd2 100644
--- a/etc/ppsspp.profile
+++ b/etc/ppsspp.profile
@@ -2,23 +2,23 @@
2# Description: A PSP emulator written in C++ 2# Description: A PSP emulator written in C++
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ppsspp.local 5include ppsspp.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ppsspp 9noblacklist ${HOME}/.config/ppsspp
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11# with >=llvm-4 mesa drivers need llvm stuff 11# with >=llvm-4 mesa drivers need llvm stuff
12noblacklist /usr/lib/llvm* 12noblacklist /usr/lib/llvm*
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile
index d2612c95c..d04690cf9 100644
--- a/etc/psi-plus.profile
+++ b/etc/psi-plus.profile
@@ -2,18 +2,18 @@
2# Description: Qt-based XMPP/Jabber client 2# Description: Qt-based XMPP/Jabber client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/psi-plus.local 5include psi-plus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/psi+ 9noblacklist ${HOME}/.config/psi+
10noblacklist ${HOME}/.local/share/psi+ 10noblacklist ${HOME}/.local/share/psi+
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/psi+ 18mkdir ${HOME}/.cache/psi+
19mkdir ${HOME}/.config/psi+ 19mkdir ${HOME}/.config/psi+
@@ -22,7 +22,7 @@ whitelist ${DOWNLOADS}
22whitelist ${HOME}/.cache/psi+ 22whitelist ${HOME}/.cache/psi+
23whitelist ${HOME}/.config/psi+ 23whitelist ${HOME}/.config/psi+
24whitelist ${HOME}/.local/share/psi+ 24whitelist ${HOME}/.local/share/psi+
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile
index 02c35b104..94abe0a5c 100644
--- a/etc/pybitmessage.profile
+++ b/etc/pybitmessage.profile
@@ -1,9 +1,9 @@
1# Firejail profile for pybitmessage 1# Firejail profile for pybitmessage
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pybitmessage.local 4include pybitmessage.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist /sbin 8noblacklist /sbin
9noblacklist /usr/local/sbin 9noblacklist /usr/local/sbin
@@ -15,13 +15,13 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27ipc-namespace 27ipc-namespace
diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile
index 89bb9dadf..aa145498c 100644
--- a/etc/pycharm-community.profile
+++ b/etc/pycharm-community.profile
@@ -1,9 +1,9 @@
1# Firejail profile for pycharm-community 1# Firejail profile for pycharm-community
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pycharm-community.local 4include pycharm-community.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/snap 8noblacklist ${HOME}/snap
9noblacklist ${HOME}/.PyCharmCE* 9noblacklist ${HOME}/.PyCharmCE*
@@ -15,10 +15,10 @@ noblacklist /usr/lib/java
15noblacklist /etc/java 15noblacklist /etc/java
16noblacklist /usr/share/java 16noblacklist /usr/share/java
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24machine-id 24machine-id
diff --git a/etc/pycharm-professional.profile b/etc/pycharm-professional.profile
index b28082dc4..a14d0268b 100644
--- a/etc/pycharm-professional.profile
+++ b/etc/pycharm-professional.profile
@@ -4,4 +4,4 @@
4noblacklist ${HOME}/.PyCharm* 4noblacklist ${HOME}/.PyCharm*
5 5
6# Redirect 6# Redirect
7include /etc/firejail/pycharm-community.profile 7include pycharm-community.profile
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 4ba5d3871..e5568a2fa 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -2,9 +2,9 @@
2# Description: BitTorrent client based on libtorrent-rasterbar with a Qt5 GUI 2# Description: BitTorrent client based on libtorrent-rasterbar with a Qt5 GUI
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qbittorrent.local 5include qbittorrent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/qBittorrent 9noblacklist ${HOME}/.cache/qBittorrent
10noblacklist ${HOME}/.config/qBittorrent 10noblacklist ${HOME}/.config/qBittorrent
@@ -17,11 +17,11 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25 25
26mkdir ${HOME}/.cache/qBittorrent 26mkdir ${HOME}/.cache/qBittorrent
27mkdir ${HOME}/.config/qBittorrent 27mkdir ${HOME}/.config/qBittorrent
@@ -31,8 +31,8 @@ whitelist ${HOME}/.cache/qBittorrent
31whitelist ${HOME}/.config/qBittorrent 31whitelist ${HOME}/.config/qBittorrent
32whitelist ${HOME}/.config/qBittorrentrc 32whitelist ${HOME}/.config/qBittorrentrc
33whitelist ${HOME}/.local/share/data/qBittorrent 33whitelist ${HOME}/.local/share/data/qBittorrent
34include /etc/firejail/whitelist-common.inc 34include whitelist-common.inc
35include /etc/firejail/whitelist-var-common.inc 35include whitelist-var-common.inc
36 36
37apparmor 37apparmor
38caps.drop all 38caps.drop all
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile
index 263c71535..ac60384fd 100644
--- a/etc/qemu-launcher.profile
+++ b/etc/qemu-launcher.profile
@@ -1,15 +1,15 @@
1# Firejail profile for qemu-launcher 1# Firejail profile for qemu-launcher
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/qemu-launcher.local 4include qemu-launcher.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.qemu-launcher 8noblacklist ${HOME}/.qemu-launcher
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14caps.drop all 14caps.drop all
15netfilter 15netfilter
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile
index 3ab25e92e..1399328d3 100644
--- a/etc/qemu-system-x86_64.profile
+++ b/etc/qemu-system-x86_64.profile
@@ -1,14 +1,14 @@
1# Firejail profile for qemu-system-x86_64 1# Firejail profile for qemu-system-x86_64
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/qemu-system-x86_64.local 4include qemu-system-x86_64.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-passwdmgr.inc 10include disable-passwdmgr.inc
11include /etc/firejail/disable-programs.inc 11include disable-programs.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/qlipper.profile b/etc/qlipper.profile
index 1293fa30d..3aa6c1a59 100644
--- a/etc/qlipper.profile
+++ b/etc/qlipper.profile
@@ -2,18 +2,18 @@
2# Description: Lightweight and cross-platform clipboard history applet 2# Description: Lightweight and cross-platform clipboard history applet
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qlipper.local 5include qlipper.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Qlipper 9noblacklist ${HOME}/.config/Qlipper
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/qmmp.profile b/etc/qmmp.profile
index 9d127731f..fccd6b1f8 100644
--- a/etc/qmmp.profile
+++ b/etc/qmmp.profile
@@ -2,18 +2,18 @@
2# Description: Feature-rich audio player with support of many formats 2# Description: Feature-rich audio player with support of many formats
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qmmp.local 5include qmmp.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.qmmp 9noblacklist ${HOME}/.qmmp
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile
index 3063010cc..851cad4ae 100644
--- a/etc/qpdfview.profile
+++ b/etc/qpdfview.profile
@@ -2,22 +2,22 @@
2# Description: Tabbed document viewer 2# Description: Tabbed document viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qpdfview.local 5include qpdfview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/qpdfview 9noblacklist ${HOME}/.config/qpdfview
10noblacklist ${HOME}/.local/share/qpdfview 10noblacklist ${HOME}/.local/share/qpdfview
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23machine-id 23machine-id
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 3c1697085..0cd434b08 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -2,23 +2,23 @@
2# Description: Powerful Tox client written in C++/Qt that follows the Tox design guidelines 2# Description: Powerful Tox client written in C++/Qt that follows the Tox design guidelines
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qtox.local 5include qtox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/tox 9noblacklist ${HOME}/.config/tox
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/tox 17mkdir ${HOME}/.config/tox
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.config/tox 19whitelist ${HOME}/.config/tox
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
diff --git a/etc/quassel.profile b/etc/quassel.profile
index 69c6aa61b..a78d1edcd 100644
--- a/etc/quassel.profile
+++ b/etc/quassel.profile
@@ -2,15 +2,15 @@
2# Description: Distributed IRC client 2# Description: Distributed IRC client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/quassel.local 5include quassel.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16netfilter 16netfilter
diff --git a/etc/quiterss.profile b/etc/quiterss.profile
index 368a3d996..3d979a5b2 100644
--- a/etc/quiterss.profile
+++ b/etc/quiterss.profile
@@ -2,20 +2,20 @@
2# Description: RSS/Atom news feeds reader 2# Description: RSS/Atom news feeds reader
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/quiterss.local 5include quiterss.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/QuiteRss 9noblacklist ${HOME}/.cache/QuiteRss
10noblacklist ${HOME}/.config/QuiteRss 10noblacklist ${HOME}/.config/QuiteRss
11noblacklist ${HOME}/.config/QuiteRssrc 11noblacklist ${HOME}/.config/QuiteRssrc
12noblacklist ${HOME}/.local/share/QuiteRss 12noblacklist ${HOME}/.local/share/QuiteRss
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20mkdir ${HOME}/.cache/QuiteRss 20mkdir ${HOME}/.cache/QuiteRss
21mkdir ${HOME}/.config/QuiteRss 21mkdir ${HOME}/.config/QuiteRss
@@ -27,7 +27,7 @@ whitelist ${HOME}/.config/QuiteRssrc
27whitelist ${HOME}/.local/share/data/QuiteRss 27whitelist ${HOME}/.local/share/data/QuiteRss
28whitelist ${HOME}/.local/share/QuiteRss 28whitelist ${HOME}/.local/share/QuiteRss
29whitelist ${HOME}/quiterssfeeds.opml 29whitelist ${HOME}/quiterssfeeds.opml
30include /etc/firejail/whitelist-common.inc 30include whitelist-common.inc
31 31
32caps.drop all 32caps.drop all
33netfilter 33netfilter
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile
index e73e8a5e1..ad04b892d 100644
--- a/etc/qupzilla.profile
+++ b/etc/qupzilla.profile
@@ -1,24 +1,24 @@
1# Firejail profile for qupzilla 1# Firejail profile for qupzilla
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/qupzilla.local 4include qupzilla.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/qupzilla 8noblacklist ${HOME}/.cache/qupzilla
9noblacklist ${HOME}/.config/qupzilla 9noblacklist ${HOME}/.config/qupzilla
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.cache/qupzilla 18whitelist ${HOME}/.cache/qupzilla
19whitelist ${HOME}/.config/qupzilla 19whitelist ${HOME}/.config/qupzilla
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile
index d4d8e3b97..ac9f9bfd9 100644
--- a/etc/qutebrowser.profile
+++ b/etc/qutebrowser.profile
@@ -2,9 +2,9 @@
2# Description: Keyboard-driven, vim-like browser based on PyQt5 2# Description: Keyboard-driven, vim-like browser based on PyQt5
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qutebrowser.local 5include qutebrowser.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/qutebrowser 9noblacklist ${HOME}/.cache/qutebrowser
10noblacklist ${HOME}/.config/qutebrowser 10noblacklist ${HOME}/.config/qutebrowser
@@ -19,10 +19,10 @@ noblacklist /usr/lib/python3*
19# with >=llvm-4 mesa drivers need llvm stuff 19# with >=llvm-4 mesa drivers need llvm stuff
20noblacklist /usr/lib/llvm* 20noblacklist /usr/lib/llvm*
21 21
22include /etc/firejail/disable-common.inc 22include disable-common.inc
23include /etc/firejail/disable-devel.inc 23include disable-devel.inc
24include /etc/firejail/disable-interpreters.inc 24include disable-interpreters.inc
25include /etc/firejail/disable-programs.inc 25include disable-programs.inc
26 26
27mkdir ${HOME}/.cache/qutebrowser 27mkdir ${HOME}/.cache/qutebrowser
28mkdir ${HOME}/.config/qutebrowser 28mkdir ${HOME}/.config/qutebrowser
@@ -31,7 +31,7 @@ whitelist ${DOWNLOADS}
31whitelist ${HOME}/.cache/qutebrowser 31whitelist ${HOME}/.cache/qutebrowser
32whitelist ${HOME}/.config/qutebrowser 32whitelist ${HOME}/.config/qutebrowser
33whitelist ${HOME}/.local/share/qutebrowser 33whitelist ${HOME}/.local/share/qutebrowser
34include /etc/firejail/whitelist-common.inc 34include whitelist-common.inc
35 35
36caps.drop all 36caps.drop all
37netfilter 37netfilter
diff --git a/etc/rambox.profile b/etc/rambox.profile
index afe9b41e7..6c65f869b 100644
--- a/etc/rambox.profile
+++ b/etc/rambox.profile
@@ -1,24 +1,24 @@
1# Firejail profile for rambox 1# Firejail profile for rambox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/rambox.local 4include rambox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Rambox 8noblacklist ${HOME}/.config/Rambox
9noblacklist ${HOME}/.pki 9noblacklist ${HOME}/.pki
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.config/Rambox 16mkdir ${HOME}/.config/Rambox
17mkdir ${HOME}/.pki 17mkdir ${HOME}/.pki
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.config/Rambox 19whitelist ${HOME}/.config/Rambox
20whitelist ${HOME}/.pki 20whitelist ${HOME}/.pki
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
diff --git a/etc/ranger.profile b/etc/ranger.profile
index fe4131e88..ea3137512 100644
--- a/etc/ranger.profile
+++ b/etc/ranger.profile
@@ -2,9 +2,9 @@
2# Description: File manager with an ncurses frontend written in Python 2# Description: File manager with an ncurses frontend written in Python
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ranger.local 5include ranger.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ranger 9noblacklist ${HOME}/.config/ranger
10 10
@@ -20,11 +20,11 @@ noblacklist ${PATH}/perl
20noblacklist /usr/lib/perl* 20noblacklist /usr/lib/perl*
21noblacklist /usr/share/perl* 21noblacklist /usr/share/perl*
22 22
23include /etc/firejail/disable-common.inc 23include disable-common.inc
24include /etc/firejail/disable-devel.inc 24include disable-devel.inc
25include /etc/firejail/disable-interpreters.inc 25include disable-interpreters.inc
26include /etc/firejail/disable-passwdmgr.inc 26include disable-passwdmgr.inc
27include /etc/firejail/disable-programs.inc 27include disable-programs.inc
28 28
29caps.drop all 29caps.drop all
30net none 30net none
diff --git a/etc/redeclipse.profile b/etc/redeclipse.profile
index 7271ac2f4..100ee57e3 100644
--- a/etc/redeclipse.profile
+++ b/etc/redeclipse.profile
@@ -2,22 +2,22 @@
2# Description: Free, casual arena shooter 2# Description: Free, casual arena shooter
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/redeclipse.local 5include redeclipse.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.redeclipse 9noblacklist ${HOME}/.redeclipse
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.redeclipse 17mkdir ${HOME}/.redeclipse
18whitelist ${HOME}/.redeclipse 18whitelist ${HOME}/.redeclipse
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/remmina.profile b/etc/remmina.profile
index 51c0f2d17..d23c1dc6d 100644
--- a/etc/remmina.profile
+++ b/etc/remmina.profile
@@ -2,23 +2,23 @@
2# Description: GTK+ Remote Desktop Client 2# Description: GTK+ Remote Desktop Client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/remmina.local 5include remmina.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.remmina 9noblacklist ${HOME}/.remmina
10noblacklist ${HOME}/.config/remmina 10noblacklist ${HOME}/.config/remmina
11noblacklist ${HOME}/.local/share/remmina 11noblacklist ${HOME}/.local/share/remmina
12noblacklist ${HOME}/.ssh 12noblacklist ${HOME}/.ssh
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24nodvd 24nodvd
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 7dc6470f9..39330b4d1 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -2,21 +2,21 @@
2# Description: Music player and organizer for GNOME 2# Description: Music player and organizer for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/rhythmbox.local 5include rhythmbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13# rhythmbox is using Python 13# rhythmbox is using Python
14#include /etc/firejail/disable-interpreters.inc 14#include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21# apparmor - makes settings immutable 21# apparmor - makes settings immutable
22caps.drop all 22caps.drop all
diff --git a/etc/ricochet.profile b/etc/ricochet.profile
index 2e2143a54..715642185 100644
--- a/etc/ricochet.profile
+++ b/etc/ricochet.profile
@@ -1,22 +1,22 @@
1# Firejail profile for ricochet 1# Firejail profile for ricochet
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ricochet.local 4include ricochet.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.local/share/Ricochet 9noblacklist ${HOME}/.local/share/Ricochet
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.local/share/Ricochet 18whitelist ${HOME}/.local/share/Ricochet
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
diff --git a/etc/riot-desktop.profile b/etc/riot-desktop.profile
index cc8b68ebb..fececd850 100644
--- a/etc/riot-desktop.profile
+++ b/etc/riot-desktop.profile
@@ -2,9 +2,9 @@
2# Description: A glossy Matrix collaboration client for the desktop 2# Description: A glossy Matrix collaboration client for the desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/riot-desktop.local 5include riot-desktop.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Redirect 9# Redirect
10include /etc/firejail/riot-web.profile 10include riot-web.profile
diff --git a/etc/riot-web.profile b/etc/riot-web.profile
index 5379223c5..c9f597626 100644
--- a/etc/riot-web.profile
+++ b/etc/riot-web.profile
@@ -2,15 +2,15 @@
2# Description: A glossy Matrix collaboration client for the web 2# Description: A glossy Matrix collaboration client for the web
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/riot-web.local 5include riot-web.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Riot 9noblacklist ${HOME}/.config/Riot
10 10
11mkdir ${HOME}/.config/Riot 11mkdir ${HOME}/.config/Riot
12whitelist ${HOME}/.config/Riot 12whitelist ${HOME}/.config/Riot
13include /etc/firejail/whitelist-common.inc 13include whitelist-common.inc
14 14
15# Redirect 15# Redirect
16include /etc/firejail/electron.profile 16include electron.profile
diff --git a/etc/ristretto.profile b/etc/ristretto.profile
index bb2a7e95b..42493db98 100644
--- a/etc/ristretto.profile
+++ b/etc/ristretto.profile
@@ -2,19 +2,19 @@
2# Description: Lightweight picture-viewer for the Xfce desktop environment 2# Description: Lightweight picture-viewer for the Xfce desktop environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ristretto.local 5include ristretto.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ristretto 9noblacklist ${HOME}/.config/ristretto
10noblacklist ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/rocketchat.profile b/etc/rocketchat.profile
index da92cd938..c95bc3c3d 100644
--- a/etc/rocketchat.profile
+++ b/etc/rocketchat.profile
@@ -1,14 +1,14 @@
1# Firejail profile for rocketchat 1# Firejail profile for rocketchat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/rocketchat.local 4include rocketchat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Rocket.Chat 8noblacklist ${HOME}/.config/Rocket.Chat
9 9
10whitelist ${HOME}/.config/Rocket.Chat 10whitelist ${HOME}/.config/Rocket.Chat
11include /etc/firejail/whitelist-common.inc 11include whitelist-common.inc
12 12
13# Redirect 13# Redirect
14include /etc/firejail/electron.profile 14include electron.profile
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile
index bdc5b9232..2ce3e9640 100644
--- a/etc/rtorrent.profile
+++ b/etc/rtorrent.profile
@@ -2,16 +2,16 @@
2# Description: Ncurses BitTorrent client based on LibTorrent from rakshasa 2# Description: Ncurses BitTorrent client based on LibTorrent from rakshasa
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/rtorrent.local 5include rtorrent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17machine-id 17machine-id
diff --git a/etc/runenpass.sh.profile b/etc/runenpass.sh.profile
index 05ffbfe20..794c38d6e 100644
--- a/etc/runenpass.sh.profile
+++ b/etc/runenpass.sh.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/enpass.profile 6include enpass.profile
diff --git a/etc/rview.profile b/etc/rview.profile
index 90481b019..b3a6bfbdc 100644
--- a/etc/rview.profile
+++ b/etc/rview.profile
@@ -1,10 +1,10 @@
1# Firejail profile for rview 1# Firejail profile for rview
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/rview.local 4include rview.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/rvim.profile b/etc/rvim.profile
index 1070e9376..5481dfe43 100644
--- a/etc/rvim.profile
+++ b/etc/rvim.profile
@@ -1,10 +1,10 @@
1# Firejail profile for rvim 1# Firejail profile for rvim
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/rvim.local 4include rvim.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/sayonara.profile b/etc/sayonara.profile
index 8a369be7e..d978f722a 100644
--- a/etc/sayonara.profile
+++ b/etc/sayonara.profile
@@ -1,18 +1,18 @@
1# Firejail profile for sayonara player 1# Firejail profile for sayonara player
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/sayonara.local 4include sayonara.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.Sayonara 8noblacklist ${HOME}/.Sayonara
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/scallion.profile b/etc/scallion.profile
index 35cd04f8f..1c2157d80 100644
--- a/etc/scallion.profile
+++ b/etc/scallion.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/scallion.local 5include scallion.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${PATH}/llvm* 9noblacklist ${PATH}/llvm*
10noblacklist /usr/lib/llvm* 10noblacklist /usr/lib/llvm*
@@ -12,13 +12,13 @@ noblacklist ${PATH}/openssl
12noblacklist ${PATH}/openssl-1.0 12noblacklist ${PATH}/openssl-1.0
13noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
diff --git a/etc/scribus.profile b/etc/scribus.profile
index 375983667..0d718be1d 100644
--- a/etc/scribus.profile
+++ b/etc/scribus.profile
@@ -2,9 +2,9 @@
2# Description: Open Source Desktop Page Layout 2# Description: Open Source Desktop Page Layout
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/scribus.local 5include scribus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Support for PDF readers comes with Scribus 1.5 and higher 9# Support for PDF readers comes with Scribus 1.5 and higher
10noblacklist ${HOME}/.cache/okular 10noblacklist ${HOME}/.cache/okular
@@ -32,14 +32,14 @@ noblacklist ${PATH}/python3*
32noblacklist /usr/lib/python2* 32noblacklist /usr/lib/python2*
33noblacklist /usr/lib/python3* 33noblacklist /usr/lib/python3*
34 34
35include /etc/firejail/disable-common.inc 35include disable-common.inc
36include /etc/firejail/disable-devel.inc 36include disable-devel.inc
37include /etc/firejail/disable-interpreters.inc 37include disable-interpreters.inc
38include /etc/firejail/disable-passwdmgr.inc 38include disable-passwdmgr.inc
39include /etc/firejail/disable-programs.inc 39include disable-programs.inc
40include /etc/firejail/disable-xdg.inc 40include disable-xdg.inc
41 41
42include /etc/firejail/whitelist-var-common.inc 42include whitelist-var-common.inc
43 43
44caps.drop all 44caps.drop all
45net none 45net none
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile
index a2a54f838..d3124c257 100644
--- a/etc/sdat2img.profile
+++ b/etc/sdat2img.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/sdat2img.local 5include sdat2img.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Allow python (blacklisted by disable-interpreters.inc) 9# Allow python (blacklisted by disable-interpreters.inc)
10noblacklist ${PATH}/python2* 10noblacklist ${PATH}/python2*
@@ -12,14 +12,14 @@ noblacklist ${PATH}/python3*
12noblacklist /usr/lib/python2* 12noblacklist /usr/lib/python2*
13noblacklist /usr/lib/python3* 13noblacklist /usr/lib/python3*
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25net none 25net none
diff --git a/etc/seamonkey-bin.profile b/etc/seamonkey-bin.profile
index 1ceed99fd..e420d8124 100644
--- a/etc/seamonkey-bin.profile
+++ b/etc/seamonkey-bin.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/seamonkey.profile 6include seamonkey.profile
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile
index b702d8b23..9c38414bb 100644
--- a/etc/seamonkey.profile
+++ b/etc/seamonkey.profile
@@ -2,18 +2,18 @@
2# Description: SeaMonkey internet suite 2# Description: SeaMonkey internet suite
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/seamonkey.local 5include seamonkey.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/mozilla 9noblacklist ${HOME}/.cache/mozilla
10noblacklist ${HOME}/.mozilla 10noblacklist ${HOME}/.mozilla
11noblacklist ${HOME}/.pki 11noblacklist ${HOME}/.pki
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/mozilla 18mkdir ${HOME}/.cache/mozilla
19mkdir ${HOME}/.mozilla 19mkdir ${HOME}/.mozilla
@@ -35,7 +35,7 @@ whitelist ${HOME}/.wine-pipelight
35whitelist ${HOME}/.wine-pipelight64 35whitelist ${HOME}/.wine-pipelight64
36whitelist ${HOME}/.zotero 36whitelist ${HOME}/.zotero
37whitelist ${HOME}/dwhelper 37whitelist ${HOME}/dwhelper
38include /etc/firejail/whitelist-common.inc 38include whitelist-common.inc
39 39
40caps.drop all 40caps.drop all
41netfilter 41netfilter
diff --git a/etc/server.profile b/etc/server.profile
index 8d3382dee..a544a6284 100644
--- a/etc/server.profile
+++ b/etc/server.profile
@@ -1,9 +1,9 @@
1# Firejail profile for server 1# Firejail profile for server
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/server.local 4include server.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# generic server profile 8# generic server profile
9# it allows /sbin and /usr/sbin directories - this is where servers are installed 9# it allows /sbin and /usr/sbin directories - this is where servers are installed
@@ -15,12 +15,12 @@ noblacklist /sbin
15noblacklist /usr/sbin 15noblacklist /usr/sbin
16# noblacklist /var/opt 16# noblacklist /var/opt
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19# include /etc/firejail/disable-devel.inc 19# include disable-devel.inc
20# include /etc/firejail/disable-interpreters.inc 20# include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23#include /etc/firejail/disable-xdg.inc 23#include disable-xdg.inc
24 24
25caps 25caps
26# ipc-namespace 26# ipc-namespace
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile
index 90fc9cb8c..7bc3febe0 100644
--- a/etc/shellcheck.profile
+++ b/etc/shellcheck.profile
@@ -3,20 +3,20 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/shellcheck.local 6include shellcheck.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
diff --git a/etc/shotcut.profile b/etc/shotcut.profile
index e5a8ce4df..9167dda25 100644
--- a/etc/shotcut.profile
+++ b/etc/shotcut.profile
@@ -1,17 +1,17 @@
1# Firejail profile for shotcut 1# Firejail profile for shotcut
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/shotcut.local 4include shotcut.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Meltytech 8noblacklist ${HOME}/.config/Meltytech
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17net none 17net none
diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile
index c52f45f31..250f9d3a5 100644
--- a/etc/signal-desktop.profile
+++ b/etc/signal-desktop.profile
@@ -1,23 +1,23 @@
1# Firejail profile for signal-desktop 1# Firejail profile for signal-desktop
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/signal-desktop.local 4include signal-desktop.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Signal 8noblacklist ${HOME}/.config/Signal
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15 15
16mkdir ${HOME}/.config/Signal 16mkdir ${HOME}/.config/Signal
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.config/Signal 18whitelist ${HOME}/.config/Signal
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile
index 0fa19e610..67b54dd74 100644
--- a/etc/silentarmy.profile
+++ b/etc/silentarmy.profile
@@ -1,19 +1,19 @@
1# Firejail profile for silentarmy 1# Firejail profile for silentarmy
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/silentarmy.local 4include silentarmy.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10# include /etc/firejail/disable-devel.inc 10# include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile
index 30d2203de..85cb00ef1 100644
--- a/etc/simple-scan.profile
+++ b/etc/simple-scan.profile
@@ -2,19 +2,19 @@
2# Description: Simple Scanning Utility 2# Description: Simple Scanning Utility
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/simple-scan.local 5include simple-scan.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/simple-scan 9noblacklist ${HOME}/.cache/simple-scan
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/simutrans.profile b/etc/simutrans.profile
index 3722d9414..5afa8e52e 100644
--- a/etc/simutrans.profile
+++ b/etc/simutrans.profile
@@ -2,21 +2,21 @@
2# Description: Transportation simulator 2# Description: Transportation simulator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/simutrans.local 5include simutrans.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.simutrans 9noblacklist ${HOME}/.simutrans
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.simutrans 17mkdir ${HOME}/.simutrans
18whitelist ${HOME}/.simutrans 18whitelist ${HOME}/.simutrans
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
diff --git a/etc/skanlite.profile b/etc/skanlite.profile
index f8bca415d..76b050d18 100644
--- a/etc/skanlite.profile
+++ b/etc/skanlite.profile
@@ -2,18 +2,18 @@
2# Description: Image scanner based on the KSane backend 2# Description: Image scanner based on the KSane backend
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/skanlite.local 5include skanlite.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19# net none 19# net none
diff --git a/etc/skype.profile b/etc/skype.profile
index 04f15b454..c8d09c585 100644
--- a/etc/skype.profile
+++ b/etc/skype.profile
@@ -1,17 +1,17 @@
1# Firejail profile for skype 1# Firejail profile for skype
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/skype.local 4include skype.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.Skype 8noblacklist ${HOME}/.Skype
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile
index c675f0345..bccef9705 100644
--- a/etc/skypeforlinux.profile
+++ b/etc/skypeforlinux.profile
@@ -1,17 +1,17 @@
1# Firejail profile for skypeforlinux 1# Firejail profile for skypeforlinux
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/skypeforlinux.local 4include skypeforlinux.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/skypeforlinux 8noblacklist ${HOME}/.config/skypeforlinux
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
diff --git a/etc/slack.profile b/etc/slack.profile
index ba77a16b9..3b60e7379 100644
--- a/etc/slack.profile
+++ b/etc/slack.profile
@@ -1,25 +1,25 @@
1# Firejail profile for slack 1# Firejail profile for slack
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/slack.local 4include slack.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Slack 8noblacklist ${HOME}/.config/Slack
9noblacklist ${HOME}/Downloads 9noblacklist ${HOME}/Downloads
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config 17mkdir ${HOME}/.config
18mkdir ${HOME}/.config/Slack 18mkdir ${HOME}/.config/Slack
19whitelist ${HOME}/.config/Slack 19whitelist ${HOME}/.config/Slack
20whitelist ${HOME}/Downloads 20whitelist ${HOME}/Downloads
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25name slack 25name slack
diff --git a/etc/smplayer.profile b/etc/smplayer.profile
index 6d8355e6f..c2628aa4d 100644
--- a/etc/smplayer.profile
+++ b/etc/smplayer.profile
@@ -2,23 +2,23 @@
2# Description: Complete front-end for MPlayer and mpv 2# Description: Complete front-end for MPlayer and mpv
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/smplayer.local 5include smplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/smplayer 9noblacklist ${HOME}/.config/smplayer
10noblacklist ${HOME}/.mplayer 10noblacklist ${HOME}/.mplayer
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12noblacklist ${VIDEOS} 12noblacklist ${VIDEOS}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23apparmor 23apparmor
24caps.drop all 24caps.drop all
diff --git a/etc/smtube.profile b/etc/smtube.profile
index 430b4e5cf..3134aeaf3 100644
--- a/etc/smtube.profile
+++ b/etc/smtube.profile
@@ -2,9 +2,9 @@
2# Description: YouTube videos browser 2# Description: YouTube videos browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/smtube.local 5include smtube.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/smplayer 9noblacklist ${HOME}/.config/smplayer
10noblacklist ${HOME}/.config/smtube 10noblacklist ${HOME}/.config/smtube
@@ -15,14 +15,14 @@ noblacklist ${HOME}/.local/share/vlc
15noblacklist ${MUSIC} 15noblacklist ${MUSIC}
16noblacklist ${VIDEOS} 16noblacklist ${VIDEOS}
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/snap.profile b/etc/snap.profile
index bcfdc8911..1c6d750e4 100644
--- a/etc/snap.profile
+++ b/etc/snap.profile
@@ -2,16 +2,16 @@
2# Description: Location of genes from DNA sequence with hidden markov model 2# Description: Location of genes from DNA sequence with hidden markov model
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/snap.local 5include snap.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Generic Ubuntu snap application profile 9# Generic Ubuntu snap application profile
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15whitelist ${DOWNLOADS} 15whitelist ${DOWNLOADS}
16whitelist ${HOME}/snap 16whitelist ${HOME}/snap
17include /etc/firejail/whitelist-common.inc 17include whitelist-common.inc
diff --git a/etc/snox.profile b/etc/snox.profile
index 22bb0cdb0..3b3fd1ae1 100644
--- a/etc/snox.profile
+++ b/etc/snox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for snox 1# Firejail profile for snox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/snox.local 4include snox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/snox 8noblacklist ${HOME}/.cache/snox
9noblacklist ${HOME}/.config/snox 9noblacklist ${HOME}/.config/snox
@@ -16,4 +16,4 @@ whitelist ${HOME}/.cache/snox
16whitelist ${HOME}/.config/snox 16whitelist ${HOME}/.config/snox
17 17
18# Redirect 18# Redirect
19include /etc/firejail/chromium-common.profile 19include chromium-common.profile
diff --git a/etc/soffice.profile b/etc/soffice.profile
index c702a4ece..ea0f84631 100644
--- a/etc/soffice.profile
+++ b/etc/soffice.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile
index 69efe5244..6c1894dc4 100644
--- a/etc/soundconverter.profile
+++ b/etc/soundconverter.profile
@@ -2,9 +2,9 @@
2# Description: GNOME application to convert audio files into other formats 2# Description: GNOME application to convert audio files into other formats
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/soundconverter.local 5include soundconverter.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
@@ -14,14 +14,14 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27net none 27net none
diff --git a/etc/spectre-meltdown-checker.profile b/etc/spectre-meltdown-checker.profile
index 18d3a0575..350f10632 100644
--- a/etc/spectre-meltdown-checker.profile
+++ b/etc/spectre-meltdown-checker.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/spectre-meltdown-checker.local 5include spectre-meltdown-checker.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# sudo firejail --allow-debuggers spectre-meltdown-checker 9# sudo firejail --allow-debuggers spectre-meltdown-checker
10 10
@@ -18,14 +18,14 @@ noblacklist ${PATH}/perl
18noblacklist /usr/lib/perl* 18noblacklist /usr/lib/perl*
19noblacklist /usr/share/perl* 19noblacklist /usr/share/perl*
20 20
21include /etc/firejail/disable-common.inc 21include disable-common.inc
22include /etc/firejail/disable-devel.inc 22include disable-devel.inc
23include /etc/firejail/disable-interpreters.inc 23include disable-interpreters.inc
24include /etc/firejail/disable-passwdmgr.inc 24include disable-passwdmgr.inc
25include /etc/firejail/disable-programs.inc 25include disable-programs.inc
26include /etc/firejail/disable-xdg.inc 26include disable-xdg.inc
27 27
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30caps.keep sys_rawio 30caps.keep sys_rawio
31ipc-namespace 31ipc-namespace
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 3adf3183c..cd42b781d 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -1,9 +1,9 @@
1# Firejail profile for spotify 1# Firejail profile for spotify
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/spotify.local 4include spotify.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8blacklist ${HOME}/.bashrc 8blacklist ${HOME}/.bashrc
9blacklist /lost+found 9blacklist /lost+found
@@ -14,11 +14,11 @@ noblacklist ${HOME}/.cache/spotify
14noblacklist ${HOME}/.config/spotify 14noblacklist ${HOME}/.config/spotify
15noblacklist ${HOME}/.local/share/spotify 15noblacklist ${HOME}/.local/share/spotify
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.cache/spotify 23mkdir ${HOME}/.cache/spotify
24mkdir ${HOME}/.config/spotify 24mkdir ${HOME}/.config/spotify
@@ -26,8 +26,8 @@ mkdir ${HOME}/.local/share/spotify
26whitelist ${HOME}/.cache/spotify 26whitelist ${HOME}/.cache/spotify
27whitelist ${HOME}/.config/spotify 27whitelist ${HOME}/.config/spotify
28whitelist ${HOME}/.local/share/spotify 28whitelist ${HOME}/.local/share/spotify
29include /etc/firejail/whitelist-common.inc 29include whitelist-common.inc
30include /etc/firejail/whitelist-var-common.inc 30include whitelist-var-common.inc
31 31
32caps.drop all 32caps.drop all
33netfilter 33netfilter
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile
index 0f030d559..6e9c0022e 100644
--- a/etc/sqlitebrowser.profile
+++ b/etc/sqlitebrowser.profile
@@ -2,21 +2,21 @@
2# Description: GUI editor for SQLite databases 2# Description: GUI editor for SQLite databases
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/sqlitebrowser.local 5include sqlitebrowser.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/sqlitebrowser 9noblacklist ${HOME}/.config/sqlitebrowser
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
index b71c20231..02b66955f 100644
--- a/etc/ssh-agent.profile
+++ b/etc/ssh-agent.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ssh-agent.local 5include ssh-agent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
@@ -12,9 +12,9 @@ noblacklist /etc/ssh
12noblacklist /tmp/ssh-* 12noblacklist /tmp/ssh-*
13noblacklist ${HOME}/.ssh 13noblacklist ${HOME}/.ssh
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19shell none 19shell none
20caps.drop all 20caps.drop all
diff --git a/etc/ssh.profile b/etc/ssh.profile
index 584294f05..cc94793f3 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -3,17 +3,17 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/ssh.local 6include ssh.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist /etc/ssh 10noblacklist /etc/ssh
11noblacklist /tmp/ssh-* 11noblacklist /tmp/ssh-*
12noblacklist ${HOME}/.ssh 12noblacklist ${HOME}/.ssh
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile
index 9f62b42c5..d6dd2404d 100644
--- a/etc/standardnotes-desktop.profile
+++ b/etc/standardnotes-desktop.profile
@@ -1,24 +1,24 @@
1# Firejail profile for standardnotes-desktop 1# Firejail profile for standardnotes-desktop
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/standardnotes-desktop.local 4include standardnotes-desktop.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/Standard Notes Backups 8noblacklist ${HOME}/Standard Notes Backups
9noblacklist ${HOME}/.config/Standard Notes 9noblacklist ${HOME}/.config/Standard Notes
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/Standard Notes Backups 17mkdir ${HOME}/Standard Notes Backups
18mkdir ${HOME}/.config/Standard Notes 18mkdir ${HOME}/.config/Standard Notes
19whitelist ${HOME}/Standard Notes Backups 19whitelist ${HOME}/Standard Notes Backups
20whitelist ${HOME}/.config/Standard Notes 20whitelist ${HOME}/.config/Standard Notes
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23apparmor 23apparmor
24caps.drop all 24caps.drop all
diff --git a/etc/start-tor-browser.desktop.profile b/etc/start-tor-browser.desktop.profile
index c17815969..2b01eca88 100644
--- a/etc/start-tor-browser.desktop.profile
+++ b/etc/start-tor-browser.desktop.profile
@@ -63,4 +63,4 @@ mkdir ${HOME}/.tor-browser-zh-cn:
63whitelist ${HOME}/.tor-browser-zh-cn: 63whitelist ${HOME}/.tor-browser-zh-cn:
64 64
65# Redirect 65# Redirect
66include /etc/firejail/torbrowser-launcher.profile 66include torbrowser-launcher.profile
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
index 4d9ebcb2e..a7e99a7fb 100644
--- a/etc/start-tor-browser.profile
+++ b/etc/start-tor-browser.profile
@@ -1,19 +1,19 @@
1# Firejail profile for start-tor-browser 1# Firejail profile for start-tor-browser
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/start-tor-browser.local 4include start-tor-browser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/steam-native.profile b/etc/steam-native.profile
index b85b1659b..47608ad28 100644
--- a/etc/steam-native.profile
+++ b/etc/steam-native.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4# Redirect 4# Redirect
5include /etc/firejail/steam.profile 5include steam.profile
diff --git a/etc/steam.profile b/etc/steam.profile
index 903384ecf..7ea9d7abf 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -2,9 +2,9 @@
2# Description: Valve's Steam digital software delivery system 2# Description: Valve's Steam digital software delivery system
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/steam.local 5include steam.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist ${HOME}/.killingfloor 10noblacklist ${HOME}/.killingfloor
@@ -37,13 +37,13 @@ noblacklist ${PATH}/python3*
37noblacklist /usr/lib/python2* 37noblacklist /usr/lib/python2*
38noblacklist /usr/lib/python3* 38noblacklist /usr/lib/python3*
39 39
40include /etc/firejail/disable-common.inc 40include disable-common.inc
41include /etc/firejail/disable-devel.inc 41include disable-devel.inc
42include /etc/firejail/disable-interpreters.inc 42include disable-interpreters.inc
43include /etc/firejail/disable-passwdmgr.inc 43include disable-passwdmgr.inc
44include /etc/firejail/disable-programs.inc 44include disable-programs.inc
45 45
46include /etc/firejail/whitelist-var-common.inc 46include whitelist-var-common.inc
47 47
48caps.drop all 48caps.drop all
49#ipc-namespace 49#ipc-namespace
diff --git a/etc/stellarium.profile b/etc/stellarium.profile
index cddbd99d6..229f871c6 100644
--- a/etc/stellarium.profile
+++ b/etc/stellarium.profile
@@ -2,25 +2,25 @@
2# Description: Real-time photo-realistic sky generator 2# Description: Real-time photo-realistic sky generator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/stellarium.local 5include stellarium.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/stellarium 9noblacklist ${HOME}/.config/stellarium
10noblacklist ${HOME}/.stellarium 10noblacklist ${HOME}/.stellarium
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/stellarium 18mkdir ${HOME}/.config/stellarium
19mkdir ${HOME}/.stellarium 19mkdir ${HOME}/.stellarium
20whitelist ${HOME}/.config/stellarium 20whitelist ${HOME}/.config/stellarium
21whitelist ${HOME}/.stellarium 21whitelist ${HOME}/.stellarium
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26machine-id 26machine-id
diff --git a/etc/strings.profile b/etc/strings.profile
index ae2fbf18f..3791486c5 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -2,10 +2,10 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/strings.local 5include strings.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included default.profile 7# added by included default.profile
8#include /etc/firejail/globals.local 8#include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
@@ -30,4 +30,4 @@ memory-deny-write-execute
30noexec ${HOME} 30noexec ${HOME}
31noexec /tmp 31noexec /tmp
32 32
33include /etc/firejail/default.profile 33include default.profile
diff --git a/etc/studio.sh.profile b/etc/studio.sh.profile
index b4eee28df..d556521e1 100644
--- a/etc/studio.sh.profile
+++ b/etc/studio.sh.profile
@@ -1,4 +1,4 @@
1# Firejail profile alias for Android Studio 1# Firejail profile alias for Android Studio
2 2
3# Redirect 3# Redirect
4include /etc/firejail/android-studio.profile 4include android-studio.profile
diff --git a/etc/supertux2.profile b/etc/supertux2.profile
index 84083e9aa..789a75ad0 100644
--- a/etc/supertux2.profile
+++ b/etc/supertux2.profile
@@ -1,22 +1,22 @@
1# Firejail profile for supertux2 1# Firejail profile for supertux2
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/supertux2.local 4include supertux2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.local/share/supertux2 8noblacklist ${HOME}/.local/share/supertux2
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.local/share/supertux2 16mkdir ${HOME}/.local/share/supertux2
17whitelist ${HOME}/.local/share/supertux2 17whitelist ${HOME}/.local/share/supertux2
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
diff --git a/etc/surf.profile b/etc/surf.profile
index 3d40ea49b..d98946cc8 100644
--- a/etc/surf.profile
+++ b/etc/surf.profile
@@ -2,20 +2,20 @@
2# Description: Simple web browser by suckless community 2# Description: Simple web browser by suckless community
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/surf.local 5include surf.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.surf 9noblacklist ${HOME}/.surf
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.surf 16mkdir ${HOME}/.surf
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/sylpheed.profile b/etc/sylpheed.profile
index 5f30c95ba..ec29b38e3 100644
--- a/etc/sylpheed.profile
+++ b/etc/sylpheed.profile
@@ -2,17 +2,17 @@
2# Description: Light weight e-mail client with GTK+ 2# Description: Light weight e-mail client with GTK+
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/sylpheed.local 5include sylpheed.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.sylpheed-2.0 9noblacklist ${HOME}/.sylpheed-2.0
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
index 0fc59fd17..ca0969a3b 100644
--- a/etc/synfigstudio.profile
+++ b/etc/synfigstudio.profile
@@ -2,18 +2,18 @@
2# Description: Vector-based 2D animation package 2# Description: Vector-based 2D animation package
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/synfigstudio.local 5include synfigstudio.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/synfig 9noblacklist ${HOME}/.config/synfig
10noblacklist ${HOME}/.synfig 10noblacklist ${HOME}/.synfig
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19net none 19net none
diff --git a/etc/tar.profile b/etc/tar.profile
index 7409393c6..ff49fba47 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/tar.local 6include tar.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -28,4 +28,4 @@ private-dev
28private-etc passwd,group,localtime 28private-etc passwd,group,localtime
29private-lib 29private-lib
30 30
31include /etc/firejail/default.profile 31include default.profile
diff --git a/etc/teamspeak3.profile b/etc/teamspeak3.profile
index 55a95157d..196ec7437 100644
--- a/etc/teamspeak3.profile
+++ b/etc/teamspeak3.profile
@@ -2,23 +2,23 @@
2# Description: TeamSpeak is software for quality voice communication via the Internet 2# Description: TeamSpeak is software for quality voice communication via the Internet
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/teamspeak3.local 5include teamspeak3.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.ts3client 9noblacklist ${HOME}/.ts3client
10noblacklist ${PATH}/openssl 10noblacklist ${PATH}/openssl
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.ts3client 18mkdir ${HOME}/.ts3client
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.ts3client 20whitelist ${HOME}/.ts3client
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
diff --git a/etc/telegram-desktop.profile b/etc/telegram-desktop.profile
index 9e4855247..ef60bdc8c 100644
--- a/etc/telegram-desktop.profile
+++ b/etc/telegram-desktop.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/telegram.profile 7include telegram.profile
diff --git a/etc/telegram.profile b/etc/telegram.profile
index 9ffb9f287..fb2c06a27 100644
--- a/etc/telegram.profile
+++ b/etc/telegram.profile
@@ -1,17 +1,17 @@
1# Firejail profile for telegram 1# Firejail profile for telegram
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/telegram.local 4include telegram.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.TelegramDesktop 8noblacklist ${HOME}/.TelegramDesktop
9noblacklist ${HOME}/.local/share/TelegramDesktop 9noblacklist ${HOME}/.local/share/TelegramDesktop
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
diff --git a/etc/terasology.profile b/etc/terasology.profile
index fa45eb880..dff5391f7 100644
--- a/etc/terasology.profile
+++ b/etc/terasology.profile
@@ -1,9 +1,9 @@
1# Firejail profile for terasology 1# Firejail profile for terasology
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/terasology.local 4include terasology.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.java 8noblacklist ${HOME}/.java
9noblacklist ${HOME}/.local/share/terasology 9noblacklist ${HOME}/.local/share/terasology
@@ -14,17 +14,17 @@ noblacklist /usr/lib/java
14noblacklist /etc/java 14noblacklist /etc/java
15noblacklist /usr/share/java 15noblacklist /usr/share/java
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.java 23mkdir ${HOME}/.java
24mkdir ${HOME}/.local/share/terasology 24mkdir ${HOME}/.local/share/terasology
25whitelist ${HOME}/.java 25whitelist ${HOME}/.java
26whitelist ${HOME}/.local/share/terasology 26whitelist ${HOME}/.local/share/terasology
27include /etc/firejail/whitelist-common.inc 27include whitelist-common.inc
28 28
29caps.drop all 29caps.drop all
30ipc-namespace 30ipc-namespace
diff --git a/etc/thunar.profile b/etc/thunar.profile
index 37d10ae0d..0c7a048c4 100644
--- a/etc/thunar.profile
+++ b/etc/thunar.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/Thunar.profile 7include Thunar.profile
diff --git a/etc/thunderbird-beta.profile b/etc/thunderbird-beta.profile
index 73d2419da..2bd06cb14 100644
--- a/etc/thunderbird-beta.profile
+++ b/etc/thunderbird-beta.profile
@@ -5,4 +5,4 @@
5whitelist /opt/thunderbird-beta 5whitelist /opt/thunderbird-beta
6 6
7# Redirect 7# Redirect
8include /etc/firejail/thunderbird.profile 8include thunderbird.profile
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile
index 86671d1be..5f1af91be 100644
--- a/etc/thunderbird.profile
+++ b/etc/thunderbird.profile
@@ -2,9 +2,9 @@
2# Description: Email, RSS and newsgroup client with integrated spam filter 2# Description: Email, RSS and newsgroup client with integrated spam filter
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/thunderbird.local 5include thunderbird.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Users have thunderbird set to open a browser by clicking a link in an email 9# Users have thunderbird set to open a browser by clicking a link in an email
10# We are not allowed to blacklist browser-specific directories 10# We are not allowed to blacklist browser-specific directories
@@ -38,4 +38,4 @@ writable-run-user
38 38
39# allow browsers 39# allow browsers
40# Redirect 40# Redirect
41include /etc/firejail/firefox.profile 41include firefox.profile
diff --git a/etc/tilp.profile b/etc/tilp.profile
index 7d63df630..ecacd1deb 100644
--- a/etc/tilp.profile
+++ b/etc/tilp.profile
@@ -1,17 +1,17 @@
1# Firejail profile for tilp 1# Firejail profile for tilp
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/tilp.local 4include tilp.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.tilp 8noblacklist ${HOME}/.tilp
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17net none 17net none
diff --git a/etc/tor-browser-ar.profile b/etc/tor-browser-ar.profile
index a668a05d4..612b2d01b 100644
--- a/etc/tor-browser-ar.profile
+++ b/etc/tor-browser-ar.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ar
7whitelist ${HOME}/.tor-browser-ar 7whitelist ${HOME}/.tor-browser-ar
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-en-us.profile b/etc/tor-browser-en-us.profile
index 195377f0f..db56dda1b 100644
--- a/etc/tor-browser-en-us.profile
+++ b/etc/tor-browser-en-us.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-en-us
7whitelist ${HOME}/.tor-browser-en-us 7whitelist ${HOME}/.tor-browser-en-us
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile
index 75aad1a09..ad4110c0e 100644
--- a/etc/tor-browser-en.profile
+++ b/etc/tor-browser-en.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-en
7whitelist ${HOME}/.tor-browser-en 7whitelist ${HOME}/.tor-browser-en
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-es-es.profile b/etc/tor-browser-es-es.profile
index b6e5dedbc..1aa586658 100644
--- a/etc/tor-browser-es-es.profile
+++ b/etc/tor-browser-es-es.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-es-es
7whitelist ${HOME}/.tor-browser-es-es 7whitelist ${HOME}/.tor-browser-es-es
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-es.profile b/etc/tor-browser-es.profile
index c607c93e3..a386e3387 100644
--- a/etc/tor-browser-es.profile
+++ b/etc/tor-browser-es.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-es
7whitelist ${HOME}/.tor-browser-es 7whitelist ${HOME}/.tor-browser-es
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-fa.profile b/etc/tor-browser-fa.profile
index 3ce689c21..7f847a7c2 100644
--- a/etc/tor-browser-fa.profile
+++ b/etc/tor-browser-fa.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-fa
7whitelist ${HOME}/.tor-browser-fa 7whitelist ${HOME}/.tor-browser-fa
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-fr.profile b/etc/tor-browser-fr.profile
index 369184aba..bce470ec8 100644
--- a/etc/tor-browser-fr.profile
+++ b/etc/tor-browser-fr.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-fr
7whitelist ${HOME}/.tor-browser-fr 7whitelist ${HOME}/.tor-browser-fr
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-it.profile b/etc/tor-browser-it.profile
index e5d54617d..3c239ca29 100644
--- a/etc/tor-browser-it.profile
+++ b/etc/tor-browser-it.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-it
7whitelist ${HOME}/.tor-browser-it 7whitelist ${HOME}/.tor-browser-it
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-ja.profile b/etc/tor-browser-ja.profile
index a3cfa1987..c52e0f64e 100644
--- a/etc/tor-browser-ja.profile
+++ b/etc/tor-browser-ja.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ja
7whitelist ${HOME}/.tor-browser-ja 7whitelist ${HOME}/.tor-browser-ja
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile
index 6a7fe905c..8faa5afa1 100644
--- a/etc/tor-browser-ko.profile
+++ b/etc/tor-browser-ko.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ko
7whitelist ${HOME}/.tor-browser-ko 7whitelist ${HOME}/.tor-browser-ko
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-pl.profile b/etc/tor-browser-pl.profile
index e72d64a3e..08ddd4ae7 100644
--- a/etc/tor-browser-pl.profile
+++ b/etc/tor-browser-pl.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-pl
7whitelist ${HOME}/.tor-browser-pl 7whitelist ${HOME}/.tor-browser-pl
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-pt-br.profile b/etc/tor-browser-pt-br.profile
index d3a5d1b79..9942a3fe8 100644
--- a/etc/tor-browser-pt-br.profile
+++ b/etc/tor-browser-pt-br.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-pt-br
7whitelist ${HOME}/.tor-browser-pt-br 7whitelist ${HOME}/.tor-browser-pt-br
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-ru.profile b/etc/tor-browser-ru.profile
index 22b772b28..6294f8ca0 100644
--- a/etc/tor-browser-ru.profile
+++ b/etc/tor-browser-ru.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ru
7whitelist ${HOME}/.tor-browser-ru 7whitelist ${HOME}/.tor-browser-ru
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-vi.profile b/etc/tor-browser-vi.profile
index cd1c5b0b3..734c38698 100644
--- a/etc/tor-browser-vi.profile
+++ b/etc/tor-browser-vi.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-vi
7whitelist ${HOME}/.tor-browser-vi 7whitelist ${HOME}/.tor-browser-vi
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-zh-cn.profile b/etc/tor-browser-zh-cn.profile
index bf1bc75d6..21e813e45 100644
--- a/etc/tor-browser-zh-cn.profile
+++ b/etc/tor-browser-zh-cn.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-zh-cn
7whitelist ${HOME}/.tor-browser-zh-cn 7whitelist ${HOME}/.tor-browser-zh-cn
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor.profile b/etc/tor.profile
index ddaa9806c..c455f1864 100644
--- a/etc/tor.profile
+++ b/etc/tor.profile
@@ -2,9 +2,9 @@
2# Description: Anonymizing overlay network for TCP 2# Description: Anonymizing overlay network for TCP
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/tor.local 5include tor.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# How to use: 9# How to use:
10# Create a script called anything (e.g. mytor) 10# Create a script called anything (e.g. mytor)
@@ -17,12 +17,12 @@ include /etc/firejail/globals.local
17# You'll also likely want to disable the system service (if it exists) 17# You'll also likely want to disable the system service (if it exists)
18# Run mytor (or whatever you called the script above) whenever you want to start tor 18# Run mytor (or whatever you called the script above) whenever you want to start tor
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27caps.keep setuid,setgid,net_bind_service,dac_read_search 27caps.keep setuid,setgid,net_bind_service,dac_read_search
28ipc-namespace 28ipc-namespace
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 307377acc..617518eeb 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -2,9 +2,9 @@
2# Description: Helps download and run the Tor Browser Bundle 2# Description: Helps download and run the Tor Browser Bundle
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/torbrowser-launcher.local 5include torbrowser-launcher.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/torbrowser 9noblacklist ${HOME}/.config/torbrowser
10noblacklist ${HOME}/.local/share/torbrowser 10noblacklist ${HOME}/.local/share/torbrowser
@@ -15,20 +15,20 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25mkdir ${HOME}/.config/torbrowser 25mkdir ${HOME}/.config/torbrowser
26mkdir ${HOME}/.local/share/torbrowser 26mkdir ${HOME}/.local/share/torbrowser
27whitelist ${DOWNLOADS} 27whitelist ${DOWNLOADS}
28whitelist ${HOME}/.config/torbrowser 28whitelist ${HOME}/.config/torbrowser
29whitelist ${HOME}/.local/share/torbrowser 29whitelist ${HOME}/.local/share/torbrowser
30include /etc/firejail/whitelist-common.inc 30include whitelist-common.inc
31include /etc/firejail/whitelist-var-common.inc 31include whitelist-var-common.inc
32 32
33caps.drop all 33caps.drop all
34netfilter 34netfilter
diff --git a/etc/totem.profile b/etc/totem.profile
index bfa5883e2..e5be49084 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -2,23 +2,23 @@
2# Description: Simple media player for the GNOME desktop based on GStreamer 2# Description: Simple media player for the GNOME desktop based on GStreamer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/totem.local 5include totem.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/totem 9noblacklist ${HOME}/.config/totem
10noblacklist ${HOME}/.local/share/totem 10noblacklist ${HOME}/.local/share/totem
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12noblacklist ${VIDEOS} 12noblacklist ${VIDEOS}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23# apparmor - makes settings immutable 23# apparmor - makes settings immutable
24caps.drop all 24caps.drop all
diff --git a/etc/tracker.profile b/etc/tracker.profile
index 142089c34..6d86b2951 100644
--- a/etc/tracker.profile
+++ b/etc/tracker.profile
@@ -2,19 +2,19 @@
2# Description: Metadata database, indexer and search tool 2# Description: Metadata database, indexer and search tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/tracker.local 5include tracker.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Tracker is started by systemd on most systems. Therefore it is not firejailed by default 9# Tracker is started by systemd on most systems. Therefore it is not firejailed by default
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
index 1a22a713c..bcd1bacb0 100644
--- a/etc/transmission-cli.profile
+++ b/etc/transmission-cli.profile
@@ -2,18 +2,18 @@
2# Description: Lightweight BitTorrent client 2# Description: Lightweight BitTorrent client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/transmission-cli.local 5include transmission-cli.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/transmission 9noblacklist ${HOME}/.cache/transmission
10noblacklist ${HOME}/.config/transmission 10noblacklist ${HOME}/.config/transmission
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19machine-id 19machine-id
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 758205ccf..134232460 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -2,26 +2,26 @@
2# Description: Lightweight BitTorrent client 2# Description: Lightweight BitTorrent client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/transmission-gtk.local 5include transmission-gtk.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/transmission 9noblacklist ${HOME}/.cache/transmission
10noblacklist ${HOME}/.config/transmission 10noblacklist ${HOME}/.config/transmission
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/transmission 18mkdir ${HOME}/.cache/transmission
19mkdir ${HOME}/.config/transmission 19mkdir ${HOME}/.config/transmission
20whitelist ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/transmission 21whitelist ${HOME}/.cache/transmission
22whitelist ${HOME}/.config/transmission 22whitelist ${HOME}/.config/transmission
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26apparmor 26apparmor
27caps.drop all 27caps.drop all
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index c8eb9e326..5679229e9 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -2,26 +2,26 @@
2# Description: Lightweight BitTorrent client 2# Description: Lightweight BitTorrent client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/transmission-qt.local 5include transmission-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/transmission 9noblacklist ${HOME}/.cache/transmission
10noblacklist ${HOME}/.config/transmission 10noblacklist ${HOME}/.config/transmission
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/transmission 18mkdir ${HOME}/.cache/transmission
19mkdir ${HOME}/.config/transmission 19mkdir ${HOME}/.config/transmission
20whitelist ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/transmission 21whitelist ${HOME}/.cache/transmission
22whitelist ${HOME}/.config/transmission 22whitelist ${HOME}/.config/transmission
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26apparmor 26apparmor
27caps.drop all 27caps.drop all
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
index 06b79effd..e0bc9e309 100644
--- a/etc/transmission-show.profile
+++ b/etc/transmission-show.profile
@@ -1,18 +1,18 @@
1# Firejail profile for transmission-show 1# Firejail profile for transmission-show
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/transmission-show.local 4include transmission-show.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/transmission 8noblacklist ${HOME}/.cache/transmission
9noblacklist ${HOME}/.config/transmission 9noblacklist ${HOME}/.config/transmission
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18machine-id 18machine-id
diff --git a/etc/truecraft.profile b/etc/truecraft.profile
index 1eb7b65ba..7151e62f8 100644
--- a/etc/truecraft.profile
+++ b/etc/truecraft.profile
@@ -1,24 +1,24 @@
1# Firejail profile for truecraft 1# Firejail profile for truecraft
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/truecraft.local 4include truecraft.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/mono 8noblacklist ${HOME}/.config/mono
9noblacklist ${HOME}/.config/truecraft 9noblacklist ${HOME}/.config/truecraft
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/mono 17mkdir ${HOME}/.config/mono
18mkdir ${HOME}/.config/truecraft 18mkdir ${HOME}/.config/truecraft
19whitelist ${HOME}/.config/mono 19whitelist ${HOME}/.config/mono
20whitelist ${HOME}/.config/truecraft 20whitelist ${HOME}/.config/truecraft
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24nodvd 24nodvd
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile
index d467e1a83..d6243720a 100644
--- a/etc/tuxguitar.profile
+++ b/etc/tuxguitar.profile
@@ -2,9 +2,9 @@
2# Description: Multitrack guitar tablature editor and player (gp3 to gp5) 2# Description: Multitrack guitar tablature editor and player (gp3 to gp5)
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/tuxguitar.local 5include tuxguitar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist ${HOME}/.tuxguitar* 10noblacklist ${HOME}/.tuxguitar*
@@ -17,14 +17,14 @@ noblacklist /usr/lib/java
17noblacklist /etc/java 17noblacklist /etc/java
18noblacklist /usr/share/java 18noblacklist /usr/share/java
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30netfilter 30netfilter
diff --git a/etc/uefitool.profile b/etc/uefitool.profile
index d4016d061..ec0adef3a 100644
--- a/etc/uefitool.profile
+++ b/etc/uefitool.profile
@@ -1,18 +1,18 @@
1# Firejail profile for uefitool 1# Firejail profile for uefitool
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/uefitool.local 4include uefitool.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile
index 3c3c685e0..7e718d4e5 100644
--- a/etc/uget-gtk.profile
+++ b/etc/uget-gtk.profile
@@ -1,21 +1,21 @@
1# Firejail profile for uget-gtk 1# Firejail profile for uget-gtk
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/uget-gtk.local 4include uget-gtk.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/uGet 8noblacklist ${HOME}/.config/uGet
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15mkdir ${HOME}/.config/uGet 15mkdir ${HOME}/.config/uGet
16whitelist ${DOWNLOADS} 16whitelist ${DOWNLOADS}
17whitelist ${HOME}/.config/uGet 17whitelist ${HOME}/.config/uGet
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/unbound.profile b/etc/unbound.profile
index 5bc350e8d..05f24ea99 100644
--- a/etc/unbound.profile
+++ b/etc/unbound.profile
@@ -2,21 +2,21 @@
2# Description: Validating, recursive, caching DNS resolver 2# Description: Validating, recursive, caching DNS resolver
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/unbound.local 5include unbound.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist /sbin 11noblacklist /sbin
12noblacklist /usr/sbin 12noblacklist /usr/sbin
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21whitelist /var/lib/unbound 21whitelist /var/lib/unbound
22whitelist /var/run 22whitelist /var/run
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile
index 5b2944a88..3f2f395c4 100644
--- a/etc/unknown-horizons.profile
+++ b/etc/unknown-horizons.profile
@@ -2,19 +2,19 @@
2# Description: 2D realtime strategy simulation 2# Description: 2D realtime strategy simulation
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/unknown-horizons.local 5include unknown-horizons.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.unknown-horizons 9noblacklist ${HOME}/.unknown-horizons
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15mkdir ${HOME}/.unknown-horizons 15mkdir ${HOME}/.unknown-horizons
16whitelist ${HOME}/.unknown-horizons 16whitelist ${HOME}/.unknown-horizons
17include /etc/firejail/whitelist-common.inc 17include whitelist-common.inc
18 18
19caps.drop all 19caps.drop all
20nodvd 20nodvd
diff --git a/etc/unlzma.profile b/etc/unlzma.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/unlzma.profile
+++ b/etc/unlzma.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/unrar.profile b/etc/unrar.profile
index c8c72f1f3..7a2a73cd8 100644
--- a/etc/unrar.profile
+++ b/etc/unrar.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/unrar.local 6include unrar.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -27,4 +27,4 @@ private-dev
27private-etc passwd,group,localtime 27private-etc passwd,group,localtime
28private-tmp 28private-tmp
29 29
30include /etc/firejail/default.profile 30include default.profile
diff --git a/etc/unxz.profile b/etc/unxz.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/unxz.profile
+++ b/etc/unxz.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/unzip.profile b/etc/unzip.profile
index 0b8b0cc50..549a239d0 100644
--- a/etc/unzip.profile
+++ b/etc/unzip.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/unzip.local 6include unzip.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -29,4 +29,4 @@ private-etc passwd,group,localtime
29# GNOME Shell integration (chrome-gnome-shell) 29# GNOME Shell integration (chrome-gnome-shell)
30noblacklist ${HOME}/.local/share/gnome-shell 30noblacklist ${HOME}/.local/share/gnome-shell
31 31
32include /etc/firejail/default.profile 32include default.profile
diff --git a/etc/uudeview.profile b/etc/uudeview.profile
index d1130960d..ec123a3f6 100644
--- a/etc/uudeview.profile
+++ b/etc/uudeview.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/uudeview.local 6include uudeview.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11hostname uudeview 11hostname uudeview
12ignore noroot 12ignore noroot
@@ -24,4 +24,4 @@ private-cache
24private-dev 24private-dev
25private-etc ld.so.preload 25private-etc ld.so.preload
26 26
27include /etc/firejail/default.profile 27include default.profile
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile
index b8a3fa497..7e6b35d13 100644
--- a/etc/uzbl-browser.profile
+++ b/etc/uzbl-browser.profile
@@ -1,9 +1,9 @@
1# Firejail profile for uzbl-browser 1# Firejail profile for uzbl-browser
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/uzbl-browser.local 4include uzbl-browser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/uzbl 8noblacklist ${HOME}/.config/uzbl
9noblacklist ${HOME}/.gnupg 9noblacklist ${HOME}/.gnupg
@@ -15,10 +15,10 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.config/uzbl 23mkdir ${HOME}/.config/uzbl
24mkdir ${HOME}/.gnupg 24mkdir ${HOME}/.gnupg
@@ -29,7 +29,7 @@ whitelist ${HOME}/.config/uzbl
29whitelist ${HOME}/.gnupg 29whitelist ${HOME}/.gnupg
30whitelist ${HOME}/.local/share/uzbl 30whitelist ${HOME}/.local/share/uzbl
31whitelist ${HOME}/.password-store 31whitelist ${HOME}/.password-store
32include /etc/firejail/whitelist-common.inc 32include whitelist-common.inc
33 33
34caps.drop all 34caps.drop all
35netfilter 35netfilter
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index 08f9fd309..d459d5b88 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -2,9 +2,9 @@
2# Description: Simple, fast and elegant image viewer 2# Description: Simple, fast and elegant image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/viewnior.local 5include viewnior.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist ${HOME}/.bashrc 9blacklist ${HOME}/.bashrc
10 10
@@ -12,11 +12,11 @@ noblacklist ${HOME}/.Steam
12noblacklist ${HOME}/.config/viewnior 12noblacklist ${HOME}/.config/viewnior
13noblacklist ${HOME}/.steam 13noblacklist ${HOME}/.steam
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
diff --git a/etc/viking.profile b/etc/viking.profile
index 624cb962b..2f3ac8edb 100644
--- a/etc/viking.profile
+++ b/etc/viking.profile
@@ -2,20 +2,20 @@
2# Description: GPS data editor, analyzer and viewer 2# Description: GPS data editor, analyzer and viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/viking.local 5include viking.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.viking 9noblacklist ${HOME}/.viking
10noblacklist ${HOME}/.viking-maps 10noblacklist ${HOME}/.viking-maps
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/vim.profile b/etc/vim.profile
index 1f98a018a..623aa39ff 100644
--- a/etc/vim.profile
+++ b/etc/vim.profile
@@ -2,17 +2,17 @@
2# Description: Vi IMproved - enhanced vi editor 2# Description: Vi IMproved - enhanced vi editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/vim.local 5include vim.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.vim 9noblacklist ${HOME}/.vim
10noblacklist ${HOME}/.viminfo 10noblacklist ${HOME}/.viminfo
11noblacklist ${HOME}/.vimrc 11noblacklist ${HOME}/.vimrc
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/vimcat.profile b/etc/vimcat.profile
index 5067c2fd1..a8f7758e0 100644
--- a/etc/vimcat.profile
+++ b/etc/vimcat.profile
@@ -1,10 +1,10 @@
1# Firejail profile for vimcat 1# Firejail profile for vimcat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vimcat.local 4include vimcat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/vimdiff.profile b/etc/vimdiff.profile
index f89a2c112..53a5c6224 100644
--- a/etc/vimdiff.profile
+++ b/etc/vimdiff.profile
@@ -1,10 +1,10 @@
1# Firejail profile for vimdiff 1# Firejail profile for vimdiff
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vimdiff.local 4include vimdiff.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/vimpager.profile b/etc/vimpager.profile
index 9c59cb82f..ef2c20ef1 100644
--- a/etc/vimpager.profile
+++ b/etc/vimpager.profile
@@ -2,10 +2,10 @@
2# Description: A vim-based script to use as a PAGER 2# Description: A vim-based script to use as a PAGER
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/vimpager.local 5include vimpager.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10# Redirect 10# Redirect
11include /etc/firejail/vim.profile 11include vim.profile
diff --git a/etc/vimtutor.profile b/etc/vimtutor.profile
index 83851d37e..7330d6da2 100644
--- a/etc/vimtutor.profile
+++ b/etc/vimtutor.profile
@@ -1,10 +1,10 @@
1# Firejail profile for vimtutor 1# Firejail profile for vimtutor
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vimtutor.local 4include vimtutor.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile
index c634348c7..1ef44dd5c 100644
--- a/etc/virtualbox.profile
+++ b/etc/virtualbox.profile
@@ -2,9 +2,9 @@
2# Description: x86 virtualization solution 2# Description: x86 virtualization solution
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/virtualbox.local 5include virtualbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.VirtualBox 9noblacklist ${HOME}/.VirtualBox
10noblacklist ${HOME}/.config/VirtualBox 10noblacklist ${HOME}/.config/VirtualBox
@@ -13,17 +13,17 @@ noblacklist ${HOME}/VirtualBox VMs
13noblacklist /usr/lib/virtualbox 13noblacklist /usr/lib/virtualbox
14noblacklist /usr/lib64/virtualbox 14noblacklist /usr/lib64/virtualbox
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20mkdir ${HOME}/.config/VirtualBox 20mkdir ${HOME}/.config/VirtualBox
21mkdir ${HOME}/VirtualBox VMs 21mkdir ${HOME}/VirtualBox VMs
22whitelist ${HOME}/.config/VirtualBox 22whitelist ${HOME}/.config/VirtualBox
23whitelist ${HOME}/VirtualBox VMs 23whitelist ${HOME}/VirtualBox VMs
24whitelist ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29netfilter 29netfilter
diff --git a/etc/vivaldi-beta.profile b/etc/vivaldi-beta.profile
index d1ceb74f4..bee5d6be6 100644
--- a/etc/vivaldi-beta.profile
+++ b/etc/vivaldi-beta.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/vivaldi.profile 6include vivaldi.profile
diff --git a/etc/vivaldi-snapshot.profile b/etc/vivaldi-snapshot.profile
index f8691025f..ea4a4009f 100644
--- a/etc/vivaldi-snapshot.profile
+++ b/etc/vivaldi-snapshot.profile
@@ -1,9 +1,9 @@
1# Firejail profile for vivaldi-snapshot 1# Firejail profile for vivaldi-snapshot
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vivaldi-snapshot.local 4include vivaldi-snapshot.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/vivaldi-snapshot 8noblacklist ${HOME}/.cache/vivaldi-snapshot
9noblacklist ${HOME}/.config/vivaldi-snapshot 9noblacklist ${HOME}/.config/vivaldi-snapshot
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/vivaldi-snapshot
14whitelist ${HOME}/.config/vivaldi-snapshot 14whitelist ${HOME}/.config/vivaldi-snapshot
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/vivaldi-stable.profile b/etc/vivaldi-stable.profile
index d1ceb74f4..bee5d6be6 100644
--- a/etc/vivaldi-stable.profile
+++ b/etc/vivaldi-stable.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/vivaldi.profile 6include vivaldi.profile
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile
index 8b37ca40b..96f1bd99d 100644
--- a/etc/vivaldi.profile
+++ b/etc/vivaldi.profile
@@ -1,9 +1,9 @@
1# Firejail profile for vivaldi 1# Firejail profile for vivaldi
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vivaldi.local 4include vivaldi.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/vivaldi 8noblacklist ${HOME}/.cache/vivaldi
9noblacklist ${HOME}/.config/vivaldi 9noblacklist ${HOME}/.config/vivaldi
@@ -17,4 +17,4 @@ whitelist ${HOME}/.config/vivaldi
17ignore nodbus 17ignore nodbus
18 18
19# Redirect 19# Redirect
20include /etc/firejail/chromium-common.profile 20include chromium-common.profile
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 594a5944b..d9e8dc338 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -2,9 +2,9 @@
2# Description: Multimedia player and streamer 2# Description: Multimedia player and streamer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/vlc.local 5include vlc.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/vlc 9noblacklist ${HOME}/.cache/vlc
10noblacklist ${HOME}/.config/vlc 10noblacklist ${HOME}/.config/vlc
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.local/share/vlc
12noblacklist ${MUSIC} 12noblacklist ${MUSIC}
13noblacklist ${VIDEOS} 13noblacklist ${VIDEOS}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24#apparmor - on Ubuntu 18.04 it refuses to start without dbus access 24#apparmor - on Ubuntu 18.04 it refuses to start without dbus access
25caps.drop all 25caps.drop all
diff --git a/etc/vym.profile b/etc/vym.profile
index bb044069d..a7b86e355 100644
--- a/etc/vym.profile
+++ b/etc/vym.profile
@@ -2,17 +2,17 @@
2# Description: Mindmapping tool 2# Description: Mindmapping tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/vym.local 5include vym.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/InSilmaril 9noblacklist ${HOME}/.config/InSilmaril
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/w3m.profile b/etc/w3m.profile
index 858b30a5f..af39afd89 100644
--- a/etc/w3m.profile
+++ b/etc/w3m.profile
@@ -2,20 +2,20 @@
2# Description: WWW browsable pager with excellent tables/frames support 2# Description: WWW browsable pager with excellent tables/frames support
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/w3m.local 5include w3m.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.w3m 11noblacklist ${HOME}/.w3m
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile
index 632a56074..a5f1f27b2 100644
--- a/etc/warzone2100.profile
+++ b/etc/warzone2100.profile
@@ -2,24 +2,24 @@
2# Description: 3D real time strategy game 2# Description: 3D real time strategy game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/warzone2100.local 5include warzone2100.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.warzone2100-3.* 9noblacklist ${HOME}/.warzone2100-3.*
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17# mkdir ${HOME}/.warzone2100-3.1 17# mkdir ${HOME}/.warzone2100-3.1
18# mkdir ${HOME}/.warzone2100-3.2 18# mkdir ${HOME}/.warzone2100-3.2
19whitelist ${HOME}/.warzone2100-3.1 19whitelist ${HOME}/.warzone2100-3.1
20whitelist ${HOME}/.warzone2100-3.2 20whitelist ${HOME}/.warzone2100-3.2
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/waterfox.profile b/etc/waterfox.profile
index fdd299bbf..3dc21958d 100644
--- a/etc/waterfox.profile
+++ b/etc/waterfox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for waterfox 1# Firejail profile for waterfox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/waterfox.local 4include waterfox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.cache/waterfox 9noblacklist ${HOME}/.cache/waterfox
@@ -25,4 +25,4 @@ whitelist ${HOME}/.waterfox
25#private-etc waterfox 25#private-etc waterfox
26 26
27# Redirect 27# Redirect
28include /etc/firejail/firefox-common.profile 28include firefox-common.profile
diff --git a/etc/webstorm.profile b/etc/webstorm.profile
index 1a77fd833..ef582808b 100644
--- a/etc/webstorm.profile
+++ b/etc/webstorm.profile
@@ -1,9 +1,9 @@
1# Firejail profile for WebStorm 1# Firejail profile for WebStorm
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/webstorm.local 4include webstorm.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.WebStorm* 8noblacklist ${HOME}/.WebStorm*
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
@@ -17,11 +17,11 @@ noblacklist ${HOME}/.tooling
17noblacklist ${PATH}/node 17noblacklist ${PATH}/node
18noblacklist ${HOME}/.nvm 18noblacklist ${HOME}/.nvm
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-devel.inc 23include disable-devel.inc
24include /etc/firejail/disable-interpreters.inc 24include disable-interpreters.inc
25 25
26caps.drop all 26caps.drop all
27netfilter 27netfilter
diff --git a/etc/weechat-curses.profile b/etc/weechat-curses.profile
index 0da7d45d6..4e9d6826c 100644
--- a/etc/weechat-curses.profile
+++ b/etc/weechat-curses.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/weechat.profile 6include weechat.profile
diff --git a/etc/weechat.profile b/etc/weechat.profile
index 213271367..99b34048f 100644
--- a/etc/weechat.profile
+++ b/etc/weechat.profile
@@ -2,14 +2,14 @@
2# Description: Fast, light and extensible chat client 2# Description: Fast, light and extensible chat client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/weechat.local 5include weechat.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.weechat 9noblacklist ${HOME}/.weechat
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14caps.drop all 14caps.drop all
15netfilter 15netfilter
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile
index 215d2e72d..1261ea2c2 100644
--- a/etc/wesnoth.profile
+++ b/etc/wesnoth.profile
@@ -2,19 +2,19 @@
2# Description: Fantasy turn-based strategy game 2# Description: Fantasy turn-based strategy game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/wesnoth.local 5include wesnoth.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/wesnoth 9noblacklist ${HOME}/.cache/wesnoth
10noblacklist ${HOME}/.config/wesnoth 10noblacklist ${HOME}/.config/wesnoth
11noblacklist ${HOME}/.local/share/wesnoth 11noblacklist ${HOME}/.local/share/wesnoth
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.cache/wesnoth 19mkdir ${HOME}/.cache/wesnoth
20mkdir ${HOME}/.config/wesnoth 20mkdir ${HOME}/.config/wesnoth
@@ -22,7 +22,7 @@ mkdir ${HOME}/.local/share/wesnoth
22whitelist ${HOME}/.cache/wesnoth 22whitelist ${HOME}/.cache/wesnoth
23whitelist ${HOME}/.config/wesnoth 23whitelist ${HOME}/.config/wesnoth
24whitelist ${HOME}/.local/share/wesnoth 24whitelist ${HOME}/.local/share/wesnoth
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28nodvd 28nodvd
diff --git a/etc/wget.profile b/etc/wget.profile
index abe2436d7..9ecae527e 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -3,19 +3,19 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/wget.local 6include wget.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12noblacklist ${HOME}/.wgetrc 12noblacklist ${HOME}/.wgetrc
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc
index 92ee288dc..38ec5d85d 100644
--- a/etc/whitelist-common.inc
+++ b/etc/whitelist-common.inc
@@ -1,5 +1,5 @@
1# Local customizations come here 1# Local customizations come here
2include /etc/firejail/whitelist-common.local 2include whitelist-common.local
3 3
4# common whitelist for all profiles 4# common whitelist for all profiles
5 5
diff --git a/etc/whitelist-var-common.inc b/etc/whitelist-var-common.inc
index 024995f20..e2210057b 100644
--- a/etc/whitelist-var-common.inc
+++ b/etc/whitelist-var-common.inc
@@ -1,5 +1,5 @@
1# Local customizations come here 1# Local customizations come here
2include /etc/firejail/whitelist-var-common.local 2include whitelist-var-common.local
3 3
4# common /var whitelist for all profiles 4# common /var whitelist for all profiles
5 5
diff --git a/etc/whois.profile b/etc/whois.profile
index 3ef2e1476..ee95dda39 100644
--- a/etc/whois.profile
+++ b/etc/whois.profile
@@ -2,18 +2,18 @@ quiet
2# Firejail profile for whois 2# Firejail profile for whois
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/whois.local 5include whois.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10# include /etc/firejail/disable-devel.inc 10# include disable-devel.inc
11# include /etc/firejail/disable-interpreters.inc 11# include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14#include /etc/firejail/disable-xdg.inc 14#include disable-xdg.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19# ipc-namespace 19# ipc-namespace
diff --git a/etc/wine.profile b/etc/wine.profile
index 88cdd2ffc..34c695cf1 100644
--- a/etc/wine.profile
+++ b/etc/wine.profile
@@ -2,9 +2,9 @@
2# Description: A compatibility layer for running Windows programs 2# Description: A compatibility layer for running Windows programs
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/wine.local 5include wine.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10noblacklist ${HOME}/.local/share/Steam 10noblacklist ${HOME}/.local/share/Steam
@@ -14,10 +14,10 @@ noblacklist ${HOME}/.wine
14# with >=llvm-4 mesa drivers need llvm stuff 14# with >=llvm-4 mesa drivers need llvm stuff
15noblacklist /usr/lib/llvm* 15noblacklist /usr/lib/llvm*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile
index 64d2cefd5..e6c77ae15 100644
--- a/etc/wire-desktop.profile
+++ b/etc/wire-desktop.profile
@@ -1,23 +1,23 @@
1# Firejail profile for wire-desktop 1# Firejail profile for wire-desktop
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/wire-desktop.local 4include wire-desktop.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Wire 8noblacklist ${HOME}/.config/Wire
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.config/Wire 16mkdir ${HOME}/.config/Wire
17whitelist ${HOME}/.config/Wire 17whitelist ${HOME}/.config/Wire
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19 19
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/wireshark-gtk.profile b/etc/wireshark-gtk.profile
index 26747379a..14978013d 100644
--- a/etc/wireshark-gtk.profile
+++ b/etc/wireshark-gtk.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/wireshark.profile 7include wireshark.profile
diff --git a/etc/wireshark-qt.profile b/etc/wireshark-qt.profile
index 26747379a..14978013d 100644
--- a/etc/wireshark-qt.profile
+++ b/etc/wireshark-qt.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/wireshark.profile 7include wireshark.profile
diff --git a/etc/wireshark.profile b/etc/wireshark.profile
index 330f0140e..cbfe9af48 100644
--- a/etc/wireshark.profile
+++ b/etc/wireshark.profile
@@ -2,9 +2,9 @@
2# Description: Network traffic analyzer 2# Description: Network traffic analyzer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/wireshark.local 5include wireshark.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/wireshark 9noblacklist ${HOME}/.config/wireshark
10noblacklist ${HOME}/.wireshark 10noblacklist ${HOME}/.wireshark
@@ -16,14 +16,14 @@ noblacklist /usr/lib/lua
16noblacklist /usr/include/lua* 16noblacklist /usr/include/lua*
17noblacklist /usr/share/lua 17noblacklist /usr/share/lua
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28apparmor 28apparmor
29# caps.drop all 29# caps.drop all
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile
index ac8f0fe2a..497a8b87c 100644
--- a/etc/x-terminal-emulator.profile
+++ b/etc/x-terminal-emulator.profile
@@ -1,9 +1,9 @@
1# Firejail profile for x-terminal-emulator 1# Firejail profile for x-terminal-emulator
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/x-terminal-emulator.local 4include x-terminal-emulator.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8caps.drop all 8caps.drop all
9ipc-namespace 9ipc-namespace
diff --git a/etc/xcalc.profile b/etc/xcalc.profile
index dd7c66523..038e006d0 100644
--- a/etc/xcalc.profile
+++ b/etc/xcalc.profile
@@ -1,18 +1,18 @@
1# Firejail profile for xcalc 1# Firejail profile for xcalc
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xcalc.local 4include xcalc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8include /etc/firejail/disable-common.inc 8include disable-common.inc
9include /etc/firejail/disable-devel.inc 9include disable-devel.inc
10include /etc/firejail/disable-interpreters.inc 10include disable-interpreters.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13include /etc/firejail/disable-xdg.inc 13include disable-xdg.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
diff --git a/etc/xchat.profile b/etc/xchat.profile
index af6da1ac5..a94444aab 100644
--- a/etc/xchat.profile
+++ b/etc/xchat.profile
@@ -2,15 +2,15 @@
2# Description: IRC client for X similar to AmIRC 2# Description: IRC client for X similar to AmIRC
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xchat.local 5include xchat.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/xchat 9noblacklist ${HOME}/.config/xchat
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16nodvd 16nodvd
diff --git a/etc/xed.profile b/etc/xed.profile
index f65b52658..b949f4549 100644
--- a/etc/xed.profile
+++ b/etc/xed.profile
@@ -1,9 +1,9 @@
1# Firejail profile for xed 1# Firejail profile for xed
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xed.local 4include xed.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/xed 8noblacklist ${HOME}/.config/xed
9 9
@@ -13,13 +13,13 @@ noblacklist ${PATH}/python3*
13noblacklist /usr/lib/python2* 13noblacklist /usr/lib/python2*
14noblacklist /usr/lib/python3* 14noblacklist /usr/lib/python3*
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24# apparmor - makes settings immutable 24# apparmor - makes settings immutable
25caps.drop all 25caps.drop all
diff --git a/etc/xfburn.profile b/etc/xfburn.profile
index 207e62232..3dc525755 100644
--- a/etc/xfburn.profile
+++ b/etc/xfburn.profile
@@ -2,17 +2,17 @@
2# Description: CD-burner application for Xfce Desktop Environment 2# Description: CD-burner application for Xfce Desktop Environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xfburn.local 5include xfburn.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/xfburn 9noblacklist ${HOME}/.config/xfburn
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile
index e84c78b24..104249be4 100644
--- a/etc/xfce4-dict.profile
+++ b/etc/xfce4-dict.profile
@@ -2,17 +2,17 @@
2# Description: Dictionary plugin for Xfce4 panel 2# Description: Dictionary plugin for Xfce4 panel
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xfce4-dict.local 5include xfce4-dict.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/xfce4-dict 9noblacklist ${HOME}/.config/xfce4-dict
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile
index 99aeebb7f..73e7d0625 100644
--- a/etc/xfce4-notes.profile
+++ b/etc/xfce4-notes.profile
@@ -2,19 +2,19 @@
2# Description: Notes application for the Xfce4 desktop 2# Description: Notes application for the Xfce4 desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xfce4-notes.local 5include xfce4-notes.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc 9noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
10noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc 10noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc
11noblacklist ${HOME}/.local/share/notes 11noblacklist ${HOME}/.local/share/notes
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/xiphos.profile b/etc/xiphos.profile
index 703579562..4cdf39af3 100644
--- a/etc/xiphos.profile
+++ b/etc/xiphos.profile
@@ -2,24 +2,24 @@
2# Description: Environment for Bible reading, study, and research 2# Description: Environment for Bible reading, study, and research
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xiphos.local 5include xiphos.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist ${HOME}/.bashrc 9blacklist ${HOME}/.bashrc
10 10
11noblacklist ${HOME}/.sword 11noblacklist ${HOME}/.sword
12noblacklist ${HOME}/.xiphos 12noblacklist ${HOME}/.xiphos
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20whitelist ${HOME}/.sword 20whitelist ${HOME}/.sword
21whitelist ${HOME}/.xiphos 21whitelist ${HOME}/.xiphos
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/xmms.profile b/etc/xmms.profile
index d016e0c23..e6fe72e94 100644
--- a/etc/xmms.profile
+++ b/etc/xmms.profile
@@ -1,19 +1,19 @@
1# Firejail profile for xmms 1# Firejail profile for xmms
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xmms.local 4include xmms.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.xmms 8noblacklist ${HOME}/.xmms
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile
index 7a445f6a5..df4252578 100644
--- a/etc/xmr-stak.profile
+++ b/etc/xmr-stak.profile
@@ -1,22 +1,22 @@
1# Firejail profile for xmr-stak 1# Firejail profile for xmr-stak
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xmr-stak.local 4include xmr-stak.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.xmr-stak 8noblacklist ${HOME}/.xmr-stak
9noblacklist /usr/lib/llvm* 9noblacklist /usr/lib/llvm*
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18mkdir ${HOME}/.xmr-stak 18mkdir ${HOME}/.xmr-stak
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
diff --git a/etc/xonotic-glx.profile b/etc/xonotic-glx.profile
index 041a063bb..8a44fb587 100644
--- a/etc/xonotic-glx.profile
+++ b/etc/xonotic-glx.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/xonotic.profile 6include xonotic.profile
diff --git a/etc/xonotic-sdl.profile b/etc/xonotic-sdl.profile
index 041a063bb..8a44fb587 100644
--- a/etc/xonotic-sdl.profile
+++ b/etc/xonotic-sdl.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/xonotic.profile 6include xonotic.profile
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index a7e8edc0f..4987d9ba7 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -2,22 +2,22 @@
2# Description: A free, fast-paced crossplatform first-person shooter 2# Description: A free, fast-paced crossplatform first-person shooter
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xonotic.local 5include xonotic.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.xonotic 9noblacklist ${HOME}/.xonotic
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.xonotic 17mkdir ${HOME}/.xonotic
18whitelist ${HOME}/.xonotic 18whitelist ${HOME}/.xonotic
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/xpdf.profile b/etc/xpdf.profile
index c12a3437c..ec76060fa 100644
--- a/etc/xpdf.profile
+++ b/etc/xpdf.profile
@@ -2,21 +2,21 @@
2# Description: Portable Document Format (PDF) reader 2# Description: Portable Document Format (PDF) reader
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xpdf.local 5include xpdf.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.xpdfrc 9noblacklist ${HOME}/.xpdfrc
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22machine-id 22machine-id
diff --git a/etc/xplayer-audio-preview.profile b/etc/xplayer-audio-preview.profile
index a422b9989..78252c134 100644
--- a/etc/xplayer-audio-preview.profile
+++ b/etc/xplayer-audio-preview.profile
@@ -1,10 +1,10 @@
1# Firejail profile for xplayer-audio-preview 1# Firejail profile for xplayer-audio-preview
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xplayer-audio-preview.local 4include xplayer-audio-preview.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/xplayer.profile 10include xplayer.profile
diff --git a/etc/xplayer-video-thumbnailer.profile b/etc/xplayer-video-thumbnailer.profile
index 1ec5250bf..ac8986c69 100644
--- a/etc/xplayer-video-thumbnailer.profile
+++ b/etc/xplayer-video-thumbnailer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for xplayer-video-thumbnailer 1# Firejail profile for xplayer-video-thumbnailer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xplayer-video-thumbnailer.local 4include xplayer-video-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/xplayer.profile 10include xplayer.profile
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index f51362b6b..8d4dcf1e3 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -1,9 +1,9 @@
1# Firejail profile for xplayer 1# Firejail profile for xplayer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xplayer.local 4include xplayer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/xplayer 8noblacklist ${HOME}/.config/xplayer
9noblacklist ${HOME}/.local/share/xplayer 9noblacklist ${HOME}/.local/share/xplayer
@@ -16,14 +16,14 @@ noblacklist ${PATH}/python3*
16noblacklist /usr/lib/python2* 16noblacklist /usr/lib/python2*
17noblacklist /usr/lib/python3* 17noblacklist /usr/lib/python3*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28# apparmor - makes settings immutable 28# apparmor - makes settings immutable
29caps.drop all 29caps.drop all
diff --git a/etc/xpra.profile b/etc/xpra.profile
index 960c493b9..241b64497 100644
--- a/etc/xpra.profile
+++ b/etc/xpra.profile
@@ -2,9 +2,9 @@
2# Description: Tool to detach/reattach running X programs 2# Description: Tool to detach/reattach running X programs
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xpra.local 5include xpra.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# 9#
10# This profile will sandbox Xpra server itself when used with firejail --x11=xpra. 10# This profile will sandbox Xpra server itself when used with firejail --x11=xpra.
@@ -22,11 +22,11 @@ noblacklist ${PATH}/python3*
22noblacklist /usr/lib/python2* 22noblacklist /usr/lib/python2*
23noblacklist /usr/lib/python3* 23noblacklist /usr/lib/python3*
24 24
25include /etc/firejail/disable-common.inc 25include disable-common.inc
26include /etc/firejail/disable-devel.inc 26include disable-devel.inc
27include /etc/firejail/disable-interpreters.inc 27include disable-interpreters.inc
28include /etc/firejail/disable-passwdmgr.inc 28include disable-passwdmgr.inc
29include /etc/firejail/disable-programs.inc 29include disable-programs.inc
30 30
31whitelist /var/lib/xkb 31whitelist /var/lib/xkb
32# whitelisting home directory, or including whitelist-common.inc 32# whitelisting home directory, or including whitelist-common.inc
diff --git a/etc/xreader-previewer.profile b/etc/xreader-previewer.profile
index 4c42c147c..2d7e7644c 100644
--- a/etc/xreader-previewer.profile
+++ b/etc/xreader-previewer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for xreader-previewer 1# Firejail profile for xreader-previewer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xreader-previewer.local 4include xreader-previewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/xreader.profile 10include xreader.profile
diff --git a/etc/xreader-thumbnailer.profile b/etc/xreader-thumbnailer.profile
index bc0bcbb67..d463787e6 100644
--- a/etc/xreader-thumbnailer.profile
+++ b/etc/xreader-thumbnailer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for xreader-thumbnailer 1# Firejail profile for xreader-thumbnailer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xreader-thumbnailer.local 4include xreader-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/xreader.profile 10include xreader.profile
diff --git a/etc/xreader.profile b/etc/xreader.profile
index 25e790fe0..6120ac19b 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -2,23 +2,23 @@
2# Description: Document viewer for files like PDF and Postscript. X-Apps Project. 2# Description: Document viewer for files like PDF and Postscript. X-Apps Project.
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xreader.local 5include xreader.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/xreader 9noblacklist ${HOME}/.cache/xreader
10noblacklist ${HOME}/.config/xreader 10noblacklist ${HOME}/.config/xreader
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20# Breaks xreader on Mint 18.3 20# Breaks xreader on Mint 18.3
21# include /etc/firejail/whitelist-var-common.inc 21# include whitelist-var-common.inc
22 22
23# apparmor 23# apparmor
24caps.drop all 24caps.drop all
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index 7ecc1ca0b..2ead137d4 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -1,22 +1,22 @@
1# Firejail profile for xviewer 1# Firejail profile for xviewer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xviewer.local 4include xviewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.Steam 8noblacklist ${HOME}/.Steam
9noblacklist ${HOME}/.config/xviewer 9noblacklist ${HOME}/.config/xviewer
10noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
11noblacklist ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21# apparmor - makes settings immutable 21# apparmor - makes settings immutable
22caps.drop all 22caps.drop all
diff --git a/etc/xxd.profile b/etc/xxd.profile
index baee905b7..f5072da75 100644
--- a/etc/xxd.profile
+++ b/etc/xxd.profile
@@ -2,10 +2,10 @@
2# Description: Tool to make (or reverse) a hex dump 2# Description: Tool to make (or reverse) a hex dump
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xxd.local 5include xxd.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10# Redirect 10# Redirect
11include /etc/firejail/vim.profile 11include vim.profile
diff --git a/etc/xz.profile b/etc/xz.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/xz.profile
+++ b/etc/xz.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/xzcat.profile b/etc/xzcat.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/xzcat.profile
+++ b/etc/xzcat.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/xzcmp.profile b/etc/xzcmp.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/xzcmp.profile
+++ b/etc/xzcmp.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/xzdec.profile b/etc/xzdec.profile
index 796c1d642..85d84f215 100644
--- a/etc/xzdec.profile
+++ b/etc/xzdec.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/xzdec.local 6include xzdec.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -23,4 +23,4 @@ tracelog
23 23
24private-dev 24private-dev
25 25
26include /etc/firejail/default.profile 26include default.profile
diff --git a/etc/xzdiff.profile b/etc/xzdiff.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/xzdiff.profile
+++ b/etc/xzdiff.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/xzegrep.profile b/etc/xzegrep.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/xzegrep.profile
+++ b/etc/xzegrep.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/xzfgrep.profile b/etc/xzfgrep.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/xzfgrep.profile
+++ b/etc/xzfgrep.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/xzgrep.profile b/etc/xzgrep.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/xzgrep.profile
+++ b/etc/xzgrep.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/xzless.profile b/etc/xzless.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/xzless.profile
+++ b/etc/xzless.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/xzmore.profile b/etc/xzmore.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/xzmore.profile
+++ b/etc/xzmore.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile
index fdb7694a5..680bef677 100644
--- a/etc/yandex-browser.profile
+++ b/etc/yandex-browser.profile
@@ -1,9 +1,9 @@
1# Firejail profile for yandex-browser 1# Firejail profile for yandex-browser
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/yandex-browser.local 4include yandex-browser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/yandex-browser 8noblacklist ${HOME}/.cache/yandex-browser
9noblacklist ${HOME}/.cache/yandex-browser-beta 9noblacklist ${HOME}/.cache/yandex-browser-beta
@@ -20,4 +20,4 @@ whitelist ${HOME}/.config/yandex-browser
20whitelist ${HOME}/.config/yandex-browser-beta 20whitelist ${HOME}/.config/yandex-browser-beta
21 21
22# Redirect 22# Redirect
23include /etc/firejail/chromium-common.profile 23include chromium-common.profile
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile
index 75d4514b6..4eb5349b0 100644
--- a/etc/youtube-dl.profile
+++ b/etc/youtube-dl.profile
@@ -3,9 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/youtube-dl.local 6include youtube-dl.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${HOME}/.netrc 10noblacklist ${HOME}/.netrc
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30ipc-namespace 30ipc-namespace
diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile
index 872719ebc..daa0d9e52 100644
--- a/etc/zaproxy.profile
+++ b/etc/zaproxy.profile
@@ -2,9 +2,9 @@
2# Description: Integrated penetration testing tool for finding vulnerabilities in web applications 2# Description: Integrated penetration testing tool for finding vulnerabilities in web applications
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/zaproxy.local 5include zaproxy.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist ${HOME}/.ZAP 10noblacklist ${HOME}/.ZAP
@@ -15,17 +15,17 @@ noblacklist /usr/lib/java
15noblacklist /etc/java 15noblacklist /etc/java
16noblacklist /usr/share/java 16noblacklist /usr/share/java
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24mkdir ${HOME}/.ZAP 24mkdir ${HOME}/.ZAP
25whitelist ${HOME}/.java 25whitelist ${HOME}/.java
26whitelist ${HOME}/.ZAP 26whitelist ${HOME}/.ZAP
27include /etc/firejail/whitelist-common.inc 27include whitelist-common.inc
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30caps.drop all 30caps.drop all
31ipc-namespace 31ipc-namespace
diff --git a/etc/zart.profile b/etc/zart.profile
index a4b22ed5d..eb9e4d671 100644
--- a/etc/zart.profile
+++ b/etc/zart.profile
@@ -2,19 +2,19 @@
2# Description: A GUI for G'MIC real-time manipulations on the output of a webcam 2# Description: A GUI for G'MIC real-time manipulations on the output of a webcam
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/zart.local 5include zart.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10noblacklist ${PICTURES} 10noblacklist ${PICTURES}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20ipc-namespace 20ipc-namespace
diff --git a/etc/zathura.profile b/etc/zathura.profile
index c1785e332..6f86310d7 100644
--- a/etc/zathura.profile
+++ b/etc/zathura.profile
@@ -2,20 +2,20 @@
2# Description: Document viewer with a minimalistic interface 2# Description: Document viewer with a minimalistic interface
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/zathura.local 5include zathura.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/zathura 9noblacklist ${HOME}/.config/zathura
10noblacklist ${HOME}/.local/share/zathura 10noblacklist ${HOME}/.local/share/zathura
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21machine-id 21machine-id
diff --git a/etc/zoom.profile b/etc/zoom.profile
index 419c25f18..4fbf7ca01 100644
--- a/etc/zoom.profile
+++ b/etc/zoom.profile
@@ -1,21 +1,21 @@
1# Firejail profile for zoom 1# Firejail profile for zoom
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/zoom.local 4include zoom.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/zoomus.conf 8noblacklist ${HOME}/.config/zoomus.conf
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15mkdir ${HOME}/.zoom 15mkdir ${HOME}/.zoom
16whitelist ${HOME}/.cache/zoom 16whitelist ${HOME}/.cache/zoom
17whitelist ${HOME}/.zoom 17whitelist ${HOME}/.zoom
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 751347b29..c7c8fd9fa 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1367,7 +1367,7 @@ void profile_read(const char *fname) {
1367 if (ptr && strlen(ptr) == 6) 1367 if (ptr && strlen(ptr) == 6)
1368 return; 1368 return;
1369 1369
1370 fprintf(stderr, "Error: cannot access profile file\n"); 1370 fprintf(stderr, "Error: cannot access profile file: %s\n", fname);
1371 exit(1); 1371 exit(1);
1372 } 1372 }
1373 1373
@@ -1429,17 +1429,22 @@ void profile_read(const char *fname) {
1429 if (strncmp(ptr, "include ", 8) == 0) { 1429 if (strncmp(ptr, "include ", 8) == 0) {
1430 include_level++; 1430 include_level++;
1431 1431
1432 // extract profile filename and new skip params 1432 // expand macros in front of the include profile file
1433 char *newprofile = ptr + 8; // profile name 1433 char *newprofile = expand_macros(ptr + 8);
1434 1434
1435 // expand ${HOME}/ in front of the new profile file 1435 char *ptr2 = newprofile;
1436 char *newprofile2 = expand_macros(newprofile); 1436 while (*ptr2 != '/' && *ptr2 != '\0')
1437 ptr2++;
1438 // profile path contains no / chars, do a search
1439 if (*ptr2 == '\0') {
1440 profile_find_firejail(newprofile, 0);
1441 }
1442 else {
1443 profile_read(newprofile);
1444 }
1437 1445
1438 // recursivity
1439 profile_read((newprofile2)? newprofile2:newprofile);
1440 include_level--; 1446 include_level--;
1441 if (newprofile2) 1447 free(newprofile);
1442 free(newprofile2);
1443 free(ptr); 1448 free(ptr);
1444 continue; 1449 continue;
1445 } 1450 }
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index ca7b52a51..17423cac1 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -113,6 +113,10 @@ Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1"
113 113
114Example: "include ${CFG}/firefox.profile" will load "/etc/firejail/firefox.profile" file. 114Example: "include ${CFG}/firefox.profile" will load "/etc/firejail/firefox.profile" file.
115 115
116The file name may also be just the name without the leading directory components. In this case, first the user config directory (${HOME}/.config/firejail) is searched for the file name and if not found then the system configuration directory is search for the file name. Note: Unlike the \-\-profile option which takes a profile name without the '.profile' suffix, include must be given the full file name.
117
118Example: "include firefox.profile" will load "${HOME}/.config/firejail/firefox.profile" file and if it does not exist "${CFG}/firefox.profile" will be loaded.
119
116System configuration files in ${CFG} are overwritten during software installation. 120System configuration files in ${CFG} are overwritten during software installation.
117Persistent configuration at system level is handled in ".local" files. For every 121Persistent configuration at system level is handled in ".local" files. For every
118profile file in ${CFG} directory, the user can create a corresponding .local file 122profile file in ${CFG} directory, the user can create a corresponding .local file
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 05:57:51 +0000